Kubernetes binary installation (v1.20.15) (VII) plug a work node

k8s-node1 To join the cluster

Distribute documents

# This operation is in Master（k8s-master） on 
​
# distribution kubernetes working directory 
scp -r /opt/kubernetes k8s-node1:/opt/
​
# distribution kubelet,kube-proxy Management documents for 
scp -r /usr/lib/systemd/system/{
    kubelet,kube-proxy}.service k8s-node1:/usr/lib/systemd/system
​
# Distribute certificate documents 
scp /opt/kubernetes/ssl/ca.pem k8s-node1:/opt/kubernetes/ssl
​
# Replace kubelet.conf file 
scp /opt/TLS/k8s/cfg/kubelet02.conf k8s-node1:/opt/kubernetes/cfg/kubelet.conf
​
# Replace kube-proxy-config.yml
scp /opt/TLS/k8s/cfg/kube-proxy-config02.yml k8s-node1:/opt/kubernetes/cfg/kube-proxy-config.yml
​
​
# Delete kubelet Certificates and kubeconfig file 
ssh k8s-node1 "rm -f /opt/kubernetes/cfg/kubelet.kubeconfig"
ssh k8s-node1 "rm -f /opt/kubernetes/ssl/kubelet*"

Here I repeat TLS Bootstrapping： Forget about the next one , The reason for this is to delete these two files , It's because we have to start from master Of apiserver To regenerate the , If there's something over there , Will lead to some inexplicable consequences , For example kubelet up , But from master Cannot be scanned on node.

If you want to reinstall kubelet, Remember to clean those two places , Otherwise it will be very interesting …

Check the documents

# This operation is in k8s-node1 on 
​
[[email protected] ~]# ll /opt/kubernetes
total 12
drwxr-xr-x 2 root root  114 Apr  3 15:47 bin
drwxr-xr-x 2 root root 4096 Apr  3 15:48 cfg
drwxr-xr-x 2 root root 4096 Apr  3 15:47 logs
drwxr-xr-x 2 root root 4096 Apr  3 15:48 ssl
​
[[email protected] ~]# ll /usr/lib/systemd/system/{kubelet,kube-proxy}.service
-rw-r--r-- 1 root root 246 Apr  3 15:47 /usr/lib/systemd/system/kubelet.service
-rw-r--r-- 1 root root 253 Apr  3 15:47 /usr/lib/systemd/system/kube-proxy.service
​
[[email protected] ~]# ll /opt/kubernetes/ssl/ca.pem
-rw-r--r-- 1 root root 1310 Apr  3 15:47 /opt/kubernetes/ssl/ca.pem
​
[[email protected] ~]# ll /opt/kubernetes/cfg/kubelet.conf
-rw-r--r-- 1 root root 382 Apr  3 15:48 /opt/kubernetes/cfg/kubelet.conf
​
[[email protected] ~]# cat /opt/kubernetes/cfg/kubelet.conf
KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ --hostname-override=k8s-node1 \ --network-plugin=cni \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --config=/opt/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/opt/kubernetes/ssl \ --pod-infra-container-image=ibmcom/pause-amd64:3.1"
​
[[email protected] ~]# ll /opt/kubernetes/cfg/kube-proxy-config.yml
-rw-r--r-- 1 root root 320 Apr  3 15:48 /opt/kubernetes/cfg/kube-proxy-config.yml
​
[[email protected] ~]# cat /opt/kubernetes/cfg/kubelet.conf
KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ --hostname-override=k8s-node1 \ --network-plugin=cni \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --config=/opt/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/opt/kubernetes/ssl \ --pod-infra-container-image=ibmcom/pause-amd64:3.1"
[[email protected] ~]# cat /opt/kubernetes/cfg/kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node1
clusterCIDR: 10.244.0.0/16
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
​
[[email protected] ~]# ll /opt/kubernetes/cfg/kubelet.kubeconfig
ls: cannot access /opt/kubernetes/cfg/kubelet.kubeconfig: No such file or directory
​
[[email protected] ~]# ll /opt/kubernetes/ssl/kubelet*
ls: cannot access /opt/kubernetes/ssl/kubelet*: No such file or directory

notes ：bootstrap.kubeconfig There is master The address of .

start-up kubelet

# This operation is in k8s-node1 on 
[[email protected] ~]# systemctl daemon-reload && systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet
....

Approve new Node The certificate application

# This operation is in Master(k8s-master) on 
​
# View new certificate requests , Status as Pending
[[email protected] cfg]# kubectl get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   31m   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Approved,Issued
node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc   56s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending
​
# Approve new requests , And join the cluster 
[[email protected] cfg]# kubectl certificate approve node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc
certificatesigningrequest.certificates.k8s.io/node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc approved
​
# View certificate approval status 
[[email protected] cfg]# kubectl get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   31m   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Approved,Issued
node-csr-ktjmR4VegWx92ELE3IskISfkdatpXBTKBrq8ZOCVObc   75s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Approved,Issued
​
# View the cluster nodes 
[[email protected] cfg]# kubectl get nodes
NAME   		STATUS     ROLES    AGE   VERSION
k8s-master  NotReady   <none>   30m   v1.23.4
k8s-node1   NotReady   <none>   14s   v1.23.4
​
#  Because the network plug-in has not been deployed yet , Nodes will not be ready  NotReady

start-up kube-proxy

[[email protected] ~]# systemctl daemon-reload && systemctl start kube-proxy && systemctl enable kube-proxy && systemctl status kube-proxy