K8s kubeadm添加新节点详细操作
- 查看现在已有的节点信息
[root@kub-k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kub-k8s-master Ready master 102m v1.17.4
kub-k8s-node1 Ready 96m v1.17.4
kub-k8s-node2 Ready 96m v1.17.4
- 关闭防火墙和selinux
systemctl stop firewalld && systemctl disable firewalld && sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
- 关闭交换分区
sed -i 's/.*swap.*/#&/' /etc/fstab
- 开启路由转发
sysctl -w net.ipv4.ip_forward=1
- 设置本地解析
所有节点都添加下
vim /etc/hosts
192.168.230.141 kub-k8s-master
192.168.230.138 kub-k8s-node1
192.168.230.139 kub-k8s-node2
192.168.230.140 kub-k8s-node3
- 修改主机名
hostnamectl set-hostname kub-k8s-node3 && echo 'kub-k8s-node3'>/etc/hostname
- 下载docker 并启动
添加节点的docker版本必须与主节点一致,否则总是NotReady
# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
# yum install -y yum-utils device-mapper-persistent-data lvm2 git
# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum install docker-ce -y
systemctl enable docker && systemctl start docker
- 拉取组件
这里需要拉取的组件要与master的版本一致,我们可以kubele --version查看下,其次,国内无法访问"k8s.gcr.io" 我们可以先拉取阿里云的,然后打上k8s.gcr.io标签即可。
已知master是v1.17.4版本的
拉取阿里云镜像
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.17.4
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.17.4
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.17.4
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.17.4
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
打上 k8s 的标签
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.17.4 k8s.gcr.io/kube-controller-manager:v1.17.4
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.17.4 k8s.gcr.io/kube-proxy:v1.17.4
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.17.4 k8s.gcr.io/kube-apiserver:v1.17.4
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.17.4 k8s.gcr.io/kube-scheduler:v1.17.4
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
- 安装kubeadm和kubelet
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 下载节点组件
yum install -y kubelet-1.17.4-0.x86_64 kubeadm-1.17.4-0.x86_64 kubectl-1.17.4-0.x86_64 ipvsadm
- 编辑文件添加开机启动
vim /etc/rc.local
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
chmod +x /etc/rc.local
添加完毕逐条启动下
- 配置转发相关参数,否则可能会出错
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
- 启动并查看
sysctl --system
lsmod | grep ip_vs
如果没有查到就重启下服务器
- 配置kubelet 使用pause 镜像
查看cgroup
docker info |grep 'Cgroup' | awk 'NR==1{print $3}'
cgroupfs
- 配置kubelet的cgroups
cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs --pod-infra-container-image=k8s.gcr.io/pause:3.1"
EOF
这里的 cgroupfs 就是上面查找到的
- 启动节点
systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet
- 生成master节点的token(这个token 会在24小时候失效,如果在添加需要重新生成)
kubeadm token create --print-join-command
kubeadm join 192.168.230.141:6443 --token fnpa0m.z5cliojcz5u6xmj9 \
--discovery-token-ca-cert-hash sha256:86f42f7deedcf786c1d1745b487d62b681b4c0b91bffbfde556430bf4bfc36a2
- 在新的节点运行新的token
kubeadm join 192.168.230.141:6443 --token fnpa0m.z5cliojcz5u6xmj9 \
--discovery-token-ca-cert-hash sha256:86f42f7deedcf786c1d1745b487d62b681b4c0b91bffbfde556430bf4bfc36a2
-
启动成功如图
-
在master 查看新加入的节点
