使用Kubeadm int后,会生成一串已经配置好的命令,node只要运行即可加入集群成为节点,上次我们建立的集群生成的命令大致如下:

kubeadm join 10.0.1.50:6443 --token ubsvnm.19r0fkmszputo462 \
    --discovery-token-ca-cert-hash sha256:e18805de142e4cefdb8e3060bc818fee60fd963cd9e69551bf25ca8cc23cd4cb 

可以看到分为三个部分:

  • join ip:6443 这是master的地址
  • token xxxx 这是token
  • discovery-token-ca-cert-hash 这是证书加密后的数据

但是kubeadm生成的token只有24小时的有效期,过期即不可用,这里我们自己生成这些数据,组合即可。
参考链接:kubeadm join - Kubernetes

生成token

在master主机执行

# 生成token
kubeadm token create

# 查看token
kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
r055wa.kbnpvnykq20vx22m   20h       2019-08-16T05:43:22-04:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

加密证书

kubeadm生成的集群,证书默认地址即在下面的路径中,直接运行即可。

# 运行
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

# 生成的数据
e18805de142e4cefdb8e3060bc818fee60fd963cd9e69551bf25ca8cc23cd4cb

加入

将以上进行组合

# 组合
kubeadm join --discovery-token r055wa.kbnpvnykq20vx22m --discovery-token-ca-cert-hash sha256:e18805de142e4cefdb8e3060bc818fee60fd963cd9e69551bf25ca8cc23cd4cb 10.0.1.50:6443

# 加入 这里的192.168.1.2是dns服务器,警告信息忽略
ansible node04 -m shell -a 'kubeadm join --discovery-token r055wa.kbnpvnykq20vx22m --discovery-token-ca-cert-hash sha256:e18805de142e4cefdb8e3060bc818fee60fd963cd9e69551bf25ca8cc23cd4cb 10.0.1.50:6443'
node04 | CHANGED | rc=0 >>
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster. [WARNING Hostname]: hostname "node04" could not be reached
        [WARNING Hostname]: hostname "node04": lookup node04 on 192.168.1.2:53: no such host

需要加入的node,直接运行此命令即可,记得在此之前要准备好kubernetes安装的环境:Ansible Playbook配置K8S Node环境 - SPEX
Node在加入后默认会运行两个pod,分别为kube-proxy与flannel,运行成功后即可看到node状态为ready。


如果有使用NFS的StorageClass,还需记得NFS服务器上文件夹的权限问题,修改/etc/exports中文件夹允许的访问与修改。Kubernetes使用NFS做持久化存储 - SPEX

Last modification:August 16th, 2019 at 08:34 am