Kubernetes 1.8 with TLS&RBAC 配置 kubelet

原创 Jeff Tang  2018-08-20 16:32  阅读 168 次 次

kubelet是Node节点上最重要的核心组件,负责Kubernetes集群具体的计算任务,具体功能包括:

  • 监听Scheduler组件的任务分配
  • 挂载POD所需Volume
  • 下载POD所需Secrets
  • 通过与docker daemon的交互运行docker容器
  • 定期执行容器健康检查
  • 监控、报告POD状态到kube-controller-manager组件
  • 监控、报告Node状态到kube-controller-manager组件

 

# 生成启动文件 配置文件  [k8s-n1,  k8s-n2 ,k8s-n3  执行]

cat > /usr/lib/systemd/system/kubelet.service <<EOF
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet \\
      \$KUBE_LOGTOSTDERR \\
      \$KUBE_LOG_LEVEL \\
      \$KUBELET_API_SERVER \\
      \$KUBELET_ADDRESS \\
      \$KUBELET_PORT \\
      \$KUBELET_HOSTNAME \\
      \$KUBE_ALLOW_PRIV \\
      \$KUBELET_POD_INFRA_CONTAINER \\
      \$KUBELET_ARGS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF
cat > /etc/kubernetes/kubelet <<EOF
###
# kubernetes kubelet (minion) config

# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=${fn_ip}"

# The port for the info server to serve on
# KUBELET_PORT="--port=10250"

# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME=""

# location of the api-server
#KUBELET_API_SERVER="--api-server=https://10.0.3.230:6443"

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

KUBELET_ARGS="--cgroup-driver=cgroupfs \\
              --tls-cert-file=/etc/kubernetes/ssl/kubelet-${fn}.pem \\
              --tls-private-key-file=/etc/kubernetes/ssl/kubelet-${fn}.key \\
              --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \\
              --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\
              --cert-dir=/etc/kubernetes/ssl"
EOF

 

本文地址:https://www.easylinux.cn/archives/619
版权声明:本文为原创文章,版权归 Jeff Tang 所有,欢迎分享本文,转载请保留出处!

发表评论


表情