书接上文,在上一篇文章中我们提到了创建 k8s 集群的第一个 master 节点(从0到1手动搭建k8s集群-初始化master节点_云计算_doramingo_InfoQ写作社区),这一个节点已经是一个可用的 k8s 集群了,那么下面我们将以集群扩容的方式重新打开,介绍如何添加其他 master 节点。
PS:这里有一点需要注意的是,我们的 k8s 集群的 etcd 存储是通过 kubeadm 采用静态 pod 的方式部署的,由于 etcd 集群节点数必须为奇数以保证可以顺利选举,故我们的 master 数量也需要为奇数。
下面我们就正式开始介绍 master2 节点的添加,master3 节点同理:
1. 机器信息
2. 环境初始化
以下操作在 master2 节点执行
关闭防火墙、虚拟交换分区、selinux
# 关闭防火墙sudo systemctl stop firewalld && systemctl disable firewalldsudo systemctl stop ufw && systemctl disable ufw# 关闭虚拟交换(注释fstab中swap配置)sudo swapoff -asudo sed -i /^[^#]*swap*/s/^/\#/g /etc/fstab
复制代码
设置/etc/hosts
192.168.56.10 master1192.168.56.11 master2192.168.56.12 master3192.168.56.13 node1192.168.56.14 node2
复制代码
部署 docker
#一键式部署dockercurl -fsSL https://get.docker.com | sudo bash -s docker --mirror Aliyunsudosudo systemctl enable docker && sudo systemctl restart docker
复制代码
安装必备软件
sudo apt-get install socat conntrack ebtables ipset ipvsadm
复制代码
设置 hostname
sudo hostnamectl set-hostname master2
复制代码
3. 部署 k8s 二进制
将 kubelet、kubectl、kubeadm 拷贝到/usr/local/bin 路径下,并赋予执行权限
curl https://dl.k8s.io/v1.20.4/kubernetes-node-linux-amd64.tar.gz -o ./kubernetes-node-linux-amd64.tar.gztar -zxvf kubernetes-client-linux-amd64.tar.gz -C ./ # 部署kubeadmsudo cp ./kubernetes/node/bin/kubeadm /usr/local/bin/ && sudo chmod +x /usr/local/bin/kubeadm# 部署kubectlsudo cp ./kubernetes/node/bin/kubectl /usr/local/bin/ && sudo chmod +x /usr/local/bin/kubectl# 部署kubeletsudo cp ./kubernetes/node/bin/kubelet /usr/local/bin/ && sudo chmod +x /usr/local/bin/kubelet
复制代码
生成 kubelet 服务/etc/systemd/system/kubelet.service
[Unit]Description=kubelet: The Kubernetes Node AgentDocumentation=http://kubernetes.io/docs/
[Service]CPUAccounting=trueMemoryAccounting=trueExecStart=/usr/local/bin/kubeletRestart=alwaysStartLimitInterval=0RestartSec=10
[Install]WantedBy=multi-user.target
复制代码
生成 kubelet 配置文件/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+[Service]Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"# This is a file that "kubeadm init" and "kubeadm join" generate at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamicallyEnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.EnvironmentFile=-/etc/default/kubeletEnvironment="KUBELET_EXTRA_ARGS=--node-ip=192.168.56.11 --hostname-override=master2"ExecStart=ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
复制代码
使能 kubelet
sudo systemctl disable kubelet sudo systemctl enable kubelet sudo ln -snf /usr/local/bin/kubelet /usr/bin/kubelet
复制代码
4. 将新节点加入集群
生成 token 和证书(master1 节点执行)
#生成tokensudo kubeadm token create#生成证书sudo kubeadm init phase upload-certs --upload-certs
复制代码
生成/etc/kubernetes/kubeadm-config.yaml,请将 ${TOKEN}、${CERT}的值替换成前一步获取到的值
---apiVersion: kubeadm.k8s.io/v1beta2kind: JoinConfigurationdiscovery: bootstrapToken: apiServerEndpoint: 192.168.56.10:6443 token: "${TOKEN}" unsafeSkipCAVerification: true tlsBootstrapToken: "${TOKEN}"controlPlane: localAPIEndpoint: advertiseAddress: 192.168.56.11 bindPort: 6443 certificateKey: ${CERT}nodeRegistration: kubeletExtraArgs: cgroup-driver: cgroupfs
复制代码
加入集群
#如果失败的话,执行"sudo kubeadm reset -f"命令清理环境后,再重新执行sudo kubeadm join --config=/etc/kubernetes/kubeadm-config.yaml --ignore-preflight-errors=FileExisting-crictl,ImagePull
复制代码
拷贝 kubeconfig 配置
mkdir ~/.kubesudo cp /etc/kubernetes/admin.conf ~/.kube/config
复制代码
更新 kubelet config,将 apiserver 的地址指向自己
sudo sed -i 's#server:.*#server: https://127.0.0.1:6443#g' /etc/kubernetes/kubelet.confsudo systemctl daemon-reload && sudo systemctl restart kubelet
复制代码
评论