6、部署 k8s Cluster（下）

時間 2021-01-21

標籤 node git github docker bootstrap api 網絡 app this 欄目 Git 简体版

原文原文鏈接

6、部署 k8s Cluster（下）

上節咱們[經過 kubeadm 在 k8s-master 上部署了 Kubernetes，本節安裝 Pod 網絡並添加 k8s-node1 和 k8s-node2，完成集羣部署。node

（一）安裝 Pod 網絡

要讓 Kubernetes Cluster 可以工做，必須安裝 Pod 網絡，不然 Pod 之間沒法通訊。Kubernetes 支持多種網絡方案，這裏咱們先使用 flannel，後面還會討論 Canal。git

執行以下命令部署 flannel：github

root@cuiyongchao:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
root@cuiyongchao:~#

（二）添加 k8s-node1 和 k8s-node2

在 k8s-node1 和 k8s-node2 上分別執行以下命令，將其註冊到 Cluster 中：docker

關閉swap：
swapoff  -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
kubeadm join --token wjxawc.qsjz0lp4m9ihdcy0  10.0.0.41:6443 --discovery-token-unsafe-skip-ca-verification

這裏的 --token 來自前面 kubeadm init 輸出的第 ⑨ 步提示，若是當時沒有記錄下來能夠經過 kubeadm token list 查看。bootstrap

root@k8s-master:~# kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
0872ga.bg0rbp0jvp2omjem   23h         2020-11-02T11:22:37Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

kubeadm join 執行以下：api

root@k8s-node-02:~# kubeadm join --token 0872ga.bg0rbp0jvp2omjem  10.0.0.41:6443 --discovery-token-unsafe-skip-ca-verification
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

root@k8s-node-02:~#

根據提示，咱們能夠經過 kubectl get nodes 查看節點的狀態。網絡

root@k8s-master:~# kubectl get nodes
NAME          STATUS   ROLES    AGE   VERSION
k8s-master    Ready    master   17m   v1.19.3
k8s-node-01   Ready    <none>   76s   v1.19.3
k8s-node-02   Ready    <none>   94s   v1.19.3

目前全部節點都是 NotReady，這是由於每一個節點都須要啓動若干組件，這些組件都是在 Pod 中運行，須要首先從 google 下載鏡像，咱們能夠經過以下命令查看 Pod 的狀態：app

root@k8s-master:~# kubectl get pod --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-6d56c8448f-9grxk             1/1     Running   0          17m
kube-system   coredns-6d56c8448f-mrx55             1/1     Running   0          17m
kube-system   etcd-k8s-master                      1/1     Running   0          17m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          17m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          17m
kube-system   kube-flannel-ds-cqwqv                1/1     Running   0          12m
kube-system   kube-flannel-ds-nh2qg                1/1     Running   0          104s
kube-system   kube-flannel-ds-wbrs6                1/1     Running   0          86s
kube-system   kube-proxy-45prh                     1/1     Running   0          17m
kube-system   kube-proxy-g2c4x                     1/1     Running   0          104s
kube-system   kube-proxy-jwvg5                     1/1     Running   0          86s
kube-system   kube-scheduler-k8s-master            1/1     Running   0          17m
root@k8s-master:~#

Pending、ContainerCreating、ImagePullBackOff 都代表 Pod 沒有就緒，Running 纔是就緒狀態。咱們能夠經過 kubectl describe pod <Pod Name> 查看 Pod 具體狀況，好比：ui

爲了節省篇幅，這裏只截取命令輸出的最後部分，能夠看到在下載 image 時失敗，若是網絡質量很差，這種狀況是很常見的。咱們能夠耐心等待，由於 Kubernetes 會重試，咱們也能夠本身手工執行 docker pull 去下載這個鏡像。this

等待一段時間，image 都成功下載後，全部 Pod 會處於 Running 狀態。

這時，全部的節點都已經 Ready，Kubernetes Cluster 建立成功，一切準備就緒。