在 master 上操作
vi /etc/profileexport PATH=/opt/kubernetes/bin:$PATHsource /etc/profile
vi /etc/profile
export PATH=/opt/kubernetes/bin:$PATH
source /etc/profile
cd /opt/kubernetes/cfgkubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
cd /opt/kubernetes/cfg
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
# 创建 kubelet bootstrapping kubeconfigBOOTSTRAP_TOKEN=674c457d4dcf2eefe4920d7dbb6b0ddcKUBE_APISERVER="https://192.168.0.205:6443"# 设置集群参数 kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=bootstrap.kubeconfig # 设置客户端认证参数 kubectl config set-credentials kubelet-bootstrap --token=${BOOTSTRAP_TOKEN} --kubeconfig=bootstrap.kubeconfig# 设置上下文参数 kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig # 设置默认上下文 kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
# 创建 kubelet bootstrapping kubeconfig
BOOTSTRAP_TOKEN=674c457d4dcf2eefe4920d7dbb6b0ddc
KUBE_APISERVER="https://192.168.0.205:6443"
# 设置集群参数
kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=bootstrap.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap --token=${BOOTSTRAP_TOKEN} --kubeconfig=bootstrap.kubeconfig
# 设置上下文参数
kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
cp /iba/master-ca/kube-proxy.pem /opt/kubernetes/ssl/cp /iba/master-ca/kube-proxy-key.pem /opt/kubernetes/ssl/ kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials kube-proxy --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig # 将这两个文件拷贝到Node节点/opt/kubernetes/cfg目录下bootstrap.kubeconfig kube-proxy.kubeconfigansible node -m copy -a 'src=bootstrap.kubeconfig dest=/opt/kubernetes/cfg'ansible node -m copy -a 'src=kube-proxy.kubeconfig dest=/opt/kubernetes/cfg'
cp /iba/master-ca/kube-proxy.pem /opt/kubernetes/ssl/
cp /iba/master-ca/kube-proxy-key.pem /opt/kubernetes/ssl/
kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
# 将这两个文件拷贝到Node节点/opt/kubernetes/cfg目录下
bootstrap.kubeconfig kube-proxy.kubeconfig
ansible node -m copy -a 'src=bootstrap.kubeconfig dest=/opt/kubernetes/cfg'
ansible node -m copy -a 'src=kube-proxy.kubeconfig dest=/opt/kubernetes/cfg'
cd /iba/tools/kubernetes/server/binansible node -m copy -a 'src=kubelet dest=/opt/kubernetes/bin'ansible node -m copy -a 'src=kube-proxy dest=/opt/kubernetes/bin'ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kubelet'ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kube-proxy'
cd /iba/tools/kubernetes/server/bin
ansible node -m copy -a 'src=kubelet dest=/opt/kubernetes/bin'
ansible node -m copy -a 'src=kube-proxy dest=/opt/kubernetes/bin'
ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kubelet'
ansible node -m shell -a 'chmod +x /opt/kubernetes/bin/kube-proxy'
在 node1 上执行
# 创建kubelet配置文件:cat > /opt/kubernetes/cfg/kubelet << EOF KUBELET_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.0.206 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"EOF
# 创建kubelet配置文件:
cat > /opt/kubernetes/cfg/kubelet << EOF
KUBELET_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.0.206 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF
参数说明:--hostname-override // 在集群中显示的主机名--kubeconfig // 指定kubeconfig文件位置,会自动生成--bootstrap-kubeconfig // 指定刚才生成的bootstrap.kubeconfig文件--cert-dir // 颁发证书存放位置--pod-infra-container-image // 管理Pod网络的镜像
参数说明:
--hostname-override // 在集群中显示的主机名
--kubeconfig // 指定kubeconfig文件位置,会自动生成
--bootstrap-kubeconfig // 指定刚才生成的bootstrap.kubeconfig文件
--cert-dir // 颁发证书存放位置
--pod-infra-container-image // 管理Pod网络的镜像
# kubelet.con?g配置文件如下cat > /opt/kubernetes/cfg/kubelet.config << EOFkind: KubeletConfigurationapiVersion: kubelet.config.k8s.io/v1beta1address: 192.168.0.206port: 10250readOnlyPort: 10255cgroupDriver: cgroupfsclusterDNS: ["10.0.0.2"]clusterDomain: cluster.local.failSwapOn: falseauthentication: anonymous: enabled: trueEOF
# kubelet.con?g配置文件如下
cat > /opt/kubernetes/cfg/kubelet.config << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.0.206
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS: ["10.0.0.2"]
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: true
cat > /usr/lib/systemd/system/kubelet.service << -'EOF'[Unit]Description=Kubernetes KubeletAfter=docker.serviceRequires=docker.service[Service]EnvironmentFile=/opt/kubernetes/cfg/kubeletExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTSRestart=on-failureKillMode=process[Install]WantedBy=multi-user.target-EOF
cat > /usr/lib/systemd/system/kubelet.service << -'EOF'
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
-EOF
chmod +x /opt/kubernetes/bin/kubeletsystemctl daemon-reload systemctl enable kubeletsystemctl start kubelet systemctl status kubelet # 把配置文件发送到 node2scp /opt/kubernetes/cfg/kubelet root@192.168.0.207:/opt/kubernetes/cfg/scp /opt/kubernetes/cfg/kubelet.config root@192.168.0.207:/opt/kubernetes/cfg/scp /usr/lib/systemd/system/kubelet.service root@192.168.0.207:/usr/lib/systemd/system/# 在 node2 上修改对应的 IPvi /opt/kubernetes/cfg/kubeletvi /opt/kubernetes/cfg/kubelet.configchmod +x /opt/kubernetes/bin/kubeletsystemctl daemon-reload systemctl enable kubeletsystemctl start kubelet systemctl status kubelet
chmod +x /opt/kubernetes/bin/kubelet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
# 把配置文件发送到 node2
scp /opt/kubernetes/cfg/kubelet root@192.168.0.207:/opt/kubernetes/cfg/
scp /opt/kubernetes/cfg/kubelet.config root@192.168.0.207:/opt/kubernetes/cfg/
scp /usr/lib/systemd/system/kubelet.service root@192.168.0.207:/usr/lib/systemd/system/
# 在 node2 上修改对应的 IP
vi /opt/kubernetes/cfg/kubelet
vi /opt/kubernetes/cfg/kubelet.config
cd /opt/kubernetes/binkubectl get csrkubectl certificate approve XXXXXkubectl get node
cd /opt/kubernetes/bin
kubectl get csr
kubectl certificate approve XXXXX
kubectl get node
# 在 node1 上执行# 创建kube-proxy配置文件:cat > /opt/kubernetes/cfg/kube-proxy << EOF KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.0.206 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF# systemd管理kube-proxy组件cat > /usr/lib/systemd/system/kube-proxy.service << -'EOF' [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target -EOFchmod +x /opt/kubernetes/bin/kube-proxysystemctl daemon-reload systemctl enable kube-proxy systemctl start kube-proxy systemctl status kube-proxy # 把配置文件发送到 node2scp /opt/kubernetes/cfg/kube-proxy root@192.168.0.207:/opt/kubernetes/cfg/scp /usr/lib/systemd/system/kube-proxy.service root@192.168.0.207:/usr/lib/systemd/system/# 在 node2 上修改到对应的IPvi /opt/kubernetes/cfg/kube-proxy chmod +x /opt/kubernetes/bin/kube-proxysystemctl daemon-reload systemctl enable kube-proxy systemctl start kube-proxy systemctl status kube-proxy
# 在 node1 上执行
# 创建kube-proxy配置文件:
cat > /opt/kubernetes/cfg/kube-proxy << EOF
KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.0.206 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
# systemd管理kube-proxy组件
cat > /usr/lib/systemd/system/kube-proxy.service << -'EOF'
Description=Kubernetes Proxy
After=network.target
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
chmod +x /opt/kubernetes/bin/kube-proxy
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
scp /opt/kubernetes/cfg/kube-proxy root@192.168.0.207:/opt/kubernetes/cfg/
scp /usr/lib/systemd/system/kube-proxy.service root@192.168.0.207:/usr/lib/systemd/system/
# 在 node2 上修改到对应的IP
vi /opt/kubernetes/cfg/kube-proxy
原文链接:http://www.cnblogs.com/klvchen/p/10308724.html
本站QQ群:前端 618073944 | Java 606181507 | Python 626812652 | C/C++ 612253063 | 微信 634508462 | 苹果 692586424 | C#/.net 182808419 | PHP 305140648 | 运维 608723728