注意:节点初始化请参考
https://xwutx.cn/archives/c6359115-1262-48ef-8ff9-686fde00a471
1.我们需要从已有的master节点拷贝证书到需要加入的master节点上,并在新加入的节点上创建一个文件夹
1.1 需要拷贝的证书
/etc/kubernetes/pki/ca.crt
/etc/kubernetes/pki/ca.key
/etc/kubernetes/pki/sa.key
/etc/kubernetes/pki/sa.pub
/etc/kubernetes/pki/front-proxy-ca.crt
/etc/kubernetes/pki/front-proxy-ca.key
/etc/kubernetes/pki/etcd/ca.crt
/etc/kubernetes/pki/etcd/ca.key1.2 创建文件夹
mkdir ~/.kube2.在当前已有的master节点上运行如下命令
第一步
kubeadm init phase upload-certs --upload-certs结果如下
I0523 23:43:01.534954 16282 version.go:256] remote version is much newer: v1.30.1; falling back to: stable-1.23
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
025fe85b85f335341e2a0627c0f31e1126316d5c1274ca6b3945d37c8982ec5d第二步
kubeadm token create --print-join-command结果如下
kubeadm join master231:6443 --token iyan57.2mf66sqmu05j0jh6 --discovery-token-ca-cert-hash sha256:bdd19b56cb053b408e20e7ccf4e0293bc5d9abb69eb8e2eb28c9c2eabc5896db第三步:将得到的token和key进行拼接,得到如下命令:
kubeadm join master231:6443 --token iyan57.2mf66sqmu05j0jh6 --discovery-token-ca-cert-hash sha256:bdd19b56cb053b408e20e7ccf4e0293bc5d9abb69eb8e2eb28c9c2eabc5896db --control-plane --certificate-key 025fe85b85f335341e2a0627c0f31e1126316d5c1274ca6b3945d37c8982ec5d注意事项:
不要使用 --experimental-control-plane,会报错
要加上--control-plane --certificate-key ,不然就会添加为node节点而不是master
join的时候节点上不要部署,如果部署了kubeadm reset后再join
第四步:join之后在原先唯一的master节点上成功后,显示如下消息:
This node has joined the cluster and a new control plane instance was created:
* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Control plane (master) label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.
To start administering your cluster from this node, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Run 'kubectl get nodes' to see this node join the cluster.这样,我们在任何一个master节点上使用命令
[root@master231~] # kubectl get nodes
NAME STATUS ROLES AGE VERSION
master231 Ready control-plane,master 23m v1.23.17
master234 Ready control-plane,master 7m45s v1.23.171. 第一次加入集群的时候会有以下报错:
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
error execution phase preflight:
One or more conditions for hosting a new control plane instance is not satisfied.
unable to add a new control plane instance a cluster that doesn't have a stable controlPlaneEndpoint address
Please ensure that:
* The cluster has a stable controlPlaneEndpoint address.
* The certificates that must be shared among control plane instances are provided.
To see the stack trace of this error execute with --v=5 or higher
解决办法:
在已有的master节点查看kubeadm-config.yaml
kubectl -n kube-system get cm kubeadm-config -o yaml
发现没有controlPlaneEndpoint
添加controlPlaneEndpoint
kubectl -n kube-system edit cm kubeadm-config
大概在这么个位置:
kind: ClusterConfiguration
kubernetesVersion: v1.18.0
controlPlaneEndpoint: 10.0.0.231:6443
注意:添加的controlPlaneEndpoint改成已有master节点的地址
然后再在准备添加为master的节点上执行kubeadm join的命令
评论区