1、用来启动节点服务器的模板需要cfssl、cfssljson和拷贝master节点上的ca-config.json、ca-key.pem、ca.pem
2、脚本
#!/bin/bash
#加入k8s集群节点脚本
#需要安装cfssl、cfssljson和拷贝master节点上的ca-config.json、ca-key.pem、ca.pem
#author menard
IP=172.21.74.7
HOSTNAME=k8s-node03-sit
SSL_DIR=/data/services/k8s/ssl
podCIDR=10.11.0.0/16
svcCIDR=10.10.0.0/16
DNSIP=10.10.0.10
#1、修改hostname
hostnamectl set-hostname $HOSTNAME
#2、生成证书
cd $SSL_DIR
#生成kubelet客户端证书和私钥
WORKERS=($HOSTNAME)
WORKER_IPS=($IP)
for ((i=0;i<${#WORKERS[@]};i++)); do
cat > ${WORKERS[$i]}-csr.json < /etc/kubernetes/kubelet-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
enabled: true
x509:
clientCAFile: "/etc/kubernetes/ssl/ca.pem"
authorization:
mode: Webhook
clusterDomain: "cluster.local"
clusterDNS:
- "$DNSIP"
podCIDR: "$podCIDR"
address: ${IP}
readOnlyPort: 0
staticPodPath: /etc/kubernetes/manifests
healthzPort: 10248
healthzBindAddress: 127.0.0.1
kubeletCgroups: /systemd/system.slice
resolvConf: "/etc/resolv.conf"
runtimeRequestTimeout: "15m"
kubeReserved:
cpu: 200m
memory: 512M
tlsCertFile: "/etc/kubernetes/ssl/${HOSTNAME}.pem"
tlsPrivateKeyFile: "/etc/kubernetes/ssl/${HOSTNAME}-key.pem"
EOF
#5、配置kubelet服务
cat < /etc/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
documentation=https://github.com/kubernetes/kubernetes
After=containerd.service
Requires=containerd.service
[Service]
ExecStart=/usr/local/bin/kubelet \
--config=/etc/kubernetes/kubelet-config.yaml \
--container-runtime=remote \
--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \
--image-pull-progress-deadline=2m \
--kubeconfig=/etc/kubernetes/kubeconfig \
--network-plugin=cni \
--node-ip=${IP} \
--register-node=true \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
#6、配置kube-proxy
#cp -f kube-proxy.kubeconfig /etc/kubernetes/
# 创建 kube-proxy-config.yaml
cat < /etc/kubernetes/kube-proxy-config.yaml
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: 0.0.0.0
clientConnection:
kubeconfig: "/etc/kubernetes/kube-proxy.kubeconfig"
clusterCIDR: "$podCIDR"
mode: ipvs
EOF
#kube-proxy 服务文件
cat < /etc/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube Proxy
documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-proxy \
--config=/etc/kubernetes/kube-proxy-config.yaml
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
#7、启动服务
systemctl daemon-reload
systemctl enable kubelet kube-proxy
systemctl restart kubelet kube-proxy
