# 加入集群
#### Master加入集群组成高可用
**复制KEY到各个master节点**
**复制文件到 k8s-master-02**
```
ssh root@master02.k8s.io mkdir -p /etc/kubernetes/pki/etcd
scp /etc/kubernetes/admin.conf root@master02.k8s.io:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@master02.k8s.io:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@master02.k8s.io:/etc/kubernetes/pki/etcd
```
**master节点加入集群**
```
kubeadm join master.k8s.io:16443 --token dm3cw1.kw4hq84ie1376hji --discovery-token-ca-cert-hash sha256:f079b624773145ba714b56e177f52143f90f75a1dcebabda6538a49e224d4009 --experimental-control-plane
......
This node has joined the cluster and a new control plane instance was created:
* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Master label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.
To start administering your cluster from this node, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Run 'kubectl get nodes' to see this node join the cluster.
```
> 如果加入失败,请输入 kubeadm reset 重置,重新执行从“复制KEY”和“加入集群”这两步
**配置kubectl环境变量**
```
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
```
#### node节点加入集群
除了让master节点加入集群组成高可用外,slave节点也要加入集群中。
这里将k8s-node-01、k8s-node-02加入集群,进行工作
输入初始化k8s master时候提示的加入命令,如下:
```
kubeadm join master.k8s.io:16443 --token dm3cw1.kw4hq84ie1376hji --discovery-token-ca-cert-hash sha256:f079b624773145ba714b56e177f52143f90f75a1dcebabda6538a49e224d4009
```
#### 如果忘记加入集群的token和sha256 (如正常则跳过)
显示获取token列表
```
kubeadm token list
```
默认情况下 Token 过期是时间是24小时,如果 Token 过期以后,可以输入以下命令,生成新的 Token
```
kubeadm token create
```
获取ca证书sha256编码hash值
```
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
```
拼接命令
```
kubeadm join master.k8s.io:16443 --token 882ik4.9ib2kb0eftvuhb58 --discovery-token-ca-cert-hash sha256:0b1a836894d930c8558b350feeac8210c85c9d35b6d91fde202b870f3244016a
```
> 对于master加入,请加上 --experimental-control-plane 参数
#### 查看各个节点加入集群情况
```
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master-01 Ready master 12m v1.13.10 192.168.1.101 CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.3
k8s-master-02 Ready master 10m v1.13.10 192.168.1.102 CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.3
k8s-node-01 Ready 68s v1.13.10 192.168.1.103 CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.3
k8s-node-02 Ready 61s v1.13.10 192.168.1.104 CentOS Linux 7 (Core) 3.10.0-957.1.3.el7.x86_64 docker://18.6.3
```