使用kubeadm扩容K8S节点数量
已经完成k8s集群的搭建,使用一段时间后,需要增加k8s节点的数量。借助kubeadm完成k8s节点的横向扩容。下面以centos7.9下面部署的一套1master+2worker节点环境,扩容一个worker节点为例。
1. 待加入节点完成基础配置及安装基础组件
1.1 linux基础配置
# 配置yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
# 安装常用软件
yum install wget vim-enhanced net-tools
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭 selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
设置hosts:
# 设置主机名
hostnamectl set-hostname k8s-node3
hostname
# 配置 hosts
cat >> /etc/hosts << EOF
10.210.10.201 k8s-master1
10.210.10.202 k8s-node1
10.210.10.203 k8s-node2
10.210.10.204 k8s-node3
EOF
由于环境在内网,没有ntp服务器。这里手动修改时间,也可以配置内部的ntp服务器。
# 设置时区
timedatectl set-timezone Asia/Shanghai
# 将系统时间改为utc时间(如果需要)。编辑下面文件,写入ZONE="Etc/UTC"
vi /etc/sysconfig/clock
# 建立软连接
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# 设置系统时间为当前时间
date -s "2024-06-20 19:04:00"
# 同步硬件时间
hwclock --systohc
配置内核参数:
cat >/etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
EOF
sysctl --system # 生效
# 通过运行以下指令确认 br_netfilter 和 overlay 模块被加载
lsmod | egrep 'overlay|br_netfilter'
# 确认sysctl配置中被设置为 1
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
1.2 安装容器运行时
# 添加镜像源
curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
# 查看docker-ce的版本列表
yum list docker-ce --showduplicates | sort -r
# 删除 docker(如果有的话)
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engin
# 安装必备工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# 安装 docker和containerd
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 生成并修改配置文件
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
containerd config default > /etc/containerd/config.toml
#修改
sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
# 将 containerd 加入开机自启
sudo systemctl enable --now containerd.service
# 启动 docker
sudo systemctl start docker.service
# 将 docker 加入开机自启
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker
# 设置Docker加速
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 重启配置生效
systemctl daemon-reload
systemctl restart docker
docker info
...
Registry Mirrors:
https://wnsrsn9i.mirror.aliyuncs.com/
...
1.3 安装 kubeadm、kubelet 和 kubectl
# 添加镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 查看支持的版本
yum list kubelet --showduplicates | sort -r
# 安装
yum install -y kubelet-1.27.6 kubeadm-1.27.6 kubectl-1.27.6
# 配置kubelet服务自启动
systemctl enable kubelet
2. 加入节点
master节点生成加入的命令:
[root@k8s-master1 ~]# kubeadm token create --print-join-command
kubeadm join 10.210.10.201:6443 --token iruwoy.llccee5dgffz3nl8 --discovery-token-ca-cert-hash sha256:cc5e30bae2b696a9d9d4535a31ed7b0dc53abe905b2ca7234336e7090f5f317a
上面的token值和hash值也可以手动生成:
- 生成token值:
# 在mster节点查看token值
[root@k8s-master1 ~]# kubeadm token list
# token过期,执行命令重新生成。默认的TTL为24h
[root@k8s-master1 ~]# kubeadm token create
6joo0u.yenwphht9jm7zibj
[root@k8s-master1 ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
6joo0u.yenwphht9jm7zibj 23h 2024-06-24T14:28:12Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
- 获取CA证书的sha256编码hash值:
[root@k8s-master1 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
cc5e30bae2b696a9d9d4535a31ed7b0dc53abe905b2ca7234336e7090f5f317a
查看加入的节点状态信息:
[root@k8s-master1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready control-plane 3d23h v1.27.6
k8s-node1 Ready <none> 3d23h v1.27.6
k8s-node2 Ready <none> 3d23h v1.27.6
k8s-node3 Ready <none> 18m v1.27.6
备注:
本文使用的网络插件为kube-flannel,加入的节点会自动安装flannel组件,如果拉取镜像失败,可以从其他节点导入。