1. 集群初始化
集群初始化在Master01节点执行。
cat > kubeadm-config.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: 7t2weq.bjbawausm0jaxury
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 11.0.1.21
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
name: k8s-master01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
---
apiServer:
certSANs:
- 11.0.1.100
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 11.0.1.100:16443
controllerManager: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.28.2 # 更改此处的版本号和kubeadm version一致
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/16
scheduler: {}
EOF注意:`11.0.1.100`为自己的虚拟ip(vip)。v1.28.2是我们安装的最新的1.28版本。`10.244.0.0/16`为pod网段。`10.96.0.0/16`为Service网段。
更新kubeadm文件:
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml将new.yaml文件复制到其他master节点,
for i in k8s-master02 k8s-master03; do scp new.yaml $i:/root/; done所有Master节点提前下载镜像,可以节省初始化时间(其他节点不需要更改任何配置,包括IP地址也不需要更改):
kubeadm config images pull --config /root/new.yamlMaster01节点初始化,初始化以后会在/etc/kubernetes目录下生成对应的证书和配置文件,之后其他Master节点加入Master01即可:
kubeadm init --config /root/new.yaml --upload-certs初始化成功以后,会产生Token值,用于其他节点加入时使用,因此要记录下初始化成功生成的token值(令牌值):
Master01节点配置环境变量,用于访问Kubernetes集群:
cat <<EOF >> /root/.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
source /root/.bashrcMaster01节点查看节点状态:(显示NotReady不影响)
kubectl get node采用初始化安装方式,所有的系统组件均以容器的方式运行并且在kube-system命名空间内,此时可以查看Pod状态:
2. 高可用Master
其他master加入集群,master02和master03分别执行。
kubeadm join 11.0.1.100:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:9527fb15162c1c6010a8d79a2809d4735ba5f06f6dee4e9cf2bed122b827b86b \
--control-plane --certificate-key a6ec7b1b126855d1b402623c0518c0ec5afe5191a9d646a84f9facbcefdc22d2注意:每个人的token是不一样,要按照自己生成的命令执行。
查看当前状态:(如果显示NotReady不影响):
# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady control-plane 4m23s v1.28.0
k8s-master02 NotReady control-plane 66s v1.28.0
k8s-master03 NotReady control-plane 14s v1.28.03. 加入Node节点
kubeadm join 11.0.1.100:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:9527fb15162c1c6010a8d79a2809d4735ba5f06f6dee4e9cf2bed122b827b86b所有节点初始化完成后,查看集群状态(NotReady不影响)
# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady control-plane 4m23s v1.28.0
k8s-master02 NotReady control-plane 66s v1.28.0
k8s-master03 NotReady control-plane 14s v1.28.0
k8s-worker01 NotReady <none> 13s v1.28.0
k8s-worker02 NotReady <none> 10s v1.28.04. Token过期处理
Token过期后生成新的token:
kubeadm token create --print-join-commandMaster需要生成--certificate-key:
kubeadm init phase upload-certs --upload-certs