下載kubelet-csr.json
檔案,並產生 master node certificate 簽證:
$ wget "${PKI_URL}/kubelet-csr.json"
$ sed -i 's/$NODE/master1/g' kubelet-csr.json
$ cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=master1,172.16.35.12 \
-profile=kubernetes \
kubelet-csr.json | cfssljson -bare kubelet
$ ls kubelet*.pem
這邊
$NODE
需要隨節點名稱不同而改變。
接著透過以下指令產生名稱為 kubelet.conf
的 kubeconfig 檔:
# set-cluster
$ kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/pki/ca.pem \
--embed-certs=true \
--server="https://172.16.35.12:6443" \
--kubeconfig=../kubelet.conf
# set-credentials
$ kubectl config set-credentials system:node:master1 \
--client-certificate=/etc/kubernetes/pki/kubelet.pem \
--embed-certs=true \
--client-key=/etc/kubernetes/pki/kubelet-key.pem \
--kubeconfig=../kubelet.conf
# set-context
$ kubectl config set-context system:node:master1@kubernetes \
--cluster=kubernetes \
--user=system:node:master1 \
--kubeconfig=../kubelet.conf
# set default context
$ kubectl config use-context system:node:master1@kubernetes --kubeconfig=../kubelet.conf
https://download.docker.com/linux/static/stable/x86_64/