在master上:
把之前生成的kubeconfig文件发送到node节点上
scp /opt/kubernetes/ssl/*kubeconfig [email protected]:/opt/kubernetes/cfg/
scp /opt/kubernetes/ssl/*kubeconfig [email protected]:/opt/kubernetes/cfg/
把解压的安装包下的kubelet kube-proxy发送到node节点
cd k8s_download/kubernetes/server/bin/
scp kubelet kube-proxy [email protected]:/opt/kubernetes/bin/
scp kubelet kube-proxy [email protected]:/opt/kubernetes/bin/
在node上:在两台node上都一样,只要修改相应的ip地址
加可执行x权限
chmod +x /opt/kubernetes/bin/*
source /etc/profile
创建kubelet配置文件
这里有个坑:这里Cluster-dns应该改成10.10.10.2,这是后面service设置dns的地址
vim /opt/kubernetes/cfg/kubelet
[root@k8s-node1-102 ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--address=10.0.0.102 \
--hostname-override=10.0.0.102 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--allow-privileged=true \
--cluster-dns=10.10.10.2 \
--cluster-domain=cluster.local \
--fail-swap-on=false \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
创建kubelet启动文件
vim /usr/lib/systemd/system/kubelet.service
[root@k8s-node1-102 ~]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
启动kubelet
systemctl daemon-reload
systemctl start kubelet.service
systemctl status kubelet.service
systemctl enable kubelet.service
这里可能会有个报错导致启动失败:error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User “kubelet-bootstrap” cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope
原因是:kubelet-bootstrap并没有权限创建证书。所以要创建这个用户的权限并绑定到这个角色上。 解决方法是在master上执行:
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
创建kube-proxy配置文件
vim /opt/kubernetes/cfg/kube-proxy
[root@k8s-node1-102 ~]# cat /opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=10.0.0.102 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
创建kube-proxy启动程序
vim /usr/lib/systemd/system/kube-proxy.service
[root@k8s-node1-102 ~]# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
启动kube-proxy
systemctl daemon-reload
systemctl start kube-proxy.service
systemctl status kube-proxy.service
systemctl enable kube-proxy.service
在master上:
kubectl get csr 可以看到有两个节点请求认证的请求,如果没有的话检查一下配置然后重启,之前已经允许认证请求了,所以这里用图片代替一下。
用kubectl certificate approve 命令允许认证
kubectl get node 可以看到有node节点
[root@k8s-master-101 UI]# kubectl get node
NAME STATUS ROLES AGE VERSION
10.0.0.102 Ready <none> 18d v1.12.2
10.0.0.103 Ready <none> 18d v1.12.2