suse 12 二进制部署 Kubernetets 1.19.7 - 番外篇 - 增加node节点

简介: suse 12 二进制部署 Kubernetets 1.19.7 - 番外篇 - 增加node节点

0、前景提要

  • master 节点需要的操作:
  • 更新 kube-apiserver 证书,将新增节点ip加入到证书内
  • node 节点需要的操作:
  • 部署 flanneldockerkubeletkube-proxy

1、准备node节点环境

1.0、修改配置脚本参数

  • 如果集群不是根据我的博客部署的,不需要进行这一步操作
  • 后面的操作,只需要在k8s-01节点上操作即可
k8s-01:~ # cd /opt/k8s/bin/
k8s-01:/opt/k8s/bin # vim k8s-env.sh         
# 修改NODE_IPS为需要增加的node节点ip
export NODE_IPS=( 192.168.72.44 192.168.72.45 )
# 修改NODE_NAMES为需要增加的node节点主机名
export NODE_NAMES=( k8s-06 k8s-07 )

1.1、配置免密

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    expect -c "
    spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@${host}
        expect {
                \"*yes/no*\" {send \"yes\r\"; exp_continue}
                \"*Password*\" {send \"123.com\r\"; exp_continue}
                \"*Password*\" {send \"123.com\r\";}
               }"
done

1.2、添加hosts解析

k8s-01:~ # cat >> /etc/hosts <<EOF
> 192.168.72.44 k8s-06
> 192.168.72.45 k8s-07
> EOF
  • 分发到其他节点
#!/usr/bin/env bash
for host in k8s-02 k8s-03 k8s-04 k8s-05 k8s-06 k8s-07
do
    printf "\e[1;34m${host}\e[0m\n"
    scp /etc/hosts ${host}:/etc/hosts
done

1.3、修改主机名

#!/usr/bin/env bash
for host in 6 7
do
    printf "\e[1;34mk8s-0${host}\e[0m\n"
    ssh root@k8s-0${host} "hostnamectl set-hostname --static k8s-0${host}"
done

1.4、更新PATH变量

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "echo 'PATH=$PATH:/opt/k8s/bin' >> /etc/profile"
done

1.5、安装依赖包

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "zypper in -y ntp ipset iptables curl sysstat wget"
done

1.6、关闭防火墙以及swap分区

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "systemctl disable SuSEfirewall2.service --now"
    ssh root@${host} "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat"
    ssh root@${host} "iptables -P FORWARD ACCEPT"
    ssh root@${host} "swapoff -a"
    ssh root@${host} "sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab"
done

1.7、开启内核模块

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "modprobe ip_vs_rr"
    ssh root@${host} "modprobe br_netfilter"
    ssh root@${host} "echo 'modprobe ip_vs_rr' >> /etc/rc.local"
    ssh root@${host} "echo 'modprobe br_netfilter' >> /etc/rc.local"
    ssh root@${host} "chmod +x /etc/rc.local"
done

1.8、内核优化

  • k8s-01节点上已经独立配置过k8s的内核优化文件,因此,直接scp过去,使配置生效即可
#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    scp /etc/sysctl.d/kubernetes.conf ${host}:/etc/sysctl.d/kubernetes.conf
    ssh root@${host} "sysctl -p /etc/sysctl.d/kubernetes.conf"
done

1.9、创建部署所需目录

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "mkdir -p /opt/k8s/bin /etc/kubernetes/cert"
done

2、部署flannel网络

  • flannel需要配置的, 在一开始都已经就绪了,只需要分发文件,启动新节点的flannel服务即可

2.0、分发证书文件到新的节点

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "mkdir -p /etc/flanneld/cert"
    scp /opt/k8s/ssl/ca.pem ${host}:/etc/kubernetes/cert/
    scp /opt/k8s/ssl/flanneld*.pem ${host}:/etc/flanneld/cert/
    scp /opt/k8s/packages/flannel/{flanneld,mk-docker-opts.sh} ${host}:/opt/k8s/bin/
    scp /opt/k8s/conf/flanneld.service ${host}:/etc/systemd/system/
done

2.1、启动flanneld服务

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "systemctl daemon-reload && \
                      systemctl enable flanneld --now && \
                      systemctl status flanneld | grep Active"
done

2.2、查看新增node节点是否存在flannel网卡

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "ip a | grep flannel | grep -w inet"
done

3、部署docker

  • 同上,只需要分发文件,启动docker即可

3.0、分发文件到新的节点

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "mkdir /etc/docker"
    scp /opt/k8s/packages/docker/* ${host}:/usr/bin/
    scp /opt/k8s/conf/daemon.json ${host}:/etc/docker/
    scp /opt/k8s/conf/docker.service ${host}:/etc/systemd/system/
done

3.1、启动docker服务

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "systemctl daemon-reload && \
                      systemctl enable docker --now && \
                      systemctl status docker | grep Active"
done

3.2、查看新节点的docker和flannel网卡是否为同一网段

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} 'ifconfig | egrep "docker*|flannel*" -A 1'
done

4、部署kubelet组件

4.0、创建kubelet bootstrap kubeconfig文件

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for node_name in ${NODE_NAMES[@]}
do
    printf "\e[1;34m${node_name}\e[0m\n"
    # 创建 token
    export BOOTSTRAP_TOKEN=$(kubeadm token create \
    --description kubelet-bootstrap-token \
    --groups system:bootstrappers:${node_name} \
    --kubeconfig ~/.kube/config)
    # 设置集群参数
    kubectl config set-cluster kubernetes \
    --certificate-authority=/etc/kubernetes/cert/ca.pem \
    --embed-certs=true \
    --server=${KUBE_APISERVER} \
    --kubeconfig=/opt/k8s/ssl/kubelet-bootstrap-${node_name}.kubeconfig
    # 设置客户端认证参数
    kubectl config set-credentials kubelet-bootstrap \
    --token=${BOOTSTRAP_TOKEN} \
    --kubeconfig=/opt/k8s/ssl/kubelet-bootstrap-${node_name}.kubeconfig
    # 设置上下文参数
    kubectl config set-context default \
    --cluster=kubernetes \
    --user=kubelet-bootstrap \
    --kubeconfig=/opt/k8s/ssl/kubelet-bootstrap-${node_name}.kubeconfig
    # 设置默认上下文
    kubectl config use-context default --kubeconfig=/opt/k8s/ssl/kubelet-bootstrap-${node_name}.kubeconfig
done
"查看kubeadm为新节点创建的token"
k8s-01:/opt/k8s/ssl # kubeadm token list --kubeconfig ~/.kube/config
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
6sp12t.btr31aj1hc403tar   23h         2021-02-16T01:34:59+08:00   authentication,signing   kubelet-bootstrap-token                                    system:bootstrappers:k8s-06
bajiy9.b4fhfy8serfmyve0   23h         2021-02-16T01:35:00+08:00   authentication,signing   kubelet-bootstrap-token                                    system:bootstrappers:k8s-07

4.1、分发文件到新的节点

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for (( i=0; i < 2; i++ ))
do
    sed -e "s/##NODE_IP##/${NODE_IPS[i]}/" /opt/k8s/conf/kubelet.service.template > \
           /opt/k8s/conf/kubelet-${NODE_IPS[i]}.service
    sed -e "s/##NODE_IP##/${NODE_IPS[i]}/" /opt/k8s/conf/kubelet-config.yaml.template > \
           /opt/k8s/conf/kubelet-config-${NODE_IPS[i]}.yaml.template
done
for node_name in ${NODE_NAMES[@]}
do
    printf "\e[1;34m${node_name}\e[0m\n"
    scp /opt/k8s/ssl/kubelet-bootstrap-${node_name}.kubeconfig \
        ${node_name}:/etc/kubernetes/cert/kubelet-bootstrap.kubeconfig
done
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    scp /opt/k8s/bin/kubelet ${host}:/opt/k8s/bin/kubelet
    scp /opt/k8s/conf/kubelet-${host}.service ${host}:/etc/systemd/system/kubelet.service
    scp /opt/k8s/conf/kubelet-config-${host}.yaml.template ${host}:/etc/kubernetes/kubelet-config.yaml
    scp /opt/k8s/packages/pause.tar ${host}:/opt/k8s/
    ssh root@${host} "docker load -i /opt/k8s/pause.tar"
done

4.2、启动kubelet服务

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "mkdir -p ${K8S_DIR}/kubelet/kubelet-plugins/volume/exec/"
    ssh root@${host} "systemctl daemon-reload && \
                      systemctl enable kubelet --now && \
                      systemctl status kubelet | grep Active"
done

4.3、查看新增节点是否ready了

k8s-01:~ # kubectl get node
NAME            STATUS   ROLES    AGE   VERSION
192.168.72.39   Ready    <none>   2d    v1.19.7
192.168.72.40   Ready    <none>   2d    v1.19.7
192.168.72.41   Ready    <none>   2d    v1.19.7
192.168.72.42   Ready    <none>   2d    v1.19.7
192.168.72.43   Ready    <none>   2d    v1.19.7
192.168.72.44   Ready    <none>   81s   v1.19.7
192.168.72.45   Ready    <none>   79s   v1.19.7

4.4、手动approve server cert csr

k8s-01:~ # kubectl get csr | grep Pending | awk '{print $1}' | xargs kubectl certificate approve

5、部署kube-proxy

  • 同样,只需要分发文件后,启动kube-proxy即可

5.0、分发文件到新的节点

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for (( i=0; i < 2; i++ ))
do
    sed -e "s/##NODE_IP##/${NODE_IPS[i]}/" /opt/k8s/conf/kube-proxy.service.template > \
           /opt/k8s/conf/kube-proxy-${NODE_IPS[i]}.service
    sed -e "s/##NODE_NAME##/${NODE_NAMES[i]}/" -e "s/##NODE_IP##/${NODE_IPS[i]}/" \
    /opt/k8s/conf/kube-proxy-config.yaml.template > /opt/k8s/conf/kube-proxy-config-${NODE_IPS[i]}.yaml.template
done
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    scp /opt/k8s/ssl/kube-proxy.kubeconfig ${host}:/etc/kubernetes/cert
    scp /opt/k8s/conf/kube-proxy-${host}.service ${host}:/etc/systemd/system/kube-proxy.service
    scp /opt/k8s/conf/kube-proxy-config-${host}.yaml.template \
        ${host}:/etc/kubernetes/kube-proxy-config.yaml
    scp /opt/k8s/packages/conntrack ${host}:/opt/k8s/bin/
    scp /opt/k8s/packages/kubernetes/server/bin/kube-proxy ${host}:/opt/k8s/bin/
    ssh root@${host} "chmod +x /opt/k8s/bin/*"
done

5.1、启动kube-proxy服务

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "mkdir -p ${K8S_DIR}/kube-proxy"
  ssh root@${host} "modprobe ip_vs_rr"
    ssh root@${host} "systemctl daemon-reload && \
                      systemctl enable kube-proxy --now && \
                      systemctl status kube-proxy | grep Active"
done

5.2、查看kube-proxy端口

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${NODE_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "ss -nltp | grep kube-proxy"
done
  • 到此,kubernetes集群扩容结束
相关实践学习
容器服务Serverless版ACK Serverless 快速入门:在线魔方应用部署和监控
通过本实验,您将了解到容器服务Serverless版ACK Serverless 的基本产品能力,即可以实现快速部署一个在线魔方应用,并借助阿里云容器服务成熟的产品生态,实现在线应用的企业级监控,提升应用稳定性。
云原生实践公开课
课程大纲 开篇:如何学习并实践云原生技术 基础篇: 5 步上手 Kubernetes 进阶篇:生产环境下的 K8s 实践 相关的阿里云产品:容器服务&nbsp;ACK 容器服务&nbsp;Kubernetes&nbsp;版(简称&nbsp;ACK)提供高性能可伸缩的容器应用管理能力,支持企业级容器化应用的全生命周期管理。整合阿里云虚拟化、存储、网络和安全能力,打造云端最佳容器化应用运行环境。 了解产品详情:&nbsp;https://www.aliyun.com/product/kubernetes
目录
相关文章
|
1月前
|
负载均衡 监控 JavaScript
pm2 工具在 Node.js 开发和部署中的重要作用
pm2 工具在 Node.js 开发和部署中的重要作用
30 0
|
2月前
|
JavaScript 前端开发 Java
Spring Boot中Node.js的下载与Vue CLI在IDEA中的部署及使用(图文解释 简单易懂)
Spring Boot中Node.js的下载与Vue CLI在IDEA中的部署及使用(图文解释 简单易懂)
27 0
|
2月前
|
Kubernetes 调度 容器
k8s学习-CKA真题-节点维护,指定node节点不可用
k8s学习-CKA真题-节点维护,指定node节点不可用
26 0
|
2月前
|
Kubernetes 容器
k8s学习-CKA真题-检查Node节点的健康状态
k8s学习-CKA真题-检查Node节点的健康状态
41 0
|
4月前
|
安全 jenkins 网络安全
Jenkins中node节点添加之SSH方式2
Jenkins中node节点添加之SSH方式2
147 1
|
4月前
|
安全 jenkins 持续交付
企业实战(23)基于Docker平台的Jenkins添加node节点与报错详解(2)
企业实战(23)基于Docker平台的Jenkins添加node节点与报错详解(2)
|
4月前
|
Kubernetes 网络协议 API
node节点加入k8s集群时报错:no such host
node节点加入k8s集群时报错:no such host
|
4月前
|
Kubernetes 容器
k8s集群—node节点的删除与添加
k8s集群—node节点的删除与添加
182 0
|
4月前
|
弹性计算 开发框架 JavaScript
SAP UI5 应用开发教程之五十五 - 如何将本地 SAP UI5 应用通过 Node.js Express 部署到公网上试读版
SAP UI5 应用开发教程之五十五 - 如何将本地 SAP UI5 应用通过 Node.js Express 部署到公网上试读版
63 0
|
5月前
|
域名解析 监控 JavaScript
宝塔面板pm2管理器部署node.js(express框架)sever文件,可以使用域名访问你的后端项目
宝塔面板pm2管理器部署node.js(express框架)sever文件,可以使用域名访问你的后端项目
296 0