1.这里我们在k8s-01上配置打印init默认配置信息
kubeadm config print init-defaults >kubeadm-init.yaml
2.默认配置如下
代码语言:javascript复制root@k8s-01 ~]# cat kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.18.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
3.修改初始化文件
请对应我的IP进行配置,这里主要是master的IP.可以复制我的,但是主机名等要和我相同
代码语言:javascript复制apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.31.100 #master ip,这里不可以填写VIP和域名
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-01 #创建集群的节点
taints:
- effect: NoSchedule #标签,默认资源不调度到master上
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
extraArgs:
authorization-mode: "Node,RBAC"
enable-admission-plugins: "NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeClaimResize,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,Priority,PodPreset"
runtime-config: api/all=true,settings.k8s.io/v1alpha1=true
storage-backend: etcd3
etcd-servers: https://192.168.31.100:2379,https://192.168.31.101:2379,https://192.168.31.102:2379 #etcd集群节点ip
certSANs: #master节点信息
- 10.96.0.1
- 127.0.0.1
- localhost
- k8s-master
- k8s-master-01
- k8s-master-02
- k8s-master-03
- 192.168.31.100
- 192.168.31.101
- 192.168.31.102
- master
- kubernetes
- kubernetes.default
- kubernetes.default.svc
- kubernetes.default.svc.cluster.local
extraVolumes:
- hostPath: /etc/localtime
mountPath: /etc/localtime
name: localtime
readOnly: true
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager:
extraArgs:
bind-address: "0.0.0.0"
experimental-cluster-signing-duration: 867000h
extraVolumes:
- hostPath: /etc/localtime
mountPath: /etc/localtime
name: localtime
readOnly: true
dns:
type: CoreDNS
imageRepository: coredns
imageTag: 1.6.7 #coredns版本
etcd:
local:
dataDir: /var/lib/etcd #etcd数据存储目录
imageRepository: quay.io/coreos
imageTag: v3.4.7 #etcd版本
serverCertSANs:
- master
- 192.168.31.100
- 192.168.31.101
- 192.168.31.102
- k8s-01
- k8s-02
- k8s-03
peerCertSANs:
- master
- 192.168.31.100
- 192.168.31.101
- 192.168.31.102
- k8s-01
- k8s-02
- k8s-03
extraArgs:
auto-compaction-retention: "1h"
max-request-bytes: "33554432"
quota-backend-bytes: "8589934592"
enable-v2: "false"
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.18.2 #k8s版本
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12 #svc ip网段
podSubnet: 10.244.0.0/16 #pod 网段
controlPlaneEndpoint: k8s-master:8443 #vip域名或者ip
scheduler:
extraArgs:
bind-address: "0.0.0.0"
extraVolumes:
- hostPath: /etc/localtime #时间同步
mountPath: /etc/localtime
name: localtime
readOnly: true
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration # https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
mode: ipvs # or iptables
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration # https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
cgroupDriver: systemd
failSwapOn: true # 如果开启swap则设置为false4.检查文件是否错误,忽略warning,错误的话会抛出error,没错则会输出到包含字符串kubeadm join xxx
kubeadm init --config init.yaml --dry-run
4.检查镜像是否正确,版本号不正确就把yaml里的kubernetesVersion取消注释写上自己对应的版本号
kubeadm config images list --config init.yaml
5.预拉取镜像
kubeadm config images pull --config init.yaml
6.在k8s-01上初始化
kubeadm init --config init.yaml --upload-certs
请保留结束后的2行输出!
7.init大致流程如下
8.记住init后打印的token,复制kubectl的kubeconfig,kubectl的kubeconfig路径默认是~/.kube/config
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
9.初始化的配置文件为保存在configmap里面
kubectl -n kube-system get cm kubeadm-config -o yaml
10.手动拷贝(某些低版本不支持上传证书的时候操作) 我们1.18这个版本可以不执行(可选)
在前面我们已经添加了–upload-certs参数,这个参数是将我们的证书文件提交到secret中,所以可以不用在拷贝证书。低版本可能需要有拷贝证书的步骤
for node in k8s-02 k8s-03;dossh $node 'mkdir -p /etc/kubernetes/pki/etcd'scp -r /etc/kubernetes/pki/ca.* $node:/etc/kubernetes/pki/scp -r /etc/kubernetes/pki/sa.* $node:/etc/kubernetes/pki/scp -r /etc/kubernetes/pki/front-proxy-ca.* $node:/etc/kubernetes/pki/scp -r /etc/kubernetes/pki/etcd/ca.* $node:/etc/kubernetes/pki/etcd/done
1.在其他master节点上执行join
代码语言:javascript复制#token如果忘记可以通过kubeadm token list查看 kubeadm join k8s-master:8443 --token 58msro.ou3s6067slh6orw7 --discovery-token-ca-cert-hash sha256:b2ffc7bd4b8c5d4cd6f5f016f7a19d49dba3090c5cb018827b712fa1138961b5 --control-plane --certificate-key d8272e844a395ad81d1cced7a6de6ebb52dd9be6ea93897fd608bd54aebdc45f12.所有master创建kubeconfig
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
