kubernetes v1.20项目之二进制安装部署Worker Node(亲测)
kubernetes v1.20项目之二进制安装部署Worker Node下面的操作主要还是在master node上面执行,因为啥呢,主要还是小编穷,哈哈,当然不是了,应为为了节省资源等方面,master也是可以充当node节点的哈废话不多说开干创建工作目录[root@k8s-master01 ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}拷贝一下
·
kubernetes v1.20项目之二进制安装部署Worker Node
下面的操作主要还是在master node上面执行,因为啥呢,主要还是小编穷,哈哈,当然不是了,应为为了节省资源等方面,master也是可以充当node节点的哈
废话不多说开干
相关所需资源下载
链接:https://pan.baidu.com/s/1emtDOy7bzxlR_hUw6vY2GQ
提取码:a7j4
--来自百度网盘超级会员V2的分享
**部分文件需要更改ip地址或其他的配置,请改成自己的使用**
创建工作目录
[root@k8s-master01 ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
拷贝一下kubelet kube-proxy
[root@k8s-master01 bin]# cd /root/TLS/k8s/kubernetes/server/bin/
[root@k8s-master01 bin]# cp kubelet kube-proxy /opt/kubernetes/bin
部署kubelet
创建配置文件
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/kubelet.conf << EOF
> KUBELET_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --hostname-override=k8s-master1 \\
> --network-plugin=cni \\
> --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
> --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
> --config=/opt/kubernetes/cfg/kubelet-config.yml \\
> --cert-dir=/opt/kubernetes/ssl \\
> --pod-infra-container-image=lizhenliang/pause-amd64:3.0"
> EOF
[root@k8s-master01 bin]# cat /opt/kubernetes/cfg/kubelet.conf
KUBELET_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--hostname-override=k8s-master1 \
--network-plugin=cni \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet-config.yml \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=lizhenliang/pause-amd64:3.0"
配置参数文件
[root@k8s-master01 k8s]# cat > /opt/kubernetes/cfg/kubelet-config.yml << EOF
> kind: KubeletConfiguration
> apiVersion: kubelet.config.k8s.io/v1beta1
> address: 0.0.0.0
> port: 10250
> readOnlyPort: 10255
> cgroupDriver: cgroupfs
> clusterDNS:
> - 10.0.0.2
> clusterDomain: cluster.local
> failSwapOn: false
> authentication:
> anonymous:
> enabled: false
> webhook:
> cacheTTL: 2m0s
> enabled: true
> x509:
> clientCAFile: /opt/kubernetes/ssl/ca.pem
> authorization:
> mode: Webhook
> webhook:
> cacheAuthorizedTTL: 5m0s
> cacheUnauthorizedTTL: 30s
> evictionHard:
> imagefs.available: 15%
> memory.available: 100Mi
> nodefs.available: 10%
> nodefs.inodesFree: 5%
> maxOpenFiles: 1000000
> maxPods: 110
> EOF
[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kubelet-config.yml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /opt/kubernetes/ssl/ca.pem
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
生成kubelet初次加入集群引导kubeconfig文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/bootstrap.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# TOKEN="fc2197011151c0c4fb7667395818ef97"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
> --certificate-authority=/opt/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=${KUBE_CONFIG}
Cluster "kubernetes" set.
[root@k8s-master01 k8s]# kubectl config set-credentials "kubelet-bootstrap" \
> --token=${TOKEN} \
> --kubeconfig=${KUBE_CONFIG}
User "kubelet-bootstrap" set.
[root@k8s-master01 k8s]# kubectl config set-context default \
> --cluster=kubernetes \
> --user="kubelet-bootstrap" \
> --kubeconfig=${KUBE_CONFIG}
Context "default" created.
[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".
加入systemctl管理
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kubelet.service << EOF
> [Unit]
> Description=Kubernetes Kubelet
> After=docker.service
>
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
> ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
> Restart=on-failure
> LimitNOFILE=65536
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
启动并设置成开机启动
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kubelet
[root@k8s-master01 k8s]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@k8s-master01 k8s]#
[root@k8s-master01 k8s]# ps -ef | grep kubelet
root 20881 1 5 22:38 ? 00:02:48 /opt/kubernetes/bin/kube-apiserver --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 --bind-address=192.168.100.13 --secure-port=6443 --advertise-address=192.168.100.13 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-issuer=api --service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem --proxy-client-cert-file=/opt/kubernetes/ssl/server.pem --proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem --requestheader-allowed-names=kubernetes --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log
root 21129 1 1 23:31 ? 00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --hostname-override=k8s-master1 --network-plugin=cni --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet-config.yml --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=lizhenliang/pause-amd64:3.0
root 21157 9026 0 23:32 pts/3 00:00:00 grep --color=auto kubelet
批准kubelet证书的申请并加入集群
[root@k8s-master01 k8s]# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
node-csr-vziEqAe-ZTSuOX7F1MOWpM4ATlsNwUCosgmAOzcbP8Y 89s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending
###批准申请
[root@k8s-master01 k8s]# kubectl certificate approve node-csr-vziEqAe-ZTSuOX7F1MOWpM4ATlsNwUCosgmAOzcbP8Y
certificatesigningrequest.certificates.k8s.io/node-csr-vziEqAe-ZTSuOX7F1MOWpM4ATlsNwUCosgmAOzcbP8Y approved
###查看节点
[root@k8s-master01 k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 NotReady <none> 31s v1.20.5
网络插件还没有部署好,节点就会没有准备就绪notready状态
部署kube-proxy
创建配置文件
[root@k8s-master01 k8s]# cat > /opt/kubernetes/cfg/kube-proxy.conf << EOF
> KUBE_PROXY_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --config=/opt/kubernetes/cfg/kube-proxy-config.yml"
> EOF
[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-proxy.conf
KUBE_PROXY_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--config=/opt/kubernetes/cfg/kube-proxy-config.yml"
配置参数文件
[root@k8s-master01 k8s]# cat > /opt/kubernetes/cfg/kube-proxy-config.yml << EOF
> kind: KubeProxyConfiguration
> apiVersion: kubeproxy.config.k8s.io/v1alpha1
> bindAddress: 0.0.0.0
> metricsBindAddress: 0.0.0.0:10249
> clientConnection:
> kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
> hostnameOverride: k8s-master1
> clusterCIDR: 10.244.0.0/16
> EOF
[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-master1
clusterCIDR: 10.244.0.0/16
生成kube-proxy.kubeconfig文件
[root@k8s-master01 k8s]# cd ~/TLS/k8s
[root@k8s-master01 k8s]# cat > kube-proxy-csr.json << EOF
> {
> "CN": "system:kube-proxy",
> "hosts": [],
> "key": {
> "algo": "rsa",
> "size": 2048
> },
> "names": [
> {
> "C": "CN",
> "L": "BeiJing",
> "ST": "BeiJing",
> "O": "k8s",
> "OU": "System"
> }
> ]
> }
> EOF
[root@k8s-master01 k8s]# cat kube-proxy-csr.json
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
生成证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
2021/11/16 23:40:44 [INFO] generate received request
2021/11/16 23:40:44 [INFO] received CSR
2021/11/16 23:40:44 [INFO] generating key: rsa-2048
2021/11/16 23:40:45 [INFO] encoded CSR
2021/11/16 23:40:45 [INFO] signed certificate with serial number 280940741575309175182701275828099785157071883906
2021/11/16 23:40:45 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
生成kubeconfig文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/kube-proxy.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
> --certificate-authority=/opt/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=${KUBE_CONFIG}
Cluster "kubernetes" set.
[root@k8s-master01 k8s]# kubectl config set-credentials kube-proxy \
> --client-certificate=./kube-proxy.pem \
> --client-key=./kube-proxy-key.pem \
> --embed-certs=true \
> --kubeconfig=${KUBE_CONFIG}
User "kube-proxy" set.
[root@k8s-master01 k8s]# kubectl config set-context default \
> --cluster=kubernetes \
> --user=kube-proxy \
> --kubeconfig=${KUBE_CONFIG}
Context "default" created.
[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".
systemd管理kube-proxy
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kube-proxy.service << EOF
> [Unit]
> Description=Kubernetes Proxy
> After=network.target
>
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
> ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
> Restart=on-failure
> LimitNOFILE=65536
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
启动并设置开机启动
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kube-proxy
[root@k8s-master01 k8s]# systemctl enable kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
[root@k8s-master01 k8s]# ps -ef | grep kube-proxy
root 23313 1 0 23:44 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --config=/opt/kubernetes/cfg/kube-proxy-config.yml
root 23457 9026 0 23:44 pts/3 00:00:00 grep --color=auto kube-proxy
部署网络组件
这里需要一个calico.yaml,大家可以通过的网盘下载或者联系我索取.Calico是一个纯三层的数据中心网络方案,是目前Kubernetes主流的网络方案
网址:https://docs.projectcalico.org/manifests/calico.yaml
[root@k8s-master01 k8s]# ls calico.yaml
calico.yaml
部署Calico
[root@k8s-master01 k8s]# kubectl apply -f calico.yaml
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
[root@k8s-master01 k8s]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-97769f7c7-hwgnf 0/1 Pending 0 15s
calico-node-grcgk 0/1 Init:0/3 0 14s
[root@k8s-master01 k8s]#
等Calico Pod都Running,节点也会准备就绪,可能会有点慢
##小编这边也是等了半个小时,最后发现selinux没有关闭,哈哈,所以说基础环境配置非常的关键
[root@k8s-master01 k8s]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-97769f7c7-hwgnf 1/1 Running 0 34m
calico-node-grcgk 1/1 Running 0 34m
[root@k8s-master01 k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready <none> 50m v1.20.5
授权apiserver访问kubelet
[root@k8s-master01 k8s]# cat > apiserver-to-kubelet-rbac.yaml << EOF
> apiVersion: rbac.authorization.k8s.io/v1
> kind: ClusterRole
> metadata:
> annotations:
> rbac.authorization.kubernetes.io/autoupdate: "true"
> labels:
> kubernetes.io/bootstrapping: rbac-defaults
> name: system:kube-apiserver-to-kubelet
> rules:
> - apiGroups:
> - ""
> resources:
> - nodes/proxy
> - nodes/stats
> - nodes/log
> - nodes/spec
> - nodes/metrics
> - pods/log
> verbs:
> - "*"
> ---
> apiVersion: rbac.authorization.k8s.io/v1
> kind: ClusterRoleBinding
> metadata:
> name: system:kube-apiserver
> namespace: ""
> roleRef:
> apiGroup: rbac.authorization.k8s.io
> kind: ClusterRole
> name: system:kube-apiserver-to-kubelet
> subjects:
> - apiGroup: rbac.authorization.k8s.io
> kind: User
> name: kubernetes
> EOF
[root@k8s-master01 k8s]# cat apiserver-to-kubelet-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
- pods/log
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes
[root@k8s-master01 k8s]# kubectl apply -f apiserver-to-kubelet-rbac.yaml
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created
新增加work node节点
拷贝已部署好的Node相关文件到node01节点也就是需要添加的节点
[root@k8s-master01 k8s]# scp -r /opt/kubernetes root@192.168.100.14:/opt/
root@192.168.100.14's password:
kube-apiserver 100% 113MB 43.7MB/s 00:02
kube-scheduler 100% 42MB 37.5MB/s 00:01
kube-controller-manager 100% 108MB 35.9MB/s 00:02
kubelet 100% 109MB 27.2MB/s 00:04
kube-proxy 100% 38MB 30.9MB/s 00:01
token.csv 100% 84 3.5KB/s 00:00
kube-apiserver.conf 100% 1709 757.3KB/s 00:00
kube-controller-manager.conf 100% 582 256.6KB/s 00:00
kube-controller-manager.kubeconfig 100% 6344 2.9MB/s 00:00
kube-scheduler.kubeconfig 100% 6306 49.6KB/s 00:00
kube-scheduler.conf 100% 188 89.1KB/s 00:00
kubelet.conf 100% 394 12.7KB/s 00:00
kubelet-config.yml 100% 611 37.8KB/s 00:00
bootstrap.kubeconfig 100% 2168 32.1KB/s 00:00
kubelet.kubeconfig 100% 2297 14.1KB/s 00:00
kube-proxy.conf 100% 132 75.5KB/s 00:00
kube-proxy-config.yml
*******************************省略好多
[root@k8s-master01 k8s]# scp -r /usr/lib/systemd/system/{kubelet,kube-proxy}.service root@192.168.100.14:/usr/lib/systemd/system
root@192.168.100.14's password:
kubelet.service 100% 246 19.0KB/s 00:00
kube-proxy.service 100% 253 88.7KB/s 00:00
[root@k8s-master01 k8s]# scp /opt/kubernetes/ssl/ca.pem root@192.168.100.14:/opt/kubernetes/ssl
root@192.168.100.14's password:
ca.pem 100% 1359 1.1MB/s 00:00
[root@k8s-master01 k8s]#
删除kubelet证书和kubeconfig文件
这一步是在node01也就是在需要添加的新节点上操作上面操作的哈
[root@k8s-node01 ~]# rm -f /opt/kubernetes/cfg/kubelet.kubeconfig
[root@k8s-node01 ~]# rm -f /opt/kubernetes/ssl/kubelet*
注:这几个文件是证书申请审批后自动生成的,每个Node不同,必须删除
修改scp过来的文件部分主机名
[root@k8s-node01 ~]# vi /opt/kubernetes/cfg/kubelet.conf
KUBELET_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--hostname-override=k8s-node01 \ ##需要修改这里
--network-plugin=cni \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet-config.yml \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=lizhenliang/pause-amd64:3.0"
[root@k8s-node01 ~]# vi /opt/kubernetes/cfg/kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node01 ##修改这里
clusterCIDR: 10.244.0.0/16
启动并设置开机启动
[root@k8s-node01 ~]# systemctl daemon-reload
[root@k8s-node01 ~]# systemctl start kubelet kube-proxy
[root@k8s-node01 ~]# systemctl enable kubelet kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
[root@k8s-node01 ~]# ps -ef | grep ube-proxy
root 19537 1 0 00:40 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --config=/opt/kubernetes/cfg/kube-proxy-config.yml
root 19641 9025 0 00:41 pts/3 00:00:00 grep --color=auto ube-proxy
在Master上批准新Node kubelet证书申请
下面是在master上面操作
# 查看证书请求
[root@k8s-master01 k8s]# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
node-csr-TowW7hgpq7z_969BHf82EMfszn35riOtF0tKfQKzNTo 2m20s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending
####授权请求
[root@k8s-master01 k8s]# kubectl certificate approve node-csr-TowW7hgpq7z_969BHf82EMfszn35riOtF0tKfQKzNTo
certificatesigningrequest.certificates.k8s.io/node-csr-TowW7hgpq7z_969BHf82EMfszn35riOtF0tKfQKzNTo approved
查看node状态
[root@k8s-master01 k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready <none> 70m v1.20.5
k8s-node01 Ready <none> 72s v1.20.5
结束语
加油少年,相信自己一定可以
上一篇:kubernetes v1.20项目之二进制安装部署Master Node
下一篇:kubernetes v1.20项目之二进制安装部署Dashboard和CoreDNS
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献10条内容
所有评论(0)