Kubernetes 安装
本实验采用kubeadm部署集群。
·
Ubuntu2404-Containerd-Kubeadm-安装
详情参考:生产环境
本实验采用kubeadm部署集群。
环境资源
-
vmware workstation 17
-
ubuntu-24.04-live-server-amd64
-
kubernetes 1.30.2
虚拟机硬件配置
- 2 cpu
- 4G memory
- 1个NAT 网卡
- 1个100G 硬盘
节点规划
| 节点 | IP | 角色 |
|---|---|---|
| master30.shizhan.cloud | 10.1.8.30 | master |
| worker31.shizhan.cloud | 10.1.8.31 | work |
| worker32.shizhan.cloud | 10.1.8.32 | work |
准备模板
安装系统
Ubuntu 2404 系统安装
最小化安装系统,不需要swap分区,按以下要求分区。
- /boot 2G
- / 90G
安装基础软件包
root@ubuntu2404:~# apt update && apt install -y vim bash-completion open-vm-tools apt-transport-https
配置仓库源
操作系统仓库
操作系统仓库换成华为云的仓库,速度更快。
root@ubuntu2404:~# cat /etc/apt/sources.list.d/ubuntu.sources
Types: deb
URIs: http://mirrors.huaweicloud.com/ubuntu/
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
containerd 仓库
# 导入 containerd 仓库 key
root@ubuntu2404:~# curl -fsSL https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu/gpg | gpg --dearmour -o /etc/apt/trusted.gpg.d/containerd.gpg
# 添加 containerd 仓库
root@ubuntu2404:~# cat << 'EOF' > /etc/apt/sources.list.d/docker-ce.list
deb [arch=amd64] https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu noble stable
EOF
kubernetes 仓库
由于 Kubernetes 官方变更了仓库的存储路径以及使用方式,使用 1.28 及以上版本,需按照新版配置方法进行配置。
该文档示例为配置 1.30 版本,如需其他版本请在对应位置字符串替换即可。比如需要安装 1.29 版本,则需要将如下配置中的 v1.30 替换成 v1.29。
目前该源支持 v1.24 - v1.30 版本,后续版本会持续更新。
# 添加 kubernetes 仓库 key
root@ubuntu2404:~# curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
# 添加 kubernetes 仓库
root@ubuntu2404:~# echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
# 更新仓库源
root@ubuntu2404:~# apt update
设置 IP
root@ubuntu2404:~# mkdir /etc/netplan/origin
root@ubuntu2404:~# mv /etc/netplan/*yaml /etc/netplan/origin
root@ubuntu2404:~# cat > /etc/netplan/00-static.yaml <<EOF
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 10.1.8.30/24
routes:
- to: default
via: 10.1.8.2
nameservers:
addresses:
- 10.1.8.2
- 218.2.135.1
version: 2
EOF
root@ubuntu2404:~# chmod 600 /etc/netplan/00-static.yaml
root@ubuntu2404:~# netplan apply
设置 /etc/hosts
root@ubuntu2404:~# cat << 'EOF' >> /etc/hosts
###### kubernetes #####
10.1.8.30 master30.shizhan.cloud master30
10.1.8.31 worker31.shizhan.cloud worker31
10.1.8.32 worker32.shizhan.cloud worker32
EOF
关闭 swap
如果有 swap 分区,需要关闭。kubernetes不需要swap分区。
root@ubuntu2404:~# swapoff -a && sed -i '/^.*swap/d' /etc/fstab
root@ubuntu2404:~# rm -f /swap.img
配置 containerd
root@ubuntu2404:~# apt-get install -y containerd.io cri-tools
# 设置crictl的runtime-endpoint
root@ubuntu2404:~# crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
root@ubuntu2404:~# containerd config default > /etc/containerd/config.toml
root@ubuntu2404:~# vim /etc/containerd/config.toml
... ...
# 修改sandbox镜像为阿里云3.9版本
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
... ...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
# 添加如下四行记录,注意缩进
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com"]
... ...
# 修改SystemdCgroup值为true
SystemdCgroup = true
... ...
# 重启服务
root@ubuntu2404:~# systemctl restart containerd.service
# containerd 服务,默认已经设置开机启动,并启动
华为加速服务器:https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com
安装 nerdctl 和 cni plugin
nerdctl 项目地址:https://github.com/containerd/nerdctl/releases
cni 插件项目地址:https://github.com/containernetworking/plugins/releases
# 下载并安装
root@ubuntu2404:~# wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz
root@ubuntu2404:~# tar -xf nerdctl-1.7.6-linux-amd64.tar.gz -C /usr/bin/
# 下载 nerdctl 所需要的 cni 插件
root@ubuntu2404:~# wget https://github.com/containernetworking/plugins/releases/download/v1.5.0/cni-plugins-linux-amd64-v1.5.0.tgz
root@ubuntu2404:~# mkdir -p /opt/cni/bin
root@ubuntu2404:~# tar -xf cni-plugins-linux-amd64-v1.5.0.tgz -C /opt/cni/bin
配置内核参数
# 加载overlay和br_netfilter模块
root@ubuntu2404:~# modprobe overlay
root@ubuntu2404:~# modprobe br_netfilter
# 设置开机自动加载overlay和br_netfilter模块
root@ubuntu2404:~# cat << 'EOF' > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
# 配置内核参数,将桥接的IPv4流量传递到iptables的链
root@ubuntu2404:~# cat << 'EOF' > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 内核参数立刻生效
root@ubuntu2404:~# sysctl -p /etc/sysctl.d/k8s.conf
配置对时
root@ubuntu2404:~# apt-get install -y chrony
# 以下步骤可以省略
root@ubuntu2404:~# systemctl enable chrony --now
设置 ssh
# 避免ssh服务器对客户端IP进行反向解析为域名,客户端可以快速与服务器建立连接
root@ubuntu2404:~# echo 'UseDNS no' >> /etc/ssh/sshd_config
# 避免ssh客户端校验服务器公钥,否则首次连接需要交互输入yes
root@ubuntu2404:~# echo 'StrictHostKeyChecking no' >> /etc/ssh/ssh_config
# 生成秘钥
root@ubuntu2404:~# ssh-keygen -N '' -f ~/.ssh/id_rsa -t rsa
# 配置免密登录自己
root@ubuntu2404:~# ssh-copy-id root@localhost
安装 kubernetes 软件包
# 查看版本
root@ubuntu2404:~# apt list kubeadm -a|head
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Listing...
kubeadm/unknown,now 1.30.14-1.1 amd64 [installed]
kubeadm/unknown 1.30.13-1.1 amd64
kubeadm/unknown 1.30.12-1.1 amd64
kubeadm/unknown 1.30.11-1.1 amd64
kubeadm/unknown 1.30.10-1.1 amd64
kubeadm/unknown 1.30.9-1.1 amd64
kubeadm/unknown 1.30.8-1.1 amd64
kubeadm/unknown 1.30.7-1.1 amd64
kubeadm/unknown 1.30.6-1.1 amd64
# 安装最新版本
root@ubuntu2404:~# apt install -y kubeadm kubelet kubectl
# 安装指定版本
root@ubuntu2404:~# apt install -y kubeadm=1.30.2-1.1 kubelet=1.30.2-1.1 kubectl=1.30.2-1.1
# 设置 kubelet 服务
root@ubuntu2404:~# systemctl enable kubelet --now
此时kubelet服务处于activating,等 kubernetes 安装完成后状态变更为active。
配置相关命令补全
# 配置 crictl 命令自动补全
root@ubuntu2404:~# mkdir /etc/bash_completion.d
root@ubuntu2404:~# crictl completion bash > /etc/bash_completion.d/crictl
root@ubuntu2404:~# source /etc/bash_completion.d/crictl
# 配置 nerdctl 命令自动补全
root@ubuntu2404:~# nerdctl completion bash > /etc/bash_completion.d/nerdctl
root@ubuntu2404:~# echo 'export CONTAINERD_NAMESPACE=k8s.io' >> /etc/bash_completion.d/nerdctl
root@ubuntu2404:~# source /etc/bash_completion.d/nerdctl
注意:此处必须设置变量 CONTAINERD_NAMESPACE,否则 nerdctl 默认将镜像导入到 default 命名空间,导致 k8s 无法使用镜像。k8s 默认使用 k8s.io 命名空间中镜像。
# 配置 kubectl 命令补全
root@ubuntu2404:~# kubectl completion bash > /etc/bash_completion.d/kubectl
root@ubuntu2404:~# source /etc/bash_completion.d/kubectl
# 配置 kubeadm 命令补全
root@ubuntu2404:~# kubeadm completion bash > /etc/bash_completion.d/kubeadm
root@ubuntu2404:~# source /etc/bash_completion.d/kubeadm
关闭虚拟机
root@ubuntu2404:~# init 0
准备节点
### 隆虚拟机
# 采用完全克隆方法克隆出其他3台虚拟机。
# 3台虚拟机重新设置自己的的主机名和网络。
# master30 节点
root@master30:~# hostnamectl set-hostname master30.shizhan.cloud
root@master30:~# cat > /etc/netplan/00-static.yaml <<EOF
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 10.1.8.30/24
routes:
- to: default
via: 10.1.8.2
nameservers:
addresses:
- 10.1.8.2
- 218.2.135.1
version: 2
EOF
root@master30:~# netplan apply
# worker31 节点
root@worker31:~# hostnamectl set-hostname worker31.shizhan.cloud
root@worker31:~# cat > /etc/netplan/00-static.yaml <<EOF
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 10.1.8.31/24
routes:
- to: default
via: 10.1.8.2
nameservers:
addresses:
- 10.1.8.2
- 218.2.135.1
version: 2
EOF
root@worker31:~# netplan apply
# worker32 节点
root@worker32:~# hostnamectl set-hostname worker32.shizhan.cloud
root@worker32:~# cat > /etc/netplan/00-static.yaml <<EOF
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 10.1.8.32/24
routes:
- to: default
via: 10.1.8.2
nameservers:
addresses:
- 10.1.8.2
- 218.2.135.1
version: 2
EOF
root@worker32:~# netplan apply
配置集群
初始化集群
# 生成初始化配置,并且根据需求进行更改,后续可以使用选项--config指定配置文件
root@master30:~# kubeadm config print init-defaults |tee k8s-init.conf
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.28.2
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
# 使用以下命令初始化集群
root@master30:~# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.30.2 --pod-network-cidr=10.224.0.0/16
初始化结果如下
[init] Using Kubernetes version: v1.30.2
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master30.shizhan.cloud] and IPs [10.96.0.1 10.1.8.30]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master30.shizhan.cloud] and IPs [10.1.8.30 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master30.shizhan.cloud] and IPs [10.1.8.30 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "super-admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests"
[kubelet-check] Waiting for a healthy kubelet. This can take up to 4m0s
[kubelet-check] The kubelet is healthy after 502.398615ms
[api-check] Waiting for a healthy API server. This can take up to 4m0s
[api-check] The API server is healthy after 7.50265248s
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master30.shizhan.cloud as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master30.shizhan.cloud as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: ybenal.6mszwb1nf8nck72g
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.1.8.30:6443 --token mi0yt8.1tzza4q64dr8y3pc \
--discovery-token-ca-cert-hash sha256:5606e09618330aee8859abe3ea4cd8734f9b540630048a6e1c3aaf6c54d486fd
选项说明:
--image-repository registry.aliyuncs.com/google_containers,指定镜像下载位置
--kubernetes-version=v1.30.2,指定版本
--pod-network-cidr=10.224.0.0/16,指定Pod网络的范围。 Kubernetes支持多种网络
方案, 而且不同网络方案对–pod-network-cidr有自己的要求。
--apiserver-advertise-address指明用哪个interface与Cluster的其他节点通信。 如果master有多个interface, 建议明确指定, 如果不指定, kubeadm会自动选择有默认网关的interface。
初始化过程说明:
- kubeadm执行初始化前的检查。
- 下载组件的Docker镜像。 这一步可能会花一些时间, 主要取决于网络质量。
- 生成token和证书。
- 生成KubeConfig文件, kubelet需要用这个文件与master通信。
- 安装master组件。
- 安装附加组件kube-proxy和CoreDNS。
- Kubernetes master初始化成功。
- 提示如何配置kubectl。
- 提示如何安装Pod网络。
- 提示如何注册其他节点到Cluster。
配置集群
kubectl 凭据
- kubectl默认使用~/.kube/config文件中凭据信息管理kubernetes。
root@master30:~# mkdir -p $HOME/.kube
root@master30:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master30:~# chown $(id -u):$(id -g) $HOME/.kube/config
- 如果环境变量KUBECONFIG存在,则优先使用境变量KUBECONFIG设置的值。
root@master30:~# mv .kube/config .
root@master30:~# export KUBECONFIG=/root/config
root@master30:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master30.shizhan.cloud NotReady control-plane,master 5m2s v1.28.2
# 等网络配置完成后,STATUS状态由NotReady变更为Ready
- 还可以通过选项
--kubeconfig=''明确指定凭据文件位置。
root@master30:~# kubectl get nodes --kubeconfig /root/config
kubernetes对凭据文件名没有要求。
root@master30:~# mv config kube.conf
root@master30:~# kubectl get nodes --kubeconfig kube.conf
~/.kube/config内容:
root@master30:~# mv kube.conf .kube/config
root@master30:~# cat .kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EUXdNakExTURZd05Wb1hEVE15TURNek1EQTFNRFl3TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHg5ClZnNGUyR3dUTkVUaUowTjBqV09hZ2NvQVRnclFzVXVjWU1Jb281YWFZZGtTZGY2amdJanhTeEtNTmZyL3MrQWQKems5S25CL2UwS0ZxSEJwOEhsQy9VZ0JTK1V2THl6b2VuWVNFM29MWmJzdDhwY1JXL0ZWQVdQckRkS1VhcTdJcApyVXpvQlRTSHRHSEluNitLR1htZ3BwWkdLK3pRT2pjTWYyT2IxOGZ0NDZDbXNFT24rMmhKZk13eHBUd3k0dEgvCktteWhnVStYUys1c0Z5L0N2R1gwbUEzbWpzeHZ4VnFmamQ0T2F0RVVhamN5aERVc3FxRVVBUmNWZGdpbkhUc2IKdWVhc3NieUFZSGRJWGFiMjQvVzg0ZXpDYk8vMGhvcHhZZFhGVDYxQVc3R2RNL0IvNlYyU0hDWUFCd2FKU1dmNApZWHFpajJoMndUNDdYZHZscHNzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZLWlJpc2FLS1c4YjFFcUlHeHhTcTkrdUdEWFNNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRjhHSjI1c1RqVEd3RDRoSDVmegp5bXU2WGhSd212ejBzemNKUTVKVVlsSndpUlJ0NUVBZ2lNUHZ0MndIeGt1UExGWDAwRFZ2MWorQkEzaEt5Wk5GClVaQUdrRmVwK0JyOWZYUWxVSE15OHZTZjFZSVhBRk43MFdBT0dFdVZjWEJDeDFNbWlBTndObUQyck1LdmFJK1cKci80Y1hMdXdVZlNUaUZaeFpaVGdaRkFtSFJ0QnVvSmpoaStmQjRPT2xTRFNEMU9PaFZjVVc3bWo3YkhJUjN1cgpzRnFYakp5eEc0T0JadlM5MTBXMUNtYTJWUTFCYnprY1h0YzJZOUdDSS9Cd3h2a0labWFSYy9ETFY1M0YxSmxXCnluNmovZEpvdmd6SGZqaVhheUxoekpaUDhMaG9ULzFacFQ2K214Uml0SHVMM2RVRW9oL2ttSzZqclBjZlFUWlMKTnRrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://10.1.8.30:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYm9pOWR1alB4dEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBME1ESXdOVEEyTURWYUZ3MHlNekEwTURJd05UQTJNRGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXhSbWh6MkpjWG83RmNIb1QKQ0d6dHkyRGplM1FvYVl1djVMMmV2V3NpMk14SmZRLzVnRWg4cDdXZEdTQ0NDL0t5a2Fvbk9ZWFh3MkxEVi9yVQpkbEtNbUtTN2s1eG5WWWV1M0EyZGlCMTU1MVVFK0lTelVPTE54c3J0MjdVajRuMDliUU5kSzhjeEZvclhxVUV0ClppVTdHY0dOZ3hRUVA4MkhGSDdTb09RTXRtTmo0bXdMWHVZbEFWODZ5TXl5RThQYjF5Y0FoQjhVY1BFUmRUeWQKeEtUY3FVbG0xYnQ4cU1CRzlYWUZFNk1IUUpldXk0Rnk3NjlYL2ZJNk9SZCtuUGdVWHVVd0FUYVdYR2JIeWhoUApDS0dKWXdzY09PRUFmWnRWV3RYUkxiM1pEWWpiVmFqTzllT0ZHYnorcjRxVDR2NEpkL1dZZ1RLcmUvTDBzVlhRCkROZWZDd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTbVVZckdpaWx2RzlSS2lCc2NVcXZmcmhnMQowakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBckt4cjhFbEtYN2FYWUMvdzZhUFg4M3JvRHl0Q0NudTBTMHpWCm5WTVFnMUsvUmhRSGV5TnY2SGtycTJXSFhoUjh1L2M3Ukw3WGwyeDlzcWhPWmR3cGRrUlBXK0RENEs4TFMwYjAKUnhwdGxraW44UFE5QkZEOExuNDlmdmNhRG9LT0lhV2djZFFVMFRKQVZoZ1RNQ3FZZ0ZNTUhQa3I2d2Q2WVFtMgp3KzhsVlNCNytmeERKVlhkeUZWMFdOdk5Jb1JrM0FCcGEyOVVVZlZoY1FnZGI2M1RFamgwUlI0d014bjhhY2E1CnNiaE1wVmZiT2ZUU0pRTUJGRkRkMG5DWnJSN3NxQWluOUE2M3RydWZLTzJMTEF0YUVJeDRMUzJWZ09veG5odWEKQlh6UGp4SHF5TTR1WFRqQVlOMk44K2wxWXRBeSs0VTg2ZzVEMEZZeUpSTE5NMU5VL2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeFJtaHoySmNYbzdGY0hvVENHenR5MkRqZTNRb2FZdXY1TDJldldzaTJNeEpmUS81CmdFaDhwN1dkR1NDQ0MvS3lrYW9uT1lYWHcyTERWL3JVZGxLTW1LUzdrNXhuVllldTNBMmRpQjE1NTFVRStJU3oKVU9MTnhzcnQyN1VqNG4wOWJRTmRLOGN4Rm9yWHFVRXRaaVU3R2NHTmd4UVFQODJIRkg3U29PUU10bU5qNG13TApYdVlsQVY4NnlNeXlFOFBiMXljQWhCOFVjUEVSZFR5ZHhLVGNxVWxtMWJ0OHFNQkc5WFlGRTZNSFFKZXV5NEZ5Cjc2OVgvZkk2T1JkK25QZ1VYdVV3QVRhV1hHYkh5aGhQQ0tHSll3c2NPT0VBZlp0Vld0WFJMYjNaRFlqYlZhak8KOWVPRkdieityNHFUNHY0SmQvV1lnVEtyZS9MMHNWWFFETmVmQ3dJREFRQUJBb0lCQUNkS0hMOUNWRGRsTG1abApielhXd1BBeHVDYjcyTEp4YmZhaTllbThXWTN0NnhoSy91bGJpYjNFcmpROERyQmpDTVdRclpFQjVTakZuenNDCmZTZTQvTjNRdUxPTUVlMHl4dUNHdGtoVDErRU5TWmhnbTM0Y04valFxdW1KQ2tZendQTGlJTWlCUkgvQjNZdVgKdW4wS0h1WGJkMklSdGN1Q0pOTXBGTU9Oc2hzSkMyRTI1cmhXazlZZFdKTVVQV2JjMGZUd0RDdHhVSXpRNWhycApOa0tGenpBekdiVFA2dXA2dWJrYzQ4Zm9BNDVTRUJLNkhhcFZBNEQ1NzNQNFNmZWRodmhMVG9lbmQzM3NmeTJYCjlkS1dFOUg4VUQ3VGFRc3N6MG8xSU1xK0xVVU5UNUVqRkVCOXVtemIxTHB4YW1wUFJqVVpXU2ZEcXJDbGlvMkUKWHFaWkd3RUNnWUVBMm5Tbmd2R0p2NUZhdFVQeGppbWMyNHhOWjZSTWhRRFc3OG9TRUYrUUVoV2RscGlwTk94QQpVNTJNY1NrSmNMR1Jkd3VIaWdjQXVWVW90N09sak9MU1Zzak4yN0xRQTFraTNXbjYxeWVKUSs5MVpZMW9GaUJQCmpBZWJoS1BJanFPT2p3YUsrMEJ5cGFJb2dTb215dzErNklrSE5kNmJkc2FQbG1aMU9wc0hjRHNDZ1lFQTV2bG0KOGNvUUlEWWx5Q0x3YzMzSWRHd0xsWU9KUmFNdCs5QXRNY1VaZGZZN2gvaUlWTE4wSEZkUUFkOWxLUUxyNlpZVApuS0lWcUdzU1BiM2kyMCsyZHNVN3VPUjNOVkZCeHcvZUVVM1FnTjFtVTRnZzBLNnpORUpkKzZaYVo2cUQyVVhRCnY3cTdiOHhzekJoUkNMakdjb1huL2ZnWFBIWmRDUE9VVUVIWTczRUNnWUVBek1RSHVDK2JoSnRFd1IvY3JmckgKY3V1Q0txSFFyK0xubFlCOWlpZHBMZXBnK3FaQ0JMOW1WSG9iQ0g4RXdFTlJMSnI4QXg4cFNJOVFTVkQwM3FoRgpyTjh3UnJ6SFNqd2srQkc4OUN1MCtKN2VGY0NFVGlrZkp3eUNjOFBwMi9ublNKMURiTnN1RzU5eUJCQjBxR1FRCkR2dFNiT1lxSngxYnZnaHYzZTB1L2IwQ2dZRUF4NHc1TURQT2NzWFZKbTlwSlo1S0RLczc1dFJaU0Z5T1lidWQKRUI2a3ZKRWJKWUhHNXNhVFRkanhPbXp5VE5oRlVPMWp6RE1NV3hFR0ZXbDBFTjF4V25OVUFZMEFvSU92UEhlcwo5MjR1OE9aV2ZWeGlYV2hSVXBqejhYSHJNUnpVQkdhWXpzeFpHMkdWclU1azFCQXZBc3BGZjlsUzJkMjR5djhGCjU4QzcxMEVDZ1lBV0p4NmpuV05vbGc1QzhvSGpDT0Jkb0RGdHhGeEpiT2M5QUJ2aHpZbGlTSHp5aTY3RjVQZ28KREdaWXJjWWZxYVY5MVl5R24xaWQybG5GcVZoZ1VGYnpGS2t4U0FaS0FJVDRwbGNucVRWQm9oc1UwMkxqSUdEZwpESU5SQW8xb0dqRTdOM3FWUVFzS0huSDBnUXNwWVZpN3NFRzRDdWtZSDQ2MUNCM0dET0N0b3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
说明:
- certificate-authority-data指定CA证书,通过base64编码。
root@master30:~# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYm9pOWR1alB4dEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBME1ESXdOVEEyTURWYUZ3MHlNekEwTURJd05UQTJNRGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXhSbWh6MkpjWG83RmNIb1QKQ0d6dHkyRGplM1FvYVl1djVMMmV2V3NpMk14SmZRLzVnRWg4cDdXZEdTQ0NDL0t5a2Fvbk9ZWFh3MkxEVi9yVQpkbEtNbUtTN2s1eG5WWWV1M0EyZGlCMTU1MVVFK0lTelVPTE54c3J0MjdVajRuMDliUU5kSzhjeEZvclhxVUV0ClppVTdHY0dOZ3hRUVA4MkhGSDdTb09RTXRtTmo0bXdMWHVZbEFWODZ5TXl5RThQYjF5Y0FoQjhVY1BFUmRUeWQKeEtUY3FVbG0xYnQ4cU1CRzlYWUZFNk1IUUpldXk0Rnk3NjlYL2ZJNk9SZCtuUGdVWHVVd0FUYVdYR2JIeWhoUApDS0dKWXdzY09PRUFmWnRWV3RYUkxiM1pEWWpiVmFqTzllT0ZHYnorcjRxVDR2NEpkL1dZZ1RLcmUvTDBzVlhRCkROZWZDd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTbVVZckdpaWx2RzlSS2lCc2NVcXZmcmhnMQowakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBckt4cjhFbEtYN2FYWUMvdzZhUFg4M3JvRHl0Q0NudTBTMHpWCm5WTVFnMUsvUmhRSGV5TnY2SGtycTJXSFhoUjh1L2M3Ukw3WGwyeDlzcWhPWmR3cGRrUlBXK0RENEs4TFMwYjAKUnhwdGxraW44UFE5QkZEOExuNDlmdmNhRG9LT0lhV2djZFFVMFRKQVZoZ1RNQ3FZZ0ZNTUhQa3I2d2Q2WVFtMgp3KzhsVlNCNytmeERKVlhkeUZWMFdOdk5Jb1JrM0FCcGEyOVVVZlZoY1FnZGI2M1RFamgwUlI0d014bjhhY2E1CnNiaE1wVmZiT2ZUU0pRTUJGRkRkMG5DWnJSN3NxQWluOUE2M3RydWZLTzJMTEF0YUVJeDRMUzJWZ09veG5odWEKQlh6UGp4SHF5TTR1WFRqQVlOMk44K2wxWXRBeSs0VTg2ZzVEMEZZeUpSTE5NMU5VL2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | base64 -d
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIIboi9dujPxtAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0yMjA0MDIwNTA2MDVaFw0yMzA0MDIwNTA2MDdaMDQx
FzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMRkwFwYDVQQDExBrdWJlcm5ldGVzLWFk
bWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRmhz2JcXo7FcHoT
CGzty2Dje3QoaYuv5L2evWsi2MxJfQ/5gEh8p7WdGSCCC/KykaonOYXXw2LDV/rU
dlKMmKS7k5xnVYeu3A2diB1551UE+ISzUOLNxsrt27Uj4n09bQNdK8cxForXqUEt
ZiU7GcGNgxQQP82HFH7SoOQMtmNj4mwLXuYlAV86yMyyE8Pb1ycAhB8UcPERdTyd
xKTcqUlm1bt8qMBG9XYFE6MHQJeuy4Fy769X/fI6ORd+nPgUXuUwATaWXGbHyhhP
CKGJYwscOOEAfZtVWtXRLb3ZDYjbVajO9eOFGbz+r4qT4v4Jd/WYgTKre/L0sVXQ
DNefCwIDAQABo1YwVDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSmUYrGiilvG9RKiBscUqvfrhg1
0jANBgkqhkiG9w0BAQsFAAOCAQEArKxr8ElKX7aXYC/w6aPX83roDytCCnu0S0zV
nVMQg1K/RhQHeyNv6Hkrq2WHXhR8u/c7RL7Xl2x9sqhOZdwpdkRPW+DD4K8LS0b0
Rxptlkin8PQ9BFD8Ln49fvcaDoKOIaWgcdQU0TJAVhgTMCqYgFMMHPkr6wd6YQm2
w+8lVSB7+fxDJVXdyFV0WNvNIoRk3ABpa29UUfVhcQgdb63TEjh0RR4wMxn8aca5
sbhMpVfbOfTSJQMBFFDd0nCZrR7sqAin9A63trufKO2LLAtaEIx4LS2VgOoxnhua
BXzPjxHqyM4uXTjAYN2N8+l1YtAy+4U86g5D0FYyJRLNM1NU/g==
-----END CERTIFICATE-----
- client-certificate-data指定用户证书,同样被base64编码。
- client-key-data指定用户私钥,同样被base64编码。
# 或者使用以下命令获取不显示具体证书和key内容
root@master30:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.1.8.30:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
kubeadm 配置
# 获取配置
root@master30:~# kubectl get cm -n kube-system kubeadm-config -o yaml |tee kubeadm.yml
apiVersion: v1
data:
ClusterConfiguration: |
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.30.2
networking:
dnsDomain: cluster.local
podSubnet: 10.224.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
kind: ConfigMap
metadata:
creationTimestamp: "2024-07-10T14:17:59Z"
name: kubeadm-config
namespace: kube-system
resourceVersion: "202"
uid: 150211c9-fee9-4bd3-8902-1c3cf7d72cbd
# 下次初始化集群的时候可以使用以下命令完成
root@master30:~# kubeadm init --config kubeadm.yml
配置网络
这里采用 calico 网络。
官方地址:http://projectcalico.org 或者 https://www.tigera.io/project-calico/
产品文档:https://projectcalico.docs.tigera.io/about/about-calico
下载 calico
[root@master ~]# wget --no-check-certificate https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml
修改 pod 网络
# 查看集群 pod 网络范围
root@master30:~# kubectl get cm -n kube-system kubeadm-config -o yaml|grep podSubnet
podSubnet: 10.224.0.0/16
# 更改 calico.yml,确保 CALICO_IPV4POOL_CIDR 与集群初始化的pod网络一致。
root@master30:~# vim calico.yaml
#############################################
- name: CALICO_IPV4POOL_CIDR
value: "10.224.0.0/16"
#############################################
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
原先这两行是注释行,注意对齐。
导入 calico 镜像
现在已经无法从docker下载calico镜像了。我们可以从GitHub的calico项目中获取calico镜像。
项目地址:projectcalico/calico,在相应的release中找到对应资源。
# 查看需要的镜像
root@master30:~# grep "image:" calico.yaml |sort |uniq
image: docker.io/calico/cni:v3.28.0
image: docker.io/calico/kube-controllers:v3.28.0
image: docker.io/calico/node:v3.28.0
# 上传镜像文件并导入
root@master30:~# nerdctl load -i calico-cni.tar
root@master30:~# nerdctl load -i calico-node.tar
root@master30:~# nerdctl load -i calico-kube-controllers.tar
root@master30:~# crictl images|grep calico |awk '{print $1":"$2}'
docker.io/calico/cni:v3.28.0
docker.io/calico/kube-controllers:v3.28.0
docker.io/calico/node:v3.28.0
部署 calico 网络
root@master30:~# kubectl apply -f calico.yaml
验证 pod 状态
root@master30:~# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-56fcbf9d6b-v6qsn 1/1 Running 0 28m
kube-system calico-node-vc9v6 1/1 Running 0 28m
kube-system coredns-6d8c4cb4d-9qdxg 1/1 Running 0 43m
kube-system coredns-6d8c4cb4d-wwfmx 1/1 Running 0 43m
kube-system etcd-master30.shizhan.cloud 1/1 Running 0 43m
kube-system kube-apiserver-master30.shizhan.cloud 1/1 Running 0 43m
kube-system kube-controller-manager-master30.shizhan.cloud 1/1 Running 0 43m
kube-system kube-proxy-8b7tn 1/1 Running 0 43m
kube-system kube-scheduler-master30.shizhan.cloud 1/1 Running 0 43m
节点加入集群
# 导入镜像
root@worker31:~# nerdctl load -i calico-node.tar
root@worker31:~# nerdctl load -i calico-cni.tar
# 节点 worker31 加入集群
kubeadm join 10.1.8.30:6443 --token 69zqv7.b8d3xarvjz7laeww \
--discovery-token-ca-cert-hash sha256:19cf693b9dd799e6fb431f1b7325598418f59dd95ae647d57e88859c7829f33a
root@worker31:~# kubeadm join 10.1.8.30:6443 --token mi0yt8.1tzza4q64dr8y3pc \
--discovery-token-ca-cert-hash sha256:5606e09618330aee8859abe3ea4cd8734f9b540630048a6e1c3aaf6c54d486fd
[preflight] Running pre-flight checks
[WARNING SystemVerification]: missing optional cgroups: blkio
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
# 导入镜像
root@worker32:~# nerdctl load -i calico-node.tar
root@worker32:~# nerdctl load -i calico-cni.tar
# 节点 worker32 加入集群
root@worker32:~# kubeadm join 10.1.8.30:6443 --token mi0yt8.1tzza4q64dr8y3pc \
--discovery-token-ca-cert-hash sha256:5606e09618330aee8859abe3ea4cd8734f9b540630048a6e1c3aaf6c54d486fd
如果没有保存初始化界面中加入集群命令,可以通过以下命令获取加入集群命令:
root@master30:~# kubeadm token create --print-join-command
kubeadm join 10.1.8.30:6443 --token dzpuca.8lqxqqydwskroabx --discovery-token-ca-cert-hash sha256:5606e09618330aee8859abe3ea4cd8734f9b540630048a6e1c3aaf6c54d486fd
验证部署
# 查看集群信息
root@master30:~# kubectl cluster-info
Kubernetes control plane is running at https://10.1.8.30:6443
CoreDNS is running at https://10.1.8.30:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
# 查看版本
root@master30:~# kubectl version
Client Version: v1.30.14
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.2
# 查看节点状态
root@master30:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master30.shizhan.cloud Ready control-plane 32h v1.30.14
worker31.shizhan.cloud Ready <none> 32h v1.30.14
worker32.shizhan.cloud Ready <none> 32h v1.30.14
节点的状态为 Ready,必须满足以下条件:
- 网络配置完成
- 节点启动 kubelet 服务
- swap 关闭
- SELinux 关闭
# 查看 pod 状态
root@master30:~# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-7cb4fd5784-jx2xl 1/1 Running 0 9m19s
kube-system calico-node-4b6s8 1/1 Running 0 6m26s
kube-system calico-node-bsr7v 1/1 Running 0 9m19s
kube-system calico-node-v8jdn 1/1 Running 0 6m31s
kube-system coredns-66f779496c-4j88h 1/1 Running 0 13m
kube-system coredns-66f779496c-fnb8m 1/1 Running 0 13m
kube-system etcd-master30.shizhan.cloud 1/1 Running 0 13m
kube-system kube-apiserver-master30.shizhan.cloud 1/1 Running 0 13m
kube-system kube-controller-manager-master30.shizhan.cloud 1/1 Running 0 13m
kube-system kube-proxy-27vl2 1/1 Running 0 6m31s
kube-system kube-proxy-npv9h 1/1 Running 0 13m
kube-system kube-proxy-q2qrs 1/1 Running 0 6m26s
kube-system kube-scheduler-master30.shizhan.cloud 1/1 Running 0 13m
多集群管理
准备两套集群环境,已有10.1.8.30、10.1.8.31、10.1.8.32节点集群,另外准备一台集群环境:
10.1.8.40、10.1.8.41、10.1.8.42
配置集群
提前准备好镜像
images-v3.28.0.zip包含calico的镜像
k8s-1.30.2-images-aliyun.tar.gz包含k8s的镜像
# 导入calico镜像
root@ubuntu2404:~# wget http://192.168.48.100/02.%E9%95%9C%E5%83%8F%E5%92%8C%E6%A8%A1%E6%9D%BF/%E5%AE%B9%E5%99%A8%E9%95%9C%E5%83%8F/images-v3.28.0.zip
root@ubuntu2404:~# unzip images-v3.28.0.zip
root@ubuntu2404:~# for image in images-v3.28.0/calico-*; do nerdctl load -i $image; done
# 导入k8s镜像
root@ubuntu2404:~# wget http://192.168.48.100/02.%E9%95%9C%E5%83%8F%E5%92%8C%E6%A8%A1%E6%9D%BF/%E5%AE%B9%E5%99%A8%E9%95%9C%E5%83%8F/k8s-1.30.2-images-aliyun.tar.gz
root@ubuntu2404:~# tar -xf k8s-1.30.2-images-aliyun.tar.gz
root@ubuntu2404:~# for image in k8s-1.30.2-images/registry*; do nerdctl load -i $image; done
# 设置 pause 镜像
root@ubuntu2404:~# vim /etc/containerd/config.toml
sandbox = 'registry.aliyuncs.com/google_containers/pause:3.9'
root@ubuntu2404:~# systemctl restart containerd.service
准备节点
克隆出3台主机,设置主机名和IP地址
root@master40:~# cat /etc/hosts
...........
###### kubernetes #####
10.1.8.40 master40.shizhan.cloud master40
10.1.8.41 worker41.shizhan.cloud worker41
10.1.8.42 worker42.shizhan.cloud worker42
# 配置hostname和IP
# master40 节点
# 参考Ubuntu2404-Containerd-Kubeadm-安装Kubernetes-1.30.2“准备节点”
root@master40:~# hostnamectl set-hostname master40.shizhan.cloud
# 修改/etc/netplan/下的yaml文件
root@master40:~# cat > /etc/netplan/00-static.yaml <<EOF
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 10.1.8.40/24
routes:
- to: default
via: 10.1.8.2
nameservers:
addresses:
- 10.1.8.2
- 218.2.135.1
version: 2
EOF
root@master30:~# netplan apply
# worker41、worker42 节点,同样的修改方法
初始化集群
root@master40:~# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.30.2 --pod-network-cidr=10.224.0.0/16
[init] Using Kubernetes version: v1.30.2
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master40.shizhan.cloud] and IPs [10.96.0.1 10.1.8.40]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master40.shizhan.cloud] and IPs [10.1.8.40 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master40.shizhan.cloud] and IPs [10.1.8.40 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "super-admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests"
[kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
[kubelet-check] The kubelet is healthy after 4.163211989s
[api-check] Waiting for a healthy API server. This can take up to 4m0s
[api-check] The API server is healthy after 17.003292516s
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master40.shizhan.cloud as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master40.shizhan.cloud as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: 0jpp34.jdzbskiihrp39omg
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.1.8.40:6443 --token 0jpp34.jdzbskiihrp39omg \
--discovery-token-ca-cert-hash sha256:4f4dfbe994d11152a643e1a1f0da614afaa82840ea9f6b32dfb56c7c22833716
配置集群
kubectl 凭据
root@master40:~# mkdir -p $HOME/.kube
root@master40:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master40:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@master40:~#
root@master40:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master40.shizhan.cloud NotReady control-plane 100s v1.30.14
worker41.shizhan.cloud NotReady <none> 77s v1.30.14
配置网络
# 查看集群 pod 网络范围
root@master40:~/.kube# kubectl get cm -n kube-system kubeadm-config -o yaml|grep podSubnet
podSubnet: 10.224.0.0/16
# 更改 calico.yml,确保 CALICO_IPV4POOL_CIDR 与集群初始化的pod网络一致。
root@master40:~# vim calico-3.28.0.yaml
- name: CALICO_IPV4POOL_CIDR #原先这两行是注释行,注意对齐。
value: "10.224.0.0/16"
# 查询calico镜像,前面已导入过
root@master40:~# crictl images|grep calico |awk '{print $1":"$2}'
docker.io/calico/cni:v3.28.0
docker.io/calico/kube-controllers:v3.28.0
docker.io/calico/node:v3.28.0
# 部署 calico 网络
root@master40:~# kubectl apply -f calico-3.28.0.yaml
poddisruptionbudget.policy/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
serviceaccount/calico-node created
....................
# 验证 pod 状态
root@master40:~# kubectl get pods --all-namespaces
节点加入集群
#可以通过以下命令获取加入集群命令:
root@master40:~# kubeadm token create --print-join-command
# 节点 worker41 加入集群
root@worker41:~# kubeadm join 10.1.8.40:6443 --token 0jpp34.jdzbskiihrp39omg --discovery-token-ca-cert-hash sha256:4f4dfbe994d11152a643e1a1f0da614afaa82840ea9f6b32dfb56c7c22833716
# 节点 worker42 加入集群
root@worker42:~# kubeadm join 10.1.8.40:6443 --token 0jpp34.jdzbskiihrp39omg --discovery-token-ca-cert-hash sha256:4f4dfbe994d11152a643e1a1f0da614afaa82840ea9f6b32dfb56c7c22833716
验证部署
root@master40:~# kubectl cluster-info
Kubernetes control plane is running at https://10.1.8.40:6443
CoreDNS is running at https://10.1.8.40:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
root@master40:~# kubectl version
Client Version: v1.30.14
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.2
root@master40:~# kubectl version
Client Version: v1.30.14
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.2
root@master40:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master40.shizhan.cloud Ready control-plane 19m v1.30.14
worker41.shizhan.cloud Ready <none> 18m v1.30.14
worker42.shizhan.cloud Ready <none> 35s v1.30.14
root@master40:~# kubectl get pods -A
通过单个节点管理多个集群
生成统一的.kube/config
通过10.1.8.10管理节点操作
用户和集群的相关长内容通过cat追加进去,再编辑
root@ubuntu2404:~# kubectl get nodes --kubeconfig k8s-1-config
root@ubuntu2404:~# kubectl get nodes --kubeconfig k8s-2-config
root@ubuntu2404:~# kubectl get nodes --kubeconfig k8s-1-config
NAME STATUS ROLES AGE VERSION
master30.shizhan.cloud Ready control-plane 4h53m v1.30.14
worker31.shizhan.cloud Ready <none> 4h52m v1.30.14
worker32.shizhan.cloud Ready <none> 4h51m v1.30.14
root@ubuntu2404:~# kubectl get nodes --kubeconfig k8s-2-config
NAME STATUS ROLES AGE VERSION
master40.shizhan.cloud Ready control-plane 45m v1.30.14
worker41.shizhan.cloud Ready <none> 45m v1.30.14
worker42.shizhan.cloud Ready <none> 27m v1.30.14
root@ubuntu2404:~# mkdir .kube
root@ubuntu2404:~# cp k8s-1-config .kube/config
root@ubuntu2404:~# sed -i 's/kubernetes/k8s/g' .kube/config
# 合并配置,用户和集群的相关长内容通过cat追加进去,再编辑
root@ubuntu2404:~# cat k8s-2-config >> .kube/config
root@ubuntu2404:~# vim .kube/config
# 修改时注意格式,特别是clusters与cluster的层级关系、contexts和context的层级关系,以及 client-certificate-data和client-key-data要正确,否则kubectl get nodes验证时会报错:E0304 08:48:47.896149 44532 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
# 最终凭据格式
root@ubuntu2404:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.1.8.30:6443
name: k8s-1
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.1.8.40:6443
name: k8s-2
contexts:
- context:
cluster: k8s-1
namespace: kube-system
user: k8s-1-admin
name: k8s-1-admin@k8s-1
- context:
cluster: k8s-2
namespace: webapp01
user: k8s-2-admin
name: k8s-2-admin@k8s-2
current-context: k8s-1-admin@k8s-1
kind: Config
preferences: {}
users:
- name: k8s-1-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
- name: k8s-2-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
# config文件内容如下
root@ubuntu2404:~# cat .kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJVFp1WUg0NGdIdnN3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBek1EUXdNekEwTlRkYUZ3MHpOakF6TURFd016QTVOVGRhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURUaW1ZQmJYTHB2UEU5ZXdmTDBQNUw4bHI4TDJYWVl0UWlyN25DMU1Fd2JFMnZhSEpiR1pLR2JHQ2sKdXlQdzJicE1raUJWYmdHeFFUNENCV2l1d2VwN2pOZUxuSVhlc3BGT3J5OWRQTEx2UWJVc3ZIN3lJd1JUYWxIdQo2R1N2UnYrQ21NYmloUEhERDl6Q1UwVmphTjJvbERUR0hmcGNpOE5aQURieFlycUxORk9TaUo3QmpqOTJuVVlVCk5GclpQbXcyUjVHdVhNVFhOb2gvbEVCK3BkZmpiY3Y3WjhpT3FpandWVlRmYXR2SXlCdHIrRTBtYVFVRWNmbmoKeEdwcm9nYTRmcHBkbWNCV3dESmRTb0tWTjZ5V1ZrWTcrT0E2RWIzUzAyWnNGeXVRc1NkWmUwRnRhcnB3WVZlUQpMeDZXSURLcGo0NTViL0phRjZHMWpWbDFjbHFyQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSOWk3MzFOemYzZzRMNVZsUkY4S0pzdUhFb3hUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkhyOXQraEdKZQp6V2J0YURSQjUxZi9iSEo1dlh5ekFpWERCbllGQU84ZWk5QnJzaGdxNFo4RWVqZmtGRDEvdTJBS04zZFJvNlNHCmlSUjFnL2tXMTJoaXVINExlR1gvVy9wWVBpQ0ZnQXpuMkFQZHlHNFdBYnNkelpoYkZmTEk4dHhsNFVpaDF5M1oKSWtNdEd3UHNNMHBKMm1MQ1cxSkszWm1HZjZLVWEzdVYvSC9NMTdLSUZyZFlBZDhERy9uaUFQait5K0FQTFJaNgo1dWdOTTV5ZU5HWW8vdmtlZlh5b1JQcS9GZ1gvcHBGSFZ1L1BVNDIxS2hTRDFXVkdCVjR3MmZUc2VWd2RVcVBiCkJJcFdqQTgxbzZ6VVdNdlVmaFZZMFBrdi93aEVSVE1ReGV4bjJxWmkrL1BwY1NVVWlxRDUybG02NHlFd1ZrM2sKem5nM2FjQkJZdy9qCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://10.1.8.30:6443
name: k8s-1
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJRU1YZU83UlhXWW93RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBek1EUXdOekV5TXpCYUZ3MHpOakF6TURFd056RTNNekJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURwQ0JjcW0vT003MDBMaTV4T0xWNXpBOXpVN1N0NUsrblRFV2pVeHFkeVFpaHNud3p2Yi82RzVYeDcKMnY0RXBob3YzSGdVRmRIMm9IV2lDZGk2eVUzbDFWc0xwQzNmRG9XVjBLdm9tMlE2UllDT0JNV1hTZHJzUzhRZQpFMytCdld5K2p3UFdaZ3k1S0NEUlQ1TlFwUUtZMkduRFVXV25HUlRRTm5rMzMvMGk5bGNGM0h1YWZoWjk1RTJQCmVJVVpjVGxtVmhBTUFVWkhCNlFkMWczdFFhN1FTRjBSQ2FzSUc3bTJUQWhIZk5LTlhjTzN2cXAxT0dTa3ZLRksKRC83cWR4Q0JKb2c0TTBac1I5U3RGdEdCOUt6VlJwem9zVThZeHU4aEtxZEVRZE1mMitjZkpXYmtXOFdGNXZyOAp0Nms1a3QvTXh1aGNTU1dURXhkeStaMmNEbzgxQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUY0tBdUJ5SThINFhHdVUzVlcvNW5BRENaTkxqQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW9CWFIrTXdxQQpXSmZpdFV2OUFqcVRqS2ZBNU56Zk5WSUZwVGV2QmdPZEFxclBadkFNVVh3SU92eElCWGdkaURjV0QzdWVsZGZCCmlpRlQwMzFjbEt2ZXJRMDRvRnJhNHZDT2tvRExhYnAwcjNyQkYraEVxcjY4dUs2Y1ozM1B2UHkzN05RSjlEM0oKQ05aUTFReWViWHNqREdVenBtcUo0TnRPNERIZ2lmZ0t5UDV4YU9vS3dMQlRTKytLVUJscFNIV050anRncWRRLwpJODNCMUYySWF3b0xHME0rNzduamVHZG9BdUFLTnVsUnk2Mm9idW9EZkp5bjUzTTVIVEo3YmdYSVA2Z2oyY2UwCmJSa3hab0o5eFovdDlFU3BlY1ZhYXRrblkwb2lzTTJoZjRVK2tsVThpM0hmdmlWbXY4N2ZnTlRyMnNnNzlnMWcKeEpINEZFNnNEQmdECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://10.1.8.40:6443
name: k8s-2
contexts:
- context:
cluster: k8s-1
namespace: kube-system
user: k8s-1-admin
name: k8s-1-admin@k8s-1
- context:
cluster: k8s-2
namespace: webapp01
user: k8s-2-admin
name: k8s-2-admin@k8s-2
current-context: k8s-1-admin@k8s-1
kind: Config
preferences: {}
users:
- name: k8s-1-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJWXlBMVQweFg5VUl3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBek1EUXdNekEwTlRkYUZ3MHlOekF6TURRd016RXdNREphTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDbzBJci8KakMxL1h0TDhYajlNMC8veEd3dVZWVXNGSUZqYjBDSzNGS0E5TVgxMzg2UmNaRVZyNWpUU2FTZHk3ZGY5RkROcApadE1CYzNZeWg2aFhBRnBUSklVSDNwQVJTbEV3dkI1ejBoWGR5a25zamlRZGhud3c4di9TTHlxbkc5WnY1REVOCmNraE8vbG1Sdk5pUU54RzluV1Jwa0JrSkI0Wk1VUTA1S3ljV1hJOTEyNHlUazhFMWMzdTN2NFVESXhlYVJrZmgKc3pZWVd2eVFjVzN3bnc3VTJnQ3RoeWlLRWFZSFMyOStOTU5wZGxBUFhTeVJMbjMxMFBpUWJzTUtLUTc1M0xpTwp0WkZjQVJ0YWlyTW1qZUVTTlBrSFliZHYrOWoxYndyL3lzb1ozaU54OXZnTkNxVXAxNWtMczJDRFBnY0VRWXExCngzNkJJT00ySE95SkVRWVJBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkgyTHZmVTNOL2VEZ3ZsVwpWRVh3b215NGNTakZNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJlbms4N3c0eTRZdWkvV1BKZjJsb1QwN3Q5CjRjVmVMRFdBY1UyWmx1YVNoK2RkeVVzRjdzeURiZk8vWkxEVm5RakFUTlpqWjUvUmRjUkhtODJPWWNGMG9PeFQKc0FvUDZPbkNMNmk4M0pwRmhuK2tTZGNiS0VBYmFQR3U1T3FGcmR5VWIxblVZUXpMVXloVkpkc3VIejhQY25keAppWmVWUUdCalhaUmNGMFI2dVZ6c08xZXE1ZVBVS2d5bDNweUVtN0JsSEJ2L29obHdlVHcwRjdnd1NuYXc2UzNQCk84bnF3clR6NktXL2lWTmhOdHRMYXIzU00rSnMrMnJTN1BXMG9qOFJMN0RDbjA4N0RUb2dseW9QUVN4ajExNHoKblpPc0Y4V2tOWXBwVGc1bzZSYlA5T0NzVXlSVlFpYjlBd3NQREM1bTd0RE5hTFN6R2lBVkhHdi9WaW9DCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcU5DSy80d3RmMTdTL0Y0L1ROUC84UnNMbFZWTEJTQlkyOUFpdHhTZ1BURjlkL09rClhHUkZhK1kwMG1rbmN1M1gvUlF6YVdiVEFYTjJNb2VvVndCYVV5U0ZCOTZRRVVwUk1Md2VjOUlWM2NwSjdJNGsKSFlaOE1QTC8waThxcHh2V2IrUXhEWEpJVHY1WmtiellrRGNSdloxa2FaQVpDUWVHVEZFTk9Tc25GbHlQZGR1TQprNVBCTlhON3Q3K0ZBeU1YbWtaSDRiTTJHRnI4a0hGdDhKOE8xTm9Bclljb2loR21CMHR2ZmpURGFYWlFEMTBzCmtTNTk5ZEQ0a0c3RENpa08rZHk0anJXUlhBRWJXb3F6Sm8zaEVqVDVCMkczYi92WTlXOEsvOHJLR2Q0amNmYjQKRFFxbEtkZVpDN05nZ3o0SEJFR0t0Y2QrZ1NEak5oenNpUkVHRVFJREFRQUJBb0lCQVFDWUVreTBpZlZPWVFCVgpJUjJLdXdzN2llNTBWc0plMnRYUkpmeXZ5aC9USUNyempJS0tURFdSVG01VkFTN3RSRDZtbDdUOGhRa2RySUpVCllJb1AzWnlBZTB4dlcxbVNpY3o3eHVyejBOT3IyUmVneGliWWhoYUlEYzdQNjNkVDFDcm0zcndsYmNhZmlsYnIKaHgvYlFoQjBMRDJSTHFLdTFKMXhVQzVHU281S2dCNk5CdDExWGZrc0g0bndyWDJ4cThCMUhVcHlpS3V4cXMwOQo5ak9vRWRWbmZUVm04MERCVDVPbWNIN0RQMlhDR1lUMjd5N2l4cmo0QzVoR3lmQ2VJNHR2TWtZeEwwdkMzbHBwClFtUkVRMFJ1TGF3VXR2ZlRFRkJDUHExMGkvejR2bkU4Y0pwWGdHSms5N3FjSUlvSDZBb0lDcnpFMW9nNDZXaGoKZWk1YlZ4NHhBb0dCQU13WWxwakx4MDd3SENMUjE3YTVEQ09CZ2w2TTAzUG9TbDljRnN3WkVpbDhMWVRJa1ZrMwpDVktEWVZURC9zTm5lWm8veWhSN2hJOHQvYzc0L3NWb2JhTDFPc3JVQ3Z0bUFVakdkd3IxeVVpMGw1MHQ3dWNUCnQ2eGNtYlhHbFduNUR1Mkx0VmZWTW5jNXB3cFpGMnRCNTlJd0NhOHVFRi9vSHhDQ21jQW1oL1J0QW9HQkFOTy8KQUttbGphTTQ5MzFTWGRpUjZ2M3RlUjM4MEEwMldzdUErbXpYenZUeFNURlNyWWFQTkpZdVVnRTJ3OXhpR1djcApmSUw0S0QvTHhkS2VFUkZ6MWg0cWV3K2VrZEFkSlllTjE1Tm1UUmZxT2V3OGxHRHJGYnMrb1hKTUViOGJSQkJ6CnRMcUVZcEZDUXZpVXliK1B5Y0puUHBzSHNjbzg4eWtzN09FVEl1bTFBb0dBTHI5WEJ5cHR2VnZyNWVIUW1lNnEKcEJ0TzVCODNjNjM2RXZ1QjBUL1ExQ1c0TzFqQlNnRDhKcVVuRHdaUmZTcGZSUUJsWmVtZ3hEYlJrcTJmbFZIRgpBdlZPZ1JTdWEwVEMrSXRVeXZMZkpzTU9reGJwU0k1UW5LOGRHZkNoV29PTWNzWjBRK2oyUlM2MFh2OW5DTTh3CnJRa0p2dEU3T094dTZSWXc1ejBzR01VQ2dZQnp5TEdZRWtyTXdjMnkzV01ybFQ2bDgwQ1RRVGFTd3ZJSzdWQUMKVEUrQ2FKM1pOcGhrUjlJOWZMNmlvMHVlS3BZeGJ1SUN5NmRXbXhway9NSGdoVExEOC82dW44cWp2Z3hUZnlBdQpIWFp5YVVXYkE5VXUyZDFjTWZjZUJMSi9pVzFDZ2NLRmF2WnE3NHluV05Tb3h2dFFMaHh4c1ZkcWVzR0w5bURoCkFoSEpNUUtCZ1FDZWpFYVNkaDlNOHBOaFFOYW1OdGhtR1k3b2I5SUh5SU1tNGtTUERiRk1oUnRFTlE1OXRBRWcKNW1EcHQ3dExLMUhxekYzZWN2bG8vZ0NBaUpENFZxb1lVVGhxUlhHRk1qRkwrRENaOGUrMGZTc2xnMmZyRndybQp2c3pRM2VlYXZrU0RLTVpub2NtY3dZYUNmaEI3ZWtTOFRTYWNySW1OWmxkcExVVDNaaHJnMFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- name: k8s-2-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJSUFFQVNQTTdmajh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBek1EUXdOekV5TXpCYUZ3MHlOekF6TURRd056RTNNemhhTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ2Q5S20KR2ZBcmNQZ1kvQ05scFZpajU1am9MY3F4TlZkNEE0c1F4b3JNWXJCemJIYU9DK1o0SDcrQmpQcWpBNlNmYnNrdgpjUWR4UTErTmQvRUpuTVNDMUVXQThSQmVWL1pCRmhjVDNOR08zRDdKRWxkaHU5TUJkbTc4UHZTOGZpMnJ1SEY3CjVmL3BtOGhrdUpwTmRyQzc2VFdwQmdrVEUrSjF0MVVUZlI0cGtXQlMyRkoyM2F2akZTb0IxUlZ0QmdVWjhLQlQKeEl1MHBqaEhka2I3SnBNTG0vUm9PR1ZjdTVGTGRiRnpWZk1mU2dXWjNvT3pMOTI4dnBORFYxeFpGZ21NOVQwNwo1dnR4RkJwaEtuUnd6TkwxdW9HeUxpNDBHR244dUVaUGlybnJxRlIrUzduQWVnMG0xUThYb1RaRzEwT3h1bzJ1CndUVytnZ2toOWROaDZJM2RBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRk53b0M0SElqd2ZoY2E1VApkVmIvbWNBTUprMHVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNOS1pVQ2lZOEJ4bkQ5dTJKQ3NTWDJHaDhVClV1akQwT2ZVLzdKaDZ0d1MwR0lPVFVEc3h2L3NQTjlZK0pPaGZhSlo0MVNWZStyY2doZ2V1OEJRaE15NnVpWUsKMnNGSURGMU03QXdGcHd0ZTNYbHROOEloSG1qMWpNUEZ3RTlIM25FZjRXMDVPemFKSUxqK0lGdTFIdUI0NjR2OApvSmplNzJCQVlrS0EwSnZLYVV0RDRwMkhzcUZrWXNyUGh2WGxvMzlESGovS3pFT0VNT0paOHJYTHFrNW5teUVFCjErSFNrL1Q3a1AvQVRNYkdjVk8zSDZUL2hsNFVKVEdjNmVRK2JnNmlVVHBLQ3prV1BGRDVGTUxRS05WSG8xK3EKNFpHZEpDUFRVS1lXSit3eG14SEJLb3R1Y0luTmNIeENKeDNzbUlVYkNxOFhuSUN1VVJnN2VRRmJpOUVmCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd25mU3BobndLM0Q0R1B3alphVllvK2VZNkMzS3NUVlhlQU9MRU1hS3pHS3djMngyCmpndm1lQisvZ1l6Nm93T2tuMjdKTDNFSGNVTmZqWGZ4Q1p6RWd0UkZnUEVRWGxmMlFSWVhFOXpSanR3K3lSSlgKWWJ2VEFYWnUvRDcwdkg0dHE3aHhlK1gvNlp2SVpMaWFUWGF3dStrMXFRWUpFeFBpZGJkVkUzMGVLWkZnVXRoUwpkdDJyNHhVcUFkVVZiUVlGR2ZDZ1U4U0x0S1k0UjNaRyt5YVRDNXYwYURobFhMdVJTM1d4YzFYekgwb0ZtZDZECnN5L2R2TDZUUTFkY1dSWUpqUFU5TytiN2NSUWFZU3AwY016UzlicUJzaTR1TkJocC9MaEdUNHE1NjZoVWZrdTUKd0hvTkp0VVBGNkUyUnRkRHNicU5yc0Uxdm9JSklmWFRZZWlOM1FJREFRQUJBb0lCQVFDcWY0bWxiYXBmTy8yWgpVajdxbUd3OTBBa0V6MWtkd3ltOEpFY2gzeURFRDJhcTNCYVpkWitNQkRIUU1MMXlmUGd4ZkYxUmhlVERqaEZSCnBDNGxnbGZjYUtYRFpoYzIwQ0lzY0dTdFduWTByYTh5ZFMwOW1BSnBEdUJCc2lTNnVsbnFhNXk3eHl4M01ja2gKWGFTVGRCT0J2UGI2Q1R1ZGlWcU1ZTDlyaGRBVEdrVzRkS09VY0tyTm80WmRIdUsyWGlHRmhWQytEWEJFVWxPYQpWRkdUdmxmc1ZxNWxYMGlvYzNrblR5VVRZaG9uckEwanh1UzhrMURJN251R0E4Ty9BWFBqZW8vMnBLdFlSb0owCmhrNUxZSmFMOFlpS0R0ZUtZOTlZQklIcExDdy81bVJNVklkVGY3RW11eGJLTmhGWjZnbVV1VDlBMTQyQlY2bTQKWVdDcGw3dlZBb0dCQU9ybVBzNGFtNHk4bEl6RitCa0lsOVArVnZaZWVkT1lVNWZqcnBJUWtod3N2MDh5cmZpOQpWQS9ld2FtQzU0cWtRalVlOUdsdVowV2NlWW1xUjFZQXBiU2NmMVQ4U2J2U3BBQVlnYU9TTjc4WlBId1o3N2VFCmtzNXZTckMzS3JBbTNMTHBhdy9iNmZDK3pCVlkxeXlUam81Zzh6dVQ1SjQyQlhPMEU2eWVhRG9IQW9HQkFOUHYKMFNzdFllZXlueWo2UFQrNzJxR1ArcXhzdjNoZ3Z0SVNxcFVlUXlvaURPT2FCT3RxQ3NCYVcvYi9ZZlVkWDZsUApPSDhtSzYzOHc0Z2k5WGpTZ0V1NHN5bHdNbkRBdEdRYXVLeGRIV1RTVWdKKzM1L1ZqMUpNVGd1VlR6c08xZ2R5CkNyNzNiVU5FdmorRHhSSjJ6aXVvM2JqcWpIbHBOcnVCSkxrYjFNLzdBb0dCQUtYamd0azFTME1CN3ZyWDJKVjkKVHhRazI2OVVHejlHcFVwd1BkbmpuL3dMMGZPUmUvRmRhOTlsVm1sckREQUtQc09iSDhyUmNGZGw0U05Ld09SSQp3cjJoZy84MXlMQy9XcGpDdGRNWnNRcmhQS2o3L0NJam16WDB2TSsrRzRTWmZXVlFtUTV6Sld5aW9pZzFQSWk3CmtJS1dqMUEwNnRDY29BOE5UcE9xcnpyREFvR0FXR2tEWGJxcHkramtva2g1Z252UUFYTzVnM0krRVc1eVM5b0QKbFA4eHo0S3kwOE50Wi9NdGx2NWF2TmZlT2sxTm1haDFqZjBUWFpwQ3l5aWlOQXZELzFLR1VyUCtKckVNejNHaQpOaTBGMVFnenM5elBWckxVL2VUYzdkSVVZak9YTHpYd3E2YzF5a2tFQUNUczhmM2psYXoxQ1cyMnVmTWRKTzBECnI4Q2ZiejhDZ1lBUWk2ZDdlZy9ZV3ZCWFV4WHZkR3FSWVRZbFdwTHJ4VUwxVHFXL3RRWDdVV3FPVS9HeGYwWm0KZnlPeVlLU3E4clZrKzkzOTFzcWpQdkowRUtjMDNrSlhqZUJVL2hOeklKVXlhOFNrVHJmdzFMTXp1Q3NBdU82VQovYjR4VEZMUWRaaWdWdEtPTEtyS2J3aVlFMDNSdWZnNStIZzdoMngxL0FqYmhhR1ZidHhGcEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
验证
root@ubuntu2404:~# kubectl config use-context k8s-2-admin@k8s-2
Switched to context "k8s-2-admin@k8s-2".
root@ubuntu2404:~# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
k8s-1-admin@k8s-1 k8s-1 k8s-1-admin kube-system
* k8s-2-admin@k8s-2 k8s-2 k8s-2-admin webapp01
root@ubuntu2404:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master40.shizhan.cloud Ready control-plane 98m v1.30.14
worker41.shizhan.cloud Ready <none> 97m v1.30.14
worker42.shizhan.cloud Ready <none> 79m v1.30.14
root@ubuntu2404:~# kubectl config use-context k8s-1-admin@k8s-1
Switched to context "k8s-1-admin@k8s-1".
root@ubuntu2404:~# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* k8s-1-admin@k8s-1 k8s-1 k8s-1-admin kube-system
k8s-2-admin@k8s-2 k8s-2 k8s-2-admin webapp01
root@ubuntu2404:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master30.shizhan.cloud Ready control-plane 5h46m v1.30.14
worker31.shizhan.cloud Ready <none> 5h45m v1.30.14
worker32.shizhan.cloud Ready <none> 5h44m v1.30.14
开源鸿蒙跨平台开发社区汇聚开发者与厂商,共建“一次开发,多端部署”的开源生态,致力于降低跨端开发门槛,推动万物智联创新。
更多推荐
7
0- 0
已为社区贡献1条内容
所有评论(0)