K8S 高可用外部 etcd 运行时 (二) 初始化K8S集群

kubeadm init --config kubectl_init_config.yaml

 

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.17.35.60
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: k8s-m60
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  certSANs:  # 包含所有Master/LB/VIP IP，一个都不能少！为了方便后期扩容可以多写几个预留的IP。
  - k8s-m60
  - k8s-m61
  - 127.0.0.1
  - 172.17.35.60
  - 172.17.35.61
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 172.17.35.60:6443   # 负载均衡虚拟IP（VIP）和端口
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  external:  # 使用外部etcd
    endpoints:
    - https://172.17.35.60:12379           # etcd集群3个节点
    - https://172.17.35.62:12379           # etcd集群3个节点
    - https://172.17.35.63:12379           # etcd集群3个节点
    caFile: /opt/etcd/ssl/ca.pem           # 连接etcd所需证书
    certFile: /opt/etcd/ssl/server.pem
    keyFile: /opt/etcd/ssl/server-key.pem
imageRepository: registry.aliyuncs.com/google_containers   # 修改成阿里云的镜像参考
kind: ClusterConfiguration
kubernetesVersion: v1.24.0                 # 修改成对应的版本
networking:
  dnsDomain: cluster.local
  podSubnet: "10.244.0.0/16"               # 指定 pod ip 范围
  serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd