k8s集群部署 - 高版本(1.28.2) docker(运行时)
文章目录
- [k8s集群部署 - 高版本(1.28.2) docker(运行时)](#k8s集群部署 - 高版本(1.28.2) docker(运行时))
- 环境准备
-
- [启用 Kubernetes 组件端口](#启用 Kubernetes 组件端口)
- [配置 sysctl 内核参数](#配置 sysctl 内核参数)
- 节点之间实现免密登录
- [安装 Docker](#安装 Docker)
-
- [在所有三台机器上,安装 Docker](#在所有三台机器上,安装 Docker)
-
- [首先在三台机器上安装 Docker并启动:](#首先在三台机器上安装 Docker并启动:)
- 配置docker镜像加速、docker默认路径、设置Cgroup驱动
- [安装 cri-dockerd](#安装 cri-dockerd)
-
- [安装 cri-dockerd](#安装 cri-dockerd)
- [安装 Kubeadm、Kubelet 和 Kubectl](#安装 Kubeadm、Kubelet 和 Kubectl)
-
- [1. 配置阿里云加速器](#1. 配置阿里云加速器)
- [2. 安装 Kubernetes 组件,可以只安装在master节点中(Kubeadm、Kubelet、Kubectl)](#2. 安装 Kubernetes 组件,可以只安装在master节点中(Kubeadm、Kubelet、Kubectl))
-
- [k8s高版本 1.28.2](#k8s高版本 1.28.2)
- [3. 启动kubelet并验证(二选一)](#3. 启动kubelet并验证(二选一))
-
- 安装完后直接启动(手动启动):
- [通过 kubeadm 初始化后自动启动(推荐方式)](#通过 kubeadm 初始化后自动启动(推荐方式))
- kubeadm初始化前的检查与准备
-
- [1. 初始化前的检查,检查默认容器运行时](#1. 初始化前的检查,检查默认容器运行时)
- [2. 确认初始化指令内容](#2. 确认初始化指令内容)
- [3. 使用kubeadm 初始化 Kubernetes 控制平面节点](#3. 使用kubeadm 初始化 Kubernetes 控制平面节点)
-
- 初始化须知
- [在 k8s03(控制平面节点)上运行 kubeadm init 命令初始化 Kubernetes 集群。](#在 k8s03(控制平面节点)上运行 kubeadm init 命令初始化 Kubernetes 集群。)
- 初始化完整控制台记录
- [如果 kubeadm init 出现问题,错误排除方法](#如果 kubeadm init 出现问题,错误排除方法)
- [4. 初始化完成后](#4. 初始化完成后)
-
- [配置 kubectl 访问集群](#配置 kubectl 访问集群)
- [检查 kubectl 配置](#检查 kubectl 配置)
- 可能遇到的错误解决
- [5. 加入工作节点](#5. 加入工作节点)
-
- [执行 kubectl get node成功显示后,在工作节点上加入集群](#执行 kubectl get node成功显示后,在工作节点上加入集群)
- 返回到控制平面节点检查工作节点加入情况
- [6. 安装 Calico 网络插件,配置 Kubernetes 节点网络](#6. 安装 Calico 网络插件,配置 Kubernetes 节点网络)
环境准备
| 机器名称 | IP地址 | 系统 |
|---|---|---|
| k8s01 | 192.168.10.94 | CentOS7 |
| k8s02 | 192.168.10.95 | CentOS7 |
| k8s03 | 192.168.10.96 | CentOS7 |
- 所有节点需要相互通信,确保它们之间没有网络问题。
bash
# 关闭防火墙
sudo systemctl stop firewalld.service # 临时停止 firewalld 防火墙服务
sudo systemctl disable firewalld.service # 禁用 firewalld 防火墙服务
# 关闭Selinux
sudo setenforce 0 # 临时禁用
sudo sed -i 's/enforcing/disabled/' /etc/selinux/config # 完全禁用
# 关闭Swap,并重启服务器
sudo swapoff -a # 禁用 swap
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab # 注销开机时启用 swap
# Swap显示为0B则表示关闭成功
sudo free -mh
# 确保 /etc/fstab 中的 swap 行已注释
cat /etc/fstab # 确保没有类似于 UUID=xxxx swap 的行。
# 重启计算机
reboot
# 配置yum仓库为aliyun
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup # 备份原有yum仓库配置
sudo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo # 更新yum仓库配置文件为阿里云
sudo yum clean all # 清理缓存
sudo yum makecache # 重新建立缓存(时间较长)
# 设置时间同步
sudo yum -y install ntpdate # 安装
sudo systemctl enable ntpdate # 设置开机自启
sudo ntpdate time.windows.com # 同步时间
# 根据规划设置 系统的主机名
sudo hostnamectl set-hostname <hostname>
# 将主机名与ip的映射添加到hosts中
sudo cat >> /etc/hosts << EOF
192.168.10.94 k8s01
192.168.10.95 k8s02
192.168.10.96 k8s03
EOF启用 Kubernetes 组件端口
Kubernetes 集群中的某些组件需要访问特定的端口。确保以下端口没有被防火墙阻止:
6443 (API server)
2379-2380 (etcd)
10250-10252 (kubelet, kube-scheduler, kube-controller-manager)
10255 (kubelet read-only)
30000-32767 (NodePort, 如果你使用了这个模式)
bash
sudo iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 2379:2380 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 10250:10252 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 10255 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 30000:32767 -j ACCEPT配置 sysctl 内核参数
bash
# 加载 br_netfilter 模块
modprobe br_netfilter # 运行命令以加载模块
lsmod | grep br_netfilter # 检查模块是否成功加载
bash
sudo tee -a /etc/sysctl.d/k8s.conf <<EOF
# 开启 IP 转发
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# 禁用源路由
net.ipv4.conf.all.accept_source_route = 0
# 设置容器内存限制
fs.may_detach_mounts = 1
# 确保网络桥接的数据包经过Iptables处理
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
bash
# 确保模块开机自动加载
echo "br_netfilter" > /etc/modules-load.d/k8s.conf # 将 br_netfilter 添加到 /etc/modules-load.d/k8s.conf
cat /etc/modules-load.d/k8s.conf # 确认文件内容
# 重新加载并应用所有内核参数,使其生效
sudo sysctl --system
# 使用 sysctl 命令检查设置是否已经生效:
sysctl -p /etc/sysctl.d/k8s.conf
# 重启计算机
reboot节点之间实现免密登录
注意:
- 每个节点都需要配置免密登录,包括自身。
- 将公钥复制到其他节点时,需要在每个节点上将公钥复制到所有其他节点。
- 验证免密连接时,需要在每个节点上分别连接包括自身在内的所有节点。
bash
# 生成 SSH 密钥对
ssh-keygen -t rsa -b 2048 # 一直回车即可
# 这里只举例一个节点
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:y0BE+CHcWPs80m3jfKKY3SiAUbMFWYb+MO5MSqQHG98 root@k8s01
The key's randomart image is:
+---[RSA 2048]----+
| ..@* |
| Xo+. |
| o *o. |
|o o =..+ . |
| B = +o S + |
|o = E .+ * . |
| o = . o + . |
| . o .+ + o |
| o.+ . |
+----[SHA256]-----+
# 将公钥复制到其他节点,输入 yes 及 目标主机的密码
ssh-copy-id root@k8s01
ssh-copy-id root@k8s02
ssh-copy-id root@k8s03
# 这里只举例一个命令
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'k8s01 (192.168.10.94)' can't be established.
ECDSA key fingerprint is SHA256:4WtcsqHo36joOICGT02X98FW1TUzIqC4NR/k2vmoLFg.
ECDSA key fingerprint is MD5:ef:40:f0:72:0e:6c:4d:04:98:79:63:ce:8b:7d:bd:9f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@k8s01'"
and check to make sure that only the key(s) you wanted were added.
# 验证免密连接,注意看命令行最左侧[]内的主机名是否为目标连接主机
# ctrl+d 快捷键退出免密连接的主机
ssh root@k8s01
ssh root@k8s02
ssh root@k8s03
# 成功示例
[root@k8s02 ~]# ssh root@k8s01
Last login: Mon Dec 30 14:27:36 2024 from k8s01
[root@k8s01 ~]# 登出
Connection to k8s01 closed.
[root@k8s02 ~]# ssh root@k8s02
Last login: Mon Dec 30 14:21:18 2024 from 192.168.10.37
[root@k8s02 ~]# 登出
Connection to k8s02 closed.
[root@k8s02 ~]# ssh root@k8s03
Last login: Mon Dec 30 14:21:20 2024 from 192.168.10.37
[root@k8s03 ~]# 登出
Connection to k8s03 closed.安装 Docker
在所有三台机器上,安装 Docker
首先在三台机器上安装 Docker并启动:
bash
sudo yum install -y yum-utils # 安装管理 yum 的配置文件和仓库软件包
# 将阿里云镜像地址添加到yum仓库配置中
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum clean all # 清理缓存
sudo yum makecache fast # 清空缓存,更新仓库
# 安装 Docker,选其一
sudo yum -y install docker-ce # (可选)最新的 Docker 社区版,来自 Docker 官方仓库,通常包含最新的功能和修复。
sudo yum install -y docker # (可选)CentOS 官方仓库中的版本,可能会稍旧,但稳定且经过 CentOS 维护。
# 检查 Docker 是否安装并运行
sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2024-12-30 22:47:32 CST; 2s ago
Docs: https://docs.docker.com
Main PID: 8707 (dockerd)
Tasks: 10
Memory: 31.2M
CGroup: /system.slice/docker.service
└─8707 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
12月 30 22:47:27 k8s01 systemd[1]: Starting Docker Application Container Engine...
12月 30 22:47:27 k8s01 dockerd[8707]: time="2024-12-30T22:47:27.102075322+08:00" level=inf...up"
12月 30 22:47:31 k8s01 dockerd[8707]: time="2024-12-30T22:47:31.467253389+08:00" level=inf...t."
12月 30 22:47:32 k8s01 dockerd[8707]: time="2024-12-30T22:47:32.374296588+08:00" level=inf...e."
12月 30 22:47:32 k8s01 dockerd[8707]: time="2024-12-30T22:47:32.390173334+08:00" level=inf...1.4
12月 30 22:47:32 k8s01 dockerd[8707]: time="2024-12-30T22:47:32.390270409+08:00" level=inf...on"
12月 30 22:47:32 k8s01 dockerd[8707]: time="2024-12-30T22:47:32.420645863+08:00" level=inf...ck"
12月 30 22:47:32 k8s01 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
输出应显示 active (running),如果 Docker 没有运行,可以使用以下命令启动它:
# 启动并设置 Docker 开机启动
sudo systemctl start docker # 启动 Docker 引擎
sudo systemctl enable docker # 设置 Docker 服务为开机自启
sudo systemctl enable docker && systemctl start docker # 这一句等于上面的两句作用
# 验证,如果命令输出版本信息,则说明工具已正确安装。
sudo docker version # 检查 kubeadm 是否安装,获取当前安装的 Docker 客户端和服务器(引擎)的版本信息,帮助用户确认版本。
sudo docker info # 关于当前 Docker 引擎的详细信息,包括容器和镜像数量、存储驱动、CPU 内存使用情况等,用于了解 Docker 的健康状态、资源配置及系统环境。配置docker镜像加速、docker默认路径、设置Cgroup驱动
- "registry-mirrors":配置 Docker 使用的镜像加速器,这些是 Docker 镜像仓库的国内加速镜像地址。通过设置这些加速器,可以加速从 Docker Hub 拉取镜像的速度。
- 加速器地址可参考 https://www.wangdu.site/course/2109.html
- "data-root":设置 Docker 的数据存储路径,默认为 /var/lib/docker,此配置将数据目录更改为 /data/docker,这样容器和镜像的存储位置就被定向到 /data 目录。
- 我这边系统只有40G,所以选择将容器存储至另一个盘内;如果没有此需求删除
"data-root": "/data/docker",即可。 - "exec-opts":配置 Docker 守护进程的运行选项。这里指定了 native.cgroupdriver=systemd,意味着 Docker 使用 systemd 作为 cgroup 驱动,这对于大多数现代 Linux 发行版(如 CentOS 7/8)是推荐的做法,以便与 systemd 协同工作。
bash
sudo mkdir -p /etc/docker # 创建 Docker 配置目录
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://dockerpull.org",
"https://docker.1panel.dev",
"https://docker.foreverlink.love",
"https://docker.fxxk.dedyn.io",
"https://docker.xn--6oq72ry9d5zx.cn",
"https://docker.zhai.cm",
"https://docker.5z5f.com",
"https://a.ussh.net",
"https://docker.cloudlayer.icu",
"https://hub.littlediary.cn",
"https://hub.crdz.gq",
"https://docker.unsee.tech",
"https://docker.kejilion.pro",
"https://registry.dockermirror.com",
"https://hub.rat.dev",
"https://dhub.kubesre.xyz",
"https://docker.nastool.de",
"https://docker.udayun.com",
"https://docker.rainbond.cc",
"https://hub.geekery.cn",
"https://docker.1panelproxy.com",
"https://atomhub.openatom.cn",
"https://docker.m.daocloud.io",
"https://docker.1ms.run",
"https://docker.linkedbus.com",
"https://dytt.online",
"https://func.ink",
"https://lispy.org",
"https://docker.xiaogenban1993.com"
],
"data-root": "/data/docker",
"exec-opts":["native.cgroupdriver=systemd"]
}
EOF
bash
# 重新加载 systemd 配置。这是因为修改了 Docker 的配置文件(daemon.json),所以需要让 systemd 重新加载配置文件,以便应用新的设置。
sudo systemctl daemon-reload
# 重启 Docker 服务,使 daemon.json 配置文件中的更改生效。此命令会停止并重新启动 Docker 守护进程。
sudo systemctl restart docker
sudo systemctl daemon-reload && systemctl restart docker # 这一句等于上面的两句作用
sudo docker info # 查看配置是否生效安装 cri-dockerd
注意:
- Kubernetes 在 1.23 及之前版本支持 Docker 作为容器运行时,通过 dockershim 将 Docker 网络和 Kubernetes 的 CNI 网络进行对接。
- Kubernetes 1.24 移除了 dockershim,不再原生支持 Docker,需要通过 cri-dockerd (Docker与Kubernetes通信的中间程序) 来使用 Docker 作为容器运行时。
- 总结:
如果安装 Kubernetes 的版本在 1.23 及之前版本,则不需要安装 cri-dockerd ;
如果安装 Kubernetes 的版本在 1.24 及之后版本,则需要安装 cri-dockerd ;
安装 cri-dockerd
bash
#下载
curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2-3.el7.x86_64.rpm
#安装
rpm -ivh cri-dockerd-0.3.2-3.el7.x86_64.rpm
# 指定依赖镜像地址为国内镜像地址
vi /usr/lib/systemd/system/cri-docker.service
Execstart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google containers/pause:3.9
systemctl daemon-reload # 重载systemd配置
systemctl enable cri-docker &systemctl start cri-docker # 启动并设置开机自启 ci-docker安装 Kubeadm、Kubelet 和 Kubectl
1. 配置阿里云加速器
bash
# 创建 Kubernetes 的 YUM 仓库配置文件,并通过阿里云的镜像源来加速 Kubernetes 软件包的下载。
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF2. 安装 Kubernetes 组件,可以只安装在master节点中(Kubeadm、Kubelet、Kubectl)
- 选择 Kubernetes 版本时建议选择版本号第三位大于5的,这种版本相对稳定。
k8s高版本 1.28.2
- 方法一:
针对无法正常在线安装的情况,或者离线环境,先下载再安装
手动重命名已下载的安装包,删除前面的前缀,然后对比下面在线安装的安装包名称来检查是否有缺少
也可查看下载过程中的日志,检查下载的安装包是否有缺少
bash
# 查看可下载的kubelet版本
sudo yum list kubelet --showduplicates | sort -r
sudo yum list kubeadm --showduplicates | sort -r
sudo yum list kubectl --showduplicates | sort -r
# 以下载1.28.2 版本为例
sudo mkdir /tmp/k8s
sudo yum install --downloadonly --downloaddir=/tmp/k8s kubelet-1.28.2
sudo yum install --downloadonly --downloaddir=/tmp/k8s kubeadm-1.28.2
sudo yum install --downloadonly --downloaddir=/tmp/k8s kubectl-1.28.2
# 安装 kubeadm、kubelet和kubectl及所需依赖的本地安装包
sudo yum localinstall /tmp/k8s/*.rpm- 方法二:
针对可以在线安装的情况
bash
# 安装方式(二选一)
# 安装默认最新稳定版的 Kubernetes 工具(kubeadm,kubelet和kubect1,kubect1)安装 Kubernetes 工具,
sudo yum install -y kubelet kubeadm kubectl
# 安装指定版本的 Kubernetes 工具(kubeadm,kubelet和kubect1,kubect1)
sudo yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubect1-1.28.0
=============================================================================
Package 架构 版本 源 大小
=============================================================================
正在安装:
kubeadm x86_64 1.28.2-0 kubernetes 11 M
kubectl x86_64 1.28.2-0 kubernetes 11 M
kubelet x86_64 1.28.2-0 kubernetes 21 M
为依赖而安装:
conntrack-tools x86_64 1.4.4-7.el7 base 187 k
cri-tools x86_64 1.26.0-0 kubernetes 8.6 M
kubernetes-cni x86_64 1.2.0-0 kubernetes 17 M
libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
socat x86_64 1.7.3.2-2.el7 base 290 k
事务概要
=============================================================================
安装 3 软件包 (+7 依赖软件包)
总下载量:69 M
安装大小:292 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00
(2/10): 3f5ba2b53701ac9102ea7c7ab2ca6616a8cd5966591a775 | 8.6 MB 00:13
(3/10): cee73f8035d734e86f722f77f1bf4e7d643e78d36646fd0 | 11 MB 00:16
(4/10): a24e42254b5a14b67b58c4633d29c27370c28ed6796a80c | 11 MB 00:15
(5/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00
(6/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00
(7/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00
(9/10): e1cae938e231bffa3618f5934a096bd85372ee9b1293081 | 21 MB 00:28
(10/10): 0f2a2afd740d476ad77c508847bad1f559afc2425816c1 | 17 MB 00:22
-----------------------------------------------------------------------------
总计 1.3 MB/s | 69 MB 00:51 3. 启动kubelet并验证(二选一)
安装完后直接启动(手动启动):
这种方式通常用于手动配置,可能适用于调试或临时测试,但它不适合生产环境。手动启动时,你需要手动启动每个组件,并且需要自己管理每个组件的生命周期。若系统重启,组件不会自动重启,除非手动配置它们。
- 优点:
适用于调试或临时环境。
灵活控制启动时间。 - 缺点:
不适合生产环境,容易出错。
需要更多的手动管理,容易遗漏配置。
bash
# 启动并设置 kubelet 开机启动,
sudo systemctl enable kubelet && systemctl start kubelet
# 验证,如果命令输出版本信息,则说明工具已正确安装。
# 确认 kubeadm 是否安装成功:
kubeadm version
# 示例输出:
kubeadm version: &version.Info{Major:"1", Minor:"28", GitVersion:"v1.28.2", GitCommit:"89a4ea3e1e4ddd7f7572286090359983e0387b2f", GitTreeState:"clean", BuildDate:"2023-09-13T09:34:32Z", GoVersion:"go1.20.8", Compiler:"gc", Platform:"linux/amd64"}
# 确认 kubelet 是否安装成功:
kubelet --version
# 示例输出:
Kubernetes v1.28.2
# 确认 kubectl 是否安装成功:
kubectl version --client
# 示例输出:
Client Version: v1.28.2通过 kubeadm 初始化后自动启动(推荐方式)
kubeadm 会自动配置 Kubernetes 组件为系统服务(使用 systemd),并确保在节点重启后这些组件能够自动启动。通过这种方式,Kubernetes 集群的组件会保持在运行状态,确保集群的高可用性和稳定性。
-
优点:
自动化管理,省去了手动启动的麻烦。
系统重启后,Kubernetes 组件自动恢复运行。
适合生产环境,提供稳定性和可靠性。
-
缺点:
需要通过 kubeadm 进行初始化,配置相对复杂。
bash
# 这里只是设置开机自启,后面由kubeadm初始化后并自启
systemctl enable kubeletkubeadm初始化前的检查与准备
1. 初始化前的检查,检查默认容器运行时
- 确保 cri-o 服务已启动
bash
# kubeadm 会自动找到 /var/run/crio/crio.sock。
systemctl status crio- 确保 docker 服务已启动
bash
# kubeadm 会自动找到 /var/run/crio/crio.sock。
systemctl status docker2. 确认初始化指令内容
bash
# 指定k8s部署的版本,确保初始化的集群使用指定的版本,避免不兼容的组件被意外拉取。
# 如果不指定版本,kubeadm 会尝试默认安装最新版本。推荐使用稳定版本,避免可能的 Beta 功能带来的问题。
--kubernetes-version v1.23.6
# 指定 kube-apiserver 服务对外通告的 IP 地址,通常设置为主节点的 IP。
# Kubernetes 控制平面组件(如 kubelet 和 kube-proxy)需要通过此 IP 地址与 apiserver 通信。
--apiserver-advertise-address=192.168.10.96
# Kubernetes 集群内 Service 虚拟 IP 的分配网段。此网段不能与物理网络或 Pod 网段(--pod-network-cidr)冲突。
--service-cidr=10.96.0.0/12
# 定义集群内 Pod 的 IP 地址分配范围。
# 提供 Pod 的网络地址空间,每个 Pod 都会分配一个唯一 IP。网络插件(如 Flannel、Calico 等)需要此参数匹配其默认配置。
--pod-network-cidr=10.244.0.0/16
# 默认为国外镜像,这里指定腾讯云的镜像仓库
--image-repository mirrors.tencent.com/google_containers3. 使用kubeadm 初始化 Kubernetes 控制平面节点
初始化须知
bash
# 初始化完成后,kubeadm 会输出 kubeadm join 命令。确认该命令包含了正确的 token 和 ca-cert-hash,稍后会在工作节点上使用,类似于:
kubeadm join 192.168.10.96:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
# kubeadm join(控制平面节点):带有 --control-plane 参数,用于将节点作为控制平面节点加入集群。
# kubeadm join(工作节点):不带 --control-plane 参数,用于将节点作为工作节点加入集群。确认 kubeadm 输出的 join 命令,并将其保存下来,以便在工作节点上使用。
在 k8s03(控制平面节点)上运行 kubeadm init 命令初始化 Kubernetes 集群。
初始化集群:
在 k8s03 上执行 kubeadm init 命令:
bash
kubeadm init \
--kubernetes-version v1.23.6 \
--apiserver-advertise-address=192.168.10.96 \
--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16初始化完整控制台记录
bash
[root@k8s03 ~]# kubeadm init \
> --kubernetes-version v1.23.6 \
> --apiserver-advertise-address=192.168.10.96 \
> --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
> --service-cidr=10.96.0.0/12 \
> --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.23.6
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 26.1.4. Latest validated version: 20.10
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s03 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.10.96]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s03 localhost] and IPs [192.168.10.96 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s03 localhost] and IPs [192.168.10.96 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 9.002654 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s03 as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node k8s03 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 37clp3.tp9dcxaacikpd2hf
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.10.96:6443 --token 37clp3.tp9dcxaacikpd2hf \
--discovery-token-ca-cert-hash sha256:8f5bc9c4157b30c539977a285d7e870e05053b0f77d64589ae4ddd2a22fd7800 如果 kubeadm init 出现问题,错误排除方法
解决步骤:查看日志-->分析问题-->清理失败初始化-->重新执行初始化命令
- 日志查看
bash
# 查看 containerd 状态及日志
sudo systemctl status containerd -l # 或 crio
# 查看 kubelet 状态及日志
sudo systemctl status kubelet -l
# 实时查看 kubelet 完整日志
sudo journalctl -u kubelet -f
# 查看 kube-apiserver 是否已运行
sudo ps aux | grep kube-apiserver
# 查看 kube-apiserver
sudo journalctl -u kube-apiserver -f- 清理先前初始化的失败状态:
bash
sudo kubeadm reset -f
sudo rm -rf /etc/kubernetes /var/lib/etcd /var/lib/kubelet /var/lib/cni
sudo systemctl restart containerd4. 初始化完成后
配置 kubectl 访问集群
初始化完成后,根据提示信息,拷贝kubectl工具认证文件到默认路径:
在 k8s03 上配置 kubectl 来访问 Kubernetes 集群。
配置 kubectl:
bash
# 将 Kubernetes 配置文件复制到当前用户目录,并设置权限:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config检查 kubectl 配置
验证 kubectl 是否能够正常工作:
由于网络插件还没有部署,节点会处于"NotReady"状态。
bash
# 初始化成功后,检查控制平面节点的状态
kubectl get node
# 输出应显示类似以下内容:
NAME STATUS ROLES AGE VERSION
k8s03 NotReady control-plane 21h v1.28.2可能遇到的错误解决
错误现象:
bash
[root@k8s03 ~]# kubectl get nodes
E1214 14:22:03.524812 29168 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E1214 14:22:03.525450 29168 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E1214 14:22:03.527128 29168 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E1214 14:22:03.528562 29168 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E1214 14:22:03.529952 29168 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
The connection to the server localhost:8080 was refused - did you specify the right host or port?解决:
bash
# 检查配置文件路径是否正确:
echo $KUBECONFIG
# 如果输出为空,手动设置配置文件路径到环境变量(当前会话,重新连接后失效)
export KUBECONFIG=/etc/kubernetes/admin.conf
# 将 KUBECONFIG 环境变量的设置添加到当前用户的环境变量中(永久,推荐)
[root@k8s03 ~]# vi ~/.bashrc
# .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
export KUBECONFIG=/etc/kubernetes/admin.conf
# 应用用户环境变量配置
[root@k8s03 ~]# source ~/.bashrc
# 如果当前用户没有权限访问配置文件,可以复制并修改权限:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 验证是否解决:
kubectl get nodes5. 加入工作节点
执行 kubectl get node成功显示后,在工作节点上加入集群
在 k8s01 和 k8s02 上执行以下 kubeadm join 命令(从控制平面节点输出):
bash
kubeadm join k8s03:6443 --token 7zaxue.pz5tw01orh4xe7is \
--discovery-token-ca-cert-hash sha256:2285147d37190ae6e5983f0e3b34d90898cf2a7295394e63711278ce9e74640e - k8s01
bash
[root@k8s01 ~]# kubeadm join k8s03:6443 --token ymqapv.walf83gqbevio4td \
> --discovery-token-ca-cert-hash sha256:47a9fdf273124954ca533ce78e5bc8206e9eff4e1bf6e15c96d5ce12a611624d
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.- k8s02
bash
[root@k8s02 ~]# kubeadm join k8s03:6443 --token ymqapv.walf83gqbevio4td \
> --discovery-token-ca-cert-hash sha256:47a9fdf273124954ca533ce78e5bc8206e9eff4e1bf6e15c96d5ce12a611624d
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.返回到控制平面节点检查工作节点加入情况
- 使用kubectl工具查看节点状态:
bash
[root@k8s03 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s01 NotReady <none> 15m v1.28.2
k8s02 NotReady <none> 14m v1.28.2
k8s03 NotReady control-plane 15m v1.28.2- 可能的错误显示
bash
[root@k8s03 ~]# kubectl get node
Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")原因 :
因为 kubectl 配置文件中的证书不被信任,或者证书丢失或过期。这通常发生在集群初始化后,特别是在生成证书时出现问题,或者在控制平面重新部署时证书发生变化。
kubectl 无法验证 API Server 证书,因为系统缺少对 Kubernetes 自签名证书的信任。
解决:
bash
# 重新生成证书:
kubeadm init phase certs all
# 重新启动 kubelet 和其他控制平面组件:
sudo systemctl restart kubelet
sudo systemctl restart kube-apiserver
# 如果显示此错误
[root@k8s03 ~]# sudo systemctl restart kube-apiserver
Failed to restart kube-apiserver.service: Unit not found.
# 则需要执行
[root@k8s03 ~]# kubeadm init phase certs apiserver
I1214 17:30:07.207333 8327 version.go:256] remote version is much newer: v1.32.0; falling back to: stable-1.28
# 重新执行配置:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 将 Kubernetes 的 CA 证书添加到系统的证书库:
sudo cp /etc/kubernetes/pki/ca.crt /etc/pki/ca-trust/source/anchors/kubernetes.crt
sudo update-ca-trust
# 设置 KUBECONFIG 环境变量:
export KUBECONFIG=/etc/kubernetes/admin.conf # 确保 kubectl 使用正确的配置文件
# 确保证书信任库加载了新的证书:
sudo trust list | grep kubernetes # 检查证书是否被信任
# 更改文件权限:
sudo chown $(id -u):$(id -g) /etc/kubernetes/admin.conf # 确保配置文件的权限正确,避免 kubectl 无法读取
# 重启服务:
sudo systemctl restart kubelet # 重新启动 kubelet 服务,确保所有配置生效
# 再次验证:
kubectl get nodes6. 安装 Calico 网络插件,配置 Kubernetes 节点网络
部署Calico插件
配置 kubeadm 以便使用一个支持多节点集群的网络插件(比如 Calico 或 Weave)。以下步骤中,我选择了 Calico。
确保所有节点可以访问 Kubernetes 需要的网络范围,并且每台机器上的防火墙已配置为允许 Kubernetes 所需的端口。
- 提前准备所需镜像
bash
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.25.0
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.25.0 docker.io/calico/kube-controllers:v3.25.0
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.25.0
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.25.0 docker.io/calico/cni:v3.25.0
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.25.0
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.25.0 docker.io/calico/node:v3.25.0
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.25.0
docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.25.0 docker.io/calico/csi:v3.25.0- 方法一:通过 calico.yaml 部署 Calico
bash
# 下载calico部署的yaml文件,用于定义 Pod 网络的 IP 地址范围、路由方式、封装模式,以及网络策略的管理方式。
curl -L -O https://docs.projectcalico.org/manifests/calico.yaml
# 编辑calico的yaml部署文件
sudo vi ./calico.yaml
# 取消注释并更改value与初始化时的pod-network一致
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
# 执行命令,在控制平面节点上安装 Calico 网络插件(仅执行一次)
kubectl create -f ./calico.yaml- 方法二:通过 Tigera Operator 部署 Calico
介绍:
Tigera Operator 是一个 Kubernetes Operator,专门用于自动化安装、配置、升级和管理 Calico 网络插件,提供容器网络连接、网络策略和安全功能,同时简化了 Calico 在 Kubernetes 集群中的运维工作。
作用:
Tigera Operator 的作用是自动化管理 Calico 网络插件的生命周期,包括简化其安装、升级和配置过程,同时确保网络策略、容器网络连接和安全功能在 Kubernetes 集群中的稳定运行。
bash
1. 安装 Tigera Operator
# 执行命令,在控制平面节点上安装 Tigera Operator 网络插件(仅执行一次)
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
# 在控制平面节点上检查 Calico 网络插件是否部署成功
kubectl get pods -n kube-system | grep tigera-operator
[root@k8s03 ~]# kubectl get pods -n tigera-operator | grep tigera-operator
tigera-operator-8547bd6cc6-hvscr 1/1 Running 0 94s
2. 创建 Calico 配置
# 方法一:下载一个 Calico 配置文件,通常是一个 CustomResource(CR),它定义了 Calico 网络插件的配置。
curl -L -O https://calico-v3-25.netlify.app/archive/v3.25/manifests/custom-resources.yaml
sudo vi ./custom-resources.yaml # 编辑calico的yaml部署文件
# 更改cidr与初始化时的pod-network一致
cidr: 10.244.0.0/16
# 方法二:创建一个名为 custom-resources.yaml 的文件
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
namespace: tigera-operator
spec:
calicoNetwork:
ipPools:
- cidr: 10.244.0.0/16 # cidr与初始化时的pod-network一致
blockSize: 26
3. 应用配置文件
kubectl create -f custom-resources.yaml # 使用 kubectl 命令应用该文件- 验证Calico安装
bash
# 在控制平面节点上检查 Calico 网络插件是否部署成功
kubectl get pods -n kube-system | grep calico # 在控制平面节点上检查 Calico 相关的 Pod 是否启动并正常运行
或:
kubectl get pods -n kube-system # 在控制平面节点上检查命明空间为 kube-system 的所有pod
# 你应该看到类似以下输出,表示 Calico 插件已成功部署:
[root@k8s03 ~]# kubectl get pods -n kube-system | grep calico
calico-kube-controllers-658d97c59c-lwdqv 1/1 Running 0 38h
calico-node-b7r8l 1/1 Running 0 38h
calico-node-mwq54 1/1 Running 0 38h
calico-node-xq6l8 1/1 Running 0 38h
或
[root@k8s03 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-658d97c59c-lwdqv 1/1 Running 0 38h
calico-node-b7r8l 1/1 Running 0 38h
calico-node-mwq54 1/1 Running 0 38h
calico-node-xq6l8 1/1 Running 0 38h
coredns-6554b8b87f-d2cbq 1/1 Running 0 38h
coredns-6554b8b87f-pq2lt 1/1 Running 0 38h
etcd-k8s03 1/1 Running 1 39h
kube-apiserver-k8s03 1/1 Running 1 39h
kube-controller-manager-k8s03 1/1 Running 1 39h
kube-proxy-5t7nt 1/1 Running 0 39h
kube-proxy-8lwrb 1/1 Running 0 39h
kube-proxy-czmr6 1/1 Running 0 39h
kube-scheduler-k8s03 1/1 Running 1 39hkubectl get pods -n kube-system
验证集群网络
确保集群的网络正常工作,执行以下命令,查看网络插件是否能够正常通信:
如果网络和集群配置都正常,集群中的所有 Pod 应该都能够正常显示并处于 Running 或 Completed 状态。
bash
kubectl get pods --all-namespaces
[root@k8s03 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-658d97c59c-lwdqv 1/1 Running 0 39h
kube-system calico-node-b7r8l 1/1 Running 0 38h
kube-system calico-node-mwq54 1/1 Running 0 38h
kube-system calico-node-xq6l8 1/1 Running 0 38h
kube-system coredns-6554b8b87f-d2cbq 1/1 Running 0 38h
kube-system coredns-6554b8b87f-pq2lt 1/1 Running 0 38h
kube-system etcd-k8s03 1/1 Running 1 39h
kube-system kube-apiserver-k8s03 1/1 Running 1 39h
kube-system kube-controller-manager-k8s03 1/1 Running 1 39h
kube-system kube-proxy-5t7nt 1/1 Running 0 39h
kube-system kube-proxy-8lwrb 1/1 Running 0 39h
kube-system kube-proxy-czmr6 1/1 Running 0 39h
kube-system kube-scheduler-k8s03 1/1 Running 1 39h检查工作节点状态
由于之前没有部署网络插件,导致节点的状态为 NotReady,但现在已经部署完了网络插件,所以此时节点状态应为 Ready
bash
[root@k8s03 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s01 Ready <none> 39h v1.28.2
k8s02 Ready <none> 39h v1.28.2
k8s03 Ready control-plane 39h v1.28.2至此,Kubernetes 集群已经成功部署,k8s03 是控制平面节点,k8s01 和 k8s02 是工作节点。
bash
[root@k8s03 ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-system calico-kube-controllers-685f7c9b88-99rpg 1/1 Running 0 136m 10.244.82.195 k8s01 <none> <none>
calico-system calico-typha-65fbb7dbcd-sxr2n 1/1 Running 0 136m 192.168.10.95 k8s02 <none> <none>
calico-system csi-node-driver-976rg 2/2 Running 0 136m 10.244.105.65 k8s02 <none> <none>
calico-system csi-node-driver-ljc7n 2/2 Running 0 136m 10.244.82.194 k8s01 <none> <none>
calico-system csi-node-driver-vhpmg 2/2 Running 0 136m 10.244.51.129 k8s03 <none> <none>
kube-system calico-node-fk7gk 1/1 Running 0 136m 192.168.10.96 k8s03 <none> <none>
kube-system calico-node-gnf4s 1/1 Running 0 135m 192.168.10.94 k8s01 <none> <none>
kube-system calico-node-h8tnq 1/1 Running 0 136m 192.168.10.95 k8s02 <none> <none>
kube-system coredns-6554b8b87f-d2cbq 1/1 Running 0 2d23h 10.244.51.131 k8s03 <none> <none>
kube-system coredns-6554b8b87f-pq2lt 1/1 Running 0 2d23h 10.244.51.130 k8s03 <none> <none>
kube-system etcd-k8s03 1/1 Running 1 3d 192.168.10.96 k8s03 <none> <none>
kube-system kube-apiserver-k8s03 1/1 Running 1 3d 192.168.10.96 k8s03 <none> <none>
kube-system kube-controller-manager-k8s03 1/1 Running 2 (3h28m ago) 3d 192.168.10.96 k8s03 <none> <none>
kube-system kube-proxy-5t7nt 1/1 Running 0 3d 192.168.10.96 k8s03 <none> <none>
kube-system kube-proxy-8lwrb 1/1 Running 0 3d 192.168.10.95 k8s02 <none> <none>
kube-system kube-proxy-czmr6 1/1 Running 0 3d 192.168.10.94 k8s01 <none> <none>
kube-system kube-scheduler-k8s03 1/1 Running 2 (3h28m ago) 3d 192.168.10.96 k8s03 <none> <none>
tigera-operator tigera-operator-8547bd6cc6-hvscr 1/1 Running 0 25h 192.168.10.95 k8s02 <none> <none>