5.1 创建工作目录并拷贝二进制文件　　在所有worker node创建工作目录：

mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs} 
　　从master至node节点：

cd /tools/kubernetes/server/bin/
scp -r kubelet kube-proxy root@node01:/opt/kubernetes/bin/
scp /opt/kubernetes/ssl/ca.pem root@node01:/opt/kubernetes/ssl/
scp /usr/bin/kubectl node01:/usr/bin
 

5.2 部署kubelet 　　1.创建配置文件复制代码 #node01节点操作

cat > /opt/kubernetes/cfg/kubelet.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--hostname-override=node01 \\
--network-plugin=cni \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=lizexiong/pause-amd64:3.0"
EOF
复制代码

--hostname-override：显示名称，集群中唯一 --network-plugin：启用CNI --kubeconfig：空路径，会自动生成，后面用于连接apiserver --bootstrap-kubeconfig：首次启动向apiserver申请证书 --config：配置参数文件 --cert-dir：kubelet证书生成目录 --pod-infra-container-image：管理Pod网络容器的镜像　　如果主机名在通过master审批之后更改了，或者是什么原因更改了，node就会出现下面的错误提示

　　2.配置参数文件复制代码 #node01节点操作

cat > /opt/kubernetes/cfg/kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local 
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /opt/kubernetes/ssl/ca.pem 
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF
复制代码

　　3.生成kubelet初次加入集群引导kubeconfig文件

#node01节点操作
KUBE_CONFIG="/opt/kubernetes/cfg/bootstrap.kubeconfig"
KUBE_APISERVER="https://192.168.0.152:6443" # apiserver IP:PORT
TOKEN="c47ffb939f5ca36231d9e3121a252959" # 与token.csv里保持一致

# 生成 kubelet bootstrap kubeconfig 配置文件
kubectl config set-cluster kubernetes \
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=${KUBE_CONFIG}
kubectl config set-credentials "kubelet-bootstrap" \
  --token=${TOKEN} \
  --kubeconfig=${KUBE_CONFIG}
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kubelet-bootstrap" \
  --kubeconfig=${KUBE_CONFIG}
kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
  

systemd管理kubelet

cat > /usr/lib/systemd/system/kubelet.service << EOF 
[Unit] 
Description=Kubernetes Kubelet 
After=docker.service 
 
[Service] 
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf 
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS 
Restart=on-failure 
LimitNOFILE=65536 
 
[Install] 
WantedBy=multi-user.target 
EOF 

手动启动

/opt/kubernetes/bin/kubelet --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --hostname-override=k8snode2 --network-plugin=cni --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet-config.yml --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=lizhenliang/pause-amd64:3.0

启动并设置开机启动

systemctl daemon-reload systemctl start kubelet systemctl enable kubelet

5.3 批准kubelet证书申请并加入集群

查看kubelet证书请求

kubectl get csr NAME AGE SIGNERNAME REQUESTOR CONDITION node-csr-uCEGPOIiDdlLODKts8J658HrFq9CZ--K6M4G7bjhk8A 6m3s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending

批准申请

kubectl certificate approve node-csr-uCEGPOIiDdlLODKts8J658HrFq9CZ--K6M4G7bjhk8A

查看节点

kubectl get node 
NAME         STATUS     ROLES    AGE   VERSION 
k8s-master1   NotReady   <none>   7s    v1.18.3 