kubernets(四)创建高可用集群
Kubernetes(一)认识 kubernetes
Kubernets(二)部署非高可用Kubernetes集群的环境准备
Kubernets(三)部署非高可用Kubernetes集群-通过阿里云源安装 kubeadm、kubelet 和 kubectl
Kubernets(四)创建靠可用集群
Kubernetes(五)揭开 kubeadm 的神秘面纱
Kubernetes(六)第一个kubernetes 对象
文章目录
- 前言
- 一、获取集群组件的镜像
-
- 1 获取当前版本使用的镜像列表
- 二、初始化控制节点
- 三、加入工作节点
- 四 安装网络插件
- 添加新master 节点
- 添加新的node节点
前言
一、获取集群组件的镜像
1 获取当前版本使用的镜像列表
高可用部署方案
kube-apiserver 是负载均衡器的主机名,全部节点进行DNS 解析
kubeadm init --kubernetes-version=v1.22.4 --pod-network-cidr=10.166.0.0/16 --ignore-preflight-errors=Swap --control-plane-endpoint "kube-apiserver:6443" --upload-certs
get-masger-images.sh
k8s_version=v1.23.1
pause_v=3.6
etcd_v=3.5.1-0
dns_v=v1.8.6
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:${k8s_version}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:${k8s_version} k8s.gcr.io/kube-apiserver:${k8s_version}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:${k8s_version}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:${k8s_version}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:${k8s_version} k8s.gcr.io/kube-controller-manager:${k8s_version}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:${k8s_version}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:${k8s_version}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:${k8s_version} k8s.gcr.io/kube-scheduler:${k8s_version}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:${k8s_version}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version} k8s.gcr.io/kube-proxy:${k8s_version}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v} k8s.gcr.io/pause:${pause_v}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:${etcd_v}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:${etcd_v} k8s.gcr.io/etcd:${etcd_v}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:${etcd_v}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:${dns_v}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:${dns_v} k8s.gcr.io/coredns/coredns:${dns_v}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:${dns_v}
get-node-images.sh
k8s_version=v1.23.1
pause_v=3.6
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version} k8s.gcr.io/kube-proxy:${k8s_version}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:${k8s_version}
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v} k8s.gcr.io/pause:${pause_v}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:${pause_v}
[root@k8s-node02 ~]#
node 节点需要的镜像:
k8s.gcr.io/pause:3.4.1
kube-proxy:v1.21.0
二、初始化控制节点
init.defaults.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
# master01 节点IP
advertiseAddress: 192.168.122.194
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: k8s-master01
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: "kube-apiserver:6443"
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
#imageRepository: 1nj0zren.mirror.aliyuncs.com
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.22.4
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: "10.244.0.0/16" # pod 的网络,需要与使用的网络插件设置一致,这个是 flannel
scheduler: {}
---
apiVersion : kubeproxy.config.k8s.io/v1alpha1
kind : KubeProxyConfiguration
mode : ipvs
kubeadm init --config init.default.yaml --upload-certs
三、加入工作节点
kubeadm join 192.168.122.140:6443 --token v52m5v.saawubep1r53f8ec \
--discovery-token-ca-cert-hash sha256:98d81604b85225a13d858021824f1f7ea9c8adcfe56a7a2196bd3fc20766ec8b
四 安装网络插件
在 主节点上执行
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
添加新master 节点
打印出加入节点的命令
[root@k8s-master01 ~]# kubeadm token create --print-join-command
kubeadm join kube-apiserver:6443 --token vygbup.tl9o0jium46f8biz --discovery-token-ca-cert-hash sha256:007b1b15b6607debcf4725125c0b7fa9f14a90471b9f97949d591b95e2a4a6ec
获取 加入 master 所需要的证书
[root@k8s-master01 ~]# kubeadm init phase upload-certs --upload-certs
I1212 16:56:45.027955 11710 version.go:255] remote version is much newer: v1.23.0; falling back to: stable-1.22
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
883bf8afa06ddc3025b0d1ca3ce64ed7c558e44dcae72baea13918383c4b16d1
[root@k8s-master01 ~]# exit
在新的master节点执行命令,注意需要使用更新后的证书,就是将上面两条命令执行的结果拼接
[root@k8s-master02 ~]# kubeadm join kube-apiserver:6443 --token vygbup.tl9o0jium46f8biz \
--discovery-token-ca-cert-hash sha256:007b1b15b6607debcf4725125c0b7fa9f14a90471b9f97949d591b95e2a4a6ec \
--control-plane --certificate-key 883bf8afa06ddc3025b0d1ca3ce64ed7c558e44dcae72baea13918383c4b16d1
添加新的node节点
获取master的join token
[root@k8s-master01 ~]# kubeadm token create --print-join-command
在新的 node 节点上执行输出的命令即可
token 有效时间 2 小时