上篇记录了Master节点的安装与部署,本篇记录一下node的安装与部署。
1. 基础环境配置
- 关闭防火墙与交换分区(
swap),关闭selinux,配置yum源参考上篇; - 启用
IPv4数据包转发 和iptables网络过滤参考上篇; - 安装
containerd和runc和go也参考上篇, 也可以将编译好的二进制可执行文件直接复制到当前节点。 - 修改主机名,执行
hostnamectl set-hostname k8s-node1, 因为各节点之间的主机名和mac地址必须唯一。
2. 安装
2.1 安装kubeadm, kubelet
node 节点不需要安装kubectl
cpp
yum install -y kubeadm kubelet --disableexclude=kubernetes
启动 kubelet 服务
systemctl enable --now kubelet2.2 加入集群
通过kubeadm join 命令即可将node节点加入集群
cpp
kubeadm join ip:6443 --token xxxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxip 是master节点的IP
token 和 discovery-token-ca-cert-hash 都来自master,在master安装好后会有这个。
如果安装好后没有记住可以在master节点使用下面命令获取:
- 使用kubeadm命令直接获取(推荐)
cpp
kubeadm token create --print-join-command
输出:
kubeadm join xx.xx.xx.xx:6443 --token o05h6j.8a7xnfw56jenhr4f --discovery-token-ca-cert-hash sha256:84d5a6181b2aa49909746a7f6ef955026cce1aa03f98a9985cc7021183a08c62. 手动生成
cpp
列出所有Token
kubeadm token list , 若没有有效Token,创建新Token
获取Discovery Token CA Cert Hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | \
awk '{print $2}'Token默认有效期为24小时,可通过--ttl参数调整,如kubeadm token create --ttl 0设置永不过期(不推荐生产环境使用)。
加入成功:
cpp
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.在将Node成功加入集群后,可以在master上通过kubectl get nodes 确认新的node加入了集群:
cpp
kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain NotReady <none> 36m v1.28.2
node NotReady control-plane 4d12h v1.28.23. 其他
查看容器版本命令:
查看容器镜像标签:
cpp
kubectl get pods -n kube-system -o jsonpath='{.items[*].spec.containers[*].image}'查看某个组件,如etcd的标签
cpp
kubectl get pods -n kube-system -l component=etcd -o jsonpath='{.items[*].spec.containers[*].image}'根据使用的网络插件(如 Calico、Flannel、Cilium)查看其部署的镜像标签:
cpp
kubectl get pods -n kube-system -l <network-plugin-selector> -o jsonpath='{.items[*].spec.containers[*].image}'