部署kubelet
1、准备二进制包
[[email protected] ~]# cd /usr/local/src/kubernetes/server/bin/
[[email protected] bin]# scp kubelet kube-proxy k8snode1:/opt/kubernetes/bin/
[[email protected] bin]# scp kubelet kube-proxy k8snode2:/opt/kubernetes/bin/
2.创建角色绑定
[[email protected] bin]# cd /usr/local/src/ssl/
[[email protected] ssl]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io "kubelet-bootstrap" created
3.创建 kubelet bootstrapping kubeconfig 文件 设置集群参数
[[email protected] ssl]# kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://192.168.137.171:6443 \
--kubeconfig=bootstrap.kubeconfig
Cluster "kubernetes" set.
设置客户端认证参数
[[email protected] ssl]# kubectl config set-credentials kubelet-bootstrap \
--token=ad6d5bb607a186796d8861557df0d17f \
--kubeconfig=bootstrap.kubeconfig
User "kubelet-bootstrap" set.
设置上下文参数
[[email protected] ssl]# kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig
Context "default" created.
选择默认上下文
[[email protected] ~]# kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
Switched to context "default".
[[email protected] ssl]# cp bootstrap.kubeconfig /opt/kubernetes/cfg/
[[email protected] ssl]# scp bootstrap.kubeconfig k8snode1:/opt/kubernetes/cfg/bootstrap.kubeconfig
[[email protected] ssl]# scp bootstrap.kubeconfig k8snode2:/opt/kubernetes/cfg/bootstrap.kubeconfig
node节点部署kubelet
1.设置CNI支持(master节点可不配置)
[[email protected] ssl]# mkdir -p /etc/cni/net.d
[[email protected] ssl]# vim /etc/cni/net.d/10-default.conf
{
"name": "flannel",
"type": "flannel",
"delegate": {
"bridge": "docker0",
"isDefaultGateway": true,
"mtu": 1400
}
}
[[email protected] ssl]# scp /etc/cni/net.d/10-default.conf k8snode1:/etc/cni/net.d
[[email protected] ssl]# scp /etc/cni/net.d/10-default.conf k8snode2:/etc/cni/net.d
[[email protected] ssl]#
2、 创建kubelet目录
[[email protected] ~]# mkdir /var/lib/kubelet
[[email protected] ~]# vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \
--address=192.168.137.201 \
--hostname-override=192.168.137.201 \
--pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.0 \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--network-plugin=cni \
--cni-conf-dir=/etc/cni/net.d \
--cni-bin-dir=/opt/kubernetes/bin/cni \
--cluster-dns=10.1.0.2 \
--cluster-domain=cluster.local. \
--hairpin-mode hairpin-veth \
--allow-privileged=true \
--fail-swap-on=false \
--logtostderr=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl enable kubelet
[[email protected] ~]# systemctl start kubelet
[[email protected] ~]# systemctl status kubelet
查看csr请求 注意是在k8smster上执行。
[[email protected] bin]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--H3IeaAXhDIlgw3nvfJZxfbJdURjjzNBBng4GthssxE 6m kubelet-bootstrap Pending
node-csr-s32pz33uIKZWEkXwIDHR09pxZKXwy1R6lug6KbXBBvE 6m kubelet-bootstrap Pending
批准kubelet 的 TLS 证书请求
[[email protected] bin]# kubectl get csr|grep ‘Pending‘ | awk ‘NR>0{print $1}‘| xargs kubectl certificate approve
certificatesigningrequest.certificates.k8s.io "node-csr--H3IeaAXhDIlgw3nvfJZxfbJdURjjzNBBng4GthssxE" approved
certificatesigningrequest.certificates.k8s.io "node-csr-s32pz33uIKZWEkXwIDHR09pxZKXwy1R6lug6KbXBBvE" approved
查看node节点状态
[[email protected] ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8snode1 Ready <none> 38s v1.10.1
k8snode2 Ready <none> 38s v1.10.1
原文地址:http://blog.51cto.com/andyliu/2129072