k8s-安装文档-03-node节点添加-nginx/kube-proxy/csr

需master3个节点的hosts表添加node节点的主机名关系。或者后面节点配置直接使用IP互联。

####安装docker（17-03CE）

yum localinstall https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm
yum localinstall https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm

####安装api代理的nginx

- nginx配置文件

# cat /etc/nginx/nginx.conf 

error_log stderr notice;
worker_processes auto;

events {
  multi_accept on;
  use epoll;
  worker_connections 1024;
}

stream {
    upstream kube_apiserver {
        least_conn;
        server 10.0.1.157:6443;
        server 10.0.1.158:6443;
        server 10.0.1.159:6443;
    }
    server {
        listen        0.0.0.0:6443;
        proxy_pass    kube_apiserver;
        proxy_timeout 10m;
        proxy_connect_timeout 1s;
    }
}

- nginx服务

# cat /etc/systemd/system/nginx-proxy.service 

[Unit]
Description=kubernetes apiserver docker wrapper
Wants=docker.socket
After=docker.service
[Service]
User=root
PermissionsStartOnly=true
ExecStart=/usr/bin/docker run -p 127.0.0.1:6443:6443 \
                              -v /etc/nginx:/etc/nginx \
                              --name nginx-proxy \
                              --net=host \
                              --restart=on-failure:5 \
                              --memory=512M \
                              nginx:1.13.5-alpine
ExecStartPre=-/usr/bin/docker rm -f nginx-proxy
ExecStop=/usr/bin/docker stop nginx-proxy
Restart=always
RestartSec=15s
TimeoutStartSec=30s
[Install]
WantedBy=multi-user.target

##重载配置文件 启动反向代理 并设置开机启动

systemctl daemon-reload && systemctl start nginx-proxy && systemctl enable nginx-proxy

#### 安装kubelet、kube-proxy

- scp 文件

scp kubelet kube-proxy  10.0.1.109:/usr/local/bin/
scp ca.pem kube-proxy.pem kube-proxy-key.pem 10.0.1.109:/etc/kubernetes/ssl/
scp bootstrap.kubeconfig kube-proxy.kubeconfig 10.0.1.109:/etc/kubernetes/

- 添加kubelet kube-proxy服务

# cat /etc/systemd/system/kubelet.service 
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/local/bin/kubelet \
  --cgroup-driver=cgroupfs \
  --hostname-override=k8s-n-109 \
  --pod-infra-container-image=10.0.1.147/k8s/pause-amd64:3.0 \
  --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
  --cert-dir=/etc/kubernetes/ssl \
  --cluster_dns=10.254.0.2 \
  --cluster_domain=cluster.local. \
  --hairpin-mode promiscuous-bridge \
  --allow-privileged=true \
  --fail-swap-on=false \
  --serialize-image-pulls=false \
  --logtostderr=true \
  --max-pods=512 \
  --network-plugin=cni \
  --v=2
[Install]
WantedBy=multi-user.target

# cat /etc/systemd/system/kube-proxy.service 
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/usr/local/bin/kube-proxy \
  --bind-address=10.0.1.109 \
  --hostname-override=k8s-n-109 \
  --cluster-cidr=10.254.0.0/16 \
  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
  --logtostderr=true \
  --v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

- 创建目录启动服务

mkdir /var/lib/kube-proxy
mkdir /var/lib/kubelet
systemctl daemon-reload
systemctl start  kube-proxy
systemctl start  kubelet
systemctl enable   kubelet
systemctl enable  kube-proxy

####M端添加csr

[[email protected] img]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-4PmD6FFUUFBZ0K9QtFCAs4knlH77mUcJAcz27VGmTAM   55d       kubelet-bootstrap   Approved,Issued
node-csr-59Dk8EytDSpMzlHnHSFOoqxRZOvg-XaRLRqEMA8DeEw   55d       kubelet-bootstrap   Approved,Issued
node-csr-5MoD7QJhfh7qBvlKBNr2YbJjOKYFTYwrjefnTYAKSGM   55d       kubelet-bootstrap   Approved,Issued
node-csr-m4ozqvMPPeu6uIF6qy-YzG9zUR4LtHTWYhINqjkzg38   14s       kubelet-bootstrap   Pending

[[email protected] img]# kubectl certificate approve node-csr-m4ozqvMPPeu6uIF6qy-YzG9zUR4LtHTWYhINqjkzg38
certificatesigningrequest "node-csr-m4ozqvMPPeu6uIF6qy-YzG9zUR4LtHTWYhINqjkzg38" approved

[[email protected] img]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-4PmD6FFUUFBZ0K9QtFCAs4knlH77mUcJAcz27VGmTAM   55d       kubelet-bootstrap   Approved,Issued
node-csr-59Dk8EytDSpMzlHnHSFOoqxRZOvg-XaRLRqEMA8DeEw   55d       kubelet-bootstrap   Approved,Issued
node-csr-5MoD7QJhfh7qBvlKBNr2YbJjOKYFTYwrjefnTYAKSGM   55d       kubelet-bootstrap   Approved,Issued
node-csr-m4ozqvMPPeu6uIF6qy-YzG9zUR4LtHTWYhINqjkzg38   57s       kubelet-bootstrap   Approved,Issued

[[email protected] img]# kubectl get no
NAME        STATUS     ROLES     AGE       VERSION
k8s-m-157   Ready      <none>    55d       v1.8.6
k8s-m-158   Ready      <none>    55d       v1.8.6
k8s-m-159   Ready      <none>    55d       v1.8.6
k8s-n-109   NotReady   <none>    10s       v1.8.6

[[email protected] img]# kubectl get no
NAME        STATUS    ROLES     AGE       VERSION
k8s-m-157   Ready     <none>    55d       v1.8.6
k8s-m-158   Ready     <none>    55d       v1.8.6
k8s-m-159   Ready     <none>    55d       v1.8.6
k8s-n-109   Ready     <none>    22s       v1.8.6