【k8s学习笔记】使用 kubeadm 部署 v1.18.5 版本 Kubernetes集群
<h2 id="说明">说明</h2><p>本文系搭建kubernetes v1.18.5 集群笔记,使用三台虚拟机作为 CentOS 测试机,安装kubeadm、kubelet、kubectl均使用yum安装,网络组件选用的是 flannel</p>
<p>行文中难免出现错误,如果读者有高见,请评论与我交流</p>
<p>如需转载请注明原始出处 https://www.cnblogs.com/hellxz/p/use-kubeadm-init-kubernetes-cluster.html</p>
<h2 id="环境准备">环境准备</h2>
<p>部署集群没有特殊说明均使用root用户执行命令</p>
<h3 id="硬件信息">硬件信息</h3>
<table>
<thead>
<tr>
<th>ip</th>
<th>hostname</th>
<th>mem</th>
<th>disk</th>
<th>explain</th>
</tr>
</thead>
<tbody>
<tr>
<td>192.168.87.145</td>
<td>kube-master</td>
<td>4 GB</td>
<td>20GB</td>
<td>k8s 控制平台节点</td>
</tr>
<tr>
<td>192.168.87.146</td>
<td>kube-node1</td>
<td>4 GB</td>
<td>20GB</td>
<td>k8s 执行节点1</td>
</tr>
<tr>
<td>192.168.87.147</td>
<td>kube-node2</td>
<td>4 GB</td>
<td>20GB</td>
<td>k8s 执行节点2</td>
</tr>
</tbody>
</table>
<h3 id="软件信息">软件信息</h3>
<table>
<thead>
<tr>
<th>software</th>
<th>version</th>
</tr>
</thead>
<tbody>
<tr>
<td>CentOS</td>
<td>CentOS Linux release 7.7.1908 (Core)</td>
</tr>
<tr>
<td>Kubernetes</td>
<td>v1.18.5</td>
</tr>
<tr>
<td>Docker</td>
<td>19.03.12</td>
</tr>
</tbody>
</table>
<h3 id="保证环境正确性">保证环境正确性</h3>
<table>
<thead>
<tr>
<th>purpose</th>
<th>commands</th>
</tr>
</thead>
<tbody>
<tr>
<td>保证集群各节点互通</td>
<td><code>ping -c 3 <ip></code></td>
</tr>
<tr>
<td>保证MAC地址唯一</td>
<td><code>ip link</code> 或 <code>ifconfig -a</code></td>
</tr>
<tr>
<td>保证集群内主机名唯一</td>
<td>查询 <code>hostnamectl status</code>,修改 <code>hostnamectl set-hostname <hostname></code></td>
</tr>
<tr>
<td>保证系统产品uuid唯一</td>
<td><code>dmidecode -s system-uuid</code> 或 <code>sudo cat /sys/class/dmi/id/product_uuid</code></td>
</tr>
</tbody>
</table>
<blockquote>
<p>修改MAC地址参考命令:</p>
<pre><code class="language-bash">ifconfig eth0 down
ifconfig eth0 hw ether 00:0C:18:EF:FF:ED
ifconfig eth0 up
</code></pre>
<p>如product_uuid不唯一,请考虑重装CentOS系统</p>
</blockquote>
<h3 id="确保端口开放正常">确保端口开放正常</h3>
<p>kube-master节点端口检查:</p>
<table>
<thead>
<tr>
<th>Protocol</th>
<th>Direction</th>
<th>Port Range</th>
<th>Purpose</th>
</tr>
</thead>
<tbody>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>6443*</td>
<td>kube-api-server</td>
</tr>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>2379-2380</td>
<td>etcd API</td>
</tr>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>10250</td>
<td>Kubelet API</td>
</tr>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>10251</td>
<td>kube-scheduler</td>
</tr>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>10252</td>
<td>kube-controller-manager</td>
</tr>
</tbody>
</table>
<p>kube-node*节点端口检查:</p>
<table>
<thead>
<tr>
<th>Protocol</th>
<th>Direction</th>
<th>Port Range</th>
<th>Purpose</th>
</tr>
</thead>
<tbody>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>10250</td>
<td>Kubelet API</td>
</tr>
<tr>
<td>TCP</td>
<td>Inbound</td>
<td>30000-32767</td>
<td>NodePort Services</td>
</tr>
</tbody>
</table>
<blockquote>
<p>如果你对主机的防火墙配置不是很自信,可以关掉防火墙:</p>
<pre><code class="language-bash">systemctl disable --now firewalld
</code></pre>
<p>或者 清除iptables规则 (慎用)</p>
<pre><code class="language-bash">iptables -F
</code></pre>
</blockquote>
<h3 id="配置主机互信">配置主机互信</h3>
<p>分别在<strong>各节点</strong>配置hosts映射:</p>
<pre><code class="language-bash">cat >> /etc/hosts <<EOF
192.168.87.145 kube-master
192.168.87.146 kube-node1
192.168.87.147 kube-node2
EOF
</code></pre>
<p><strong>kube-master</strong>生成ssh密钥,分发公钥到各节点:</p>
<pre><code class="language-bash">#生成ssh密钥,直接一路回车
ssh-keygen -t rsa
#复制刚刚生成的密钥到各节点可信列表中,需分别输入各主机密码
ssh-copy-id root@kube-master
ssh-copy-id root@kube-node1
ssh-copy-id root@kube-node2
</code></pre>
<h3 id="禁用swap">禁用swap</h3>
<p>swap仅当内存不够时会使用硬盘块充当额外内存,硬盘的io较内存差距极大,禁用swap以提高性能</p>
<p>各节点均需执行:</p>
<pre><code class="language-bash">swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
</code></pre>
<h3 id="关闭-selinux">关闭 SELinux</h3>
<p>关闭 SELinux,否则 kubelet 挂载目录时可能报错 <code>Permission denied</code>,可以设置为<code>permissive</code>或<code>disabled</code>,<code>permissive</code> 会提示warn信息</p>
<p>各节点均需执行:</p>
<pre><code class="language-bash">setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
</code></pre>
<h3 id="设置系统时区同步时间">设置系统时区、同步时间</h3>
<pre><code class="language-bash">timedatectl set-timezone Asia/Shanghai
systemctl enable --now chronyd
</code></pre>
<p>查看同步状态:</p>
<pre><code class="language-bash">timedatectl status
</code></pre>
<p>输出:</p>
<pre><code class="language-text">System clock synchronized: yes
NTP service: active
RTC in local TZ: no
</code></pre>
<ul>
<li><code>System clock synchronized: yes</code>,表示时钟已同步;</li>
<li><code>NTP service: active</code>,表示开启了时钟同步服务;</li>
</ul>
<pre><code class="language-bash"># 将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0
# 重启依赖于系统时间的服务
systemctl restart rsyslog && systemctl restart crond
</code></pre>
<h2 id="部署docker">部署docker</h2>
<p>所有节点均需安装部署docker</p>
<h3 id="添加docker-yum源">添加docker yum源</h3>
<pre><code class="language-bash">#安装必要依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加aliyun docker-ce yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#重建yum缓存
yum makecache fast
</code></pre>
<h3 id="安装docker">安装docker</h3>
<pre><code class="language-bash">#查看可用docker版本
yum list docker-ce.x86_64 --showduplicates | sort -r
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703165421246-1856100496.png" alt="" loading="lazy"></p>
<pre><code class="language-bash">#安装指定版本docker
yum install -y docker-ce-19.03.12-3.el7
</code></pre>
<blockquote>
<p>这里以安装19.03.12版本举例,注意版本号不包含<code>:</code>与之前的数字</p>
</blockquote>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703165912677-1453268192.png" alt="" loading="lazy"></p>
<h3 id="确保网络模块开机自动加载">确保网络模块开机自动加载</h3>
<pre><code class="language-bash">lsmod | grep overlay
lsmod | grep br_netfilter
</code></pre>
<p>若上面命令无返回值输出或提示文件不存在,需执行以下命令:</p>
<pre><code class="language-bash">cat > /etc/modules-load.d/docker.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
</code></pre>
<h3 id="使桥接流量对iptables可见">使桥接流量对iptables可见</h3>
<p>各节点均需执行:</p>
<pre><code class="language-bash">cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
</code></pre>
<p>验证是否生效,均返回 <code>1</code> 即正确</p>
<pre><code class="language-bash">sysctl -n net.bridge.bridge-nf-call-iptables
sysctl -n net.bridge.bridge-nf-call-ip6tables
</code></pre>
<h3 id="配置docker">配置docker</h3>
<pre><code class="language-bash">mkdir /etc/docker
#修改cgroup驱动为systemd、限制容器日志量、修改存储类型,最后的docker家目录可修改
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://7uuu3esz.mirror.aliyuncs.com"],
"data-root": "/data/docker"
}
EOF
#添加开机自启,立即启动
systemctl enable --now docker
</code></pre>
<h3 id="验证docker是否正常">验证docker是否正常</h3>
<pre><code class="language-bash">#查看docker信息,判断是否与配置一致
docker info
#hello-docker测试
docker run --rm hello-world
#删除测试image
docker rmi hello-world
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703172430369-1826136717.png" alt="" loading="lazy"></p>
<h3 id="添加用户到docker组">添加用户到docker组</h3>
<p>非root用户,无需sudo即可使用docker命令</p>
<pre><code class="language-bash">#添加用户到docker组
usermod -aG docker <USERNAME>
#当前会话立即更新docker组
newgrp docker
</code></pre>
<h2 id="部署kubernetes集群">部署kubernetes集群</h2>
<p>未特殊说明,各节点均需执行如下步骤</p>
<h3 id="添加kubernetes源">添加kubernetes源</h3>
<pre><code class="language-bash">cat > /etc/yum.repos.d/kubernetes.repo <<EOF
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
EOF
#重建yum缓存,输入y添加证书认证
yum makecache fast
</code></pre>
<h3 id="安装kubeadmkubeletkubectl">安装kubeadm、kubelet、kubectl</h3>
<p>各节点均需安装kubeadm、kubelet,kubectl仅kube-master节点需安装(作为worker节点,kubectl无法使用,可以不装)</p>
<pre><code class="language-bash">yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet
</code></pre>
<h3 id="配置自动补全命令">配置自动补全命令</h3>
<pre><code class="language-bash">#安装bash自动补全插件
yum install bash-completion -y
#设置kubectl与kubeadm命令补全,下次login生效
kubectl completion bash >/etc/bash_completion.d/kubectl
kubeadm completion bash > /etc/bash_completion.d/kubeadm
</code></pre>
<h3 id="预拉取kubernetes镜像">预拉取kubernetes镜像</h3>
<p>由于国内网络因素,kubernetes镜像需要从mirrors站点或通过dockerhub用户推送的镜像拉取</p>
<pre><code class="language-bash">#查看指定k8s版本需要哪些镜像
kubeadm config images list --kubernetes-version v1.18.5
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703181519490-1098488138.png" alt="" loading="lazy"></p>
<blockquote>
<p>另因阿里云的镜像暂时还没更新到v1.18.5版本,所以通过dockerhub上拉取,目前阿里云最新同步版本是v1.18.3,想通过v1.18.3版本拉取镜像请参考 <https://www.cnblogs.com/hellxz/p/13204093.html</p>
</blockquote>
<p>在 <code>/root/k8s</code> 目录下,新建脚本<code>get-k8s-images.sh</code>,内容如下:</p>
<pre><code class="language-bash">#!/bin/bash
# Script For Quick Pull K8S Docker Images
# by Hellxz Zhang <hellxz001@foxmail.com>
KUBE_VERSION=v1.18.5
PAUSE_VERSION=3.2
CORE_DNS_VERSION=1.6.7
ETCD_VERSION=3.4.3-0
# pull kubernetes images from hub.docker.com
docker pull kubeimage/kube-proxy-amd64:$KUBE_VERSION
docker pull kubeimage/kube-controller-manager-amd64:$KUBE_VERSION
docker pull kubeimage/kube-apiserver-amd64:$KUBE_VERSION
docker pull kubeimage/kube-scheduler-amd64:$KUBE_VERSION
# pull aliyuncs mirror docker images
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION
# retag to k8s.gcr.io prefix
docker tag kubeimage/kube-proxy-amd64:$KUBE_VERSIONk8s.gcr.io/kube-proxy:$KUBE_VERSION
docker tag kubeimage/kube-controller-manager-amd64:$KUBE_VERSION k8s.gcr.io/kube-controller-manager:$KUBE_VERSION
docker tag kubeimage/kube-apiserver-amd64:$KUBE_VERSION k8s.gcr.io/kube-apiserver:$KUBE_VERSION
docker tag kubeimage/kube-scheduler-amd64:$KUBE_VERSION k8s.gcr.io/kube-scheduler:$KUBE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION k8s.gcr.io/coredns:$CORE_DNS_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
# untag origin tag, the images won't be delete.
docker rmi kubeimage/kube-proxy-amd64:$KUBE_VERSION
docker rmi kubeimage/kube-controller-manager-amd64:$KUBE_VERSION
docker rmi kubeimage/kube-apiserver-amd64:$KUBE_VERSION
docker rmi kubeimage/kube-scheduler-amd64:$KUBE_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION
</code></pre>
<p>脚本添加可执行权限,执行脚本拉取镜像:</p>
<pre><code class="language-bash">chmod +x get-k8s-images.sh
./get-k8s-images.sh
</code></pre>
<p>拉取完成,执行 <code>docker images</code> 查看镜像</p>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703183516645-448394415.png" alt="" loading="lazy"></p>
<h3 id="初始化kube-master">初始化kube-master</h3>
<p>仅 kube-master 节点需要执行此步骤</p>
<p><strong>修改kubelet配置默认cgroup driver</strong></p>
<pre><code class="language-bash">cat > /var/lib/kubelet/config.yaml <<EOF
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF
systemctl restart kubelet
</code></pre>
<p><strong>生成kubeadm初始化配置文件</strong> [可选] 仅当需自定义初始化配置时用</p>
<pre><code class="language-bash">kubeadm config print init-defaults > init.default.yaml
</code></pre>
<p><strong>测试环境是否正常</strong>(WARNING是正常的)</p>
<pre><code class="language-bash">kubeadm init phase preflight [--config kubeadm-init.yaml]
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703184500141-1054895820.png" alt="" loading="lazy"></p>
<blockquote>
<p>上图提示Warning是正常的,校验不了k8s信息是因为连不上被ban的网站,最后一个提示是因我本地未关闭防火墙,请我看清楚必要放行的端口号是否畅通</p>
</blockquote>
<p><strong>初始化master</strong> 10.244.0.0/16是flannel固定使用的IP段,设置取决于网络组件要求</p>
<pre><code class="language-bash">kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.18.5 [--config kubeadm-init.yaml]
</code></pre>
<p>输出如下:</p>
<pre><code class="language-bash"># kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.18.5
W0703 18:49:19.076654 16469 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups
Using Kubernetes version: v1.18.5
Running pre-flight checks
: firewalld is active, please ensure ports are open or your cluster may not function correctly
Pulling images required for setting up a Kubernetes cluster
This might take a minute or two, depending on the speed of your internet connection
You can also perform this action in beforehand using 'kubeadm config images pull'
Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
Starting the kubelet
Using certificateDir folder "/etc/kubernetes/pki"
Generating "ca" certificate and key
Generating "apiserver" certificate and key
apiserver serving cert is signed for DNS names and IPs
Generating "apiserver-kubelet-client" certificate and key
Generating "front-proxy-ca" certificate and key
Generating "front-proxy-client" certificate and key
Generating "etcd/ca" certificate and key
Generating "etcd/server" certificate and key
etcd/server serving cert is signed for DNS names and IPs
Generating "etcd/peer" certificate and key
etcd/peer serving cert is signed for DNS names and IPs
Generating "etcd/healthcheck-client" certificate and key
Generating "apiserver-etcd-client" certificate and key
Generating "sa" key and public key
Using kubeconfig folder "/etc/kubernetes"
Writing "admin.conf" kubeconfig file
Writing "kubelet.conf" kubeconfig file
Writing "controller-manager.conf" kubeconfig file
Writing "scheduler.conf" kubeconfig file
Using manifest folder "/etc/kubernetes/manifests"
Creating static Pod manifest for "kube-apiserver"
Creating static Pod manifest for "kube-controller-manager"
W0703 18:49:23.039913 16469 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
Creating static Pod manifest for "kube-scheduler"
W0703 18:49:23.040907 16469 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
All control plane components are healthy after 21.505101 seconds
Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster
Skipping phase. Please see --upload-certs
Marking the node kube-master as control-plane by adding the label "node-role.kubernetes.io/master=''"
Marking the node kube-master as control-plane by adding the taints
Using token: 2b7cfv.6bhz4z3a3vzyg498
Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
configured RBAC rules to allow Node Bootstrap tokens to get nodes
configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
Creating the "cluster-info" ConfigMap in the "kube-public" namespace
Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
Applied essential addon: CoreDNS
Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f .yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.87.145:6443 --token 2b7cfv.6bhz4z3a3vzyg498 \
--discovery-token-ca-cert-hash sha256:79bd63d82634f9953cc9d6b5a923fa87c973f0c3fd9ed7270167052dd834c026
</code></pre>
<p><strong>为日常使用集群的用户添加kubectl使用权限</strong></p>
<pre><code class="language-bash">su hellxz
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/admin.conf
sudo chown $(id -u):$(id -g) $HOME/.kube/admin.conf
echo "export KUBECONFIG=$HOME/.kube/admin.conf" >> ~/.bashrc
exit
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200706154421749-109893170.png" alt="" loading="lazy"></p>
<p><strong>配置master认证</strong></p>
<pre><code class="language-bash">echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> /etc/profile
. /etc/profile
</code></pre>
<blockquote>
<p>如果不配置这个,会提示如下输出:</p>
<pre><code class="language-bash">The connection to the server localhost:8080 was refused - did you specify the right host or port?
</code></pre>
<p>此时master节点已经初始化成功,但是还未完装网络组件,还无法与其他节点通讯</p>
</blockquote>
<p><strong>安装网络组件,以flannel为例</strong></p>
<pre><code class="language-bash">cd ~/k8s
yum install -y wget
#下载flannel最新配置文件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703203611610-489015457.png" alt="" loading="lazy"></p>
<p><strong>查看kube-master节点状态</strong></p>
<pre><code class="language-bash">kubectl get nodes
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703203656234-1367531429.png" alt="" loading="lazy"></p>
<blockquote>
<p>如果STATUS提示<code>NotReady</code>,可以通过 <code>kubectl describe node kube-master</code> 查看具体的描述信息,性能差的服务器到达Ready状态时间会长些</p>
</blockquote>
<p><strong>备份镜像供其他节点使用</strong></p>
<p>在kube-master节点将镜像备份出来,便于后续传输给其他node节点,当然有镜像仓库更好</p>
<pre><code class="language-bash">docker save k8s.gcr.io/kube-proxy:v1.18.5 \
k8s.gcr.io/kube-apiserver:v1.18.5 \
k8s.gcr.io/kube-controller-manager:v1.18.5 \
k8s.gcr.io/kube-scheduler:v1.18.5 \
k8s.gcr.io/pause:3.2 \
k8s.gcr.io/coredns:1.6.7 \
k8s.gcr.io/etcd:3.4.3-0 > k8s-imagesV1.18.5.tar
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703191337838-770260216.png" alt="" loading="lazy"></p>
<h3 id="初始化kube-node节点并加入集群">初始化kube-node*节点并加入集群</h3>
<p><strong>拷贝镜像到node节点</strong>,以kube-node1举例,node2不再累述</p>
<pre><code class="language-bash">#此时命令在kube-node*节点上执行
mkdir ~/k8s
scp root@kube-master:/root/k8s/k8s-imagesV1.18.5.tar ~/k8s
cd ~/k8s
docker load < k8s-imagesV1.18.5.tar
</code></pre>
<p><strong>获取加入kubernetes命令</strong>,未忘可不选</p>
<p>刚才在初始化kube-master节点时,有在最后输出其加入集群的命令,假如我没记下来,那怎么办呢?</p>
<p>访问kube-master输入创建新token命令,同时输出加入集群的命令:</p>
<pre><code class="language-bash">kubeadm token create --print-join-command
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703204353429-1001595838.png" alt="" loading="lazy"></p>
<p><strong>在kube-node*节点上执行加入集群命令</strong></p>
<pre><code class="language-bash">kubeadm join 192.168.87.145:6443 --token jdyzyq.icwlpkm36kgs6nqh --discovery-token-ca-cert-hash sha256:24f9b05fa10307ef6fff4132e0ec3c8b54917d4ff440b36108908aca588d8be7
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703205930708-817131399.png" alt="" loading="lazy"></p>
<h3 id="查看集群节点状态">查看集群节点状态</h3>
<pre><code class="language-bash">kubectl get nodes
</code></pre>
<p><img src="https://img2020.cnblogs.com/blog/1149398/202007/1149398-20200703210122591-836716446.png" alt="" loading="lazy"></p>
<p><strong>参考</strong></p>
<blockquote>
<ul>
<li>《Kubernetes权威指南》第4版</li>
<li>官方文档 https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/</li>
</ul>
</blockquote>
<p>至此,本文结束,感谢阅读,如果对你有帮助,欢迎点推荐,如果有问题,请在下方留言。</p><br><br>
来源:https://www.cnblogs.com/hellxz/p/use-kubeadm-init-kubernetes-cluster.html
頁:
[1]