Toggle navigation
主页
English
K8S
Golang
Guitar
About Me
归档
标签
Welcome to Sanger's Blog!
sealos安装k8s集群(kubeadm方式)
无
2023-05-23 19:54:52
14
0
0
sanger
[TOC] # 基本情况 因为资源有限,只能先玩玩1主1从。 - Ubuntu 22.10 - master: 192.168.1.230 - node: 192.168.1.231 - sealos 4.2 - labring/kubernetes:v1.25.0 - labring/helm:v3.8.2 - labring/calico:v3.24.1 # 准备 > sealos节点最少要2核CPU,vmware中要设置1个处理器 2个内核。  ``` apt install vim net-tools iptables iputils-ping -y ``` # 在线安装 ``` sealos run labring/kubernetes:v1.25.0 labring/helm:v3.8.2 labring/calico:v3.24.1 --masters 192.168.1.230 --nodes 192.168.1.231 -p yourpassword ``` # 离线安装 参考:https://docs.sealos.io/zh-Hans/docs/getting-started/offline-install 离线环境只需要提前导入镜像,其它步骤与在线安装一致。 首先在有网络的环境中 save 安装包: ``` $ sealos pull labring/kubernetes:v1.25.0 $ sealos save -o kubernetes.tar labring/kubernetes:v1.25.0 ``` 拷贝 kubernetes.tar 到离线环境, 使用 load 命令导入镜像即可: ``` $ sealos load -i kubernetes.tar ``` 剩下的安装方式与在线安装一致。 ``` $ sealos images # 查看集群镜像是否导入成功 $ sealos run kuberentes:v1.25.0 --single # 单机安装,集群安装同理 ``` # 清理、重置集群 ``` sealos reset --masters 192.168.1.230 --nodes 192.168.1.231 -p yourpassword ``` # 集群加新域名方法(仅限kubeadm安装方式) 基本原理就是,在配置中指定项中加入新的域名,再通过配置生成新的证书应用到apiserver中 参考:https://blog.scottlowe.org/2019/07/30/adding-a-name-to-kubernetes-api-server-certificate ## 未添加前,会报错 ``` [sanger@sanger-s .kube]$ kubectl get node Unable to connect to the server: x509: certificate is valid for kubernetes.default, kubernetes.default.svc, apiserver.cluster.local, kubernetes.default.svc.cluster.local, kube-master, localhost, kubernetes, not k8s-local.zh3.fun [sanger@sanger-s .kube]$ kubectl cluster-info Kubernetes master is running at https://k8s-local.zh3.fun:6443 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. Unable to connect to the server: x509: certificate is valid for kubernetes.default, kubernetes.default.svc, apiserver.cluster.local, kubernetes.default.svc.cluster.local, kube-master, localhost, kubernetes, not k8s-local.zh3.fun ``` ## 绕过TLS方式(不是长久之计) ``` [sanger@sanger-s .kube]$ kubectl --insecure-skip-tls-verify get node NAME STATUS ROLES AGE VERSION kube-master Ready control-plane 51m v1.25.0 kube-minion1 Ready <none> 51m v1.25.0 ``` ## 导出kubeadm.yaml,在 **certSANs**中加入你要添加的域名 ``` kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm.yaml ``` ## 将老apiserver证书移走(不移走无法生成新的) ``` mv /etc/kubernetes/pki/apiserver.{crt,key} /tmp/ ``` ## 根据配置生成新apiserver证书 ``` root@kube-master:~# kubeadm init phase certs apiserver --config kubeadm.yaml [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [apiserver.cluster.local k8s-local.zh3.fun kube-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.230 127.0.0.1 10.103.97.2] ``` ## 验证配置 ``` [sanger@sanger-s .kube]$ kubectl cluster-info Kubernetes master is running at https://k8s-local.zh3.fun:6443 CoreDNS is running at https://k8s-local.zh3.fun:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ```
上一篇:
golang后端项目报错定位与解决
下一篇:
git clone 报错 Peer's Certificate issuer is not recognized
0
赞
14 人读过
新浪微博
微信
更多分享
腾讯微博
QQ空间
人人网
文档导航
sanger