Coreos集群中安装Kubernetes的步骤(3)

Master节点Coreos版本最好在1097以上,至少需要保证rkt 1.2.1以上

设定WORKER_FQDN变量为当前Worker节点标示

  • 创建统一的SSL目录
sudo mkdir -p /etc/kubernetes/ssl  
  • 拷贝以下证书到SSL目录中
- /etc/kubernetes/ssl/ca.pem
- /etc/kubernetes/ssl/apiserver.pem
- /etc/kubernetes/ssl/apiserver-key.pem
  • 修改访问权限
sudo chmod 600 /etc/kubernetes/ssl/*-key.pem  
sudo chown root:root /etc/kubernetes/ssl/*-key.pem  
  • 创建软连接
cd /etc/kubernetes/ssl/  
sudo ln -s ${WORKER_FQDN}-worker.pem worker.pem  
sudo ln -s ${WORKER_FQDN}-worker-key.pem worker-key.pem  
配置Flannel网络
  • 创建/etc/flannel/options.env
FLANNELD_IFACE=${ADVERTISE_IP}  
FLANNELD_ETCD_ENDPOINTS=${ETCD_ENDPOINTS}

- ADVERTISE_IP Worder节点IP
- ETCD_ENDPOINTS ETCD集群地址,例如:http://10.12.1.104:2379,http://10.12.1.105:2379,http://10.12.1.106:2379
  • 创建/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf
[Service]
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env  
配置Docker
  • 创建/etc/systemd/system/docker.service.d/40-flannel.conf
[Unit]
Requires=flanneld.service  
After=flanneld.service  
[Service]
EnvironmentFile=/etc/kubernetes/cni/docker_opts_cni.env  
  • 创建/etc/kubernetes/cni/dockeroptscni.env
DOCKER_OPT_BIP=""  
DOCKER_OPT_IPMASQ=""  
  • 创建/etc/kubernetes/cni/net.d/10-flannel.conf
{
    "name": "podnet",
    "type": "flannel",
    "delegate": {
        "isDefaultGateway": true
    }
}
创建kubelet服务
  • 创建/etc/systemd/system/kubelet.service
- K8S_VER 与Master使用的版本名称保持一致
- MASTER_HOST Master节点IP
- ADVERTISE_IP Worker节点IP
- DNS_SERVICE_IP 10.3.0.10

[Service]
Environment=KUBELET_IMAGE_TAG=${K8S_VER}  
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \  
  --volume dns,kind=host,source=/etc/resolv.conf \
  --mount volume=dns,target=/etc/resolv.conf \
  --volume var-log,kind=host,source=/var/log \
  --mount volume=var-log,target=/var/log"
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests  
ExecStartPre=/usr/bin/mkdir -p /var/log/containers  
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid  
ExecStart=/usr/lib/coreos/kubelet-wrapper \  
  --api-servers=https://${MASTER_HOST} \
  --cni-conf-dir=/etc/kubernetes/cni/net.d \
  --network-plugin=${NETWORK_PLUGIN} \
  --container-runtime=docker \
  --register-node=true \
  --allow-privileged=true \
  --pod-manifest-path=/etc/kubernetes/manifests \
  --hostname-override=${ADVERTISE_IP} \
  --cluster_dns=${DNS_SERVICE_IP} \
  --cluster_domain=cluster.local \
  --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
  --tls-cert-file=/etc/kubernetes/ssl/worker.pem \
  --tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid  
Restart=always  
RestartSec=10

[Install]
WantedBy=multi-user.target  
  • 创建/etc/kubernetes/manifests/kube-proxy.yaml
- MASTER_HOST Master节点IP

apiVersion: v1  
kind: Pod  
metadata:  
  name: kube-proxy
  namespace: kube-system
spec:  
  hostNetwork: true
  containers:
  - name: kube-proxy
    image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
    command:
    - /hyperkube
    - proxy
    - --master=${MASTER_HOST}
    - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: "ssl-certs"
    - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
      name: "kubeconfig"
      readOnly: true
    - mountPath: /etc/kubernetes/ssl
      name: "etc-kube-ssl"
      readOnly: true
  volumes:
  - name: "ssl-certs"
    hostPath:
      path: "/usr/share/ca-certificates"
  - name: "kubeconfig"
    hostPath:
      path: "/etc/kubernetes/worker-kubeconfig.yaml"
  - name: "etc-kube-ssl"
    hostPath:
      path: "/etc/kubernetes/ssl"
  • 创建/etc/kubernetes/worker-kubeconfig.yaml
apiVersion: v1  
kind: Config  
clusters:  
- name: local
  cluster:
    certificate-authority: /etc/kubernetes/ssl/ca.pem
users:  
- name: kubelet
  user:
    client-certificate: /etc/kubernetes/ssl/worker.pem
    client-key: /etc/kubernetes/ssl/worker-key.pem
contexts:  
- context:
    cluster: local
    user: kubelet
  name: kubelet-context
current-context: kubelet-context  
启动服务
sudo systemctl daemon-reload

sudo systemctl start flanneld

sudo systemctl start kubelet

sudo systemctl enable flanneld

sudo systemctl enable kubelet  

通过查看kubelet日志判断服务是否正常

如果kubelet服务正常,下面开始配置Kubectl