环境配置
禁用selinux
sed -i '/^SELINUX=/s//SELINUX=disabled/' /etc/selinux/config
禁用swap
swapoff -a && sed -i '/swap/d' /etc/fstab
禁用防火墙
yum -y remove firewalld
修改hosts文件
echo "192.168.2.100 node1" >> /etc/hosts
设置网桥(端口转发)
for i in overlay br_netfilter
do
modprobe ${i}
echo "${i}" >>/etc/modules-load.d/containerd.conf
done
cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system安装软件包
yum -y install kubeadm kubelet ipvsadm ipset nfs-utils containerd修改containerd配置文件
参考文章 containerd安装与配置
设置开机自启动
systemctl enable --now containerd
systemctl enable --now kubelet获取master的token
#在master主机主机上曹组操作
kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
abcdef.0123456789abcdef 22h 2025-03-28T02:16:52Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
#发现默认的token只剩下22个小时的有效期,删除这个token,重新生成一个长期有效的token
kubeadm token delete abcdef.0123456789abcdef
#创建一个新token
kubeadm token create --ttl=0 --print-join-command
kubeadm join 192.168.99.100:6443 --token truj3i.83g7lpw6cxj8medc --discovery-token-ca-cert-hash sha256:c5ce5be2f926c19b2760468618ef4746fa5cc63ca863ed01daba1021b06d7a32
#创建token命令返回的信息就是node加入master的命令#在node上面操作
kubeadm join 192.168.99.100:6443 --token truj3i.83g7lpw6cxj8medc --discovery-token-ca-cert-hash sha256:c5ce5be2f926c19b2760468618ef4746fa5cc63ca863ed01daba1021b06d7a32
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.在master上查看集群信息
node节点加入集群后需要等待一段时间(一般是几分钟)才会显示ready状态。
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 132m v1.28.15
node1 Ready <none> 13m v1.28.15
kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-658d97c59c-9z9km 1/1 Running 0 119m
calico-node-7ftlf 1/1 Running 0 119m
calico-node-fg6zv 1/1 Running 0 11m
coredns-66f779496c-n7h9t 1/1 Running 0 131m
coredns-66f779496c-x7tvt 1/1 Running 0 131m
etcd-master 1/1 Running 0 131m
kube-apiserver-master 1/1 Running 0 131m
kube-controller-manager-master 1/1 Running 0 131m
kube-proxy-tdp72 1/1 Running 0 131m
kube-proxy-vrbvv 1/1 Running 0 11m
kube-scheduler-master 1/1 Running 0 131m
#刚加入集群时的状态
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 124m v1.28.15
node1 NotReady <none> 5m13s v1.28.15
kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-658d97c59c-9z9km 1/1 Running 0 114m
calico-node-7ftlf 1/1 Running 0 114m
calico-node-fg6zv 0/1 Init:1/3 0 5m57s
coredns-66f779496c-n7h9t 1/1 Running 0 125m
coredns-66f779496c-x7tvt 1/1 Running 0 125m
etcd-master 1/1 Running 0 125m
kube-apiserver-master 1/1 Running 0 125m
kube-controller-manager-master 1/1 Running 0 125m
kube-proxy-tdp72 1/1 Running 0 125m
kube-proxy-vrbvv 1/1 Running 0 5m57s
kube-scheduler-master 1/1 Running 0 125m
评论 (0)