提示:如上仅需Master01节点操作,从而实现所有节点镜像的分发。
[root@master01 ~]# ctr -n k8s.io images ls
#确认验证
[root@master01 ~]# crictl images ls
Master上初始化
[root@master01 ~]# kubeadm init --config=kubeadm-config.yaml --upload-certs
#保留如下命令用于后续节点添加:
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join 172.16.10.254:16443 --token 4f772m.kiql0dnan4lx5qoj \
--discovery-token-ca-cert-hash sha256:e066a9a190ea7fa2619250ce4e2bd0d0fd403afb7abdea8acbab4733584ee8c0 \
--control-plane --certificate-key d3d695b2fcad2de4f1f8054cef94655a61aa615b696e07a1d5a84203a63777a2
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.10.254:16443 --token 4f772m.kiql0dnan4lx5qoj \
--discovery-token-ca-cert-hash sha256:e066a9a190ea7fa2619250ce4e2bd0d0fd403afb7abdea8acbab4733584ee8c0
注意:如上token具有默认24小时的有效期,token和hash值可通过如下方式获取:
kubeadm token list
如果 Token 过期以后,可以输入以下命令,生成新的 Token:
kubeadm token create
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
[root@master01 ~]# mkdir -p $HOME/.kube
[root@master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master01 ~]# cat << EOF >> ~/.bashrc
export KUBECONFIG=$HOME/.kube/config
EOF
#设置KUBECONFIG环境变量
[root@master01 ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@master01 ~]# source ~/.bashrc
附加:初始化过程大致步骤如下:
[kubelet-start] 生成kubelet的配置文件”/var/lib/kubelet/config.yaml”
[certificates]生成相关的各种证书
[kubeconfig]生成相关的kubeconfig文件
[bootstraptoken]生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到
