附031.Kubernetes_v1.20.4高可用部署架构二 (4)

提示:如上仅需Master01节点操作,从而实现所有节点镜像的分发。

[root@master01 ~]# ctr -n k8s.io images ls #确认验证 [root@master01 ~]# crictl images ls

001

Master上初始化 [root@master01 ~]# kubeadm init --config=kubeadm-config.yaml --upload-certs #保留如下命令用于后续节点添加: You can now join any number of the control-plane node running the following command on each as root: kubeadm join 172.16.10.254:16443 --token 4f772m.kiql0dnan4lx5qoj \ --discovery-token-ca-cert-hash sha256:e066a9a190ea7fa2619250ce4e2bd0d0fd403afb7abdea8acbab4733584ee8c0 \ --control-plane --certificate-key d3d695b2fcad2de4f1f8054cef94655a61aa615b696e07a1d5a84203a63777a2 Please note that the certificate-key gives access to cluster sensitive data, keep it secret! As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use "kubeadm init phase upload-certs --upload-certs" to reload certs afterward. Then you can join any number of worker nodes by running the following on each as root: kubeadm join 172.16.10.254:16443 --token 4f772m.kiql0dnan4lx5qoj \ --discovery-token-ca-cert-hash sha256:e066a9a190ea7fa2619250ce4e2bd0d0fd403afb7abdea8acbab4733584ee8c0

002

注意:如上token具有默认24小时的有效期,token和hash值可通过如下方式获取:
kubeadm token list
如果 Token 过期以后,可以输入以下命令,生成新的 Token:

kubeadm token create openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' [root@master01 ~]# mkdir -p $HOME/.kube [root@master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@master01 ~]# cat << EOF >> ~/.bashrc export KUBECONFIG=$HOME/.kube/config EOF #设置KUBECONFIG环境变量 [root@master01 ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc [root@master01 ~]# source ~/.bashrc

附加:初始化过程大致步骤如下:

[kubelet-start] 生成kubelet的配置文件”/var/lib/kubelet/config.yaml”

[certificates]生成相关的各种证书

[kubeconfig]生成相关的kubeconfig文件

[bootstraptoken]生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wsxypz.html