部署kubelet
一、準備二進制包
[root@k8smaster ~]# cd /usr/local/src/kubernetes/server/bin/node
[root@k8smaster bin]# scp kubelet kube-proxy k8snode1:/opt/kubernetes/bin/
[root@k8smaster bin]# scp kubelet kube-proxy k8snode2:/opt/kubernetes/bin/git
2.建立角色綁定
[root@k8smaster bin]# cd /usr/local/src/ssl/
[root@k8smaster ssl]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io "kubelet-bootstrap" createdgithub
3.建立 kubelet bootstrapping kubeconfig 文件 設置集羣參數
[root@k8smaster ssl]# kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://192.168.137.171:6443 \
--kubeconfig=bootstrap.kubeconfig
Cluster "kubernetes" set.docker
設置客戶端認證參數
[root@k8smaster ssl]# kubectl config set-credentials kubelet-bootstrap \
--token=ad6d5bb607a186796d8861557df0d17f \
--kubeconfig=bootstrap.kubeconfig
User "kubelet-bootstrap" set.bootstrap
設置上下文參數
[root@k8smaster ssl]# kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig
Context "default" created.vim
選擇默認上下文
[root@k8smaster ~]# kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
Switched to context "default".app
[root@k8smaster ssl]# cp bootstrap.kubeconfig /opt/kubernetes/cfg/
[root@k8smaster ssl]# scp bootstrap.kubeconfig k8snode1:/opt/kubernetes/cfg/bootstrap.kubeconfig
[root@k8smaster ssl]# scp bootstrap.kubeconfig k8snode2:/opt/kubernetes/cfg/bootstrap.kubeconfigdom
node節點部署kubelet
1.設置CNI支持(master節點可不配置)
[root@k8smaster ssl]# mkdir -p /etc/cni/net.d
[root@k8smaster ssl]# vim /etc/cni/net.d/10-default.confide
{
"name": "flannel",
"type": "flannel",
"delegate": {
"bridge": "docker0",
"isDefaultGateway": true,
"mtu": 1400
}
}ui
[root@k8smaster ssl]# scp /etc/cni/net.d/10-default.conf k8snode1:/etc/cni/net.d
[root@k8smaster ssl]# scp /etc/cni/net.d/10-default.conf k8snode2:/etc/cni/net.d
[root@k8smaster ssl]#
二、 建立kubelet目錄
[root@k8snode1 ~]# mkdir /var/lib/kubelet
[root@k8snode1 ~]# vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \
--address=192.168.137.201 \
--hostname-override=192.168.137.201 \
--pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.0 \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--network-plugin=cni \
--cni-conf-dir=/etc/cni/net.d \
--cni-bin-dir=/opt/kubernetes/bin/cni \
--cluster-dns=10.1.0.2 \
--cluster-domain=cluster.local. \
--hairpin-mode hairpin-veth \
--allow-privileged=true \
--fail-swap-on=false \
--logtostderr=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
[root@k8snode1 ~]# systemctl daemon-reload
[root@k8snode1 ~]# systemctl enable kubelet
[root@k8snode1 ~]# systemctl start kubelet
[root@k8snode1 ~]# systemctl status kubelet
查看csr請求 注意是在k8smster上執行。
[root@k8smaster bin]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--H3IeaAXhDIlgw3nvfJZxfbJdURjjzNBBng4GthssxE 6m kubelet-bootstrap Pending
node-csr-s32pz33uIKZWEkXwIDHR09pxZKXwy1R6lug6KbXBBvE 6m kubelet-bootstrap Pending
批准kubelet 的 TLS 證書請求
[root@k8smaster bin]# kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs kubectl certificate approve
certificatesigningrequest.certificates.k8s.io "node-csr--H3IeaAXhDIlgw3nvfJZxfbJdURjjzNBBng4GthssxE" approved
certificatesigningrequest.certificates.k8s.io "node-csr-s32pz33uIKZWEkXwIDHR09pxZKXwy1R6lug6KbXBBvE" approved
查看node節點狀態[root@k8smaster ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONk8snode1 Ready <none> 38s v1.10.1k8snode2 Ready <none> 38s v1.10.1