15.8.25. 创建 worker 节点并完成安装

创建 worker 节点与创建 control plane 节点类似。但是,worker 节点 worker 不会自动加入集群。要将其添加到集群中,请检查并批准 worker 的待处理的 CSR(Certificate Signing Requests)。

批准第一个请求后,您将继续批准 CSR,直到所有 worker 节点都被批准为止。完成此过程后,worker 节点就变为 Ready,并且可以调度在其上运行的 pod。

最后,使用命令行查看安装过程何时完成。

流程

  1. 创建 worker 节点:

    $ ansible-playbook -i inventory.yml workers.yml
  2. 要列出所有 CSR,请输入:

    $ oc get csr -A

    最后,这个命令会显示每个节点的一个 CSR。例如:

    输出示例

    NAME        AGE    SIGNERNAME                                    REQUESTOR                                                                   CONDITION
    csr-2lnxd   63m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master0.ocp4.example.org                             Approved,Issued
    csr-hff4q   64m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
    csr-hsn96   60m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master2.ocp4.example.org                             Approved,Issued
    csr-m724n   6m2s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
    csr-p4dz2   60m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
    csr-t9vfj   60m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master1.ocp4.example.org                             Approved,Issued
    csr-tggtr   61m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
    csr-wcbrf   7m6s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending

  3. 要过滤列表并只查看待处理的 CSR,请输入:

    $ watch "oc get csr -A | grep pending -i"

    此命令每两秒钟刷新输出一次,仅显示待处理的 CSR。例如:

    输出示例

    Every 2.0s: oc get csr -A | grep pending -i
    
    csr-m724n   10m   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
    csr-wcbrf   11m   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending

  4. 检查每个待处理的请求。例如:

    输出示例

    $ oc describe csr csr-m724n

    输出示例

    Name:               csr-m724n
    Labels:             <none>
    Annotations:        <none>
    CreationTimestamp:  Sun, 19 Jul 2020 15:59:37 +0200
    Requesting User:    system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
    Signer:             kubernetes.io/kube-apiserver-client-kubelet
    Status:             Pending
    Subject:
             Common Name:    system:node:ocp4-lk6b4-worker1.ocp4.example.org
             Serial Number:
             Organization:   system:nodes
    Events:  <none>

  5. 如果 CSR 信息正确,则批准请求:

    $ oc adm certificate approve csr-m724n
  6. 等待安装过程完成:

    $ openshift-install wait-for install-complete --dir $ASSETS_DIR --log-level debug

    安装完成后,命令行会显示 OpenShift Container Platform Web 控制台以及管理员用户名和密码的 URL。