kubeadm 搭建K8S 1.18集群--配置kubeadm

原创

陈不成i

修改于 2021-07-01 18:08:49

5710

修改于 2021-07-01 18:08:49

文章被收录于专栏：ops技术分享

1.这里我们在k8s-01上配置打印init默认配置信息 kubeadm config print init-defaults >kubeadm-init.yaml

2.默认配置如下

root@k8s-01 ~]# cat  kubeadm-init.yaml 
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-01
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.18.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

3.修改初始化文件

请对应我的IP进行配置，这里主要是master的IP.可以复制我的，但是主机名等要和我相同

apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.31.100   #master ip,这里不可以填写VIP和域名
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-01                  #创建集群的节点
  taints:
  - effect: NoSchedule           #标签，默认资源不调度到master上
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
  extraArgs:
    authorization-mode: "Node,RBAC"
    enable-admission-plugins: "NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeClaimResize,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,Priority,PodPreset"
    runtime-config: api/all=true,settings.k8s.io/v1alpha1=true
    storage-backend: etcd3
    etcd-servers: https://192.168.31.100:2379,https://192.168.31.101:2379,https://192.168.31.102:2379     #etcd集群节点ip
  certSANs:             #master节点信息
  - 10.96.0.1
  - 127.0.0.1
  - localhost
  - k8s-master
  - k8s-master-01
  - k8s-master-02
  - k8s-master-03
  - 192.168.31.100
  - 192.168.31.101
  - 192.168.31.102
  - master
  - kubernetes
  - kubernetes.default
  - kubernetes.default.svc
  - kubernetes.default.svc.cluster.local
  extraVolumes:
  - hostPath: /etc/localtime
    mountPath: /etc/localtime
    name: localtime
    readOnly: true
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager:
  extraArgs:
    bind-address: "0.0.0.0"
    experimental-cluster-signing-duration: 867000h
  extraVolumes:
  - hostPath: /etc/localtime
    mountPath: /etc/localtime
    name: localtime
    readOnly: true
dns:
  type: CoreDNS
  imageRepository: coredns
  imageTag: 1.6.7       #coredns版本
etcd:
  local:
    dataDir: /var/lib/etcd     #etcd数据存储目录
    imageRepository: quay.io/coreos
    imageTag: v3.4.7      #etcd版本
    serverCertSANs:
    - master
    - 192.168.31.100
    - 192.168.31.101
    - 192.168.31.102
    - k8s-01
    - k8s-02
    - k8s-03
    peerCertSANs:
    - master
    - 192.168.31.100
    - 192.168.31.101
    - 192.168.31.102
    - k8s-01
    - k8s-02
    - k8s-03
    extraArgs:
      auto-compaction-retention: "1h"
      max-request-bytes: "33554432"
      quota-backend-bytes: "8589934592"
      enable-v2: "false"
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.18.2   #k8s版本
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12     #svc ip网段
  podSubnet: 10.244.0.0/16        #pod 网段
controlPlaneEndpoint: k8s-master:8443    #vip域名或者ip
scheduler:
  extraArgs:
    bind-address: "0.0.0.0"
  extraVolumes:
  - hostPath: /etc/localtime      #时间同步
    mountPath: /etc/localtime
    name: localtime
    readOnly: true
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration # https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
mode: ipvs # or iptables
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration # https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
cgroupDriver: systemd
failSwapOn: true # 如果开启swap则设置为false

4.检查文件是否错误，忽略warning，错误的话会抛出error，没错则会输出到包含字符串kubeadm join xxx

kubeadm init --config init.yaml --dry-run

4.检查镜像是否正确，版本号不正确就把yaml里的kubernetesVersion取消注释写上自己对应的版本号 kubeadm config images list --config init.yaml

5.预拉取镜像 kubeadm config images pull --config init.yaml

6.在k8s-01上初始化 kubeadm init --config init.yaml --upload-certs

请保留结束后的2行输出！

7.init大致流程如下 8.记住init后打印的token，复制kubectl的kubeconfig，kubectl的kubeconfig路径默认是~/.kube/config mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config

9.初始化的配置文件为保存在configmap里面 kubectl -n kube-system get cm kubeadm-config -o yaml

10.手动拷贝(某些低版本不支持上传证书的时候操作) 我们1.18这个版本可以不执行（可选）

在前面我们已经添加了–upload-certs参数，这个参数是将我们的证书文件提交到secret中，所以可以不用在拷贝证书。低版本可能需要有拷贝证书的步骤

for node in k8s-02 k8s-03;do
ssh $node 'mkdir -p /etc/kubernetes/pki/etcd'
scp -r /etc/kubernetes/pki/ca.* $node:/etc/kubernetes/pki/
scp -r /etc/kubernetes/pki/sa.* $node:/etc/kubernetes/pki/
scp -r /etc/kubernetes/pki/front-proxy-ca.* $node:/etc/kubernetes/pki/
scp -r /etc/kubernetes/pki/etcd/ca.* $node:/etc/kubernetes/pki/etcd/
done

1.在其他master节点上执行join

#token如果忘记可以通过kubeadm token list查看 kubeadm join k8s-master:8443 --token 58msro.ou3s6067slh6orw7 \    --discovery-token-ca-cert-hash sha256:b2ffc7bd4b8c5d4cd6f5f016f7a19d49dba3090c5cb018827b712fa1138961b5 \    --control-plane --certificate-key d8272e844a395ad81d1cced7a6de6ebb52dd9be6ea93897fd608bd54aebdc45f

12.所有master创建kubeconfig mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

node.js