一、node 机器上操作
0、修改hostname
vim /etc/hostname总参考: https://www.jianshu.com/p/d27141e18398
1、安装 docker
yum install -y epel-release
yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum install -y docker-ce参考: https://blog.csdn.net/qq_25760623/article/details/88657491
2、启动 docker
systemctl enable docker && systemctl start docker
docker info3、更改 k8s 的 yum 源
vim /etc/yum.repos.d/k8s.repo
[k8s]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg4、安装 k8s
yum install -y kubelet kubeadm
systemctl enable kubelet && systemctl start kubelet5、更换 docker 镜像
for i in `kubeadm config images list`; do
imageName=${i#k8s.gcr.io/}
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done;6、开机启动和启动 kubelet
systemctl enable kubelet && systemctl start kubelet
7、开通相应端口
yum install -y firewalld
systemctl start firewalld.service
// 6443
firewall-cmd --zone=public --add-port=6443/tcp --permanent && firewall-cmd --reload
// 10250
firewall-cmd --zone=public --add-port=10250/tcp --permanent && firewall-cmd --reload参考: https://www.jianshu.com/p/a2eebf4cd6a9
二、master机器上操作
1、创建token
kubeadm token create2、列出token
kubeadm token list3、 openssl
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'三、node机器上操作
1、加入集群(token和密钥是master上生成的!)
kubeadm join 10.30.37.72:6443 --token g49to4.nlgv3j4vig4pdbvi --discovery-token-ca-cert-hash sha256:10f49c081bbd389182ca990ef5f5aa869f767b2a89adaf5165abeabae7ae61fb四、错误解决
1、报错:
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists解决:
kubeadm reset参考:
https://blog.csdn.net/qianghaohao/article/details/82624920
2、报错
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/解决:
mkdir -p /etc/docker
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# Restart Docker
systemctl daemon-reload
systemctl restart docker参考:
https://blog.csdn.net/qq_23598037/article/details/100177519
3、报错(真正解决问题)
error execution phase kubelet-start: cannot get Node "node1": nodes "node1" is forbidden: User "system:bootstrap:g49to4" cannot get resource "nodes" in API group "" at the cluster scope解决:
yum remove -y kubelet kubeadm
yum install -y kubelet-1.17.2-0
yum install -y kubeadm-1.17.2-0参考:
https://blog.csdn.net/sinat_35534641/article/details/82808228
参考也没和报错一一对应,但是它提醒了我,join失败,可能是版本不匹配导致的。
