Kubernetes Nodes: Difference between revisions
DrEdWilliams (talk | contribs) mNo edit summary |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 30: | Line 30: | ||
apt-mark hold kubelet kubeadm kubectl | apt-mark hold kubelet kubeadm kubectl | ||
== | == Start the kubernetes packages == | ||
Make sure that /etc/sysconfig/kubelet (or /etc/default/kubelet on Debian) has the following line: | Make sure that /etc/sysconfig/kubelet (or /etc/default/kubelet on Debian) has the following line: | ||
KUBELET_EXTRA_ARGS=--authentication-token-webhook --fail-swap-on=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice | KUBELET_EXTRA_ARGS=--authentication-token-webhook --fail-swap-on=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice | ||
This needs to be done on all nodes: | |||
systemctl start kubelet | |||
systemctl enable kubelet | |||
== Join the cluster == | == Join the cluster == | ||
| Line 54: | Line 54: | ||
If you don’t have the value of '''--discovery-token-ca-cert-hash''', you can get it by running the following command chain on the control-plane node: | If you don’t have the value of '''--discovery-token-ca-cert-hash''', you can get it by running the following command chain on the control-plane node: | ||
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ | openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ | ||
openssl dgst -sha256 -hex | sed 's/^.* //' | openssl dgst -sha256 -hex | sed 's/^.* //' | ||
Latest revision as of 19:51, 8 August 2020
The kubernetes node install is based on the prerequisites in the Kubernetes Cluster Installation page.
Install the kubernetes repo[edit]
CentOS 7[edit]
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kube* EOF
... or just copy it from an already installed kubernetes node ...
yum install -y kubelet kubectl kubeadm --disableexcludes=kubernetes
Debian 10[edit]
apt-get update && apt-get install -y apt-transport-https curl curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://apt.kubernetes.io/ kubernetes-xenial main EOF apt-get update apt-get install -y kubelet kubeadm kubectl apt-mark hold kubelet kubeadm kubectl
Start the kubernetes packages[edit]
Make sure that /etc/sysconfig/kubelet (or /etc/default/kubelet on Debian) has the following line:
KUBELET_EXTRA_ARGS=--authentication-token-webhook --fail-swap-on=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice
This needs to be done on all nodes:
systemctl start kubelet systemctl enable kubelet
Join the cluster[edit]
Using the token and hash from the Production Cluster Configuration, Development Cluster Configuration, or Test Cluster Configuration as appropriate:
kubeadm join <master IP>:6443 --token <token> --discovery-token-ca-cert-hash <hash> --ignore-preflight-errors Swap --node-name=`hostname -s`
If you do not have the token, you can get it by running the following command on the control-plane node:
kubeadm token list
If you are joining a node to the cluster after the current token has expired, you can create a new token by running the following command on the control-plane node:
kubeadm token create
If you don’t have the value of --discovery-token-ca-cert-hash, you can get it by running the following command chain on the control-plane node:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ openssl dgst -sha256 -hex | sed 's/^.* //'