使用kubeadm部署高可用Kubernetes 1.17.0

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>>

因为Kubernetes集群1.16升级1.17后崩溃，计划重新部署。以前是手工创建的高可用集群，现在使用kubeadm来部署高可用Kubernetes，因为1.17.0已经增加了很多新的功能，正好来体验一下。

参考：
- 创建高可用集群：Creating Highly Available clusters with kubeadm
- 获取新的镜像：Kubernetes 1.17.0 已发布
- 本地存储提供者：Kubernetes的Local Path Provisioner
- 获取Kubeadm更新：kubernetes for china

创建集群：

sudo kubeadm init --kubernetes-version=v1.17.0 \
--apiserver-advertise-address=192.168.199.173 \
--control-plane-endpoint=192.168.199.173:6443 \
--pod-network-cidr=10.244.0.0/16 \
--upload-certs

注意：

增加--control-plane-endpoint参数，是用于多Master的部署使用，必须加上。
使用多个Master节点的kubeadm init方法后，输出有所不同。如下：

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383 \
    --control-plane --certificate-key 440a880086e7e9cbbcebbd7924e6a9562d77ee8de7e0ec63511436f2467f7dde

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383

运行下面的命令，以使kubectl在当前用户账号下可用：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

注意：
- 上面带--control-plane参数的命令用于部署一个新的Master节点。
- 不带--control-plane参数的命令用于部署worker节点。

增加Master节点：

  kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383 \
    --control-plane --certificate-key 440a880086e7e9cbbcebbd7924e6a9562d77ee8de7e0ec63511436f2467f7dde

After Add master node:

sudo kubeadm init phase upload-certs --upload-certs
### Got:
# [upload-certs] Using certificate key:
# 2ffe5bbf7d2e670d5bcfb03dac194e2f21eb9715f2099c5f8574e4ba7679ff78

# Add certificate-key for Multi Master Node.
kubeadm token create --print-join-command --certificate-key 2ffe5bbf7d2e670d5bcfb03dac194e2f21eb9715f2099c5f8574e4ba7679ff78

增加Worker节点：

kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383

然后部署Network CNI驱动，如下：

docker pull quay.io/coreos/flannel:v0.11.0-amd64

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看一下节点状态：

kubectl get node -o wide

将显示节点列表，如果部署了多个Master，也将显示多个节点的role为master。

部署管理界面：Dashboard 2 on Kubernetes 1.17.0

来源：oschina

链接：https://my.oschina.net/u/2306127/blog/3152592

标签

ControlPlane

Kubernetes