扩容节点

这里以添加 Work 节点 m7-power-128050 (172.27.128.50) 为例,定义主机名和 IP 环境变量:

  1. export NODE_IP=172.27.128.50
  2. export NODE_NAME=m7-power-128050

系统初始化

按照 01.系统初始化和全局变量.md 文档中的步骤对机器进行初始化。

拷贝 CA 证书和私钥

  1. cd /opt/k8s/work
  2. scp ca*.pem ca-config.json root@${NODE_IP}:/etc/kubernetes/cert

部署 kubectl

拷贝二进制程序:

  1. cd /opt/k8s
  2. scp kubernetes/client/bin/kubectl root@${NODE_IP}:/opt/k8s/bin/
  3. ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"

拷贝配置文件:

  1. cd /opt/k8s/work
  2. ssh root@${NODE_IP} "mkdir -p ~/.kube"
  3. scp kubectl.kubeconfig root@${NODE_IP}:~/.kube/config

部署 flannel 组件

拷贝二进制程序:

  1. cd /opt/k8s
  2. scp flannel/{flanneld,mk-docker-opts.sh} root@${NODE_IP}:/opt/k8s/bin/
  3. ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"

拷贝证书和私钥:

  1. cd /opt/k8s/work
  2. ssh root@${NODE_IP} "mkdir -p /etc/flanneld/cert"
  3. scp flanneld*.pem root@${NODE_IP}:/etc/flanneld/cert
  4. scp ca.pem root@${NODE_IP}:/etc/flanneld/cert

拷贝 systemd unit 文件:

  1. cd /opt/k8s/work
  2. # 修改 flanneld.service 文件中的 -iface 参数值为实际网卡名称
  3. scp flanneld.service root@${NODE_IP}:/etc/systemd/system/

启动 flanneld 服务:

  1. ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable flanneld && systemctl restart flanneld"

检查启动结果:

  1. ssh root@${NODE_IP} "systemctl status flanneld|grep Active"

确保状态为 active (running),否则查看日志,确认原因:

  1. journalctl -u flanneld

查看接口 IP:

  1. ssh root@${NODE_IP} "ip addr show flannel.1"

部署 docker 组件

拷贝文件:

  1. cd /opt/k8s/
  2. scp docker/docker*  root@${NODE_IP}:/opt/k8s/bin/
  3. ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"
  4. scp docker.service root@${NODE_IP}:/etc/systemd/system/

拷贝配置文件:

  1. cd /opt/k8s/work/
  2. ssh root@${NODE_IP} "mkdir -p /mnt/disk1/docker/{data,exec}"
  3. ssh root@${NODE_IP} "mkdir -p  /etc/docker/"
  4. scp docker-daemon.json root@${NODE_IP}:/etc/docker/daemon.json

启动 docker 服务:

  1. ssh root@${NODE_IP} "systemctl stop firewalld && systemctl disable firewalld"
  2. ssh root@${NODE_IP} "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat"
  3. ssh root@${NODE_IP} "iptables -P FORWARD ACCEPT"
  4. ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker"
  5. ssh root@${NODE_IP} 'for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done'

检查服务状态:

  1. ssh root@${NODE_IP} "systemctl status docker|grep Active"

部署 kubelet 组件

拷贝 K8S 二进制文件:

  1. cd /opt/k8s/
  2. scp kubernetes/server/bin/* root@${NODE_IP}:/opt/k8s/bin/
  3. ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"

拷贝 kubelet boostrap 文件:

  1. cd /opt/k8s/work
  2. scp kubelet-bootstrap.kubeconfig root@${NODE_IP}:/etc/kubernetes/kubelet-bootstrap.kubeconfig

根据模块创建 systemd unit 文件:

  1. cd /opt/k8s/work
  2. sed -e "s/##NODE_NAME##/${NODE_NAME}/" -e "s/##NODE_IP##/${NODE_IP}/" kubelet.service.template > kubelet-${NODE_NAME}.service
  3. scp kubelet-${NODE_NAME}.service root@${NODE_IP}:/etc/systemd/system/kubelet.service

起服务:

  1. ssh root@${NODE_IP} "mkdir -p /mnt/disk2/k8s/kubelet/log" 
  2. ssh root@${NODE_IP} "swapoff -a"
  3. ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet"

查看启动情况:

  1. kubectl get nodes ${NODE_NAME}

输出:

  1. m7-power-128050   Ready     <none>    5m        v1.8.15

部署 kube-proxy 组件

根据模板文件创建节点的 kube-proxy 配置文件:

  1. cd /opt/k8s/work
  2. sed -e "s/##NODE_NAME##/${NODE_NAME}/" -e "s/##NODE_IP##/${NODE_IP}/" kube-proxy.config.yaml.template > kube-proxy-${NODE_NAME}.config.yaml
  3. scp kube-proxy-${NODE_NAME}.config.yaml root@${NODE_IP}:/etc/kubernetes/kube-proxy.config.yaml

拷贝 kubeconfig 文件:

  1. cd /opt/k8s/work
  2. scp kube-proxy.kubeconfig root@${NODE_IP}:/etc/kubernetes/

拷贝 systemd unit 文件:

  1. cd /opt/k8s/work
  2. scp kube-proxy.service root@${NODE_IP}:/etc/systemd/system/kube-proxy.service

起服务:

  1. ssh root@${NODE_IP} "mkdir -p /mnt/disk2/k8s/kube-proxy"
  2. ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable kube-proxy && systemctl restart kube-proxy"

检查启动结果:

  1. ssh root@${NODE_IP} "systemctl status kube-proxy|grep Active"

结果中必须包含 Active: active (running),否则查看日志,排查原因。

检查 iptables 规则是否添加:

  1. ssh root@${NODE_IP} "/usr/sbin/iptables -nL -t nat|grep kubernetes:https"

输出类似于:

  1. KUBE-MARK-MASQ  all  --  172.27.128.107       0.0.0.0/0            /* default/kubernetes:https */
  2. DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ tcp to:172.27.128.107:6443
  3. KUBE-MARK-MASQ  all  --  172.27.128.123       0.0.0.0/0            /* default/kubernetes:https */
  4. DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ tcp to:172.27.128.123:6443
  5. KUBE-MARK-MASQ  all  --  172.27.128.71        0.0.0.0/0            /* default/kubernetes:https */
  6. DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ tcp to:172.27.128.71:6443
  7. KUBE-MARK-MASQ  tcp  -- !172.30.0.0/16        10.254.0.1           /* default/kubernetes:https cluster IP */ tcp dpt:443
  8. KUBE-SVC-NPX46M4PTMTKRN6Y  tcp  --  0.0.0.0/0            10.254.0.1           /* default/kubernetes:https cluster IP */ tcp dpt:443
  9. KUBE-SEP-5NBUVTPI25CJ3LUF  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ statistic mode random probability 0.33332999982
  10. KUBE-SEP-WJUQKTGTDY252PCA  all  --  0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ statistic mode random probability 0.50000000000
  11. KUBE-SEP-WR6LBNIK2S2UCATZ  all  --  0.0.0

安装 Ceph 客户端工具

需要在使用 Ceph 的每个 K8S 节点上安装 Ceph 客户端工具。

创建 yum 源配置文件:

  1. sudo yum install -y epel-release
  2. cat << "EOM" > /etc/yum.repos.d/ceph.repo
  3. [ceph]
  4. name=Ceph packages for $basearch
  5. baseurl=http://download.ceph.com/rpm-luminous/el7/$basearch
  6. enabled=1
  7. gpgcheck=1
  8. type=rpm-md
  9. gpgkey=https://download.ceph.com/keys/release.asc
  10. priority=1
  12. [ceph-noarch]
  13. name=Ceph noarch packages
  14. baseurl=https://download.ceph.com/rpm-luminous/el7/noarch
  15. enabled=1
  16. gpgcheck=1
  17. type=rpm-md
  18. gpgkey=https://download.ceph.com/keys/release.asc
  19. priority=1
  21. [ceph-source]
  22. name=Ceph source packages
  23. baseurl=http://download.ceph.com/rpm-luminous/el7/SRPMS
  24. enabled=1
  25. gpgcheck=1
  26. type=rpm-md
  27. gpgkey=https://download.ceph.com/keys/release.asc
  28. priority=1
  29. EOM
  • 注意:ceph repo 的版本需要与 ceph 集群版本一致,如上面配置的是 luminous 版本源。

安装 Ceph 客户端工具:

  1. yum clean all && yum update
  2. yum install -y ceph-common

安装的命令行工具列表:

  1. $ rpm -ql ceph-common|grep bin
  2. /usr/bin/ceph
  3. /usr/bin/ceph-authtool
  4. /usr/bin/ceph-brag
  5. /usr/bin/ceph-conf
  6. /usr/bin/ceph-dencoder
  7. /usr/bin/ceph-post-file
  8. /usr/bin/ceph-rbdnamer
  9. /usr/bin/ceph-syn
  10. /usr/bin/rados
  11. /usr/bin/rbd

挂载 CephFS

创建挂载目录:

  1. sudo mkdir -p /etc/ceph /mnt/cephfs/k8s/power

创建 secret 文件:

  1. sudo scp root@172.27.128.100:/etc/ceph/ceph.client.admin.keyring /etc/ceph/
  2. sudo awk '/key = / {print $3}' /etc/ceph/ceph.client.admin.keyring >/etc/ceph/ceph-admin.secret

挂载 CephFS:

  1. sudo mount -t ceph 172.27.128.100:6789:/k8s/power  /mnt/cephfs/k8s/power -o name=admin,secretfile=/etc/ceph/ceph-admin.secret,noatime

确认挂载成功:

  1. $ mount|grep ceph
  2. 172.27.128.100:6789:/k8s/power/ on /mnt/cephfs/k8s/power type ceph (rw,noatime,name=admin,secret=<hidden>,acl)

在 /etc/fstab 中添加一行开启自动挂载记录:

  1. 172.27.128.100:6789:/k8s/power/ /mnt/cephfs/k8s/power ceph name=admin,secretfile=/etc/ceph/ceph-admin.secret,noatime 0 0

给节点打标签

  1. for label in es-data=true prophet.4paradigm.com/addon=true prophet.4paradigm.com/app=true \
  2.     prophet.4paradigm.com/elasticsearch=true prophet.4paradigm.com/offline=true \
  3.     prophet.4paradigm.com/online=true prophet.4paradigm.com/system=true prophet=true; \
  4.     do kubectl label node ${NODE_NAME} $label;done