六、 部署 k8s Cluster(下)
? 上節我們[通過 kubeadm 在 k8s-master 上部署了 Kubernetes,本節安裝 Pod 網路并添加 k8s-node1 和 k8s-node2,完成集群部署,
(一)安裝 Pod 網路
? 要讓 Kubernetes Cluster 能夠作業,必須安裝 Pod 網路,否則 Pod 之間無法通信,Kubernetes 支持多種網路方案,這里我們先使用 flannel,后面還會討論 Canal,
? 執行如下命令部署 flannel:
root@cuiyongchao:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
root@cuiyongchao:~#
(二)添加 k8s-node1 和 k8s-node2
在 k8s-node1 和 k8s-node2 上分別執行如下命令,將其注冊到 Cluster 中:
關閉swap:
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
kubeadm join --token wjxawc.qsjz0lp4m9ihdcy0 10.0.0.41:6443 --discovery-token-unsafe-skip-ca-verification
這里的 --token 來自前面 kubeadm init 輸出的第 ⑨ 步提示,如果當時沒有記錄下來可以通過 kubeadm token list 查看,
root@k8s-master:~# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
0872ga.bg0rbp0jvp2omjem 23h 2020-11-02T11:22:37Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
kubeadm join 執行如下:
root@k8s-node-02:~# kubeadm join --token 0872ga.bg0rbp0jvp2omjem 10.0.0.41:6443 --discovery-token-unsafe-skip-ca-verification
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
root@k8s-node-02:~#
根據提示,我們可以通過 kubectl get nodes 查看節點的狀態,
root@k8s-master:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 17m v1.19.3
k8s-node-01 Ready <none> 76s v1.19.3
k8s-node-02 Ready <none> 94s v1.19.3
目前所有節點都是 NotReady,這是因為每個節點都需要啟動若干組件,這些組件都是在 Pod 中運行,需要首先從 google 下載鏡像,我們可以通過如下命令查看 Pod 的狀態:
root@k8s-master:~# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6d56c8448f-9grxk 1/1 Running 0 17m
kube-system coredns-6d56c8448f-mrx55 1/1 Running 0 17m
kube-system etcd-k8s-master 1/1 Running 0 17m
kube-system kube-apiserver-k8s-master 1/1 Running 0 17m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 17m
kube-system kube-flannel-ds-cqwqv 1/1 Running 0 12m
kube-system kube-flannel-ds-nh2qg 1/1 Running 0 104s
kube-system kube-flannel-ds-wbrs6 1/1 Running 0 86s
kube-system kube-proxy-45prh 1/1 Running 0 17m
kube-system kube-proxy-g2c4x 1/1 Running 0 104s
kube-system kube-proxy-jwvg5 1/1 Running 0 86s
kube-system kube-scheduler-k8s-master 1/1 Running 0 17m
root@k8s-master:~#
? Pending、ContainerCreating、ImagePullBackOff 都表明 Pod 沒有就緒,Running 才是就緒狀態,我們可以通過 kubectl describe pod <Pod Name> 查看 Pod 具體情況,比如:
? 為了節省篇幅,這里只截取命令輸出的最后部分,可以看到在下載 image 時失敗,如果網路質量不好,這種情況是很常見的,我們可以耐心等待,因為 Kubernetes 會重試,我們也可以自己手工執行 docker pull 去下載這個鏡像,
等待一段時間,image 都成功下載后,所有 Pod 會處于 Running 狀態,
? 這時,所有的節點都已經 Ready,Kubernetes Cluster 創建成功,一切準備就緒,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/251513.html
標籤:其他