前置工作
HAProxy 部署 juejin.cn/post/757613…
Keepalived 部署 juejin.cn/post/757618…
部署
步骤同 juejin.cn/post/756680…
只是初始化控制平面节点时命令要改成
kubeadm init --control-plane-endpoint="192.168.174.200:6443" --upload-certs --pod-network-cidr=10.244.0.0/16
初始化成功的输出
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes running the following command on each as root:
kubeadm join 192.168.174.200:6443 --token c95oxm.u9uqpnackyji089v \
--discovery-token-ca-cert-hash sha256:66c8350719619bd5990eeb85b24a988e397c73d2fe69692a40cc675a4cacebce \
--control-plane --certificate-key 433f039b49b9b63eb6bdb2147c86e571537f0de189b30e0b2f9e8f86df0c762a
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.174.200:6443 --token c95oxm.u9uqpnackyji089v \
--discovery-token-ca-cert-hash sha256:66c8350719619bd5990eeb85b24a988e397c73d2fe69692a40cc675a4cacebce
重新生成控制平面节点的加入命令
echo "sudo $(sudo kubeadm token create --print-join-command) --control-plane --certificate-key $(sudo kubeadm init phase upload-certs --upload-certs 2>/dev/null | grep -vE '^\[' | tail -1)"
