一,分发kubelet二进制文件
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
scp /opt/kubernetes/package/kubernetes/node/bin/kubelet root@${master_ip}:/opt/kubernetes/bin
done
#验证是否分发成功
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "ls -ld /opt/kubernetes/bin/kubelet"
done
二,创建kubelet服务配置文件
cd /opt/kubernetes/ssl
cat > kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \\
--address=##NODE_IP## \\
--hostname-override=##NODE_IP## \\
--pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.1 \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--network-plugin=cni \\
--cni-conf-dir=/etc/cni/net.d \\
--cni-bin-dir=/opt/kubernetes/bin/cni \\
--cluster-dns=10.1.0.2 \\
--cluster-domain=cluster.local. \\
--hairpin-mode hairpin-veth \\
--allow-privileged=true \\
--fail-swap-on=false \\
--logtostderr=true \\
--v=2 \\
--logtostderr=false \\
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
使用变量创建各节点配置
source /root/env.sh
for (( i=0; i < 3; i++ ))
do
sed -e "s/##NODE_IP##/${NODE_IPS[i]}/" kubelet.service > kubelet-${NODE_IPS[i]}.service
done
#验证是否更改成功
ls -ld kubelet-*.service
三,分发kubelet服务配置文件
cd /opt/kubernetes/ssl
source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
scp kubelet-${node_ip}.service root@${node_ip}:/usr/lib/systemd/system/kubelet.service
done
#验证是否发送成功
source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "ls -ld /usr/lib/systemd/system/kubelet.service"
done
四,启动kubelet服务
source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "mkdir /var/lib/kubelet"
ssh root@${node_ip} "systemctl restart kubelet && systemctl enable kubelet"
done
五,验证kubelet服务
source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "systemctl status kubelet | grep Active"
done
#确保状态为 active (running)
,否则查看日志,确认原因
journalctl -u kubelet
六,在master节点上查看是否收到node节点的csr请求
kubectl get csr
#输出:
NAME AGE REQUESTOR CONDITION
node-csr-4Ib8Bp_n43bMrpKdiP8jHWtOF1P649TmAU2nOuFE-z8 116s kubelet-bootstrap Pending
node-csr-gxiaGELnMGpO6mzEW1D0tM7S6d_v_32-32hTiDXjtwU 116s kubelet-bootstrap Pending
node-csr-z0Uk6eaYrYUJulZUXtwzLoW3NOWWhNf4IKX1_A5vGnk 115s kubelet-bootstrap Pending
七,批准kubelet的TLS请求
kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs kubectl certificate approve
#输出:
certificatesigningrequest.certificates.k8s.io/node-csr-W7hSvOMoLpOs-k5u-pmHui0fbii1LaF2gqXSUp8S8pg approved
certificatesigningrequest.certificates.k8s.io/node-csr-helR655h1jwYOM5V6hNEcw8onWVoyf0VP8xizUwfXi8 approved
certificatesigningrequest.certificates.k8s.io/node-csr-xAtoY9o8L7AKdIrPhc8ZkoZZqkMaaTIcv9-zrHu5qjk approved
八,再次查看csr请求
kubectl get csr
#输出:
node-csr-W7hSvOMoLpOs-k5u-pmHui0fbii1LaF2gqXSUp8S8pg 12s kubelet-bootstrap Approved,Issued
node-csr-helR655h1jwYOM5V6hNEcw8onWVoyf0VP8xizUwfXi8 12s kubelet-bootstrap Approved,Issued
node-csr-xAtoY9o8L7AKdIrPhc8ZkoZZqkMaaTIcv9-zrHu5qjk 12s kubelet-bootstrap Approved,Issued
九,查看node情况
kubectl get node
#输出:
NAME STATUS ROLES AGE VERSION
172.27.128.11 Ready <none> 43s v1.14.2
172.27.128.12 Ready <none> 43s v1.14.2
172.27.128.13 Ready <none> 43s v1.14.2