CentOS 7.5 通过kubeadm部署k8s-1.15.0
<p>kubeadm是Kubernetes官方提供的用于快速安装Kubernetes集群的工具,伴随Kubernetes每个版本的发布都会同步更新,kubeadm会对集群配置方面的一些实践做调整,通过实验kubeadm可以学习到Kubernetes官方在集群配置上一些新的最佳实践。从最近发布的Kubernetes 1.15中,kubeadm对HA集群的配置已经达到beta可用,说明kubeadm距离生产环境中可用的距离越来越近了。</p><h3 id="1-1系统配置">1.1环境准备</h3>
<p>系统配置:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>10.0.0.10 master
10.0.0.20 node01</strong></span></pre>
</div>
<p>关闭防火墙:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">systemctl stop firewalld.service
systemctl disable firewalld.service</span></strong></pre>
</div>
<p>关闭selinux :</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">setenforce 0
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config</span></strong></pre>
</div>
<p>配置阿里云的源与eplo源</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>#阿里源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#阿里eplo源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#生成缓存
yum makecache</strong></span></pre>
</div>
<p>创建vim /etc/sysctl.d/k8s.conf文件,添加如下内容:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1</span></strong></pre>
</div>
<p>执行命令使修改生效</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf</strong></span></pre>
</div>
<p>Kubernetes 1.8开始要求关闭系统的swap,如果不关闭,默认配置下kubelet将无法启动。</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>swapoff -a</strong></span></pre>
</div>
<p>修改 /etc/fstab 文件,注释掉 swap 的自动挂载,使用free -m确认swap已经关闭。</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(51, 153, 102, 1)"><strong>sed -i 's/.*swap.*/#&/' /etc/fstab</strong></span></pre>
</div>
<p>swappiness参数调整,修改/etc/sysctl.d/k8s.conf添加下面一行:</p>
<p>vim /etc/sysctl.d/k8s.conf</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>vm.swappiness=0</strong></span></pre>
</div>
<p>加载配置</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>sysctl -p /etc/sysctl.d/k8s.conf</strong></span></pre>
</div>
<p>因为这里本次用于测试两台主机上还运行其他服务,关闭swap可能会对其他服务产生影响,所以这里修改kubelet的配置去掉这个限制。 使用kubelet的启动参数--fail-swap-on=false去掉必须关闭swap的限制,修改/etc/sysconfig/kubelet,加入:</p>
<p>vim /etc/sysconfig/kubelet</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>KUBELET_EXTRA_ARGS=--fail-swap-on=false</strong></span></pre>
</div>
<h3>1.2kube-proxy开启ipvs的前置条件</h3>
<p>由于ipvs已经加入到了内核的主干,所以为kube-proxy开启ipvs的前提需要加载以下的内核模块:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules</span></strong><br><strong><span style="color: rgba(0, 128, 0, 1)">bash /etc/sysconfig/modules/ipvs.modules</span></strong><br><strong><span style="color: rgba(0, 128, 0, 1)">lsmod|egrep "ip_vs|nf_conntrack_ipv4"</span></strong></pre>
</div>
<p>上面脚本创建了的/etc/sysconfig/modules/ipvs.modules文件,保证在节点重启后能自动加载所需模块。</p>
<p>各个节点上已经安装了ipset软件包与管理工具</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>yum install -y ipset ipvsadm</strong></span></pre>
</div>
<p>如果以上前提条件如果不满足,则即使kube-proxy的配置开启了ipvs模式,也会退回到iptables模式。</p>
<h3 id="1-3安装docker">1.3安装Docker</h3>
<p>Kubernetes从1.6开始使用CRI(Container Runtime Interface)容器运行时接口。默认的容器运行时仍然是Docker,使用的是kubelet中内置dockershim CRI实现。</p>
<p>安装docker的yum源:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo</span></strong></pre>
</div>
<p>查看docker版号:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>yum list docker-ce.x86_64--showduplicates |sort -r</strong></span></pre>
</div>
<p>Kubernetes 1.15当前支持的docker版本列表是1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09。 这里在各节点安装docker的18.09.7版本。</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>yum makecache fast
yum install -y --setopt=obsoletes=0 docker-ce-18.09.7-3.el7
systemctl start docker
systemctl enable docker</strong></span></pre>
</div>
<h3>1.4 修改docker cgroup driver为systemd</h3>
<p>根据文档CRI installation中的内容,对于使用systemd作为init system的Linux的发行版,使用systemd作为docker的cgroup driver可以确保服务器节点在资源紧张的情况更加稳定,因此这里修改各个节点上docker的cgroup driver为systemd。</p>
<p>创建或修改/etc/docker/daemon.json:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>{
"registry-mirrors": ["http://f1361db2.m.daocloud.io"],#使用国内镜像
"exec-opts": ["native.cgroupdriver=systemd"], #cgroup driver为systemd
}</strong></span></pre>
</div>
<pre class="prettyprint"><span class="pln">注意:配置时注意取消注释!<br>重启docker:</span></pre>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>systemctl restart docker
docker info|grep Cgroup</strong></span></pre>
</div>
<h2>2.使用kubeadm部署Kubernetes</h2>
<h3 id="2-1-安装kubeadm和kubelet">2.1 安装kubeadm和kubelet</h3>
<p>我们使用国内阿里云下载安装,下面在各节点安装kubeadm和kubelet:</p>
<p>配置kubernetes 源</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>cat <<EOF > /etc/yum.repos.d/kubernetes.repo
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg <span style="text-decoration: underline">https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg</span>
EOF</strong></span><span style="color: rgba(0, 0, 0, 1)"><br></span></pre>
</div>
<p>安装kubernetes:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>yum install -y kubelet kubeadm kubectl
systemctl enable kubelet <br></strong></span></pre>
</div>
<p>从安装结果可以看出还安装了cri-tools, kubernetes-cni, socat三个依赖:</p>
<ul>
<li>官方从Kubernetes 1.14开始将cni依赖升级到了0.7.5版本</li>
<li>socat是kubelet的依赖</li>
<li>cri-tools是CRI(Container Runtime Interface)容器运行时接口的命令行工具</li>
</ul>
<p>运行kubelet –help可以看到原来kubelet的绝大多数命令行flag参数都被DEPRECATED了,如:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>......
--address 0.0.0.0 The IP address for the Kubelet to serve on (set to 0.0.0.0 for all IPv4 interfaces and `::` for all IPv6 interfaces) (default 0.0.0.0) (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)
......</strong></span></pre>
</div>
<p>而官方推荐我们使用-config指定配置文件,并在配置文件中指定原来这些flag所配置的内容。具体内容可以查看这里Set Kubelet parameters via a config file。这也是Kubernetes为了支持动态Kubelet配置(Dynamic Kubelet Configuration)才这么做的,参考Reconfigure a Node’s Kubelet in a Live Cluster。kubelet的配置文件必须是json或yaml格式,具体可查看这里。</p>
<h3>2.2 使用kubeadm init初始化集群</h3>
<p> 在各节点开机启动kubelet服务:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>systemctl enable kubelet.service</strong></span></pre>
</div>
<p>使用kubeadm config print init-defaults可以打印集群初始化默认的使用的配置:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.14.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}</strong></span></pre>
</div>
<p>从默认的配置中可以看到,可以使用imageRepository定制在集群初始化时拉取k8s所需镜像的地址。基于默认配置定制出本次使用kubeadm初始化集群所需的配置文件kubeadm.yaml:</p>
<p>vim kubeadm.yaml</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.0.0.10
nodeRegistration:
taints:
- effect: PreferNoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
podSubnet: 10.244.0.0/16</strong></span></pre>
</div>
<p>注意:</p>
<div class="cnblogs_code">
<pre>使用kubeadm默认配置初始化的集群,会在master节点打上node-role.kubernetes.io/master:NoSchedule的污点,阻止master节点接受调度运行工作负载。这里测试环境只有两个节点,所以将这个taint修改为node-role.kubernetes.io/master:PreferNoSchedule。</pre>
</div>
<p>在开始初始化集群之前可以使用kubeadm config images pull预先在各个节点上拉取所k8s需要的docker镜像。由于在国内gcr是被拦截的,只能使用国内阿里的镜像仓库(所有节点):</p>
<div class="cnblogs_code">
<p><strong><span style="color: rgba(51, 153, 102, 1)">cat << 'EOF' >kubeadm_get_images.sh</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">#!/bin/bash</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">## 使用如下脚本下载国内镜像,并修改tag为google的tag</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">set -e</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">KUBE_VERSION=v1.15.0</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">KUBE_PAUSE_VERSION=3.1</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">ETCD_VERSION=3.3.15-0</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">CORE_DNS_VERSION=1.5.0</span></strong></p>
<pre></pre>
<p><strong><span style="color: rgba(51, 153, 102, 1)">GCR_URL=k8s.gcr.io</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">ALIYUN_URL=registry.cn-hangzhou.aliyuncs.com/google_containers</span></strong></p>
<pre></pre>
<p><strong><span style="color: rgba(51, 153, 102, 1)">images=(kube-proxy:${KUBE_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">kube-scheduler:${KUBE_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">kube-controller-manager:${KUBE_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">kube-apiserver:${KUBE_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">pause:${KUBE_PAUSE_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">etcd:${ETCD_VERSION}</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">coredns:${CORE_DNS_VERSION})</span></strong></p>
<pre></pre>
<p><strong><span style="color: rgba(51, 153, 102, 1)">for imageName in ${images[@]} ; do</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">docker pull $ALIYUN_URL/$imageName</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">docker tag$ALIYUN_URL/$imageName $GCR_URL/$imageName</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">docker rmi $ALIYUN_URL/$imageName</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">done</span></strong><br><strong><span style="color: rgba(51, 153, 102, 1)">EOF</span></strong></p>
</div>
<p>接下来使用kubeadm初始化集群,选择node1作为Master Node,在node1上执行下面的命令:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)">kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=all</span></strong></pre>
</div>
<p>上面记录了完成的初始化输出的内容,根据输出的内容基本上可以看出手动初始化安装一个Kubernetes集群所需要的关键步骤。 其中有以下关键内容:</p>
<ul>
<li> 生成kubelet的配置文件”/var/lib/kubelet/config.yaml”</li>
<li>生成相关的各种证书</li>
<li>生成相关的kubeconfig文件</li>
<li>使用/etc/kubernetes/manifests目录中的yaml文件创建apiserver、controller-manager、scheduler的静态pod</li>
<li>生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到</li>
<li>下面的命令是配置常规用户如何使用kubectl访问集群:</li>
</ul>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config</strong></span></pre>
</div>
<p>查看一下集群状态,确认个组件都处于healthy状态:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)"># kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"} </span> </strong></pre>
</div>
<p>如果集群初始化遇到问题,可以使用下面的命令进行清理:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubeadm reset
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/</strong></span></pre>
</div>
<h3>2.3 安装Pod Network</h3>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml</strong></span></pre>
</div>
<p>如果Node有多个网卡的话,参考flannel issues 39701,目前需要在kube-flannel.yml中使用–iface参数指定集群主机内网网卡的名称,否则可能会出现dns无法解析。需要将kube-flannel.yml下载到本地,flanneld启动参数加上–iface=<iface-name></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth1
......</strong></span></pre>
</div>
<p>确保所有的Pod都处于Running状态</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong># kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5c98db65d4-bh5l6 1/1 Running 0 4m58s
coredns-5c98db65d4-klvsh 1/1 Running 0 4m58s
etcd-master 1/1 Running 0 4m
kube-apiserver-master 1/1 Running 0 4m4s
kube-controller-manager-master 1/1 Running 2 4m8s
kube-flannel-ds-amd64-cp7tq 1/1 Running 0 3m19s
kube-proxy-jq4cd 1/1 Running 0 4m59s
kube-scheduler-master 1/1 Running 2 4m17s</strong></span></pre>
</div>
<h3>2.4 测试集群DNS是否可用</h3>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl run curl --image=radial/busyboxplus:curl -it</strong></span></pre>
</div>
<p>进入后执行nslookup kubernetes.default确认解析正常:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>nslookup kubernetes.default
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local</strong></span></pre>
</div>
<p>退出容器,保持运行:ctrl Q +P</p>
<p>进入容器:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl attach curl-6bf6db5c4f-5r4wr -c curl -i -t</strong></span></pre>
</div>
<p>测试OK后,删除掉curl这个Pod</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl delete deploy curl</strong></span></pre>
</div>
<h3>2.5 Kubernetes集群中添加Node节点</h3>
<p>默认token的有效期为24小时,当过期之后,该token就不可用了,以后加入节点需要新token</p>
<p> master重新生成新的token</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong># kubeadm token create
tkxyys.8ilumwddiexjd8g2
# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
tkxyys.8ilumwddiexjd8g2 23h 2019-07-10T21:19:17+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token</strong></span></pre>
</div>
<p>获取ca证书<code>sha256</code>编码hash值</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong># openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt|openssl rsa -pubin -outform der 2>/dev/null|openssl dgst -sha256 -hex|awk '{print $NF}'</strong></span><span style="color: rgba(0, 0, 0, 1)"><span style="color: rgba(0, 128, 0, 1)"><strong>
2e4ec2c6267389ccc2aa293a61ab474b0304778d56dfb07f5105a709d3b798e6</strong></span><br></span></pre>
</div>
<p>添加node节点</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubeadm join 10.0.0.10:6443 --token 4qcl2f.gtl3h8e5kjltuo0r \
--discovery-token-ca-cert-hash sha256:7ed5404175cc0bf18dbfe53f19d4a35b1e3d40c19b10924275868ebf2a3bbe6e \
--ignore-preflight-errors=all</strong></span></pre>
</div>
<p>node01加入集群很是顺利,下面在master节点上执行命令查看集群中的节点:</p>
<div class="cnblogs_code">
<pre><strong><span style="color: rgba(0, 128, 0, 1)"># kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 18m v1.15.0
node01 <none> master 11m v1.15.0</span></strong></pre>
</div>
<p>节点没有ready 一般是由于flannel 插件没有装好,可以通过查看kube-system 的pod 验证</p>
<h4 id="2-5-1-如何从集群中移除node">2.5.1 如何从集群中移除Node</h4>
<p>如果需要从集群中移除node01这个Node执行下面的命令:</p>
<p>在master节点上执行:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl drain node01 --delete-local-data --force --ignore-daemonsets</strong></span></pre>
</div>
<p>在node01上执行:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubeadm reset
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/</strong></span></pre>
</div>
<p>在master上执行:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>kubectl delete node node01</strong></span></pre>
</div>
<p id="320-不在master节点上操作集群而是在其他工作节点上操作集群可选">不在master节点上操作集群,而是在其他工作节点上操作集群:</p>
<p>需要将master节点上面的kubernetes配置文件拷贝到当前节点上,然后执行kubectl命令:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)"><strong>#将主配置拉取到本地</strong></span><br><span style="color: rgba(0, 128, 0, 1)"><strong>scp root@node01:/etc/kubernetes/admin.conf /etc/kubernetes/
#常规用户如何使用kubectl访问集群配置<br>mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config</strong></span></pre>
</div>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<pre class="prettyprint"><span class="pln"> </span></pre><br><br>
来源:https://www.cnblogs.com/wzxmt/p/11160256.html
頁:
[1]