# Node节点集群部署 使用国内的docker apt源安装docker: ``` sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # step 2: 安装GPG证书 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # Step 3: 写入软件源信息 sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # Step 4: 更新并安装 Docker-CE sudo apt-get -y update sudo apt-get -y install docker-ce ``` 启动docker: ``` systemctl start docker systemctl enable docker ``` **# kubelet的启动文件/lib/systemd/system/kubelet.service内容如下:** ``` [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStartPre=-/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service /sys/fs/cgroup/hugetlb/system.slice/kubelet.service ExecStart=/opt/kubernetes/bin/kubelet \ --eviction-hard=memory.available<1024Mi,nodefs.available<10%,nodefs.inodesFree<5% \ --system-reserved=cpu=0.5,memory=1G \ --kube-reserved=cpu=0.5,memory=1G \ --cgroups-per-qos=true \ --enforce-node-allocatable=pods,kube-reserved,system-reserved \ --kube-reserved-cgroup=/system.slice/kubelet.service \ --system-reserved-cgroup=/system.slice \ --address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --cgroup-driver=cgroupfs \ --pod-infra-container-image=dyhub.douyucdn.cn/kubernetes/pause-amd64:3.0 \ --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --cert-dir=/opt/kubernetes/ssl \ --cluster-dns=10.1.61.130,10.1.61.136 \ --cluster-domain=test01. \ --hairpin-mode=promiscuous-bridge \ --allow-privileged=true \ --fail-swap-on=false \ --serialize-image-pulls=false \ --max-pods=30 \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target 创建用户绑定角色 # 登录master1 # kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap ``` **# kube-proxy的启动文件/libe/systemd/system/kube-proxy.service内容如下:** ``` [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \ --bind-address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \ --masquerade-all \ --feature-gates=SupportIPVSProxyMode=true \ --proxy-mode=ipvs \ --ipvs-min-sync-period=5s \ --ipvs-sync-period=5s \ --ipvs-scheduler=rr \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` 启动kubelet和kube-proxy: ``` systemctl start kubelet kube-proxy systemctl enable kubelet kube-proxy ``` node节点正常启动以后,在master端执行kubectl get nodes看不到node节点,这是因为node节点启动后先向master申请证书,master签发证书以后,才能加入到集群中,如下: ``` # 查看 csr ➜ kubectl get csr NAME AGE REQUESTOR CONDITION csr-l9d25 2m kubelet-bootstrap Pending # 签发证书 ➜ kubectl certificate approve csr-l9d25 certificatesigningrequest "csr-l9d25" approved # 查看 node ➜ kubectl get node NAME STATUS AGE VERSION 10.1.61.140 Ready 5d v1.7.4 ```