9--k8s之Endpoints、健康服务检查、高可用

一、Endpoints
- 1.功能一：与service做负载均衡
- 2.功能二：将外部服务引入集群
二、健康服务检查
三、综合案例--搭建wordpress
四、ADM的api高可用

一、Endpoints

Endpoint是kubernetes中的一个资源对象，存储在etcd中，用来记录一个service对应的所有pod的访问地址，它是根据service配置文件中selector描述产生的。

一个Service由一组Pod组成，这些Pod通过Endpoints暴露出来，Endpoints是实现实际服务的端点集合。换句话说，service和pod之间的联系是通过endpoints实现的。

命名空间级资源，如果endpoints和service是同一个名字，那么就自动关联。

1.功能一：与service做负载均衡

[root@k8s ~]# kubectl describe svc
Name:              kubernetes
Namespace:         default
Labels:            component=apiserver
                   provider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.0.1
IPs:               10.96.0.1
Port:              https  443/TCP
TargetPort:        6443/TCP
Endpoints:         192.168.15.201:6443
Session Affinity:  None
Events:            <none>

2.功能二：将外部服务引入集群

案例

# 先在本机创建一个外部的服务mysql
[root@k8s endpoints]# docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7 
c34bab6ad37f46bae59ef2ee712e8430c53142d30a53119e9912407fd540ad61
# 端口3306，密码如上

kind: Endpoints
apiVersion: v1
metadata:
  namespace: default
  name: test-endpoints  #命令空间级资源，可定义ns
subsets:   #定义外部地址
  - addresses: # 代理ip，定义web服务的，可以代理多个ip。
      - ip: 192.168.15.201
    ports:
      - port: 3306 # 服务的端口
        protocol: TCP
        name: http
---
kind: Service
apiVersion: v1
metadata:
  name: test-endpoints # 这里的名称要和上面一样才能关联
  namespace: default  # 同上
spec:
  ports:
    - port: 3306
      targetPort: 3306
      protocol: TCP
      name: http
---
kind: Deployment # 提供一个mysql的客户端
apiVersion: apps/v1
metadata:
  name: mysql
  namespace: default
spec:
  selector:
    matchLabels:
      app: mysql-v1
  template:
    metadata:
      labels:
        app: mysql-v1
    spec:
      containers:
        - name: mysql
          image: mysql:5.7
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"

# 部署endpoints文件
[root@k8s endpoints]# kubectl apply -f endpoints.yaml 
endpoints/test-endpoints created
service/test-endpoints created
deployment.apps/mysql created
[root@k8s endpoints]# kubectl get -f endpoints.yaml 
NAME                       ENDPOINTS             AGE
endpoints/test-endpoints   192.168.15.201:3306   8s

NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/test-endpoints   ClusterIP   10.106.61.144   <none>        3306/TCP   8s

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/mysql   1/1     1            1           8s

# 进入部署的项目
[root@k8s endpoints]# kubectl exec -it mysql-578666457d-g8856 -- bash
# 链接这个集群内部的ip
root@mysql-578666457d-g8856:/# mysql -uroot -p123456 -h10.106.61.144
mysql> create database db01;
Query OK, 1 row affected (0.01 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db01               |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

# 进入外面的docker的mysql
[root@k8s endpoints]# docker exec -it c34bab6ad37f bash
root@c34bab6ad37f:/# mysql -uroot -p123456
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db01               |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)
# 发现刚才创建的db01在这里，说明Endpoints成功的代理了mysql服务

二、健康服务检查

1.配置清单

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: test-deployment
spec:
  selector:
    matchLabels:
      app: nginx-v1
  template:
    metadata:
      labels:
        app: nginx-v1
    spec:
      containers:
        - name: nginx
          image: nginx
          lifecycle: # 回调HOOK
            postStart: # 创建Pod前启动
              exec: # 第一种方式，使用较多
                command:
                  - "/bin/sh"
                  - "-c"
                  - "touch /root/1.txt"
              httpGet: # 第二种方式（使用少）
                port: 80
                path: / # httpGet的请求必须返回是200才认为是成功的
              tcpSocket: # 第三种方式（使用少）
                port: 80
            preStop: # 删除Pod前启动
              exec:
                command:
                  - "/bin/sh"
                  - "-c"
                  - "echo 123 > /root/1.txt"
          livenessProbe:
            exec:
              command:
                - "bin/bash"
                - "-c"
                - "cat /usr/share/nginx/html/index.php"
            initialDelaySeconds: 0 # 执行延迟时间
            periodSeconds: 3 # 探测频率
            timeoutSeconds: 1 # 超时时间
            successThreshold: 1 # 探测成功多少次为成功
            failureThreshold: 3 # 探测失败多少次为失败
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 30 # 项目比较大的时候给大一点
            periodSeconds: 1 # 就绪性的敏感度设置较大，用户体验较好
            timeoutSeconds: 1
            successThreshold: 3
            failureThreshold: 1

2.回调Hook--lifecycle

启动时的执行函数为postStart，执行的方式有三种，分别是exec、httpGet、tcpSocket，但是httpGet需要请求到200才会返回成功，否则失败。

结束时的执行函数为preStop，执行方式与上面类似。

3.存活性--livenessProbe

存活性这里一般用exec的形式来检查，生产环境一般设置如下

          livenessProbe:
            exec:
              command:
                - "bin/bash"
                - "-c"
                - "cat /usr/share/nginx/html/index.php"
            initialDelaySeconds: 0 # 执行延迟时间，一般立即执行
            periodSeconds: 3 # 探测频率，三秒探测一次
            timeoutSeconds: 1 # 超时时间
            successThreshold: 1 # 探测成功多少次为成功
            failureThreshold: 3 # 探测失败多少次为失败

4.就绪性

就绪性这里一般是通过检查端口的形式来配置

          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 30 # 项目比较大的时候给大一点
            periodSeconds: 1 # 就绪性的敏感度设置较大，用户体验较好
            timeoutSeconds: 1 # 超时时间
            successThreshold: 3 # 三次成功为成功
            failureThreshold: 1 # 一次失败剔除

三、综合案例--搭建wordpress

1.准备nginx文件，构建为镜像

1、创建目录
[root@docter ~]# mkdir /blog/{php,nginx,mysql}
[root@docter ~]# cd /blog/nginx/

2、编写nginx的dockerfile文件
[root@docter nginx]# cat Dockerfile 
FROM nginx
ADD nginx.conf /etc/nginx/nginx.conf
ADD default.conf /etc/nginx/conf.d/default.conf
RUN groupadd www -g 666 && 
    useradd www -u 666 -g 666 -M -r -s /sbin/nologin
ADD discuz /usr/share/nginx/html
RUN chown -R www.www /usr/share/nginx/html
WORKDIR  /usr/shar/nginx/html
EXPOSE 80 443
CMD nginx -g "daemon off;"

3、编写nginx的default.conf 文件
[root@docter nginx]# cat default.conf 
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;
    root   /usr/share/nginx/html;
    
    location / {
        index  index.php index.html index.htm;
    }

    location ~ .php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   php:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

3、编辑nginx配置文件
[root@docker1 nginx]# vim nginx.conf 
user  www;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

gzip  on;

include /etc/nginx/conf.d/*.conf;

5、构建镜像
在阿里云上面
[root@k8s-m-01 nginx]# docker build -t registry.cn-shanghai.aliyuncs.com/cdank8s/web:discuz-v1 .

#测试启动
docker run -d --name nginx  registry.cn-shanghai.aliyuncs.com/cdank8s/web:discuz-v1

2.构建php镜像

#编辑php Dockerfile
[root@docker php]# vim Dockerfile
FROM centos:7
RUN groupadd www -g 666 && 
    useradd www -u 666 -g 666 -M -r -s /sbin/nologin
ADD php.repo /etc/yum.repos.d/php.repo
RUN yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb php71w-bcmath 
RUN sed -i 's#apache#www#' /etc/php-fpm.d/www.conf
EXPOSE 9000
WORKDIR 9000
ADD discuze /usr/share/nginx/html
RUN chown - R www.www /usr/share/nginx/html
CMD php-fpm "-F"
 
#创建PHP.repo
[root@docker php]# vim php.repo
[php-webtatic]
name = PHP Repo
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
enable = 1

#创建镜像
[root@k8s-m-01 nginx]# docker build -t registry.cn-shanghai.aliyuncs.com/cdank8s/web:discuz-php-v1 .

3.创建yaml

# 数据库服务部署
# 数据库名称空间创建
apiVersion: v1
kind: Namespace
metadata:
  name: mysql
---
# 数据库控制器创建
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  namespace: mysql
spec:
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql:5.7
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"
            - name: MYSQL_DATABASE
              value: wordpress
          livenessProbe: # 存活性检查
            exec:
              command:
                - "/bin/bash"
                - "-c"
                - "cat /etc/mysql/my.cnf"
            initialDelaySeconds: 0
            periodSeconds: 3
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          readinessProbe: # 就绪性检查
            tcpSocket:
              port: 3306
            initialDelaySeconds: 20
            periodSeconds: 1
            successThreshold: 3
            failureThreshold: 1
            timeoutSeconds: 1
---
# 给数据库配置Service
apiVersion: v1
kind: Service
metadata:
  name: mysql
  namespace: mysql
spec:
  selector:
    app: mysql
  ports:
    - port: 3306
      targetPort: 3306
  type: NodePort
# 数据库部署完毕
---
# 创建项目的名称空间
apiVersion: v1
kind: Namespace
metadata:
  namespace: wordpress
  name: wordpress
---
# 创建项目的控制器
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  namespace: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - name: php
          image: alvinos/php:wordpress-v2
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
                - "/bin/bash"
                - "-c"
                - "ps -ef | grep php"
            initialDelaySeconds: 0
            periodSeconds: 3
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 1
          readinessProbe:
            tcpSocket:
              port: 9000
            initialDelaySeconds: 20
            periodSeconds: 1
            timeoutSeconds: 1
            successThreshold: 3
            failureThreshold: 1
        - name: nginx
          image: alvinos/nginx:wordpress-v2
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
                - "/bin/bash"
                - "-c"
                - "cat /etc/nginx/nginx.conf"
            initialDelaySeconds: 0
            periodSeconds: 3
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 1
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 10
            periodSeconds: 1
            timeoutSeconds: 1
            successThreshold: 3
            failureThreshold: 1
# 控制器部署完毕
---
# 部署控制器Service
apiVersion: v1
kind: Service
metadata:
  name: wordpress
  namespace: wordpress
spec:
  selector:
    app: wordpress
  ports:
    - port: 80
      targetPort: 80
      name: http
      nodePort: 30080
    - port: 443
      targetPort: 443
      name: https
  type: NodePort

cluster.local想要修改可以修改这里
[root@k8s wordpress]# grep -ro "cluster.local" /etc/kubernetes/
/etc/kubernetes/manifests/kube-apiserver.yaml:cluster.local

四、ADM的api高可用

部署软件、系统要求

软件	版本
Centos	CentOS Linux release 7.5及以上
Docker	19.03.12
Kubernetes	V0.13.0
Flannel	V1.19.1
Kernel-lm	kernel-lt-4.4.245-1.el7.elrepo.x86_64.rpm
Kernel-lm-deve	kernel-lt-devel-4.4.245-1.el7.elrepo.x86_64.rpm

节点规划

IP建议采用192网段，避免与kubernetes内网冲突

准备机器	IP	配置	系统内核版本
k8s-master1	192.168.15.11	2核2G	4.4+
k8s-master2	192.168.15.12	2核2G	4.4+
k8s-master3	192.168.15.13	2核2G	4.4+
k8s-node1	192.168.15.14	2核2G	4.4+
k8s-node2	192.168.15.15	2核2G	4.4+

1.导出初始化文件，做修改（m01主节点）

[root@localhost ~]# kubeadm config print init-defaults > init-config.yaml
[root@localhost ~]# cat init-config.yaml 
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef    #容易失效
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4  # 主节点ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: node  #对应的主机名
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

2.修改

INIT_IP=`hostname -i`
INIT_HOST=`hostname`
cat > init-config.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: ${INIT_IP} # 当前的主机ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: ${INIT_HOST} # 对应的主机名
  taints: 
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  certSANs:
    - 192.168.15.59 # 高可用的虚拟IP
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.15.59:8443   #控住节点的endpoints
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-shanghai.aliyuncs.com/baim0os # 自己的镜像仓库
kind: ClusterConfiguration
kubernetesVersion: 1.21.3
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF

3.安装高可用软件

 # 三台master节点都需要安装
  # keeplived + haproxy
  [root@k8s-m-01 ~]# yum install -y keepalived haproxy

# 修改keepalived配置文件
# 根据节点的不同，修改的配置也不同
  mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
  cd /etc/keepalived
  KUBE_APISERVER_IP=`hostname -i`
  cat > /etc/keepalived/keepalived.conf <<EOF
  ! Configuration File for keepalived
  global_defs {
      router_id LVS_DEVEL
  }
  vrrp_script chk_kubernetes {
      script "/etc/keepalived/check_kubernetes.sh"
      interval 2
      weight -5
      fall 3
      rise 2
  }
  vrrp_instance VI_1 {
      state MASTER  #m2,m3节点改成BACKUP
      interface eth0
      mcast_src_ip ${KUBE_APISERVER_IP}
      virtual_router_id 51
      priority 100  #权重，m2改成90，m3改成80
      advert_int 2
      authentication {
          auth_type PASS
          auth_pass K8SHA_KA_AUTH
      }
      virtual_ipaddress {
          192.168.15.59
      }
  }
EOF

#、加载keepalived并启动
[root@k8s-m-01 keepalived]# systemctl daemon-reload
[root@k8s-m-01 /etc/keepalived]# systemctl enable --now keepalived
# 、验证keepalived是否启动
[root@k8s-m-01 keepalived]# systemctl status keepalived.service 
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-08-01 14:48:23 CST; 27s ago
[root@k8s-m-01 keepalived]# ip a |grep 116
    inet 172.16.1.116/32 scope global eth1

# 修改haproxy配置文件
# 高可用软件
  cat > /etc/haproxy/haproxy.cfg <<EOF
  global
    maxconn  2000
    ulimit-n  16384
    log  127.0.0.1 local0 err
    stats timeout 30s
  defaults
    log global
    mode  http
    option  httplog
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    timeout http-request 15s
    timeout http-keep-alive 15s
  frontend monitor-in
    bind *:33305
    mode http
    option httplog
    monitor-uri /monitor
  listen stats
    bind    *:8006
    mode    http
    stats   enable
    stats   hide-version
    stats   uri       /stats
    stats   refresh   30s
    stats   realm     Haproxy Statistics
    stats   auth      admin:admin
  frontend k8s-master
    bind 0.0.0.0:8443
    bind 127.0.0.1:8443
    mode tcp
    option tcplog
    tcp-request inspect-delay 5s
    default_backend k8s-master
  backend k8s-master
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server m01    192.168.15.51:6443  check inter 2000 fall 2 rise 2 weight 100
    server m02    192.168.15.52:6443  check inter 2000 fall 2 rise 2 weight 100
    server m03    192.168.15.53:6443  check inter 2000 fall 2 rise 2 weight 100
EOF

#、启动haproxy
[root@k8s-m-01 keepalived]# systemctl daemon-reload 
[root@k8s-m-01 /etc/keepalived]# systemctl enable --now haproxy.service 
# 、检查集群状态
[root@k8s-m-01 keepalived]# systemctl status haproxy.service
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-07-16 21:12:00 CST; 27s ago

#查看kuebenets所需要的镜像
# 1、查看镜像列表
[root@k8s-m-01 ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
k8s.gcr.io/pause:3.4.1
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns/coredns:v1.8.0
quay.io/coreos/flannel:v0.14.0
# 2、查看阿里云镜像列表
[root@k8s-m-01 ~]# kubeadm config images list --image-repository=registry.cn-shanghai.aliyuncs.com/mmk8s
registry.cn-shanghai.aliyuncs.com/mmk8s/kube-apiserver:v1.21.3
registry.cn-shanghai.aliyuncs.com/mmk8s/kube-controller-manager:v1.21.3
registry.cn-shanghai.aliyuncs.com/mmk8s/kube-scheduler:v1.21.3
registry.cn-shanghai.aliyuncs.com/mmk8s/kube-proxy:v1.21.3
registry.cn-shanghai.aliyuncs.com/mmk8s/pause:3.4.1
registry.cn-shanghai.aliyuncs.com/mmk8s/etcd:3.4.13-0
registry.cn-shanghai.aliyuncs.com/mmk8s/coredns:v1.8.0

4.初始化集群（m01）

kubeadm init --config init-config.yaml --upload-certs

# 、初始化集群
[root@k8s-m-01 ~]#  kubeadm init --config init-config.yaml --upload-certs
You can now join any number of the control-plane node running the following command on each as root:
#  主节点命令复制下来
  kubeadm join 172.16.1.116:8443 --token abcdef.0123456789abcdef 
	--discovery-token-ca-cert-hash sha256:3c24cf3218a243148f20c6804d3766d2b6cd5dadc620313d0cf2dcbfd1626c5d 
	--control-plane --certificate-key 1e852aa82be85e8b1b4776cce3a0519b1d0b1f76e5633e5262e2436e8f165993
#  从节点命令复制下来
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.1.116:8443 --token abcdef.0123456789abcdef 
	--discovery-token-ca-cert-hash sha256:3c24cf3218a243148f20c6804d3766d2b6cd5dadc620313d0cf2dcbfd1626c5d 
	
# 、主节点创建集群
node节点要查看token，主节点生成token可重复执行查看，不会改变
[root@k8s-m-01 ~]# kubeadm token create --print-join-command
kubeadm join 172.16.1.116:8443 --token pfu0ek.ndis39t916v9clq1 --discovery-token-ca-cert-hash sha256:3c24cf3218a243148f20c6804d3766d2b6cd5dadc620313d0cf2dcbfd1626c5d 
# 、 初始化完成查看kubernetes
[root@k8s-m-01 ~]# systemctl restart kubelet.service

# 、配置 kubernetes 用户信息（master01节点执行）
[root@k8s-m-01 ~]# kubectl label nodes k8s-n-01 node-role.kubernetes.io/node=n01
node/k8s-n-01 labeled
[root@k8s-m-01 ~]# kubectl label nodes k8s-n-02 node-role.kubernetes.io/node=n02
node/k8s-n-02 labeled
[root@k8s-m-01 ~]# kubectl get node
NAME       STATUS     ROLES                  AGE     VERSION
k8s-m-01   Ready      control-plane,master   73m     v1.21.3
k8s-m-02   Ready      control-plane,master   63m     v1.21.3
k8s-m-03   Ready      control-plane,master   63m     v1.21.3
k8s-n-01   Ready      node                   2m40s   v1.21.3
k8s-n-02   Ready      node                   62m     v1.21.3

# 、建立用户集群权限 
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 、如果使用root用户，则添加至环境变量 （选做）
# 临时生效
[root@k8s-m-01 ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
# 永久生效
[root@k8s-m-01 ~]# vim /etc/profile.d/kubernetes.sh
 export KUBECONFIG=/etc/kubernetes/admin.conf
[root@k8s-m-01 ~]# source /etc/profile

# 、增加命令提示 （所以节点都执行）
所有节点执行
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

故障排除

# 1、从节点加入集群可能会出现如下报错：
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

PS：前提安装Docker+启动，再次尝试加入节点！
# 1、报错原因：
swap没关，一旦触发 swap，会导致系统性能急剧下降，所以一般情况下，所以K8S 要求关闭 swap
# 2、解决方法：
1>  执行以下三条命令后再次执行添加到集群命令：
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward

# 2、STATUS 状态是Healthy
[root@k8s-m-01 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Unhealthy   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused   
etcd-0               Healthy     {"health":"true"}    
1、解决方式
[root@k8s-m-01 ~]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml 
 #- --port=0
[root@k8s-m-01 ~]# vim /etc/kubernetes/manifests/kube-scheduler.yaml 
 #- --port=0
 [root@k8s-m-01 ~]# systemctl restart kubelet.service

2、查看状态
[root@k8s-m-01 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}

5.安装网络插件calico

Calico是一个纯三层的协议，为OpenStack虚机和Docker容器提供多主机间通信。Calico不使用重叠网络比如flannel和libnetwork重叠网络驱动，它是一个纯三层的方法，使用虚拟路由代替虚拟交换，每一台虚拟路由通过BGP协议传播可达信息（路由）到剩余数据中心。

# 下载calico
curl https://docs.projectcalico.org/manifests/calico.yaml -O

# 部署calico
kubectl apply -f calico.yaml

6.各节点执行加入命令

# 设置集群角色
kubectl label nodes n01 node-role.kubernetes.io/node=n01
kubectl label nodes n02 node-role.kubernetes.io/node=n02

# 查看集群状态
[root@m01 ~]# kubectl get nodes
[root@m01 ~]# kubectl get nodes
NAME   STATUS   ROLES                  AGE     VERSION
m01    Ready    control-plane,master   36m     v1.21.3
m02    Ready    control-plane,master   6m47s   v1.21.3
m03    Ready    control-plane,master   5m50s   v1.21.3
n01    Ready    node                   5m      v1.21.3
n02    Ready    node                   4m42s   v1.21.3

相关阅读:
Triangle
Remove Duplicate Letters
array 并不会被默认初始化
 Unique Binary Search Trees
有些障碍的 unique path
unique paths
最长增长序列的长度（LIS）
极其简单的复数类，只是不想再推演一遍复数四则运算
 安卓_11
安卓_10
原文地址：https://www.cnblogs.com/caodan01/p/15136177.html