kubeadm安装k8s 和 token 更新

一系统软件环境预置

1.1 设置hosts

vi /etc/hosts
加入以下内容
127.0.0.1 vm210

1.2 关闭防火墙

[root@vm210 ~]# systemctl stop firewalld
[root@vm210 ~]# systemctl disable firewalld
[root@vm210 ~]# systemctl status firewalld

1.3 安装docker

使用yum安装,若已安装可跳过

yum -y install docker

1.4 配置yum源

vi /etc/yum.repos.d/kubernetes.repo

加入以下内容
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0

1.5 设置SELinux

vi /etc/selinux/config
添加如下SELINUX=disabled 
注释掉SELINUX=enforcing,SELINUXTYPE=targeted

1.6 关闭swap内存

使用swap会影响性能。kubelet禁用swap

系统级临时关闭

swapoff -a ，重启后失效

系统级全部关闭

vi /etc/fstab，注释掉swap那一行
需要重启。重启后不失效

1.7 设置iptables

解决iptables而导致流量无法正确路由的问题

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

二 Master节点安装kubeadm

2.1 安装kubelet 和kubeadm以及kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet

2.2 启动docker

systemctl enable docker && systemctl start docker

2.3 下载所需要的镜像

for i in `kubeadm config images list`; do 
  imageName=${i#k8s.gcr.io/}
  docker pull registry.aliyuncs.com/google_containers/$imageName
  docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
  docker rmi registry.aliyuncs.com/google_containers/$imageName
done;

2.4 更改kubelet的参数

vi /etc/sysconfig/kubelet

改为如下参数
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd

2.5 kubeadm初始化

kubeadm init --pod-network-cidr=10.244.0.0./16 --service-cidr=10.1.0.0/16  

完成之后有如下结果
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.159.210:6443 --token ct4248.2egr8dv9k4avqul7 \
    --discovery-token-ca-cert-hash sha256:4ca4f6835e9cd70b43be16b81d8340876dca0e064c6168342c140140d17f449b

最后的命令需要在node节点中执行，从而加入的k8s集群

依据提示执行如下命令

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

三 node节点安装kubeadm

3.1 安装kubeadm kubelet

yum -y install kubeadm kubelet

3.2 启动docker

systemctl enable docker && systemctl start docker

3.3 下载所需要的镜像

for i in `kubeadm config images list`; do 
  imageName=${i#k8s.gcr.io/}
  docker pull registry.aliyuncs.com/google_containers/$imageName
  docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
  docker rmi registry.aliyuncs.com/google_containers/$imageName
done;

3.4 更改kubelet的参数

vi /etc/sysconfig/kubelet

改为如下参数
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd

3.5 加入master

token来自master节点执行kubeinit的结果

kubeadm join 192.168.159.210:6443 --token ct4248.2egr8dv9k4avqul7 \
    --discovery-token-ca-cert-hash sha256:4ca4f6835e9cd70b43be16b81d8340876dca0e064c6168342c140140d17f449b

四安装网络插件

4.1 calico

kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml

4.2 flannel

kubectl apply -f https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml

需要注意flanenl里面设置的cidr 与kubeadm init中设置的cidr是否一致。

五添加新的节点（Token忘记）

5.1 获取集群的k8s版本

$ kubectl  get nodes
NAME     STATUS   ROLES    AGE   VERSION
node41   Ready    <none>   95d   v1.19.3
node42   Ready    <none>   95d   v1.19.3
node45   Ready    <none>   38s   v1.19.3
node46   Ready    master   95d   v1.19.3

version是1.19.3

5.2 安装kubelet和kubeadm(对应版本)

# 查找版本
$ yum list kubelet --showduplicate|grep 1.19.3
kubelet.x86_64                       1.19.3-0                        @kubernetes
kubelet.x86_64                       1.19.3-0                        kubernetes

$ yum list kubeadm  --showduplicate|grep 1.19.3
kubeadm.x86_64                       1.19.3-0                        @kubernetes
kubeadm.x86_64                       1.19.3-0                        kubernetes

$ yum install -y kubeadm-1.19.3-0 kubelet-1.19.3-0

5.3 获取token

$ kubeadm token create    #重新生成token
#列出token
kubeadm token list  | awk -F" " '{print $1}' |tail -n 1

5.4 获取CA公钥的哈希值

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed  's/^ .* //'

5.5 从节点加入集群

kubeadm join 192.168.40.8:6443 --token token填这里   --discovery-token-ca-cert-hash sha256:哈希值填这里