kubernetes 二进制安装(v1.20.15)（七）加塞一个工作节点

kubernetes 二进制安装(v1.20.15)（七）加塞一个工作节点

文章目录

​​k8s-node1 加入集群​​

​​分发文件​​​​核对文件​​​​启动kubelet​​​​批准新Node证书申请​​​​启动kube-proxy​​

k8s-node1 加入集群

分发文件

#此操作在Master（k8s-master）上进行#分发kubernetes工作目录scp -r /opt/kubernetes k8s-node1:/opt/#分发kubelet,kube-proxy的管理文件scp -r /usr/lib/systemd/system/{kubelet,kube-proxy}.service k8s-node1:/usr/lib/systemd/system#分发证书文件scp /opt/kubernetes/ssl/ca.pem k8s-node1:/opt/kubernetes/ssl#替换kubelet.conf文件scp /opt/TLS/k8s/cfg/kubelet02.conf k8s-node1:/opt/kubernetes/cfg/kubelet.conf#替换kube-proxy-config.ymlscp /opt/TLS/k8s/cfg/kube-proxy-config02.yml k8s-node1:/opt/kubernetes/cfg/kube-proxy-config.yml#删除kubelet证书和kubeconfig文件ssh k8s-node1 "rm -f /opt/kubernetes/cfg/kubelet.kubeconfig"ssh k8s-node1 "rm -f /opt/kubernetes/ssl/kubelet*"

这里我再说一遍 TLS Bootstrapping：算了下一篇吧，这里之所以要删除这两个文件，是因为要从 master 的 apiserver 重新生成，如果有东西在那边，会导致一些莫名其妙的后果，比方说 kubelet 起来了，但是从master 上扫描不到 node。

如果有想重新安装 kubelet，记得要将那两个地方清理一下，不然会很有意思…

核对文件

#此操作在k8s-node1上进行[root@k8s-node1 ~]# ll /opt/kubernetestotal 12drwxr-xr-x 2 root root 114 Apr 3 15:47 bindrwxr-xr-x 2 root root 4096 Apr 3 15:48 cfgdrwxr-xr-x 2 root root 4096 Apr 3 15:47 logsdrwxr-xr-x 2 root root 4096 Apr 3 15:48 ssl[root@k8s-node1 ~]# ll /usr/lib/systemd/system/{kubelet,kube-proxy}.service-rw-r--r-- 1 root root 246 Apr 3 15:47 /usr/lib/systemd/system/kubelet.service-rw-r--r-- 1 root root 253 Apr 3 15:47 /usr/lib/systemd/system/kube-proxy.service[root@k8s-node1 ~]# ll /opt/kubernetes/ssl/ca.pem-rw-r--r-- 1 root root 1310 Apr 3 15:47 /opt/kubernetes/ssl/ca.pem[root@k8s-node1 ~]# ll /opt/kubernetes/cfg/kubelet.conf-rw-r--r-- 1 root root 382 Apr 3 15:48 /opt/kubernetes/cfg/kubelet.conf[root@k8s-node1 ~]# cat /opt/kubernetes/cfg/kubelet.confKUBELET_OPTS="--logtostderr=false \--v=2 \--log-dir=/opt/kubernetes/logs \--hostname-override=k8s-node1 \--network-plugin=cni \--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \--config=/opt/kubernetes/cfg/kubelet-config.yml \--cert-dir=/opt/kubernetes/ssl \--pod-infra-container-image=ibmcom/pause-amd64:3.1"[root@k8s-node1 ~]# ll /opt/kubernetes/cfg/kube-proxy-config.yml-rw-r--r-- 1 root root 320 Apr 3 15:48 /opt/kubernetes/cfg/kube-proxy-config.yml[root@k8s-node1 ~]# cat /opt/kubernetes/cfg/kubelet.confKUBELET_OPTS="--logtostderr=false \--v=2 \--log-dir=/opt/kubernetes/logs \--hostname-override=k8s-node1 \--network-plugin=cni \--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \--config=/opt/kubernetes/cfg/kubelet-config.yml \--cert-dir=/opt/kubernetes/ssl \--pod-infra-container-image=ibmcom/pause-amd64:3.1"[root@k8s-node1 ~]# cat /opt/kubernetes/cfg/kube-proxy-config.ymlkind: KubeProxyConfigurationapiVersion: kubeproxy.config.k8s.io/v1alpha1bindAddress: 0.0.0.0metricsBindAddress: 0.0.0.0:10249clientConnection: kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfighostnameOverride: k8s-node1clusterCIDR: 10.244.0.0/16mode: ipvsipvs: scheduler: "rr"iptables: masqueradeAll: true[root@k8s-node1 ~]# ll /opt/kubernetes/cfg/kubelet.kubeconfigls: cannot access /opt/kubernetes/cfg/kubelet.kubeconfig: No such file or directory[root@k8s-node1 ~]# ll /opt/kubernetes/ssl/kubelet*ls: cannot access /opt/kubernetes/ssl/kubelet*: No such file or directory

注：bootstrap.kubeconfig 那里面是 master 的地址。

启动kubelet

#此操作在k8s-node1上进行[root@k8s-node1 ~]# systemctl daemon-reload && systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet....

批准新Node证书申请

#此操作在Master(k8s-master)上进行#查看新的证书请求，状态为Pending[root@k8s-master cfg]# kubectl get csrNAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITIONnode-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek 31m kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Approved,Issuednode-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc 56s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending#批准新的请求，并加入集群[root@k8s-master cfg]# kubectl certificate approve node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObccertificatesigningrequest.certificates.k8s.io/node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc approved#查看证书批准状态[root@k8s-master cfg]# kubectl get csrNAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITIONnode-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek 31m kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Approved,Issuednode-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc 75s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Approved,Issued#查看集群节点[root@k8s-master cfg]# kubectl get nodesNAME STATUS ROLES AGE VERSIONk8s-master NotReady 30m v1.23.4k8s-node1 NotReady 14s v1.23.4# 由于网络插件还没有部署，节点会没有准备就绪 NotReady

启动kube-proxy

[root@k8s-node1 ~]# systemctl daemon-reload && systemctl start kube-proxy && systemctl enable kube-proxy && systemctl status kube-proxy

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。