使用kubeadm config print init-defaults可以打印集群初始化默认的使用的配置
[root@v10 ~]# cat kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kubernetesVersion: v1.15.4
controlPlaneEndpoint: k8s-cluster.smile13.com:6443
apiServer:
certSANs:
- k8s-cluster.smile13.com
networking:
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
博主使用是简化以后的
[root@v43 ~]# kubeadm config print init-defaults
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: v10
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
下载需要的镜像
kubeadm config images pull --config kubeadm-config.yaml
使用命令去初始化
kubeadm init --config=kubeadm-config.yaml --upload-certs
全局配置
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
HA模式复制到另外两个主节点使用(PS:token在24小时后失效,需要去重新生成)
kubeadm join k8s-cluster.smile13.com:6443 --token 4b5gm8.o8zfp5upcyjc0yw0 \
--discovery-token-ca-cert-hash sha256:db37304ccfb1ec269efbce353c58447a245e7caeae0d4d82f4636c965484ca42 \
--control-plane --certificate-key 9055a3968edf49d9109b5488f74e86381108136fde86f3df0ceff186d474cc4d
添加node使用
kubeadm join k8s-cluster.smile13.com:6443 --token 4b5gm8.o8zfp5upcyjc0yw0 \
--discovery-token-ca-cert-hash sha256:db37304ccfb1ec269efbce353c58447a245e7caeae0d4d82f4636c965484ca42
当产生NotReady状态,我们需要安装网络插件,我选择calico:
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
calico.yaml
wget kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
修改 192.168.0.0/16
从节点
下载镜像
kubeadm config images pull --config kubeadm-config.yaml
通过此命令添加为master节点
kubeadm join k8s-cluster.smile13.com:6443 --token 4b5gm8.o8zfp5upcyjc0yw0 \
--discovery-token-ca-cert-hash sha256:db37304ccfb1ec269efbce353c58447a245e7caeae0d4d82f4636c965484ca42 \
--control-plane --certificate-key 9055a3968edf49d9109b5488f74e86381108136fde86f3df0ceff186d474cc4d
总结
多使用命令查看pod状态
kubectl get pod --namespace=kube-system
查看报错
kubectl describe pod “pod的名” --namespace=kube-system
当token失效,重新创建
kubeadm token create
kubeadm token list
查看证书的加密
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’