本部分将会部署三个 Kubernetes Worker 节点。每个节点上将会安装以下服务:runc, gVisor, container networking plugins, containerd, kubelet, 和 kube-proxy。
以下命令需要在所有 worker 节点上面都运行一遍,包括 worker-0
, worker-1
和 worker-2
。可以使用 gcloud
命令登录到 worker 节点上,比如
gcloud compute ssh worker-0
可以使用 tmux 同时登录到三个 Worker 节点上,加快部署步骤。
安装 OS 依赖组件:
sudo apt-get updatesudo apt-get -y install socat conntrack ipset
socat 命令用于支持
kubectl port-forward
命令。
sudo swapoff -a
wget -q --show-progress --https-only --timestamping \https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz \https://github.com/opencontainers/runc/releases/download/v1.0.0-rc91/runc.amd64 \https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz \https://github.com/containerd/containerd/releases/download/v1.3.6/containerd-1.3.6-linux-amd64.tar.gz \https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl \https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-proxy \https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubelet
创建安装目录:
sudo mkdir -p \/etc/cni/net.d \/opt/cni/bin \/var/lib/kubelet \/var/lib/kube-proxy \/var/lib/kubernetes \/var/run/kubernetes
安装 worker 二进制文件
{mkdir containerdtar -xvf crictl-v1.18.0-linux-amd64.tar.gztar -xvf containerd-1.3.6-linux-amd64.tar.gz -C containerdsudo tar -xvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin/sudo mv runc.amd64 runcchmod +x crictl kubectl kube-proxy kubelet runcsudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/sudo mv containerd/bin/* /bin/}
查询当前计算节点的 Pod CIDR 范围:
POD_CIDR=$(curl -s -H "Metadata-Flavor: Google" \http://metadata.google.internal/computeMetadata/v1/instance/attributes/pod-cidr)
生成 bridge
网络插件配置文件
cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf{"cniVersion": "0.3.1","name": "bridge","type": "bridge","bridge": "cnio0","isGateway": true,"ipMasq": true,"ipam": {"type": "host-local","ranges": [[{"subnet": "${POD_CIDR}"}]],"routes": [{"dst": "0.0.0.0/0"}]}}EOF
生成 loopback
网络插件配置文件
cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf{"cniVersion": "0.3.1","name": "lo","type": "loopback"}EOF
sudo mkdir -p /etc/containerd/cat << EOF | sudo tee /etc/containerd/config.toml[plugins][plugins.cri.containerd]snapshotter = "overlayfs"[plugins.cri.containerd.default_runtime]runtime_type = "io.containerd.runtime.v1.linux"runtime_engine = "/usr/local/bin/runc"runtime_root = ""EOFcat <<EOF | sudo tee /etc/systemd/system/containerd.service[Unit]Description=containerd container runtimeDocumentation=https://containerd.ioAfter=network.target[Service]ExecStartPre=/sbin/modprobe overlayExecStart=/bin/containerdRestart=alwaysRestartSec=5Delegate=yesKillMode=processOOMScoreAdjust=-999LimitNOFILE=1048576LimitNPROC=infinityLimitCORE=infinity[Install]WantedBy=multi-user.targetEOF
{sudo mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/sudo mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfigsudo mv ca.pem /var/lib/kubernetes/}
生成 kubelet.service
systemd 配置文件:
# The resolvConf configuration is used to avoid loops when using CoreDNS for service discovery on systems running systemd-resolved.cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yamlkind: KubeletConfigurationapiVersion: kubelet.config.k8s.io/v1beta1authentication:anonymous:enabled: falsewebhook:enabled: truex509:clientCAFile: "/var/lib/kubernetes/ca.pem"authorization:mode: WebhookclusterDomain: "cluster.local"clusterDNS:- "10.32.0.10"podCIDR: "${POD_CIDR}"resolvConf: "/run/systemd/resolve/resolv.conf"runtimeRequestTimeout: "15m"tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"EOFcat <<EOF | sudo tee /etc/systemd/system/kubelet.service[Unit]Description=Kubernetes KubeletDocumentation=https://github.com/kubernetes/kubernetesAfter=containerd.serviceRequires=containerd.service[Service]ExecStart=/usr/local/bin/kubelet \\--config=/var/lib/kubelet/kubelet-config.yaml \\--container-runtime=remote \\--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\--image-pull-progress-deadline=2m \\--kubeconfig=/var/lib/kubelet/kubeconfig \\--network-plugin=cni \\--register-node=true \\--v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
生成 kube-proxy.service
systemd 配置文件:
cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yamlkind: KubeProxyConfigurationapiVersion: kubeproxy.config.k8s.io/v1alpha1clientConnection:kubeconfig: "/var/lib/kube-proxy/kubeconfig"mode: "iptables"clusterCIDR: "10.200.0.0/16"EOFcat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service[Unit]Description=Kubernetes Kube ProxyDocumentation=https://github.com/kubernetes/kubernetes[Service]ExecStart=/usr/local/bin/kube-proxy \\--config=/var/lib/kube-proxy/kube-proxy-config.yamlRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
sudo systemctl daemon-reloadsudo systemctl enable containerd kubelet kube-proxysudo systemctl start containerd kubelet kube-proxy
记得在所有 worker 节点上面都运行一遍,包括
worker-0
,worker-1
和worker-2
。
登入任意一台控制节点查询 Nodes 列表
gcloud compute ssh controller-0 \--command "kubectl get nodes --kubeconfig admin.kubeconfig"
输出为
NAME STATUS ROLES AGE VERSIONworker-0 Ready <none> 24s v1.18.6worker-1 Ready <none> 24s v1.18.6worker-2 Ready <none> 24s v1.18.6
下一步:配置 Kubectl。