部署Node节点服务
部署kubelet
主机名 | 角色 | ip |
---|---|---|
node7-21.host.com | kubelet | 10.4.7.21 |
node7-22.host.com | kubelet | 10.4.7.22 |
签发kubelet证书
运维主机node7-200.host.com上:
创建生成证书签名请求(csr)的JSON配置文件
vim /opt/certs/kubelet-csr.json
{
"CN": "kubelet-node",
"hosts": [
"127.0.0.1",
"10.4.7.10",
"10.4.7.21",
"10.4.7.22",
"10.4.7.23",
"10.4.7.24",
"10.4.7.25",
"10.4.7.26",
"10.4.7.27",
"10.4.7.28"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "od",
"OU": "ops"
}
]
}
certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server kubelet-csr.json | cfssl-json -bare kubelet
检查生成的证书、私钥
certs]# ls -l|grep kubelet
-rw-r–r-- 1 root root 1119 Aug 7 07:58 kubelet.csr
-rw-r–r-- 1 root root 454 Aug 7 07:53 kubelet-csr.json
-rw------- 1 root root 1679 Aug 7 07:58 kubelet-key.pem
-rw-r–r-- 1 root root 1460 Aug 7 07:58 kubelet.pem
拷贝证书、私钥,注意私钥文件属性600
for i in 21 22;do echo node7-$i;scp kubelet-key.pem kubelet.pem node7-$i:/opt/kubernetes/server/bin/certs/;done
创建kubelet配置
set-cluster # 创建需要连接的集群信息,可以创建多个k8s集群信息
]# cd /opt/kubernetes/server/bin/conf
conf]# kubectl config set-cluster myk8s
–certificate-authority=/opt/kubernetes/server/bin/certs/ca.pem
–embed-certs=true
–server=https://10.4.7.10:7443
–kubeconfig=kubelet.kubeconfig
Cluster “myk8s” set.
set-credentials # 创建用户账号,即用户登陆使用的客户端私有和证书,可以创建多个证书
conf]# kubectl config set-credentials k8s-node --client-certificate=/opt/kubernetes/server/bin/certs/client.pem --client-key=/opt/kubernetes/server/bin/certs/client-key.pem --embed-certs=true --kubeconfig=kubelet.kubeconfig
User “k8s-node” set.<