背景简介
将Kubernetes Worker子节点添加至主节点。
环境配置
- 系统:Debian 6.1.66-1 (2023-12-09) x86_64 GNU/Linux
- Kubernetes: v1.29.3
详细步骤
主节点查看信息
root@k8s-master-main:~# kubectl get configmap cluster-info --namespace=kube-public -o yaml
apiVersion: v1
data:
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJWEFnL1ZodDNpVE13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBNE1qSXdPREk0TVRoYUZ3MHpOREE0TWpBd09ETXpNVGhhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUROaUdqYllKbXJHb2lqQ1Z0YU0vTTI2bEkvR3FGQ0NYYXl3dDdVOWpzcGxTb2tnUHdwUlYrOXV2Wm4KcEdOU3NITjV6RmxSeWxYcEpCbFJqL3l2b1kvOU9Xd2ttaitRcWhlcmZnOHFGRmY4WDJvQWFQWHRPOVNVam1zeApmaUgzK1NQSUQxR2RORVA5S1R6eVc2SkJKUEZGNlo4NXV2c0ZENkpKTkVjUnZsUlZLR29CWmxTZ1hCTkNkc1d4Cm8zR2VnVm9zOGlvN0FYY3FLeUtaY1pZWEw4bmhoTHVMODlyRzE4dDJBdjFtY3hiem11akFPeDFoak9VN3N4em8KMStHekZJS2hxaWUrWTZyVVNXWnpBT3IySFliUmwvaXJscDVFaUZTOVB4MDZnajlDYVhJOEllMm1EQnpOZHFMcApOd0NGWUpMNGdwRFE1VlU4SkJWS1dtdVltUHBKQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSS0hzRkNJa1ZBMzk4bkM3NElGb2trYjJvT2l6QVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW93bXV1b2NIaAozK0VOK1NvNHZtUkhJK0hGSGJrUS9BZXRWYlp3Q0taVUxXaDByTzhBTTQ1VE13K2QzOUEwMlJaNkJCTlErbFV5CllwcEJqTlFGRkh6L1h5THB5eVMzU2ZCcUFFR3RHZGJPdTcrT3V3cXQvdmplNVhvc0dyOHRSamE0OXlEYnNDbE0KeEJWOGlxV0FxUCs5d3RXcnRDVGxLdzhxeHBRbnhpSGNPZUJCOVpDZ3hVSFFNNEZTbm9pSEluTkdwV2k2eTJNbAoxRlppTVFmOFU4enZZNlliMldkSTJSOEFPUHBlanFqSHQ1K1kwc2FMTWxrMkp2bkd4T1J1VnNmMmhNT0VidFRsCndhbXpZTXIwTXVTWEFmMDl3WmVXSVBabW9oY2E5TkFRVlNWTlpsNGNkOG9qQ1ErcVVObFBreGM4VXY2L1pSNDgKZkRIMnczN096TUhYCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://192.168.122.111:6443
name: ""
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
kind: ConfigMap
metadata:
creationTimestamp: "2024-08-22T08:34:24Z"
name: cluster-info
namespace: kube-public
resourceVersion: "112339"
uid: 92bdff5e-5742-4d41-8a3e-0b0b9687eff0
root@k8s-master-main:/home/myserver# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"29", GitVersion:"v1.29.3", GitCommit:"6813625b7cd706db5bc7388921be03071e1a492d", GitTreeState:"clean", BuildDate:"2024-03-15T00:06:16Z", GoVersion:"go1.21.8", Compiler:"gc", Platform:"linux/amd64"}
查看 token 信息
root@k8s-master-main:~# kubeadm token list
cluster-info 中没有JWS签名, token列表也为空,则本质上是 token 过期,需重新生成token。
如有token则直接跳转至添加节点步骤
OP: 主节点生成 token 和 生成证书摘要
我们 kubectl join 的时候, 需要2个参数: token 和 discovery-token-ca-cert-hash. 那么解决方案就是重新生成 token 和 discovery-token-ca-cert-hash.
生成 token
root@k8s-master-main:~# kubeadm token create --ttl 0
cganqj.wc5pt1kmn4295ghm
root@k8s-master-main:~# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
cganqj.wc5pt1kmn4295ghm <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
其中 --ttl=0 表示生成的 token 永不失效. 如果不带 --ttl 参数, 那么默认有效时间为24小时. 在24小时内, 可以无数量限制添加 worker.
生成证书摘要
然后再重新生成证书签名摘要(或者说hash), 当然这个值(只要证书不变)是不变的, 跟我们在首次安装 kubeadm init 的时候生成的 hash 是一样的。
root@k8s-master-main:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
f895686071c7b09cbf613e7bb544afc703294e789aea2550f2f24581da3ad6eb
合二为一
在生成token的同时打印 join command。
root@k8s-master-main:~# kubeadm token create --print-join-command --ttl=0
kubeadm join 192.168.122.111:6443 --token kucbrm.rbhk0hoo5blxyu7c --discovery-token-ca-cert-hash sha256:f895686071c7b09cbf613e7bb544afc703294e789aea2550f2f24581da3ad6eb
再次查看 cluster 信息
root@k8s-master-main:~# kubectl get configmap cluster-info --namespace=kube-public -o yaml
apiVersion: v1
data:
jws-kubeconfig-cganqj: eyJhbGciOiJIUzI1NiIsImtpZCI6ImNnYW5xaiJ9..Rxed5rWhsWmnzI9hTNoQF2UW3wGQC262mlIYgng_AVY
jws-kubeconfig-kucbrm: eyJhbGciOiJIUzI1NiIsImtpZCI6Imt1Y2JybSJ9..1kiS4rbfvU_LFsvexO6tdZZJQ2t5MEMfARYmRiQUGVo
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJWEFnL1ZodDNpVE13RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBNE1qSXdPREk0TVRoYUZ3MHpOREE0TWpBd09ETXpNVGhhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUROaUdqYllKbXJHb2lqQ1Z0YU0vTTI2bEkvR3FGQ0NYYXl3dDdVOWpzcGxTb2tnUHdwUlYrOXV2Wm4KcEdOU3NITjV6RmxSeWxYcEpCbFJqL3l2b1kvOU9Xd2ttaitRcWhlcmZnOHFGRmY4WDJvQWFQWHRPOVNVam1zeApmaUgzK1NQSUQxR2RORVA5S1R6eVc2SkJKUEZGNlo4NXV2c0ZENkpKTkVjUnZsUlZLR29CWmxTZ1hCTkNkc1d4Cm8zR2VnVm9zOGlvN0FYY3FLeUtaY1pZWEw4bmhoTHVMODlyRzE4dDJBdjFtY3hiem11akFPeDFoak9VN3N4em8KMStHekZJS2hxaWUrWTZyVVNXWnpBT3IySFliUmwvaXJscDVFaUZTOVB4MDZnajlDYVhJOEllMm1EQnpOZHFMcApOd0NGWUpMNGdwRFE1VlU4SkJWS1dtdVltUHBKQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSS0hzRkNJa1ZBMzk4bkM3NElGb2trYjJvT2l6QVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQW93bXV1b2NIaAozK0VOK1NvNHZtUkhJK0hGSGJrUS9BZXRWYlp3Q0taVUxXaDByTzhBTTQ1VE13K2QzOUEwMlJaNkJCTlErbFV5CllwcEJqTlFGRkh6L1h5THB5eVMzU2ZCcUFFR3RHZGJPdTcrT3V3cXQvdmplNVhvc0dyOHRSamE0OXlEYnNDbE0KeEJWOGlxV0FxUCs5d3RXcnRDVGxLdzhxeHBRbnhpSGNPZUJCOVpDZ3hVSFFNNEZTbm9pSEluTkdwV2k2eTJNbAoxRlppTVFmOFU4enZZNlliMldkSTJSOEFPUHBlanFqSHQ1K1kwc2FMTWxrMkp2bkd4T1J1VnNmMmhNT0VidFRsCndhbXpZTXIwTXVTWEFmMDl3WmVXSVBabW9oY2E5TkFRVlNWTlpsNGNkOG9qQ1ErcVVObFBreGM4VXY2L1pSNDgKZkRIMnczN096TUhYCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://192.168.122.111:6443
name: ""
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
kind: ConfigMap
metadata:
creationTimestamp: "2024-08-22T08:34:24Z"
name: cluster-info
namespace: kube-public
resourceVersion: "459039"
uid: 92bdff5e-5742-4d41-8a3e-0b0b9687eff0
子节点添加节点
在Worker使用kubeadm join指令
root@k8s-main-worker-1:/home/myserver# kubeadm join 192.168.122.111:6443 --token kucbrm.rbhk0hoo5blxyu7c --discovery-token-ca-cert-hash sha256:f895686071c7b09cbf613e7bb544afc703294e789aea2550f2f24581da3ad6eb
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
以上便是本文的全部内容,感谢您的阅读。