Kubernetes Nodes: Difference between revisions

The kubernetes node install is based on the prerequisites in the Kubernetes Cluster Installation page.

Install the kubernetes repo:

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 
exclude=kube*
EOF 

... or just copy it from an already installed kubernetes node ...

Install the pieces of the kubeadm installation on all nodes

yum install -y kubelet kubectl kubeadm --disableexcludes=kubernetes
systemctl start kubelet
systemctl enable kubelet

Make sure that /etc/sysconfig/kubelet has the following line:

KUBELET_EXTRA_ARGS=--authentication-token-webhook --fail-swap-on=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice

Join the cluster using the token and hash from the Production Cluster Configuration, Development Cluster Configuration, or Test Cluster Configuration as appropriate:

kubeadm join <master IP>:6443 --token <token> --discovery-token-ca-cert-hash <hash> --ignore-preflight-errors Swap --node-name=`hostname -s`

If you do not have the token, you can get it by running the following command on the control-plane node:

kubeadm token list

If you are joining a node to the cluster after the current token has expired, you can create a new token by running the following command on the control-plane node:

kubeadm token create

If you don’t have the value of --discovery-token-ca-cert-hash, you can get it by running the following command chain on the control-plane node:

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \

  openssl dgst -sha256 -hex | sed 's/^.* //'