mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

document the CSR approve flow

pull/137/head
Kelsey Hightower 2017-03-24 04:24:53 -07:00
parent f7532568be
commit c72849f7e3
1 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/06-kubernetes-worker.md
View File

@ -96,6 +96,8 @@ WantedBy=multi-user.target
EOF EOF
``` ```
Start the docker service:
``` ```
sudo mv docker.service /etc/systemd/system/docker.service sudo mv docker.service /etc/systemd/system/docker.service
``` ```
@ -202,21 +204,6 @@ sudo systemctl start kubelet
sudo systemctl status kubelet --no-pager sudo systemctl status kubelet --no-pager
``` ```
Approve the certificate:
```
gcloud compute ssh controller0
```
```
kubectl get csr
```
```
kubectl certificate approve <csr-name>
```
#### kube-proxy #### kube-proxy
@ -255,3 +242,40 @@ sudo systemctl status kube-proxy --no-pager
``` ```
> Remember to run these steps on `worker0`, `worker1`, and `worker2` > Remember to run these steps on `worker0`, `worker1`, and `worker2`
## Approve the TLS certificate requests
Each worker node will submit a certificate signing request which must be approved before the node is allowed to join the cluster.
Log into one of the controller nodes:
```
gcloud compute ssh controller0
```
List the pending certificate requests:
```
kubectl get csr
```
> Use the kubectl describe csr command to view the details of a specific signing request.
Approve each certificate signing request using the `kubectl certificate approve` command:
```
kubectl certificate approve <csr-name>
```
Once all certificate signing requests have been approved all nodes should be registered with the cluster:
```
kubectl get nodes
```
```
NAME STATUS AGE VERSION
worker0 Ready 7m v1.6.0-beta.4
worker1 Ready 5m v1.6.0-beta.4
worker2 Ready 2m v1.6.0-beta.4
```