# Node節點集群部署
使用國內的docker apt源安裝docker:
```
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安裝GPG證書
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 寫入軟件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安裝 Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
```
啟動docker:
```
systemctl start docker
systemctl enable docker
```
**# kubelet的啟動文件/lib/systemd/system/kubelet.service內容如下:**
```
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStartPre=-/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service /sys/fs/cgroup/hugetlb/system.slice/kubelet.service
ExecStart=/opt/kubernetes/bin/kubelet \
--eviction-hard=memory.available<1024Mi,nodefs.available<10%,nodefs.inodesFree<5% \
--system-reserved=cpu=0.5,memory=1G \
--kube-reserved=cpu=0.5,memory=1G \
--cgroups-per-qos=true \
--enforce-node-allocatable=pods,kube-reserved,system-reserved \
--kube-reserved-cgroup=/system.slice/kubelet.service \
--system-reserved-cgroup=/system.slice \
--address=192.168.11.220 \
--hostname-override=192.168.11.220 \
--cgroup-driver=cgroupfs \
--pod-infra-container-image=dyhub.douyucdn.cn/kubernetes/pause-amd64:3.0 \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--cluster-dns=10.1.61.130,10.1.61.136 \
--cluster-domain=test01. \
--hairpin-mode=promiscuous-bridge \
--allow-privileged=true \
--fail-swap-on=false \
--serialize-image-pulls=false \
--max-pods=30 \
--logtostderr=true \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
創建用戶綁定角色
# 登錄master1
# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
```
**# kube-proxy的啟動文件/libe/systemd/system/kube-proxy.service內容如下:**
```
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \
--bind-address=192.168.11.220 \
--hostname-override=192.168.11.220 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \
--masquerade-all \
--feature-gates=SupportIPVSProxyMode=true \
--proxy-mode=ipvs \
--ipvs-min-sync-period=5s \
--ipvs-sync-period=5s \
--ipvs-scheduler=rr \
--logtostderr=true \
--v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
```
啟動kubelet和kube-proxy:
```
systemctl start kubelet kube-proxy
systemctl enable kubelet kube-proxy
```
node節點正常啟動以后,在master端執行kubectl get nodes看不到node節點,這是因為node節點啟動后先向master申請證書,master簽發證書以后,才能加入到集群中,如下:
```
# 查看 csr
? kubectl get csr
NAME AGE REQUESTOR CONDITION
csr-l9d25 2m kubelet-bootstrap Pending
# 簽發證書
? kubectl certificate approve csr-l9d25
certificatesigningrequest "csr-l9d25" approved
# 查看 node
? kubectl get node
NAME STATUS AGE VERSION
10.1.61.140 Ready 5d v1.7.4
```