Kubernetes
Arquitectura Kubernetes (III)
Continuamos con la instalación de los nodos Kubernetes. En estos nodos o (workers) es donde se van a gestionar todos los PODS del Cluster Kubernetes. Los nodos se componen dos procesos importantes “Kubelet” y “Kube-proxy”. Kubelet es el agente que se encarga de gestionar los Pods y comprobar que están en un estado saludable. Kube proxy se encarga de gestionar y actuar como proxy de los Pods creados. KUBELET Empezamos asignando los roles necesarios que va a utilizar Kubelet:
|
1 2 |
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap kubectl create clusterrolebinding kubelet-nodes --clusterrole=system:node --group=system:nodes |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=172.20.20.10:8080 \ --kubeconfig=bootstrap.kubeconfig kubectl config set-credentials kubelet-bootstrap \ --token=804fa617f748dfef4ed29b30798ecaff \ --kubeconfig=bootstrap.kubeconfig kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig kubectl config use-context default --kubeconfig=bootstrap.kubeconfig mv bootstrap.kubeconfig /etc/kubernetes/ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStart=/usr/kubernetes/kubelet --fail-swap-on=false --cgroup-driver=cgroupfs --address=172.20.20.13 --hostname-override=172.20.20.13 --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --cert-dir=/etc/kubernetes/ssl --cluster-dns=10.254.0.2 --cluster-domain=cluster.local --hairpin-mode promiscuous-bridge --allow-privileged=true --serialize-image-pulls=false --logtostderr=true --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target systemctl daemon-reload systemctl enable kubelet systemctl start kubelet systemctl status kubelet |
|
1 2 3 4 5 6 7 8 9 10 |
kubectl get nodes NAME STATUS ROLES AGE VERSION 172.20.20.13 Ready <none> 6m v1.11.0 172.20.20.14 Ready <none> 19s v1.11.0 kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-Ax8TRMVCDtGv1vEiwPEBWFqnlCGYnBD-nNbAmxKYRug 1m system:unsecured Approved,Issued node-csr-KYEWOKQnG_0p-6Oa7hNSJ1z0OoQG-RsgY6KwlDtqPUY 7m system:unsecured Approved,Issued |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{ "CN": "system:kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "ES", "ST": "MADRID", "L": "MADRID", "O": "k8s", "OU": "System" } ] } cfssl_linux-amd64 gencert -ca=/etc/kubernetes/ssl/ca.pem -ca-key=/etc/kubernetes/ssl/ca-key.pem -config=/etc/kubernetes/ssl/ca.json -profile=kubernetes kubeproxy-csr.json | cfssljson_linux-amd64 -bare kubeproxy |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/usr/kubernetes/kube-proxy --bind-address=172.20.20.13 --hostname-override=172.20.20.13 --cluster-cidr=10.254.0.0/16 --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig --logtostderr=true --v=2 --proxy-mode=iptables Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target systemctl daemon-reload systemctl enable kubeproxy systemctl start kubeproxy systemctl status kubeproxy |
