1.下载kubenetes软件包
#这一步我们把二进制包全部分发下去,后续都会使用。
$cd /root/
$wget https://dl.k8s.io/v1.9.9/kubernetes-server-linux-amd64.tar.gz
$tar -xzvf kubernetes-server-linux-amd64.tar.gz
$cd kubernetes/server/bin/
$cp kubectl kube-apiserver kube-controller-manager kube-scheduler /usr/bin/
$scp kubelet kube-proxy root@192.168.7.132:/usr/bin/
$scp kubelet kube-proxy root@192.168.7.133:/usr/bin/
2.创建 kubectl kubeconfig 文件
# 请明确这个KUBE_APISERVER变量都是指向masster的api-server地址。
$cd /root/
$export KUBE_APISERVER="https://192.168.7.131:6443"
# 设置集群参数
$kubectl config set-cluster kubernetes
--certificate-authority=/etc/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
# 设置客户端认证参数
$kubectl config set-credentials admin
--client-certificate=/etc/kubernetes/ssl/admin.pem
--embed-certs=true
--client-key=/etc/kubernetes/ssl/admin-key.pem
# 设置上下文参数
$kubectl config set-context kubernetes
--cluster=kubernetes
--user=admin
# 设置默认上下文
$kubectl config use-context kubernetes
3.创建 TLS Bootstrapping Token
$export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
$cat > token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
$cp token.csv /etc/kubernetes/
$scp token.csv root@192.168.7.132:/etc/kubernetes/
$scp token.csv root@192.168.7.133:/etc/kubernetes/
4.创建 kubelet bootstrapping kubeconfig 文件
$cd /etc/kubernetes
$export KUBE_APISERVER="https://192.168.7.131:6443"
# 设置集群参数
$kubectl config set-cluster kubernetes
--certificate-authority=/etc/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=bootstrap.kubeconfig
# 设置客户端认证参数
$kubectl config set-credentials kubelet-bootstrap
--token=${BOOTSTRAP_TOKEN}
--kubeconfig=bootstrap.kubeconfig
# 设置上下文参数
$kubectl config set-context default
--cluster=kubernetes
--user=kubelet-bootstrap
--kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
$kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
5.创建 kube-proxy kubeconfig 文件
$export KUBE_APISERVER="https://192.168.7.131:6443"
# 设置集群参数
$kubectl config set-cluster kubernetes
--certificate-authority=/etc/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=kube-proxy.kubeconfig
# 设置客户端认证参数
$kubectl config set-credentials kube-proxy
--client-certificate=/etc/kubernetes/ssl/kube-proxy.pem
--client-key=/etc/kubernetes/ssl/kube-proxy-key.pem
--embed-certs=true
--kubeconfig=kube-proxy.kubeconfig
# 设置上下文参数
$kubectl config set-context default
--cluster=kubernetes
--user=kube-proxy
--kubeconfig=kube-proxy.kubeconfig
# 设置默认上下文
$kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
6.分发 kubeconfig 文件到节点
$scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.7.132:/etc/kubernetes/
$scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.7.133:/etc/kubernetes/