mirror of
https://github.com/kelseyhightower/kubernetes-the-hard-way.git
synced 2025-12-16 01:38:58 +03:00
update to Kubernetes 1.6
This commit is contained in:
Kelsey Hightower
@@ -15,50 +15,53 @@ Kubernetes worker nodes are responsible for running your containers. All Kuberne
|
||||
|
||||
Some people would like to run workers and cluster services anywhere in the cluster. This is totally possible, and you'll have to decide what's best for your environment.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Each worker node will provision a unqiue TLS client certificate as defined in the [kubelet TLS bootstrapping guide](https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/). The `kubelet-bootstrap` user must be granted permission to request a client TLS certificate. Run the following command on a controller node to enable TLS bootstrapping:
|
||||
|
||||
Bind the `kubelet-bootstrap` user to the `system:node-bootstrapper` cluster role:
|
||||
|
||||
```
|
||||
kubectl create clusterrolebinding kubelet-bootstrap \
|
||||
--clusterrole=system:node-bootstrapper \
|
||||
--user=kubelet-bootstrap
|
||||
```
|
||||
|
||||
## Provision the Kubernetes Worker Nodes
|
||||
|
||||
Run the following commands on `worker0`, `worker1`, `worker2`:
|
||||
|
||||
### Set the Kubernetes Public Address
|
||||
|
||||
#### GCE
|
||||
|
||||
```
|
||||
KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes \
|
||||
--region=us-central1 \
|
||||
--format 'value(address)')
|
||||
```
|
||||
|
||||
#### AWS
|
||||
|
||||
```
|
||||
KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
|
||||
--load-balancer-name kubernetes | \
|
||||
jq -r '.LoadBalancerDescriptions[].DNSName')
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
```
|
||||
sudo mkdir -p /var/lib/kubelet
|
||||
```
|
||||
|
||||
```
|
||||
sudo mv bootstrap.kubeconfig kube-proxy.kubeconfig /var/lib/kubelet
|
||||
sudo mkdir -p /var/lib/kube-proxy
|
||||
```
|
||||
|
||||
#### Move the TLS certificates in place
|
||||
```
|
||||
sudo mkdir -p /var/run/kubernetes
|
||||
```
|
||||
|
||||
```
|
||||
sudo mkdir -p /var/lib/kubernetes
|
||||
```
|
||||
|
||||
```
|
||||
sudo mv bootstrap.kubeconfig /var/lib/kubelet
|
||||
```
|
||||
|
||||
```
|
||||
sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy
|
||||
```
|
||||
|
||||
Move the TLS certificates in place
|
||||
|
||||
```
|
||||
sudo mv ca.pem /var/lib/kubernetes/
|
||||
```
|
||||
|
||||
#### Docker
|
||||
### Install Docker
|
||||
|
||||
```
|
||||
wget https://get.docker.com/builds/Linux/x86_64/docker-1.12.6.tgz
|
||||
@@ -74,7 +77,6 @@ sudo cp docker/docker* /usr/bin/
|
||||
|
||||
Create the Docker systemd unit file:
|
||||
|
||||
|
||||
```
|
||||
cat > docker.service <<EOF
|
||||
[Unit]
|
||||
@@ -104,7 +106,13 @@ sudo mv docker.service /etc/systemd/system/docker.service
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl enable docker
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl start docker
|
||||
```
|
||||
|
||||
@@ -112,10 +120,9 @@ sudo systemctl start docker
|
||||
sudo docker version
|
||||
```
|
||||
|
||||
### Install the kubelet
|
||||
|
||||
#### kubelet
|
||||
|
||||
The Kubernetes kubelet no longer relies on docker networking for pods! The Kubelet can now use [CNI - the Container Network Interface](https://github.com/containernetworking/cni) to manage machine level networking requirements.
|
||||
The Kubelet can now use [CNI - the Container Network Interface](https://github.com/containernetworking/cni) to manage machine level networking requirements.
|
||||
|
||||
Download and install CNI plugins
|
||||
|
||||
@@ -131,17 +138,18 @@ wget https://storage.googleapis.com/kubernetes-release/network-plugins/cni-amd64
|
||||
sudo tar -xvf cni-amd64-0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff.tar.gz -C /opt/cni
|
||||
```
|
||||
|
||||
|
||||
Download and install the Kubernetes worker binaries:
|
||||
|
||||
```
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-beta.4/bin/linux/amd64/kubectl
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-rc.1/bin/linux/amd64/kubectl
|
||||
```
|
||||
|
||||
```
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-beta.4/bin/linux/amd64/kube-proxy
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-rc.1/bin/linux/amd64/kube-proxy
|
||||
```
|
||||
|
||||
```
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-beta.4/bin/linux/amd64/kubelet
|
||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.6.0-rc.1/bin/linux/amd64/kubelet
|
||||
```
|
||||
|
||||
```
|
||||
@@ -154,6 +162,11 @@ sudo mv kubectl kube-proxy kubelet /usr/bin/
|
||||
|
||||
Create the kubelet systemd unit file:
|
||||
|
||||
```
|
||||
API_SERVERS=$(sudo cat /var/lib/kubelet/bootstrap.kubeconfig | \
|
||||
grep server | cut -d ':' -f2,3,4 | tr -d '[:space:]')
|
||||
```
|
||||
|
||||
```
|
||||
cat > kubelet.service <<EOF
|
||||
[Unit]
|
||||
@@ -164,7 +177,7 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/kubelet \\
|
||||
--api-servers=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \\
|
||||
--api-servers=${API_SERVERS} \\
|
||||
--allow-privileged=true \\
|
||||
--cluster-dns=10.32.0.10 \\
|
||||
--cluster-domain=cluster.local \\
|
||||
@@ -190,12 +203,14 @@ sudo mv kubelet.service /etc/systemd/system/kubelet.service
|
||||
```
|
||||
|
||||
```
|
||||
sudo chmod +w /var/run/kubernetes
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable kubelet
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl start kubelet
|
||||
```
|
||||
|
||||
@@ -205,7 +220,6 @@ sudo systemctl status kubelet --no-pager
|
||||
|
||||
#### kube-proxy
|
||||
|
||||
|
||||
```
|
||||
cat > kube-proxy.service <<EOF
|
||||
[Unit]
|
||||
@@ -216,8 +230,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
||||
ExecStart=/usr/bin/kube-proxy \\
|
||||
--cluster-cidr=10.200.0.0/16 \\
|
||||
--masquerade-all=true \\
|
||||
--master=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \\
|
||||
--kubeconfig=/var/lib/kubelet/kube-proxy.kubeconfig \\
|
||||
--kubeconfig=/var/lib/kube-proxy/kube-proxy.kubeconfig \\
|
||||
--proxy-mode=iptables \\
|
||||
--v=2
|
||||
Restart=on-failure
|
||||
@@ -234,7 +247,13 @@ sudo mv kube-proxy.service /etc/systemd/system/kube-proxy.service
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl enable kube-proxy
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl start kube-proxy
|
||||
```
|
||||
|
||||
@@ -260,12 +279,21 @@ List the pending certificate requests:
|
||||
kubectl get csr
|
||||
```
|
||||
|
||||
```
|
||||
NAME AGE REQUESTOR CONDITION
|
||||
csr-XXXXX 1m kubelet-bootstrap Pending
|
||||
```
|
||||
|
||||
> Use the kubectl describe csr command to view the details of a specific signing request.
|
||||
|
||||
Approve each certificate signing request using the `kubectl certificate approve` command:
|
||||
|
||||
```
|
||||
kubectl certificate approve <csr-name>
|
||||
kubectl certificate approve csr-XXXXX
|
||||
```
|
||||
|
||||
```
|
||||
certificatesigningrequest "csr-XXXXX" approved
|
||||
```
|
||||
|
||||
Once all certificate signing requests have been approved all nodes should be registered with the cluster:
|
||||
@@ -276,7 +304,7 @@ kubectl get nodes
|
||||
|
||||
```
|
||||
NAME STATUS AGE VERSION
|
||||
worker0 Ready 7m v1.6.0-beta.4
|
||||
worker1 Ready 5m v1.6.0-beta.4
|
||||
worker2 Ready 2m v1.6.0-beta.4
|
||||
worker0 Ready 7m v1.6.0-rc.1
|
||||
worker1 Ready 5m v1.6.0-rc.1
|
||||
worker2 Ready 2m v1.6.0-rc.1
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user