十六，Kubernetes_v1.14.2部署kubelet

一，分發kubelet二進制文件

source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
scp /opt/kubernetes/package/kubernetes/node/bin/kubelet root@${master_ip}:/opt/kubernetes/bin
done

#驗證是否分發成功
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "ls -ld /opt/kubernetes/bin/kubelet"
done

 

 

二，創建kubelet服務配置文件

cd /opt/kubernetes/ssl
cat > kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \\
  --address=##NODE_IP## \\
  --hostname-override=##NODE_IP## \\
  --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.1 \\
  --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
  --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
  --cert-dir=/opt/kubernetes/ssl \\
  --network-plugin=cni \\
  --cni-conf-dir=/etc/cni/net.d \\
  --cni-bin-dir=/opt/kubernetes/bin/cni \\
  --cluster-dns=10.1.0.2 \\
  --cluster-domain=cluster.local. \\
  --hairpin-mode hairpin-veth \\
  --allow-privileged=true \\
  --fail-swap-on=false \\
  --logtostderr=true \\
  --v=2 \\
  --logtostderr=false \\
  --log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

 

使用變量創建各節點配置

source /root/env.sh
for (( i=0; i < 3; i++ ))
do
sed -e "s/##NODE_IP##/${NODE_IPS[i]}/" kubelet.service > kubelet-${NODE_IPS[i]}.service
done

#驗證是否更改成功
ls -ld kubelet-*.service

 

 

三，分發kubelet服務配置文件

cd /opt/kubernetes/ssl
source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
scp kubelet-${node_ip}.service root@${node_ip}:/usr/lib/systemd/system/kubelet.service
done

#驗證是否發送成功
source /root/env.sh
for node_ip  in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "ls -ld /usr/lib/systemd/system/kubelet.service"
done

 

四，啓動kubelet服務

source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "mkdir /var/lib/kubelet" 
ssh root@${node_ip} "systemctl restart kubelet && systemctl enable kubelet"
done

 

 

五，驗證kubelet服務

source /root/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo -e "\033[31m>>> ${node_ip} \033[0m"
ssh root@${node_ip} "systemctl status kubelet | grep Active"
done

#確保狀態爲 active (running)，否則查看日誌，確認原因

journalctl -u kubelet

 

 

六，在master節點上查看是否收到node節點的csr請求

kubectl get csr

 #輸出：
NAME                                                                                                  AGE    REQUESTOR           CONDITION
node-csr-4Ib8Bp_n43bMrpKdiP8jHWtOF1P649TmAU2nOuFE-z8   116s      kubelet-bootstrap      Pending
node-csr-gxiaGELnMGpO6mzEW1D0tM7S6d_v_32-32hTiDXjtwU   116s     kubelet-bootstrap      Pending
node-csr-z0Uk6eaYrYUJulZUXtwzLoW3NOWWhNf4IKX1_A5vGnk 115s      kubelet-bootstrap     Pending
 

 

七，批准kubelet的TLS請求

 kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs kubectl certificate approve

#輸出：
certificatesigningrequest.certificates.k8s.io/node-csr-W7hSvOMoLpOs-k5u-pmHui0fbii1LaF2gqXSUp8S8pg approved
certificatesigningrequest.certificates.k8s.io/node-csr-helR655h1jwYOM5V6hNEcw8onWVoyf0VP8xizUwfXi8 approved
certificatesigningrequest.certificates.k8s.io/node-csr-xAtoY9o8L7AKdIrPhc8ZkoZZqkMaaTIcv9-zrHu5qjk approved

 

 

八，再次查看csr請求 

kubectl get csr

#輸出： 
node-csr-W7hSvOMoLpOs-k5u-pmHui0fbii1LaF2gqXSUp8S8pg   12s   kubelet-bootstrap   Approved,Issued
node-csr-helR655h1jwYOM5V6hNEcw8onWVoyf0VP8xizUwfXi8   12s   kubelet-bootstrap   Approved,Issued
node-csr-xAtoY9o8L7AKdIrPhc8ZkoZZqkMaaTIcv9-zrHu5qjk   12s   kubelet-bootstrap   Approved,Issued

 

 

九，查看node情況 

kubectl get node

#輸出：
NAME               STATUS   ROLES    AGE   VERSION
172.27.128.11   Ready     <none>    43s     v1.14.2
172.27.128.12   Ready     <none>    43s     v1.14.2
172.27.128.13   Ready     <none>    43s     v1.14.2