简单的进行初始化
1,安装相同版本的docker,复制必要的镜像文件到node节点导入2,同步时间3,将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward =1
EOF
sysctl --system
swapoff -a
setenforce 0复制证书到node节点,复制其他配置文件到node节点并删除kubelet证书和kubeconfig文件
rm -f /opt/kubernetes/cfg/kubelet.kubeconfig
rm -f /opt/kubernetes/ssl/kubelet*修改主机名
cat /etc/hosts
...
172.16.100.7 host1.com修改配置文件
# vi /opt/kubernetes/cfg/kubelet.conf
--hostname-override=host1.com
# vi /opt/kubernetes/cfg/kube-proxy-config.yml
hostnameOverride: host1.com
metricsBindAddress: 172.16.100.7:10249启动kubelet
/opt/kubernetes/ssl/kubelet-client-current.pem for default-auth due to open /opt/kubernetes/ssl/kubelet-client-current.pem: no such file or directory安装conntrack
yum -y install conntrackmaster
配置tls 基于bootstrap自动颁发证书**
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap[root@linuxea.com kubernetes]# kubectl get clusterrolebinding | grep kubelet-bootstrap
kubelet-bootstrap 377d启动并设置开机启动
systemctl daemon-reload
systemctl start kubelet
systemctl enable kubelet
systemctl start kube-proxy
systemctl enable kube-proxy- approve
[root@linuxea.com kubernetes]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-uomzzskWafm7Wos6enq_1WBuwZwK9f5Som0M0wnXSlw 45s kubelet-bootstrap Pending[root@linuxea.com kubernetes]# kubectl certificate approve node-csr-uomzzskWafm7Wos6enq_1WBuwZwK9f5Som0M0wnXSlw
certificatesigningrequest.certificates.k8s.io/node-csr-uomzzskWafm7Wos6enq_1WBuwZwK9f5Som0M0wnXSlw approved[root@linuxea.com kubernetes]# kubectl get node
NAME STATUS ROLES AGE VERSION
host1.com NotReady <none> 26s v1.16.0
linuxea.com Ready master 377d v1.16.0
host2.com Ready node 377d v1.16.0
host3.com Ready node 377d v1.16.0- docker: network plugin is not ready: cni config uninitialized
查看本地是否有cn0网卡,如果没有下载插件
https://github.com/flannel-io/cni-plugin/releases
