Bootstrap

使用kubeadm对K8S节点进行扩容

使用kubeadm扩容K8S节点数量

已经完成k8s集群的搭建,使用一段时间后,需要增加k8s节点的数量。借助kubeadm完成k8s节点的横向扩容。下面以centos7.9下面部署的一套1master+2worker节点环境,扩容一个worker节点为例。

1. 待加入节点完成基础配置及安装基础组件

1.1 linux基础配置

# 配置yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

# 安装常用软件
yum install wget vim-enhanced net-tools

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld

# 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# 关闭 selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

设置hosts:

# 设置主机名
hostnamectl set-hostname k8s-node3
hostname

# 配置 hosts
cat >> /etc/hosts << EOF
10.210.10.201 k8s-master1
10.210.10.202 k8s-node1
10.210.10.203 k8s-node2
10.210.10.204 k8s-node3
EOF

由于环境在内网,没有ntp服务器。这里手动修改时间,也可以配置内部的ntp服务器。

# 设置时区
timedatectl set-timezone Asia/Shanghai

# 将系统时间改为utc时间(如果需要)。编辑下面文件,写入ZONE="Etc/UTC"
vi /etc/sysconfig/clock

# 建立软连接
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

# 设置系统时间为当前时间
date -s "2024-06-20 19:04:00"

# 同步硬件时间
hwclock --systohc

配置内核参数:

cat >/etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter


# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
EOF

sysctl --system  # 生效

# 通过运行以下指令确认 br_netfilter 和 overlay 模块被加载
lsmod | egrep 'overlay|br_netfilter'
# 确认sysctl配置中被设置为 1
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

1.2 安装容器运行时

# 添加镜像源
curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

# 查看docker-ce的版本列表
yum list docker-ce --showduplicates | sort -r

# 删除 docker(如果有的话)
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engin

# 安装必备工具
yum install -y yum-utils device-mapper-persistent-data lvm2

# 安装 docker和containerd
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# 生成并修改配置文件
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
containerd config default > /etc/containerd/config.toml
#修改
sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml

# 将 containerd 加入开机自启
sudo systemctl enable --now containerd.service
# 启动 docker
sudo systemctl start docker.service
# 将 docker 加入开机自启
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker


# 设置Docker加速
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

# 重启配置生效
systemctl daemon-reload
systemctl restart docker
docker info
...
 Registry Mirrors:
  https://wnsrsn9i.mirror.aliyuncs.com/
...

1.3 安装 kubeadm、kubelet 和 kubectl

# 添加镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 查看支持的版本
yum list kubelet --showduplicates | sort -r

# 安装
yum install -y kubelet-1.27.6 kubeadm-1.27.6 kubectl-1.27.6

# 配置kubelet服务自启动
systemctl enable kubelet

2. 加入节点

master节点生成加入的命令:

[root@k8s-master1 ~]# kubeadm token create --print-join-command
kubeadm join 10.210.10.201:6443 --token iruwoy.llccee5dgffz3nl8 --discovery-token-ca-cert-hash sha256:cc5e30bae2b696a9d9d4535a31ed7b0dc53abe905b2ca7234336e7090f5f317a

上面的token值和hash值也可以手动生成:

  1. 生成token值:
# 在mster节点查看token值
[root@k8s-master1 ~]# kubeadm token list
# token过期,执行命令重新生成。默认的TTL为24h
[root@k8s-master1 ~]# kubeadm token create
6joo0u.yenwphht9jm7zibj
[root@k8s-master1 ~]# kubeadm token list
TOKEN                    TTL  EXPIRES              USAGES                 DESCRIPTION     EXTRA GROUPS
6joo0u.yenwphht9jm7zibj  23h  2024-06-24T14:28:12Z authentication,signing <none>          system:bootstrappers:kubeadm:default-node-token
  1. 获取CA证书的sha256编码hash值:
[root@k8s-master1 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
cc5e30bae2b696a9d9d4535a31ed7b0dc53abe905b2ca7234336e7090f5f317a

查看加入的节点状态信息:

[root@k8s-master1 ~]# kubectl get node
NAME          STATUS   ROLES           AGE     VERSION
k8s-master1   Ready    control-plane   3d23h   v1.27.6
k8s-node1     Ready    <none>          3d23h   v1.27.6
k8s-node2     Ready    <none>          3d23h   v1.27.6
k8s-node3     Ready    <none>          18m     v1.27.6

备注:

本文使用的网络插件为kube-flannel,加入的节点会自动安装flannel组件,如果拉取镜像失败,可以从其他节点导入。

;