526互联

k8s 扩容指定版本机器 kubeadm

发布时间 2023-10-24 14:02:15作者: 腐汝

一、新增机器

二、同步/etc/hosts文件

三、关闭新机器防火墙

systemctl stop firewalld
systemctl disable firewalld

四、新机器增加repo文件

cat kubernetes.repo

[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpg=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enable=1

五、关闭swap

swapoff -a

/etc/fstab

六、查看可以安装的版本,并安装

yum list kubeadm --showduplicates
yum list kubectl --showduplicates
yum list kubelet --showduplicates


yum install kubectl-1.18.0-0
yum install kubelet-1.18.0-0
yum install kubeadm-1.18.0-0

七、生成新机器的加入命令

方式一:
[root@k8s-master01 ~]# kubeadm token create
W1024 11:10:21.218806   11133 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
my8t6c.9ey5l99fymaec6jf

[root@k8s-master01 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
f4c750ab5e1c14eea6f2cf4fbb42ae7f4873e0a1fb22adca39dc9eaa78ae1b38


方式二:
kubeadm join --token my8t6c.9ey5l99fymaec6jf 192.168.60.195:6443 --discovery-token-ca-cert-hash sha256:f4c750ab5e1c14eea6f2cf4fbb42ae7f4873e0a1fb22adca39dc9eaa78ae1b38

八、问题来了

1)因为长时间没有管理这套集群,导致在join的过程中报错,The cluster-info ConfigMap does not yet contain a JWS signature for token ID "f5evrb", will try again,这个报错是在join的参数加上了--v=2看出来的。

2)然后看api-server的报错之后发现报错,Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid,因为集群的证书过期了,所以通过kubeadm alpha certs renew all 之后发现控制平面的组件都启动了,就没有去管他,但是这是有问题的,随后重启解决。 

docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart
systemctl restart kubelet

九、节点加入集群后,节点状态一直是NotReady

kubectl get nodes
k8s-node01     NotReady   <none>   3m36s   v1.18.0

kubectl describe node k8s-node01
runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

最后看kubelet的报错找不到flannel的插件,然后去老机器上下载上传,最后节点正常。

journalctl -fu kubelet 
 
Oct 23 23:46:51 k8s-node01 kubelet[5447]: : [failed to find plugin "flannel" in path [/opt/cni/bin]]
Oct 23 23:46:51 k8s-node01 kubelet[5447]: W1023 23:46:51.095117    5447 cni.go:237] Unable to update cni config: no valid networks found in /etc/cni/net.d