八,k8s集群的节点加入集群,也就是17 18加入集群
kubeadm token create --ttl 0 --print-join-command
此条命令是重新获取taken。执行结果如下:
[root@master k8s]# !179 kubeadm token create --ttl 0 --print-join-command kubeadm join 192.168.0.16:6443 --token p3xiss.9sa81o6hxfgg808j --discovery-token-ca-cert-hash sha256:1abb02d9c8f0f65fd303d91f52484f21e99720a211af9e14a9eb2b0f047da716
在添加节点加入集群前,有,四件事情必须要做,1,scp分发/etc/kubernetes/admin.conf这个文件到各个节点(17,18)相同的位置,此文件是master节点初始化也就是执行kubeadm init --kubernetes-version=1.20.0。。。省略 这个一长串初始化命令后所产生的。
2,17,18这个两个节点将export KUBECONFIG=/etc/kubernetes/admin.conf 这一串写入环境变量文件,并source /etc/profile 文件。
3,在17 18节点上执行 kubectl apply -f k8s.yaml 命令。输出应该如下:
[root@slave1 k8s]# kubectl apply -f k8s.yaml podsecuritypolicy.policy/psp.flannel.unprivileged configured clusterrole.rbac.authorization.k8s.io/flannel unchanged clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged serviceaccount/flannel unchanged configmap/kube-flannel-cfg unchanged daemonset.apps/kube-flannel-ds-amd64 unchanged daemonset.apps/kube-flannel-ds-arm64 unchanged daemonset.apps/kube-flannel-ds-arm unchanged daemonset.apps/kube-flannel-ds-ppc64le unchanged daemonset.apps/kube-flannel-ds-s390x unchanged
4,前面百度网盘的镜像文件,docker load 导入,导入的三个镜像是:
在17 和18服务器上,应该docker images 可看到三个镜像:
复制以上输出的这一段到从节点也就是17 18 服务器上都执行这个同一个命令即可:
kubeadm join 192.168.0.16:6443 --token p3xiss.9sa81o6hxfgg808j --discovery-token-ca-cert-hash sha256:1abb02d9c8f0f65fd303d91f52484f21e99720a211af9e14a9eb2b0f047da716
输出的结果如下:
[root@slave1 ~]# kubeadm join 192.168.0.16:6443 --token p3xiss.9sa81o6hxfgg808j --discovery-token-ca-cert-hash sha256:1abb02d9c8f0f65fd303d91f52484f21e99720a211af9e14a9eb2b0f047da716 [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
此时在任意服务器上执行这个命令应该都可以看到这个:
[root@master k8s]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 3h25m v1.20.0 slave1 Ready <none> 21m v1.20.0 slave2 Ready <none> 12s v1.20.0
九,检测k8s集群是否安装成功
[root@master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-7f89b7bc75-2mwhs 1/1 Running 0 5m21s coredns-7f89b7bc75-46w52 1/1 Running 0 5m21s etcd-master 1/1 Running 0 5m28s kube-apiserver-master 1/1 Running 0 5m28s kube-controller-manager-master 1/1 Running 0 5m28s kube-flannel-ds-amd64-gnjzg 1/1 Running 0 2m40s kube-proxy-cpn92 1/1 Running 0 5m21s kube-scheduler-master 1/1 Running 0 5m28s
如果报错 coredns-7f89b7bc75-2mwhs 0/1 ContainerCreating ,也就是第一第二行是 containercreating(容器创建状态),请执行kubectl apply -f k8s.yaml (k8s.yaml文件十分重要,并且在每个节点都要执行的哦)
十,常见报错
(1)
[root@slave2 ~]# kubeadm join 192.168.0.18:6443 --token cgvzs3.gp3j4cojnecpobio --discovery-token-ca-cert-hash sha256:1abb02d9c8f0f65fd303d91f52484f21e99720a211af9e14a9eb2b0f047da716 [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ error execution phase preflight: couldn't validate the identity of the API Server: Get "https://192.168.0.18:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": dial tcp 192.168.0.18:6443: connect: connection refused To see the stack trace of this error execute with --v=5 or higher
加入节点的时候会经常报这个错,很可能的原因是token的问题。执行以下命令查询现在的token,然后将该值替换到join命令里即可。
ubeadm token list
(2)kubectl get pod -n kube-system 获取pod状态
(3)关于kubeadm reset 命令的一些说明
kubeadm reset 命令可以快速的清除集群的配置文件,将已启动的容器全部结束,结束kubelet服务的进程(总共干了三件事),如果在安装部署的时候有报端口被占用,或者配置文件已存在的错,可以使用该命令迅速地重新配置集群,在添加节点的时候此命令非常有效果。
[root@slave1 ~]# kubeadm reset [reset] Reading configuration from the cluster... [reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' W0815 01:02:38.991284 13477 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get config map: Get "https://192.168.0.16:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted. [reset] Are you sure you want to proceed? [y/N]: y [preflight] Running pre-flight checks W0815 01:02:40.588147 13477 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory [reset] No etcd config found. Assuming external etcd [reset] Please, manually reset etcd to prevent further issues [reset] Stopping the kubelet service [reset] Unmounting mounted directories in "/var/lib/kubelet" [reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki] [reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf] [reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni] The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d The reset process does not reset or clean up iptables rules or IPVS tables. If you wish to reset iptables, you must do so manually by using the "iptables" command. If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar) to reset your system's IPVS tables. The reset process does not clean your kubeconfig files and you must remove them manually. Please, check the contents of the $HOME/.kube/config file.
以上输出有一点需要注意,kubeadm reset 不会清除$HOME/.kube/config file文件,因此,如果是非root用户运行集群,需要手动将该处文件清除。当然,删除了哪些配置文件,该命令也给出了详细信息,结束了哪个进程也给出了详细的信息。
