1.master节点创建用户角色 否则node节点没法写入文件
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
2.master节点分发到node节点配置文件
scp kube-proxy.kubeconfig bootstrap.kubeconfig 192.168.56.12:/opt/kubernetes/cfg/
scp kube-proxy.kubeconfig bootstrap.kubeconfig 192.168.56.11:/opt/kubernetes/cfg/
3.下载node节点的kubelet和 kube-proxy
kubelet在官网k8s的 clinet二进制包中
kube-proxy在官网k8s的 node二进制包中
4.部署kubelet 生成 启动文件和配置文件
#!/bin/bash NODE_ADDRESS=${1:-"192.168.56.11"} DNS_SERVER_IP=${2:-"10.10.10.2"} cat <<EOF >/opt/kubernetes/cfg/kubelet KUBELET_OPTS="--logtostderr=true \\ --v=4 \\ --address=${NODE_ADDRESS} \\ --hostname-override=${NODE_ADDRESS} \\ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\ --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\ --cert-dir=/opt/kubernetes/ssl \\ --allow-privileged=true \\ --cluster-dns=${DNS_SERVER_IP} \\ --cluster-domain=cluster.local \\ --fail-swap-on=false \\ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" EOF cat <<EOF >/usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet After=docker.service Requires=docker.service [Service] EnvironmentFile=-/opt/kubernetes/cfg/kubelet ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kubelet systemctl restart kubelet
5.部署kube-proxy
[root@k8s-node1 node]# cat proxy.sh #!/bin/bash NODE_ADDRESS=${1:-"192.168.56.11"} cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \ --v=4 \ --hostname-override=${NODE_ADDRESS} \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy
6.master几点允许node节点
[root@k8s-master ssl]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-fJx0WsD4Jir_BpTgHGlGDa_UXkZUx2Bsl18nLPhg9eg 6m kubelet-bootstrap Pending [root@k8s-master ssl]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-fJx0WsD4Jir_BpTgHGlGDa_UXkZUx2Bsl18nLPhg9eg 6m kubelet-bootstrap Approved,Issued [root@k8s-master ssl]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.56.11 Ready <none> 19s v1.9.0 [root@k8s-master ssl]#
7.另外一个节点一样的操作
8.可以看出可以了
[root@k8s-master ssl]# kubectl certificate approve node-csr-4icMjocRy1f6gUk209l0_PInK7G-bEXi-IKiIP7fbyw
certificatesigningrequest "node-csr-4icMjocRy1f6gUk209l0_PInK7G-bEXi-IKiIP7fbyw" approved
[root@k8s-master ssl]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.56.11 Ready <none> 3m v1.9.0
192.168.56.12 NotReady <none> 3s v1.9.0
[root@k8s-master ssl]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.56.11 Ready <none> 3m v1.9.0
192.168.56.12 NotReady <none> 9s v1.9.0
[root@k8s-master ssl]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.56.11 Ready <none> 3m v1.9.0
192.168.56.12 Ready <none> 11s v1.9.0
[root@k8s-master ssl]#