在 master 上操作
vi /etc/profile
export PATH=/opt/kubernetes/bin:$PATH
source /etc/profile
将 kubelet-bootstrap 用户绑定到系统集群角色
cd /opt/kubernetes/cfg
kubectl create clusterrolebinding kubelet-bootstrap
--clusterrole=system:node-bootstrapper
--user=kubelet-bootstrap
创建 kubeconfig 文件
# 创建 kubelet bootstrapping kubeconfig
BOOTSTRAP_TOKEN=674c457d4dcf2eefe4920d7dbb6b0ddc
KUBE_APISERVER="https://192.168.0.205:6443"
# 设置集群参数
kubectl config set-cluster kubernetes
--certificate-authority=/opt/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=bootstrap.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap
--token=${BOOTSTRAP_TOKEN}
--kubeconfig=bootstrap.kubeconfig
# 设置上下文参数
kubectl config set-context default
--cluster=kubernetes
--user=kubelet-bootstrap
--kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
创建 kube-proxy kubeconfig 文件
cp /iba/master-ca/kube-proxy.pem /opt/kubernetes/ssl/
cp /iba/master-ca/kube-proxy-key.pem /opt/kubernetes/ssl/
kubectl config set-cluster kubernetes
--certificate-authority=/opt/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy
--client-certificate=/opt/kubernetes/ssl/kube-proxy.pem
--client-key=/opt/kubernetes/ssl/kube-proxy-key.pem
--embed-certs=true
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default
--cluster=kubernetes
--user=kube-proxy
--kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
# 将这两个文件拷贝到Node节点/opt/kubernetes/cfg目录下
bootstrap.kubeconfig kube-proxy.kubeconfig
ansible node -m copy -a 'src=bootstrap.kubeconfig dest=/opt/kubernetes/cfg'
ansible node -m copy -a 'src=kube-proxy.kubeconfig dest=/opt/kubernetes/cfg'
部署 kubelet 组件
cd /iba/tools/kubernetes/server/bin
ansible node -m copy -a 'src=kubelet dest=/opt/kubernetes/bin'
ansible node -m copy -a 'src=kube-proxy dest=/opt/kubernetes/bin'
ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kubelet'
ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kube-proxy'
在 node1 上执行
# 创建kubelet配置文件:
cat > /opt/kubernetes/cfg/kubelet << EOF
KUBELET_OPTS="--logtostderr=true
--v=4
--hostname-override=192.168.0.206
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig
--config=/opt/kubernetes/cfg/kubelet.config
--cert-dir=/opt/kubernetes/ssl
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF
参数说明:
--hostname-override // 在集群中显示的主机名
--kubeconfig // 指定kubeconfig文件位置,会自动生成
--bootstrap-kubeconfig // 指定刚才生成的bootstrap.kubeconfig文件
--cert-dir // 颁发证书存放位置
--pod-infra-container-image // 管理Pod网络的镜像
# kubelet.config配置文件如下
cat > /opt/kubernetes/cfg/kubelet.config << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.0.206
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS: ["10.0.0.2"]
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: true
EOF
systemd管理kubelet组件
cat > /usr/lib/systemd/system/kubelet.service << -'EOF'
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
-EOF
启动 kubelet
chmod +x /opt/kubernetes/bin/kubelet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
# 把配置文件发送到 node2
scp /opt/kubernetes/cfg/kubelet root@192.168.0.207:/opt/kubernetes/cfg/
scp /opt/kubernetes/cfg/kubelet.config root@192.168.0.207:/opt/kubernetes/cfg/
scp /usr/lib/systemd/system/kubelet.service root@192.168.0.207:/usr/lib/systemd/system/
# 在 node2 上修改对应的 IP
vi /opt/kubernetes/cfg/kubelet
vi /opt/kubernetes/cfg/kubelet.config
chmod +x /opt/kubernetes/bin/kubelet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
在 master 审批 Node 加入集群
cd /opt/kubernetes/bin
kubectl get csr
kubectl certificate approve XXXXX
kubectl get node
部署kube-proxy组件
# 在 node1 上执行
# 创建kube-proxy配置文件:
cat > /opt/kubernetes/cfg/kube-proxy << EOF
KUBE_PROXY_OPTS="--logtostderr=true
--v=4
--hostname-override=192.168.0.206
--cluster-cidr=10.0.0.0/24
--proxy-mode=ipvs
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF
# systemd管理kube-proxy组件
cat > /usr/lib/systemd/system/kube-proxy.service << -'EOF'
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
-EOF
chmod +x /opt/kubernetes/bin/kube-proxy
systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
# 把配置文件发送到 node2
scp /opt/kubernetes/cfg/kube-proxy root@192.168.0.207:/opt/kubernetes/cfg/
scp /usr/lib/systemd/system/kube-proxy.service root@192.168.0.207:/usr/lib/systemd/system/
# 在 node2 上修改到对应的IP
vi /opt/kubernetes/cfg/kube-proxy
chmod +x /opt/kubernetes/bin/kube-proxy
systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy