部署计算节点
本部分将会部署三个 Kubernetes Worker 节点。每个节点上将会安装以下服务:runc, gVisor, container networking plugins, containerd, kubelet, 和 kube-proxy

事前准备

以下命令需要在所有 worker 节点上面都运行一遍,包括 worker-0, worker-1worker-2。可以使用 gcloud 命令登录到 worker 节点上,比如
1
gcloud compute ssh worker-0
Copied!
可以使用 tmux 同时登录到三个 Worker 节点上,加快部署步骤。

部署 Kubernetes Worker 节点

安装 OS 依赖组件:
1
sudo apt-get update
2
sudo apt-get -y install socat conntrack ipset
Copied!
socat 命令用于支持 kubectl port-forward 命令。

禁止 Swap

1
sudo swapoff -a
Copied!

下载并安装 worker 二进制文件

1
wget -q --show-progress --https-only --timestamping \
2
https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz \
3
https://github.com/opencontainers/runc/releases/download/v1.0.0-rc91/runc.amd64 \
4
https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz \
5
https://github.com/containerd/containerd/releases/download/v1.3.6/containerd-1.3.6-linux-amd64.tar.gz \
6
https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl \
7
https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-proxy \
8
https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubelet
Copied!
创建安装目录:
1
sudo mkdir -p \
2
/etc/cni/net.d \
3
/opt/cni/bin \
4
/var/lib/kubelet \
5
/var/lib/kube-proxy \
6
/var/lib/kubernetes \
7
/var/run/kubernetes
Copied!
安装 worker 二进制文件
1
{
2
mkdir containerd
3
tar -xvf crictl-v1.18.0-linux-amd64.tar.gz
4
tar -xvf containerd-1.3.6-linux-amd64.tar.gz -C containerd
5
sudo tar -xvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin/
6
sudo mv runc.amd64 runc
7
chmod +x crictl kubectl kube-proxy kubelet runc
8
sudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/
9
sudo mv containerd/bin/* /bin/
10
}
Copied!

配置 CNI 网路

查询当前计算节点的 Pod CIDR 范围:
1
POD_CIDR=$(curl -s -H "Metadata-Flavor: Google" \
2
http://metadata.google.internal/computeMetadata/v1/instance/attributes/pod-cidr)
Copied!
生成 bridge 网络插件配置文件
1
cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf
2
{
3
"cniVersion": "0.3.1",
4
"name": "bridge",
5
"type": "bridge",
6
"bridge": "cnio0",
7
"isGateway": true,
8
"ipMasq": true,
9
"ipam": {
10
"type": "host-local",
11
"ranges": [
12
[{"subnet": "${POD_CIDR}"}]
13
],
14
"routes": [{"dst": "0.0.0.0/0"}]
15
}
16
}
17
EOF
Copied!
生成 loopback 网络插件配置文件
1
cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf
2
{
3
"cniVersion": "0.3.1",
4
"name": "lo",
5
"type": "loopback"
6
}
7
EOF
Copied!

配置 containerd

1
sudo mkdir -p /etc/containerd/
2
cat << EOF | sudo tee /etc/containerd/config.toml
3
[plugins]
4
[plugins.cri.containerd]
5
snapshotter = "overlayfs"
6
[plugins.cri.containerd.default_runtime]
7
runtime_type = "io.containerd.runtime.v1.linux"
8
runtime_engine = "/usr/local/bin/runc"
9
runtime_root = ""
10
EOF
11
12
cat <<EOF | sudo tee /etc/systemd/system/containerd.service
13
[Unit]
14
Description=containerd container runtime
15
Documentation=https://containerd.io
16
After=network.target
17
18
[Service]
19
ExecStartPre=/sbin/modprobe overlay
20
ExecStart=/bin/containerd
21
Restart=always
22
RestartSec=5
23
Delegate=yes
24
KillMode=process
25
OOMScoreAdjust=-999
26
LimitNOFILE=1048576
27
LimitNPROC=infinity
28
LimitCORE=infinity
29
30
[Install]
31
WantedBy=multi-user.target
32
EOF
Copied!

配置 Kubelet

1
{
2
sudo mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/
3
sudo mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfig
4
sudo mv ca.pem /var/lib/kubernetes/
5
}
Copied!
生成 kubelet.service systemd 配置文件:
1
# The resolvConf configuration is used to avoid loops when using CoreDNS for service discovery on systems running systemd-resolved.
2
cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yaml
3
kind: KubeletConfiguration
4
apiVersion: kubelet.config.k8s.io/v1beta1
5
authentication:
6
anonymous:
7
enabled: false
8
webhook:
9
enabled: true
10
x509:
11
clientCAFile: "/var/lib/kubernetes/ca.pem"
12
authorization:
13
mode: Webhook
14
clusterDomain: "cluster.local"
15
clusterDNS:
16
- "10.32.0.10"
17
podCIDR: "${POD_CIDR}"
18
resolvConf: "/run/systemd/resolve/resolv.conf"
19
runtimeRequestTimeout: "15m"
20
tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"
21
tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"
22
EOF
23
24
cat <<EOF | sudo tee /etc/systemd/system/kubelet.service
25
[Unit]
26
Description=Kubernetes Kubelet
27
Documentation=https://github.com/kubernetes/kubernetes
28
After=containerd.service
29
Requires=containerd.service
30
31
[Service]
32
ExecStart=/usr/local/bin/kubelet \\
33
--config=/var/lib/kubelet/kubelet-config.yaml \\
34
--container-runtime=remote \\
35
--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\
36
--image-pull-progress-deadline=2m \\
37
--kubeconfig=/var/lib/kubelet/kubeconfig \\
38
--network-plugin=cni \\
39
--register-node=true \\
40
--v=2
41
Restart=on-failure
42
RestartSec=5
43
44
[Install]
45
WantedBy=multi-user.target
46
EOF
Copied!

配置 Kube-Proxy

1
sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
Copied!
生成 kube-proxy.service systemd 配置文件:
1
cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yaml
2
kind: KubeProxyConfiguration
3
apiVersion: kubeproxy.config.k8s.io/v1alpha1
4
clientConnection:
5
kubeconfig: "/var/lib/kube-proxy/kubeconfig"
6
mode: "iptables"
7
clusterCIDR: "10.200.0.0/16"
8
EOF
9
10
cat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service
11
[Unit]
12
Description=Kubernetes Kube Proxy
13
Documentation=https://github.com/kubernetes/kubernetes
14
15
[Service]
16
ExecStart=/usr/local/bin/kube-proxy \\
17
--config=/var/lib/kube-proxy/kube-proxy-config.yaml
18
Restart=on-failure
19
RestartSec=5
20
21
[Install]
22
WantedBy=multi-user.target
23
EOF
Copied!

启动 worker 服务

1
sudo systemctl daemon-reload
2
sudo systemctl enable containerd kubelet kube-proxy
3
sudo systemctl start containerd kubelet kube-proxy
Copied!
记得在所有 worker 节点上面都运行一遍,包括 worker-0, worker-1worker-2

验证

登入任意一台控制节点查询 Nodes 列表
1
gcloud compute ssh controller-0 \
2
--command "kubectl get nodes --kubeconfig admin.kubeconfig"
Copied!
输出为
1
NAME STATUS ROLES AGE VERSION
2
worker-0 Ready <none> 24s v1.18.6
3
worker-1 Ready <none> 24s v1.18.6
4
worker-2 Ready <none> 24s v1.18.6
Copied!
下一步:配置 Kubectl
最近更新 1yr ago