Ubuntu18。04下部署k8s

作文动态
热点娱乐
育儿情感
教程科技
体育养生
教案探索
美文旅游
财经日志
励志范文
论文时尚
保健游戏
护肤业界

　　一、更新Ubuntu源mvetcaptsources。listetcaptsources。list。bakcatetcaptsources。list。bakgrepvgrepv34；sources。listsedisarchive。ubuntu。commirrors。ustc。edu。cngetcaptsources。listsedissecurity。ubuntu。commirrors。ustc。edu。cngetcaptsources。listaptyupdateaptyupgrade2、timedatectlsedisenUSCgetcdefaultlocaletimedatectlsettimezoneAsiaShanghai3、bashcompletionsedi97，99sgroot。bashrc4、sshechoPermitRootLoginyesetcsshsshdconfigpasswdrootEOFpasswordpasswordEOFsystemctlreloadssh5、hostsvimetchosts10。0。0。20k8smaster0010。0。0。21k8smaster0110。0。0。22k8smaster0210。0。0。23k8snode0110。0。0。24k8snode0210。0。0。25k8sblmaster6、sshkeygensshkeygentrsaforiincatroot。txt；doechoi；sshcopyidi。sshidrsa。pubi；done7、swapswapoffasediswaps（。）1getcfstab8、networknetcatetcnetplan00installerconfig。yamlawkNR4｛print1｝sedis｛net｝eth0：getcnetplan00installerconfig。yamlsedi11snet。ifnames0biosdevname0getcdefaultgrubupdategrubreboot二、安装ipvsaptyinstallipvsadmipsetsysstatconntracklibseccomp2libseccompdevcatetcmodulesload。dipvs。confEOFipvsipvslcipvswlcipvsrripvswrripvslblcipvslblcripvsdhipvsshipvsfoipvsnqipvssedipvsftpnfconntrackiptablesipsetxtsetiptsetiptrpfilteriptREJECTipipEOFsystemctlrestartsystemdmodulesload。servicelsmodgrepeipvsenfconntrackipv4三、下载安装containerdwgethttps：github。comcontainerdcontainerdreleasesdownloadv1。6。1cricontainerdcni1。6。1linuxamd64。tar。gztarnooverwritedirCxzfcricontainerdcni1。6。1linuxamd64。tar。gzsystemctldaemonreloadsystemctlenablenowcontainerd修改config。tomlcontainerdconfigdefaultetccontainerdconfig。tomlsedisk8s。gcr。ioregistry。aliyuncs。comgooglecontainersgetccontainerdconfig。tomlsedisSystemdCgroupfalseSystemdCgrouptruegetccontainerdconfig。tomlsedi153a〔plugins。io。containerd。grpc。v1。cri。registry。mirrors。docker。io〕etccontainerdconfig。toml8个空格endpoint10个空格sedi154aendpoint〔https：registry。aliyuncs。com〕etccontainerdconfig。toml修改crictl。yamlmvetccrictl。yamletccrictl。yaml。bakcatetccrictl。yamlEOFruntimeendpoint：unix：runcontainerdcontainerd。sockimageendpoint：unix：runcontainerdcontainerd。socktimeout：0debug：falsepullimageoncreate：falsedisablepullonrun：falseEOF四、安装nginx做四层代理aptyinstallnginxcpetcnginxnginx。confetcnginxnginx。conf。bakvimetcnginxnginx。conf。。。。。。stream｛logformatmainremoteaddrupstreamaddr〔timelocal〕statusupstreambytessent；accesslogvarlognginxk8saccess。logmain；upstreamk8sapiserver｛server10。0。0。20：6443；server10。0。0。21：6443；server10。0。0。22：6443；｝server｛listen6444；proxypassk8sapiserver；｝｝http｛logformatmainremoteaddrremoteuser〔timelocal〕requeststatusbodybytessenthttprefererhttpuseragenthttpxforwardedfor；。。。。。。｝systemctlenablenownginx。servicesystemctlstatusnginx。service五、安装keepalive做高可用aptyinstallkeepalivedkeepalivedconfigcatetckeepalivedkeepalived。confEOFglobaldefs｛notificationemail｛acassenfirewall。locfailoverfirewall。locsysadminfirewall。loc｝notificationemailfromAlexandre。Cassenfirewall。locsmtpserver127。0。0。1smtpconnecttimeout30routeridNGINXMASTER｝vrrpscriptchecknginx｛scriptetckeepalivedchecknginx。shinterval5weight1fall2rise1｝vrrpinstanceVI1｛stateMASTERinterfaceeth0修改为实际网卡名virtualrouterid51VRRP路由ID实例，每个实例是唯一的priority100优先级，备服务器设置90advertint1指定VRRP心跳包通告间隔时间，默认1秒authentication｛authtypePASSauthpassK8SHAKAAUTH｝虚拟IPvirtualipaddress｛10。0。0。2524｝trackscript｛checknginx｝｝EOFhealthconfigcatetckeepalivedchecknginx。shEOF！binbashcount（psefgrepnginxgrepsbinegrepcvgrep）if〔counteq0〕；thensystemctlstopkeepalivedfiEOFsystemctlenablenowkeepalived。servicesystemctlstatuskeepalived。service六、master端部署cfssl、etcd、cacertificate、etcdcertificate
　　6。1、下载cfsslwgethttps：github。comcloudflarecfsslreleasesdownloadv1。6。1cfssl1。6。1linuxamd64Ousrlocalbincfsslwgethttps：github。comcloudflarecfsslreleasesdownloadv1。6。1cfssljson1。6。1linuxamd64Ousrlocalbincfssljsonwgethttps：github。comcloudflarecfsslreleasesdownloadv1。6。1cfsslcertinfo1。6。1linuxamd64OusrlocalbincfsslcertinfochmodxusrlocalbincfsslchownRfroot：rootusrlocalbincfssl
　　6。2、etcd目录规划allMaster1、etcdsslmkdirpetcetcdssl2、etcdWorkingDirectorymkdirpvarlibetcddefault。etcd3、kubernetessslmkdirpetckubernetesssl4、kuberneteslogmkdirpvarlogkubernetes
　　6。3、ca证书生成mkdirpworkcdworkcatcacsr。jsonEOF｛CN：kubernetes，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：k8s，OU：system｝〕｝EOFcatcaconfig。jsonEOF｛signing：｛default：｛expiry：87600h｝，profiles：｛kubernetes：｛usages：〔signing，keyencipherment，serverauth，clientauth〕，expiry：87600h｝｝｝｝EOFcfsslgencertinitcacacsr。jsoncfssljsonbarecacpca。pemetcetcdsslsendtoothermasterforiincatMasterNodes。txt；doechoi；scpetcetcdsslca。pemi：etcetcdssl；done
　　6。4配置etcd证书catetcdcsr。jsonEOF｛CN：etcd，hosts：〔127。0。0。1，10。0。0。20，10。0。0。21，10。0。0。22，10。0。0。25〕，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：k8s，OU：system｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekubernetesetcdcsr。jsoncfssljsonbareetcdcpetcd。pemetcetcdsslsendtootherforiincatMasterNodes。txt；doechoi；scpetcetcdssletcd。pemi：etcetcdssl；done
　　6。5、下载及配置etcddownloadetcdwgethttps：github。cometcdioetcdreleasesdownloadv3。5。0etcdv3。5。0linuxamd64。tar。gztaretcd。tar。gztarxfetcdv3。5。0linuxamd64。tar。gzstripcomponents1Cworketcdv3。5。0linuxamd64etcd｛，ctl｝chownRfroot：rootetcdcparpetcdusrlocalbinsendtootherforiincatMasterNodes。txt；doechoi；scpusrlocalbinetcd｛，ctl｝i：usrlocalbin；donecatetcetcdetcd。confEOFETCDNAMEetcd1ETCDDATADIRvarlibetcddefault。etcdETCDLISTENPEERURLShttps：10。0。0。20：2380changeipETCDLISTENCLIENTURLShttps：10。0。0。20：2379，http：127。0。0。1：2379changeipETCDINITIALADVERTISEPEERURLShttps：10。0。0。20：2380changeipETCDADVERTISECLIENTURLShttps：10。0。0。20：2379changeipETCDINITIALCLUSTERetcd1https：10。0。0。20：2380，etcd2https：10。0。0。21：2380，etcd3https：10。0。0。22：2380ETCDINITIALCLUSTERTOKENetcdclusterETCDINITIALCLUSTERSTATEnewEOF
　　6。6、添加etcdsystemd启动catusrlibsystemdsystemetcd。serviceEOF〔Unit〕DescriptionEtcdServiceAfternetwork。targetAfternetworkonline。targetWantsnetworkonline。target〔Service〕TypenotifyEnvironmentFileetcetcdetcd。confWorkingDirectoryvarlibetcdExecStartusrlocalbinetcdcertfileetcetcdssletcd。pemkeyfileetcetcdssletcdkey。pemtrustedcafileetcetcdsslca。pempeercertfileetcetcdssletcd。pempeerkeyfileetcetcdssletcdkey。pempeertrustedcafileetcetcdsslca。pempeerclientcertauthclientcertauthRestartonfailureRestartSec10LimitNOFILE65536〔Install〕WantedBymultiuser。targetEOFsendtootherforiincatMasterNodes。txt；doechoi；scpusrlibsystemdsystemetcd。servicei：usrlibsystemdsystem；done
　　启动etcd1、startetcdsystemctldaemonreloadsystemctlenablenowetcd。servicesystemctlstatusetcd。service2、checketcdETCDCTLAPI3etcdctlendpointshttps：10。0。0。20：2379，https：10。0。0。21：2379，https：10。0。0。22：2379writeouttablecacertetcetcdsslca。pemcertetcetcdssletcd。pemkeyetcetcdssletcdkey。pemendpointhealthENDPOINTHEALTHTOOKERRORhttps：10。0。0。20：2379true16。188005mshttps：10。0。0。21：2379true16。693314mshttps：10。0。0。22：2379true16。089367ms七、安装k8smaster1、downloadwgethttps：dl。k8s。iov1。23。5kubernetesserverlinuxamd64。tar。gz2、tartarxfkubernetesserverlinuxamd64。tar。gzstripcomponents3Cworkkubernetesserverbinkube｛let，ctl，apiserver，controllermanager，scheduler，proxy｝scpkube｛ctl，apiserver，controllermanager，scheduler｝usrlocalbin3、kube｛let，ctl，apiserver，controllermanager，scheduler，proxy｝foriincatMasterNodes。txt；doechoi；scpworkkube｛ctl，apiserver，controllermanager，scheduler｝i：usrlocalbin；done4、kube｛let，proxy｝foriincatWorkNodes。txt；doechoi；scpworkkube｛let，proxy｝i：usrlocalbin；done5、sendpemcpetcetcdsslca。pemetckubernetessslforiincatWorkNodes。txt；doechoi；scpetcetcdsslca。pemi：etckubernetesssl；done添加kubeapiservertokencatetckubernetestoken。csvEOF（headc16devurandomodAntxtrd），kubeletbootstrap，10001，system：kubeletbootstrapEOFforiincatMasterNodes。txt；doechoi；scpetckubernetestoken。csvi：etckubernetes；done
　　7。2、添加kubeapiserver证书catkubeapiservercsr。jsonEOF｛CN：kubernetes，hosts：〔127。0。0。1，10。0。0。20，10。0。0。21，10。0。0。22，10。0。0。23，10。0。0。24，10。0。0。25，10。96。0。1，kubernetes，kubernetes。default，kubernetes。default。svc，kubernetes。default。svc。cluster，kubernetes。default。svc。cluster。local〕，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：k8s，OU：system｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekuberneteskubeapiservercsr。jsoncfssljsonbarekubeapiservercpkubeapiserver。pemetckubernetessslforiincatMasterNodes。txt；doechoi；scpworkkubeapiserver。pemi：etckubernetesssl；done
　　7。3、天kubeapiserver配置文件changebindaddressandadvertiseaddresscatetckuberneteskubeapiserver。confEOFKUBEAPISERVEROPTSenableadmissionpluginsNamespaceLifecycle，NodeRestriction，LimitRanger，ServiceAccount，DefaultStorageClass，ResourceQuotaanonymousauthfalsebindaddress10。0。0。20secureport6443advertiseaddress10。0。0。20insecureport0authorizationmodeNode，RBACruntimeconfigapialltrueenablebootstraptokenauthserviceclusteriprange10。96。0。016tokenauthfileetckubernetestoken。csvservicenodeportrange3000050000tlscertfileetckubernetessslkubeapiserver。pemtlsprivatekeyfileetckubernetessslkubeapiserverkey。pemclientcafileetckubernetessslca。pemkubeletclientcertificateetckubernetessslkubeapiserver。pemkubeletclientkeyetckubernetessslkubeapiserverkey。pemserviceaccountkeyfileetckubernetessslcakey。pemserviceaccountsigningkeyfileetckubernetessslcakey。pemserviceaccountissuerhttps：kubernetes。default。svc。cluster。localetcdcafileetcetcdsslca。pemetcdcertfileetcetcdssletcd。pemetcdkeyfileetcetcdssletcdkey。pemetcdservershttps：10。0。0。20：2379，https：10。0。0。21：2379，https：10。0。0。22：2379enableswaggeruitrueallowprivilegedtrueapiservercount3auditlogmaxage30auditlogmaxbackup3auditlogmaxsize100auditlogpathvarlogkubeapiserveraudit。logeventttl1halsologtostderrtruelogtostderrfalselogdirvarlogkubernetesv4EOF
　　7。4、添加kubeapiserversystemd启动catusrlibsystemdsystemkubeapiserver。serviceEOF〔Unit〕DescriptionKubernetesAPIServerDocumentationhttps：github。comkuberneteskubernetesAfteretcd。serviceWantsetcd。service〔Service〕EnvironmentFileetckuberneteskubeapiserver。confExecStartusrlocalbinkubeapiserverKUBEAPISERVEROPTSRestartonfailureRestartSec5TypenotifyLimitNOFILE65536〔Install〕WantedBymultiuser。targetEOFforiincatMasterNodes。txt；doechoi；scpusrlibsystemdsystemkubeapiserver。servicei：usrlibsystemdsystem；done
　　启动kubeapiserversystemctldaemonreloadsystemctlenablenowkubeapiserver。servicesystemctlstatuskubeapiserver。servicecheckcurlinsecurehttps：10。0。0。20：6443｛kind：Status，apiVersion：v1，metadata：｛｝，status：Failure，message：Unauthorized，reason：Unauthorized，code：401
　　7。5、kubectl安装添加admincertificatecatadmincsr。jsonEOF｛CN：admin，hosts：〔〕，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：system：masters，OU：system｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekubernetesadmincsr。jsoncfssljsonbareadmincpadmin。pemetckubernetessslforiincatMasterNodes。txt；doechoi；scpetckubernetesssladmin。pemi：etckubernetesssl；done添加admin。config1、设置集群参数kubectlconfigsetclusterkubernetescertificateauthorityca。pemembedcertstrueserverhttps：10。0。0。25：6444kubeconfigadmin。config2、设置客户端认证参数kubectlconfigsetcredentialskubernetesadminclientcertificateadmin。pemclientkeyadminkey。pemembedcertstruekubeconfigadmin。config3、设置上下文参数kubectlconfigsetcontextkubernetesclusterkubernetesuserkubernetesadminkubeconfigadmin。config4、设置当前上下文kubectlconfigusecontextkuberneteskubeconfigadmin。configkuberneteskubeletapikubectlcreateclusterrolebindingkubeapiserver：kubeletapiserverclusterrolesystem。kubeletapiadminuserkuberneteskubectlcreateclusterrolebindingkubernetesclusterroleclusteradminuserkubernetes其它节点cpworkadmin。configetckubernetesmkdirpHOME。kubecpietckubernetesadmin。configHOME。kubeconfigchown（idu）：（idg）HOME。kubeconfigforiincatMasterNodes。txt；doechoi；scpetckubernetesadmin。configi：etckubernetes；doneechoexportKUBECONFIGetckubernetesadmin。configetcprofilesourceetcprofilekubectl（bashcompletion）kubectl（bashcompletion）source（kubectlcompletionbash）echosource（kubectlcompletionbash）etcprofilesourceetcprofilekubectlclusterinfo｛Kubernetescontrolplaneisrunningathttps：10。0。0。20：6443｝kubectlgetcomponentstatusesNAMESTATUSMESSAGEERRORschedulerUnhealthyGethttps：127。0。0。1：10259healthz：dialtcp127。0。0。1：10259：connect：connectionrefusedcontrollermanagerUnhealthyGethttps：127。0。0。1：10257healthz：dialtcp127。0。0。1：10257：connect：connectionrefusedetcd0Healthy｛health：true，reason：｝etcd1Healthy｛health：true，reason：｝etcd2Healthy｛health：true，reason：｝kubectlgetallallnamespacesNAMESPACENAMETYPECLUSTERIPEXTERNALIPPORT（S）AGEdefaultservicekubernetesClusterIP10。96。0。1none443TCP56mverifykubectlkubectlclusterinfo｛Kubernetescontrolplaneisrunningathttps：10。0。0。20：6443｝kubectlgetcomponentstatusesNAMESTATUSMESSAGEERRORschedulerUnhealthyGethttps：127。0。0。1：10259healthz：dialtcp127。0。0。1：10259：connect：connectionrefusedcontrollermanagerUnhealthyGethttps：127。0。0。1：10257healthz：dialtcp127。0。0。1：10257：connect：connectionrefusedetcd0Healthy｛health：true，reason：｝etcd1Healthy｛health：true，reason：｝etcd2Healthy｛health：true，reason：｝kubectlgetallallnamespacesNAMESPACENAMETYPECLUSTERIPEXTERNALIPPORT（S）AGEdefaultservicekubernetesClusterIP10。96。0。1none443TCP56m八、kubecontrollermanagerkubecontrollermanagercertificatecatkubecontrollermanagercsr。jsonEOF｛CN：system：kubecontrollermanager，hosts：〔127。0。0。1，10。0。0。20，10。0。0。21，10。0。0。22，10。0。0。25〕，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：system：kubecontrollermanager，OU：Kubernetes｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekuberneteskubecontrollermanagercsr。jsoncfssljsonbarekubecontrollermanagercpkubecontrollermanager。pemetckubernetessslforiincatMasterNodes。txt；doechoi；scpetckubernetessslkubecontrollermanager。pemi：etckubernetesssl；donekubecontrollermanager。kubeconfig1、设置集群参数kubectlconfigsetclusterkubernetescertificateauthorityca。pemembedcertstrueserverhttps：10。0。0。25：6444kubeconfigetckuberneteskubecontrollermanager。kubeconfig2、设置客户端认证参数kubectlconfigsetcredentialssystem：kubecontrollermanagerclientcertificatekubecontrollermanager。pemclientkeykubecontrollermanagerkey。pemembedcertstruekubeconfigetckuberneteskubecontrollermanager。kubeconfig3、设置上下文参数kubectlconfigsetcontextsystem：kubecontrollermanagerclusterkubernetesusersystem：kubecontrollermanagerkubeconfigetckuberneteskubecontrollermanager。kubeconfig4、设置当前上下文kubectlconfigusecontextsystem：kubecontrollermanagerkubeconfigetckuberneteskubecontrollermanager。kubeconfigkubecontrollermanager。confcatetckuberneteskubecontrollermanager。confEOFKUBECONTROLLERMANAGEROPTSv2secureport10257bindaddress127。0。0。1kubeconfigetckuberneteskubecontrollermanager。kubeconfigserviceclusteriprange10。96。0。016clusternamekubernetesclustersigningcertfileetckubernetessslca。pemclustersigningkeyfileetckubernetessslcakey。pemallocatenodecidrstrueclustercidr10。244。0。016experimentalclustersigningduration87600hrootcafileetckubernetessslca。pemserviceaccountprivatekeyfileetckubernetessslcakey。pemleaderelecttruefeaturegatesRotateKubeletServerCertificatetruecontrollers，bootstrapsigner，tokencleanerhorizontalpodautoscalersyncperiod10stlscertfileetckubernetessslkubecontrollermanager。pemtlsprivatekeyfileetckubernetessslkubecontrollermanagerkey。pemuseserviceaccountcredentialstrueEOFforiincatMasterNodes。txt；doechoi；scpetckuberneteskubecontrollermanageri：etckubernetes；donekubecontrollermanager。servicesystemd启动catusrlibsystemdsystemkubecontrollermanager。serviceEOF〔Unit〕DescriptionKubernetesControllerManagerDocumentationhttps：github。comkuberneteskubernetes〔Service〕EnvironmentFileetckuberneteskubecontrollermanager。confExecStartusrlocalbinkubecontrollermanagerKUBECONTROLLERMANAGEROPTSRestartonfailureRestartSec5〔Install〕WantedBymultiuser。targetEOFforiincatMasterNodes。txt；doechoi；scpusrlibsystemdsystemkubecontrollermanager。servicei：usrlibsystemdsystem；donestartkubecontrollermanager。servicesystemctldaemonreloadsystemctlenablenowkubecontrollermanager。servicesystemctlstatuskubecontrollermanager。service九、调度器kubeschedulerkubeschedulercertificatecatkubeschedulercsr。jsonEOF｛CN：system：kubescheduler，hosts：〔127。0。0。1，10。0。0。20，10。0。0。21，10。0。0。22，10。0。0。25〕，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：system：kubescheduler，OU：system｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekuberneteskubeschedulercsr。jsoncfssljsonbarekubeschedulercpkubescheduler。pemetckubernetessslforiincatMasterNodes。txt；doechoi；scpetckubernetessslkubescheduler。pemi：etckubernetesssl；donekubescheduler。kubeconfig1、设置集群参数kubectlconfigsetclusterkubernetescertificateauthorityca。pemembedcertstrueserverhttps：10。0。0。25：6444kubeconfigetckuberneteskubescheduler。kubeconfig2、设置客户端认证参数kubectlconfigsetcredentialssystem：kubeschedulerclientcertificatekubescheduler。pemclientkeykubeschedulerkey。pemembedcertstruekubeconfigetckuberneteskubescheduler。kubeconfig3、设置上下文参数kubectlconfigsetcontextsystem：kubeschedulerclusterkubernetesusersystem：kubeschedulerkubeconfigetckuberneteskubescheduler。kubeconfig4、设置当前上下文kubectlconfigusecontextsystem：kubeschedulerkubeconfigetckuberneteskubescheduler。kubeconfigkubescheduler。confcatetckuberneteskubescheduler。confEOFKUBESCHEDULEROPTSaddress127。0。0。1kubeconfigetckuberneteskubescheduler。kubeconfigleaderelecttruealsologtostderrtruelogtostderrfalselogdirvarlogkubernetesv2EOFforiincatMasterNodes。txt；doechoi；scpetckuberneteskubescheduleri：etckubernetes；donekubescheduler。servicecatusrlibsystemdsystemkubescheduler。serviceEOF〔Unit〕DescriptionKubernetesSchedulerDocumentationhttps：github。comkuberneteskubernetes〔Service〕EnvironmentFileetckuberneteskubescheduler。confExecStartusrlocalbinkubeschedulerKUBESCHEDULEROPTSRestartonfailureRestartSec5〔Install〕WantedBymultiuser。targetEOFforiincatMasterNodes。txt；doechoi；scpusrlibsystemdsystemkubescheduler。servicei：usrlibsystemdsystem；donestartkubescheduler。servicesystemctldaemonreloadsystemctlenablenowkubescheduler。servicesystemctlstatuskubescheduler。service十、k8snode节点安装
　　1、kubeletBOOTSTRAPTOKENBOOTSTRAPTOKEN（awkF，｛print1｝etckubernetestoken。csv）
　　1。2kubeletbootstrap。kubeconfig1、设置集群参数kubectlconfigsetclusterkubernetescertificateauthorityca。pemembedcertstrueserverhttps：10。0。0。25：6444kubeconfigrootworkkubeletbootstrap。kubeconfig2、设置客户端认证参数kubectlconfigsetcredentialskubeletbootstraptoken｛BOOTSTRAPTOKEN｝kubeconfigrootworkkubeletbootstrap。kubeconfig3、设置上下文参数kubectlconfigsetcontextdefaultclusterkubernetesuserkubeletbootstrapkubeconfigrootworkkubeletbootstrap。kubeconfig4、设置当前上下文kubectlconfigusecontextdefaultkubeconfigrootworkkubeletbootstrap。kubeconfig5、创建clusterrolebindingkubectldeleteclusterrolebindingkubeletbootstrapkubectlcreateclusterrolebindingkubeletbootstrapclusterrolesystem：nodebootstrapperuserkubeletbootstrapkubectlcreateclusterrolebindingclustersystemanonymousclusterroleclusteradminuserkubeletbootstrap
　　1。3kubelet。jsoncatworkkubelet。jsonEOF｛kind：KubeletConfiguration，apiVersion：kubelet。config。k8s。iov1beta1，authentication：｛x509：｛clientCAFile：etckubernetessslca。pem｝，webhook：｛enabled：true，cacheTTL：2m0s｝，anonymous：｛enabled：false｝｝，authorization：｛mode：Webhook，webhook：｛cacheAuthorizedTTL：5m0s，cacheUnauthorizedTTL：30s｝｝，address：10。0。0。23，port：10250，readOnlyPort：10255，cgroupDriver：systemd，hairpinMode：promiscuousbridge，serializeImagePulls：false，clusterDomain：cluster。local。，clusterDNS：〔10。96。0。2〕｝EOF
　　1。4kubelet。servicecatworkkubelet。serviceEOF〔Unit〕DescriptionKubernetesKubeletDocumentationhttps：github。comkuberneteskubernetesAftercontainerd。serviceRequirescontainerd。service〔Service〕WorkingDirectoryvarlibkubeletExecStartusrlocalbinkubeletcontainerruntimeremotecontainerruntimeendpointunix：runcontainerdcontainerd。sockbootstrapkubeconfigetckuberneteskubeletbootstrap。kubeconfigcertdiretckubernetessslkubeconfigetckuberneteskubelet。kubeconfigconfigetckuberneteskubelet。jsonpodinfracontainerimageregistry。aliyuncs。comgooglecontainerspause：3。2v2RestartonfailureRestartSec5〔Install〕WantedBymultiuser。targetEOFforiincatWorkNodes。txt；doechoi；scpworkkubelet。jsonworkkubeletbootstrap。kubeconfigi：etckubernetes；doneforiincatWorkNodes。txt；doechoi；scpworkkubelet。servicei：usrlibsystemdsystem；doneforiincatWorkNodes。txt；doechoi；scpetckubernetessslca。pemi：etckubernetesssl；done
　　1。5startkubelet。servicesmkdirpvarlibkubeletsystemctldaemonreloadsystemctlenablenowkubelet。servicesystemctlstatuskubelet。service
　　1。6ApproveNodeskubectlgetcsrgrepnodeawk｛print1，6｝nodecsrBV7RZ1Mc1RFkWhH9jzJH8h8ondRMB3an7FgBUwWhkPendingnodecsrwZOIACKylv7DlEPRK8iMg3sYyBErjbGjxkMkRyPoPendingkubectlcertificateapprovenodecsrcsrBV7RZ1Mc1RFkWhH9jzJH8h8ondRMB3an7FgBUwWhknodecsrwZOIACKylv7DlEPRK8iMg3sYyBErjbGjxkMkRyPokubectlgetnodesNAMESTATUSROLESAGEVERSIONk8snode01Readynone118mv1。23。5k8snode02Readynone118mv1。23。5
　　2、kubepproxykubeproxycertificatecatkubeproxycsr。jsonEOF｛CN：system：kubeproxy，key：｛algo：rsa，size：2048｝，names：〔｛C：CN，ST：Shanghai，L：Shanghai，O：k8s，OU：system｝〕｝EOFcfsslgencertcaca。pemcakeycakey。pemconfigcaconfig。jsonprofilekuberneteskubeproxycsr。jsoncfssljsonbarekubeproxycpkubeproxy。pemetckubernetessslforiincatWorkNodes。txt；doechoi；scpworkkubeproxy。pemi：etckubernetesssl；done
　　2。3kubeproxy。kubeconfig1、设置集群参数kubectlconfigsetclusterkubernetescertificateauthorityca。pemembedcertstrueserverhttps：10。0。0。25：6444kubeconfigrootworkkubeproxy。kubeconfig2、设置客户端认证参数kubectlconfigsetcredentialskubeproxyclientcertificatekubeproxy。pemclientkeykubeproxykey。pemembedcertstruekubeconfigrootworkkubeproxy。kubeconfig3、设置上下文参数kubectlconfigsetcontextdefaultclusterkubernetesuserkubeproxykubeconfigrootworkkubeproxy。kubeconfig4、设置当前上下文kubectlconfigusecontextdefaultkubeconfigrootworkkubeproxy。kubeconfikubeproxy。yaml以下bindAddress均为宿主机ip，clusterCIDR为宿主机网段catworkkubeproxy。yamlEOFapiVersion：kubeproxy。config。k8s。iov1alpha1bindAddress：10。0。0。23clientConnection：kubeconfig：etckuberneteskubeproxy。kubeconfigclusterCIDR：10。244。0。024healthzBindAddress：10。0。0。23：10256kind：KubeProxyConfigurationmetricsBindAddress：10。0。0。23：10249mode：ipvsEOFforiincatWorkNodes。txt；doechoi；scpworkkubeproxy。yamlworkkubeproxy。kubeconfigi：etckubernetes；done
　　2。4kubeproxy。servicecatworkkubeproxy。serviceEOF〔Unit〕DescriptionKubernetesKubeProxyServerDocumentationhttps：github。comkuberneteskubernetesAfternetwork。target〔Service〕WorkingDirectoryvarlibkubeproxyExecStartusrlocalbinkubeproxyconfigetckuberneteskubeproxy。yamlalsologtostderrtruelogtostderrfalselogdirvarlogkubernetesv2RestartonfailureRestartSec5LimitNOFILE65536〔Install〕WantedBymultiuser。targetEOFforiincatWorkNodes。txt；doechoi；scpworkkubeproxy。servicei：usrlibsystemdsystem；done
　　2。5startkubeproxy。services
　　mkdirpvarlibkubeproxysystemctldaemonreloadsystemctlenablenowkubeproxy。servicesystemctlstatuskubeproxy。service
　　3、网络calicowgethttps：docs。projectcalico。orgmanifestscalico。yamlkubectlapplyfcalico。yaml
　　3。1corednsmvetcresolv。confetcresolv。conf。baklnsrunsystemdresolveresolv。confetcsystemctlrestartsystemdresolved。servicesystemctlenablesystemdresolved。service
　　coredns。yamlapiVersion：v1kind：ServiceAccountmetadata：name：corednsnamespace：kubesystemapiVersion：rbac。authorization。k8s。iov1kind：ClusterRolemetadata：labels：kubernetes。iobootstrapping：rbacdefaultsname：system：corednsrules：apiGroups：resources：endpointsservicespodsnamespacesverbs：listwatchapiGroups：discovery。k8s。ioresources：endpointslicesverbs：listwatchapiVersion：rbac。authorization。k8s。iov1kind：ClusterRoleBindingmetadata：annotations：rbac。authorization。kubernetes。ioautoupdate：truelabels：kubernetes。iobootstrapping：rbacdefaultsname：system：corednsroleRef：apiGroup：rbac。authorization。k8s。iokind：ClusterRolename：system：corednssubjects：kind：ServiceAccountname：corednsnamespace：kubesystemapiVersion：v1kind：ConfigMapmetadata：name：corednsnamespace：kubesystemdata：Corefile：。：53｛errorshealth｛lameduck5s｝readykubernetescluster。localinaddr。arpaip6。arpa｛fallthroughinaddr。arpaip6。arpa｝prometheus：9153forward。etcresolv。conf｛maxconcurrent1000｝cache30loopreloadloadbalance｝apiVersion：appsv1kind：Deploymentmetadata：name：corednsnamespace：kubesystemlabels：k8sapp：kubednskubernetes。ioname：CoreDNSspec：replicas：notspecifiedhere：1。Defaultis1。2。WillbetunedinrealtimeifDNShorizontalautoscalingisturnedon。strategy：type：RollingUpdaterollingUpdate：maxUnavailable：1selector：matchLabels：k8sapp：kubednstemplate：metadata：labels：k8sapp：kubednsspec：priorityClassName：systemclustercriticalserviceAccountName：corednstolerations：key：CriticalAddonsOnlyoperator：ExistsnodeSelector：kubernetes。ioos：linuxaffinity：podAntiAffinity：preferredDuringSchedulingIgnoredDuringExecution：weight：100podAffinityTerm：labelSelector：matchExpressions：key：k8sappoperator：Invalues：〔kubedns〕topologyKey：kubernetes。iohostnamecontainers：name：corednsimage：corednscoredns：1。8。4imagePullPolicy：IfNotPresentresources：limits：memory：170Mirequests：cpu：100mmemory：70Miargs：〔conf，etccorednsCorefile〕volumeMounts：name：configvolumemountPath：etccorednsreadOnly：trueports：containerPort：53name：dnsprotocol：UDPcontainerPort：53name：dnstcpprotocol：TCPcontainerPort：9153name：metricsprotocol：TCPsecurityContext：allowPrivilegeEscalation：falsecapabilities：add：NETBINDSERVICEdrop：allreadOnlyRootFilesystem：truelivenessProbe：httpGet：path：healthport：8080scheme：HTTPinitialDelaySeconds：60timeoutSeconds：5successThreshold：1failureThreshold：5readinessProbe：httpGet：path：readyport：8181scheme：HTTPdnsPolicy：Defaultvolumes：name：configvolumeconfigMap：name：corednsitems：key：Corefilepath：CorefileapiVersion：v1kind：Servicemetadata：name：kubednsnamespace：kubesystemannotations：prometheus。ioport：9153prometheus。ioscrape：truelabels：k8sapp：kubednskubernetes。ioclusterservice：truekubernetes。ioname：CoreDNSspec：selector：k8sapp：kubednsclusterIP：10。96。0。2ports：name：dnsport：53protocol：UDPname：dnstcpport：53protocol：TCPname：metricsport：9153protocol：TCP
　　安装corednskubectlapplyfcoredns。yaml二进制安装很繁琐，请耐心看完

快要期中考试日记期中考试是检测学生半个学期的学习情况，方便与后半个学期的教学调整，以下是小编整理的快要期中考试日记，欢迎参考阅读！快要期中考试日记1一眨眼，十月份就要过去了，马上就要期中……lombok使用注意，不要写重载属性getset方法背景最近在写UT测试的过程中，有些接口的响应内容比较多。不想也不应该手动去敲代码拼接响应内容。于是对响应内容做反序列化，转成直接使用的对象。到这一步还没有问题，关键是下一……安徽全省重大项目云签约活动举行安徽2022年全省重大项目云签约活动于5月10日上午举行。这次云签约活动以主会场视频连线各市分会场的方式举行，各市在分会场进行线上项目签约。据统计，此次签约重大项目共28……这感悟有点歪且危险日本IT业落后主要是因为缺乏军事工业JBpress2022年4月30日刊登木寺祥友的文章，指出，硅谷是军事工业的圣地，日本需要改变思维方式。要知道，位于硅谷的美国著名的斯坦福大学，在军事研究方面也很出色。军……从第一次系鞋带说起作文950字妈，我自己系的鞋带却怎么也解不开。噢，下一次妈给你买没有鞋带的鞋子。妈，我的衣服在洗碗时被弄脏了。乖，咱以后不洗碗了，让妈来吧！妈，我把自己的床铺整理好……2021小升初作文题目大全一、根据下面所给的词语，编个故事，不少于400字。考场小白兔山坡指南针狐狸二、材料：李芳也来参加毕业考试了，同学们都感到意外，她能这样做真不容易啊！hellip；hell……洗澡写事作文300字我已经去度假了七天，全身臭烘烘的，衣服湿透了，而且非常疲惫。我终于回到了家，，我要把我臭烘烘的身子洗得干干净净，香香得。我开始洗澡了，我先快速地衣服裤子脱了，放在一……2016新年新气象对联大全上联：春花含笑意下联：爆竹增欢声横批：喜气盈门上联：黄莺鸣翠柳下联：紫燕剪春风横批：莺歌燕舞上联：爆竹传吉语下联：腊梅报新春横批……IntelCPU的发展历程（九）Corei系列诞生了，它的架构代号为Nehalem。Nehalem架构处理器的产品代号为Bloomfield，有别于之前的命名，英文品牌名为Corei7，但中文品牌名字还叫酷睿……写一件小事小学作文5篇作文一：难忘的一件小事我们班的班长是个品学谦优的学生，别看他是一位男生，可做起事来比女生还要细心。说起我们的班长，那可就说不完了。我还深深记得那件事，那一天，轮到我……谢谢你的陪伴初三作文我永远忘不了你如沐春风的笑脸，也非常感谢你一直的陪伴。题记是你，在我孤立无援的时候，默默地支持我。是你，在我的能力遭到质疑的时候，挺身而出。是你，在我泣不成声的时候，柔声……二年级童话寓言作文五官的争吵朵朵的五官可精致了，弯弯的眉毛，水灵灵的眼睛，有福气的大耳朵，高高的鼻子，一张小巧玲珑的嘴巴，它们一直和平相处，合作得很好，从来没有闹过别扭。不过有一天，古怪的事情发生了。它们……

<<<<<<－>>>>>>

读精彩极了和糟糕透了有感500字我读过很多课文，但我感觉《ldquo；精彩极了rdquo；和ldquo；糟糕透了rdquo；》这篇课文和我的生活息息相关，这篇课文给我的感悟也是最大的，我的家庭不向他的家庭，我……分享，绽放在这里作文分享，是什么呢？是和同学们分饼干？还是和大家一起合看一本书？我以前不大喜欢与人分享，可是，那一次，改变了我的做法。那是我上一年级的时候，妈妈说表妹要来我家了，我一听，脸色……我想对朋友说作文400字导语：朋友是快乐日子里的一把吉它，尽情地为你弹奏生活的愉悦。下面是小编整理的我想对朋友说作文400字，希望对大家有所帮助。篇一：我想对朋友说作文亲爱的张博文：你好，……春之雪作文600字夜幕降临，我倒了杯茶在院子里坐着，不经意间睡着了。ldquo；光，好亮啊rdquo；一道白光把我照醒了，我睁开眼，只见天地之间白茫茫的一片，ldquo；啊，终于下雪了rd……暑假作文800字少年宫之旅暑假漫漫长，去少年宫无疑是最好的去处，既能学习知识还能去玩。下面是小编为您推荐的作文：【800字，少年宫之旅】暑假，我、爸爸、妈妈和奶奶一起去上海少年宫参观。爸爸开……关于褒义词的四字词语大全强颜欢笑、以火止沸、巧妇难为无米之炊、玉成其事、进退亡据、闪烁其词、道貌凛然、应刃而解、鬓乱钗横、轻车熟路、吉祥如意、倾家竭产、过化存神、高居深拱、菽水承欢、驾鹤西游、引颈受戮……回家的路上作文600字那是栋老房子了，我曾在那住过20xx年之久。每当走在那条熟悉的街，站在那栋老房子前，与老邻居聊天时，总会深深的回忆以前的故事。这天，我又回到了那栋房子前。ldquo；真棒……想念你的笑作文望着田野那金黄的油菜花，我又想起了你灿烂的笑容。在远方的你是否能同我一起欣赏这幅风景秀丽的画？那年正值油菜花开的季节，蜜蜂和蝴蝶在花蕊钟嬉戏，鸟儿在蓝天飞翔。有两个少年走……绽放品学网专稿未经允许不得转载我家阳台有两盆茶花，一盆叫红，一盆叫绿。春，红含苞待放，那最活泼的几朵已先行在枝头上绽放，绿郁郁葱葱，不见有任何动静，连青苞都不见一个。……快乐的端午假期五年级作文太好了！放假喽。我一听这声音，就知道大家都沉浸在放假的喜悦中，你可能会想：不就放假吗，怎么这么开心？因为这次放的可是三天小长假，端午假。这三天你去乡下可以玩个够呢。也正是……我眼里的春天300字作文篇一：我眼里的春天它，唤醒了沉睡的动物们；它，吹绿了小草和柳树；它，让花朵再次呈现出它那迷人的光彩。春天已经出现在我们的眼前！春天，百鸟鸣春，春风拂柳，为我们添彩。……母爱的伟大记叙作文世上只有妈妈好，有妈的孩子像块宝，走进妈妈的怀抱这首歌大家一定听过吧，也一定会唱吧。当你唱起这首歌时，你是否会想到妈妈对你的爱呢？母爱，是世界上最伟大的爱。我真正体会到这……

友情链接：易事利快生活快传网聚热点七猫云快好知快百科中准网快好找文好找中准网快软网