zoukankan      html  css  js  c++  java
  • 使用kubeadm快速部署高可用kubernetes集群

    一、     服务器规划

    环境要求:

        2台rhel7.8机器

        硬件配置:2C/2G/30G及以上

    服务器及IP规划:

    角色

    主机名

    ip

    组件

    master节点

    master73

    192.168.27.73

    keepalived、HAproxy、master组件

    master节点

    master74

    192.168.27.74

    keepalived、HAproxy、master组件

    VIP

    matervip

    192.168.27.70

    work节点

    node75

    192.168.27.75

    node组件

    二、初始化操作系统(所有机器)

    #关闭防火墙

    systemctl stop firewalld
    systemctl disable firewalld

    #关闭selinux

    sed -i 's/Enforcing/disabled/' /etc/selinux/config

    #禁止swap分区

    sed -i 's/.*swap.*/#&/' /etc/fstab

    #添加hosts解析

    cat >> /etc/hosts << EOF

    192.168.27.73    master73

    192.168.27.74    master74

    192.168.27.70    node70

    192.168.27.75    node75

    EOF

    #将桥接的IPv4流量传递到iptables的链

    cat > /etc/sysctl.d/k8s.conf << EOF

    net.bridge.bridge-nf-call-ip6tables = 1

    net.bridge.bridge-nf-call-iptables = 1

    EOF

    sysctl --system

    #时间同步

    yum install ntpdata

    ntpdate time.windows.com    #根据实际情况同步时间服务器

    #重启

    reboot

    三、master节点部署keepalived+HAproxy(所有master节点)

    部署keepalive

    yum install conntrack-tools libseccomp libtool-ltdl

    yum install keepalived

    写keep alive配置文件

    备份初始化文件

    cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.old

    cat > /etc/keepalived/keepalived.conf <<EOF

    ! Configuration File for keepalived

    global_defs {

        router_id k8s

    }

    vrrp_script check_haproxy{

        script "killall -0 haproxy"

        interval 3

        weight -2

        fall 10

        rise 2

    }

    vrrp_instance VI_1 {

    state MASTER

    interface ens33  #网卡设备名称,根据自己网卡信息进行更改

    virtual_router_id 51

    advert_int 1

    priority 250

    authentication {

    auth_type PASS

    auth_pass ceb1b3ec013d66163d6ab

    }

    virtual_ipaddress {

        192.168.27.70  # 这就就是虚拟IP地址

    }

    track_script{

        check_haproxy

    }

    }

    EOF

    systemctl enable keepalived

    systemctl start keepalived

    部署HAproxy

    yum install haproxy

    cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old

    cat > /etc/haproxy/haproxy.cfg <<EOF

    global

        log         127.0.0.1 local2

        chroot      /var/lib/haproxy

        pidfile     /var/run/haproxy.pid

        maxconn     4000

        user        haproxy

        group       haproxy

        daemon

        # turn on stats unix socket

        stats socket /var/lib/haproxy/stats

    defaults

        mode                    http

        log                     global

        option                  httplog

        option                  dontlognull

        option http-server-close

        option forwardfor       except 127.0.0.0/8

        option                  redispatch

        retries                 3

        timeout http-request    10s

        timeout queue           1m

        timeout connect         10s

        timeout client          1m

        timeout server          1m

        timeout http-keep-alive 10s

        timeout check           10s

        maxconn                 3000

    frontend kubernetes-apiserver

        mode                    tcp

        bind                    *:16443

        option                  tcplog

        default_backend         kubernetes-apiserver

    backend kubernetes-apiserver

        mode        tcp

        balance     roundrobin

        server      master73  192.168.27.73:6443 check

        server      master74  192.168.27.74:6443 check

    listen stats

        bind            *:1080

        stats auth      admin:awesomePassword

        stats refresh   5s

        stats realm     HAProxy Statistics

    stats uri       /admin?stats

    EOF

    systemctl enable haproxy

    systemctl start haproxy

    四、安装docker-ce/kubelet/kubeadm

    #下载yum源

    yum install -y wget

    wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo /etc/yum.repos.d/

    yum clean all

    #安装依赖包:

    yum install policycoreutils-python

    wget http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm

    rpm -ivh container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm

    yum install docker-ce-18.06.1.ce-3.el7

    cat > /etc/docker/daemon.json <<EOF

    {

        "exec-opts":["native.cgroupdriver=systemd"],

        "registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"]

    }

    EOF

    systemctl daemon-reload

    systemctl start docker

    systemctl enable docker

    配置kubernetes源

    cat > /etc/yum.repos.d/kubernetes.repo <<EOF

    [kubernetes]

    name=kubernetes

    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

    enabled=1

    gpgcheck=0

    EOF

    yum install kubelet-1.16.3 kubeadm-1.16.3 kubectl-1.16.3

    启动kubelet并设置为开机自启

    systemctl enable kubelet

    五、部署主备master节点

    部署主master节点(在vip所在的主机上操作)

    准备工作目录

    mkdir /usr/local/kubernetes/manifests/ -p

    cd /usr/local/kubernetes/manifests/

    生成部署文件

    cat > kubeadm-config.yaml <<EOF

    apiServer:

      certSANs:

        - master73

        - master74

        - master

        - 192.168.27.73

        - 192.168.27.74

        - 192.168.27.70

        - 127.0.0.1

      extraArgs:

        authorization-mode: Node,RBAC

      timeoutForControlPlane: 4m0s

    apiVersion: kubeadm.k8s.io/v1beta1

    certificatesDir: /etc/kubernetes/pki

    clusterName: kubernetes

    controlPlaneEndpoint: "master:16443"

    controllerManager: {}

    dns:

      type: CoreDNS

    etcd:

      local:

        dataDir: /var/lib/etcd

    imageRepository: registry.aliyuncs.com/google_containers

    kind: ClusterConfiguration

    KubernetesVersion: v1.16.3

    networking:

      dnsDomain: cluster.local

      podSubnet: 10.244.0.0/16

      serviceSubnet: 10.1.0.0/16

    scheduler: {}

    EOF

    kubeadm init --config kubeadm-config.yaml

    保存输出(需要用它进行加集群)

    Your Kubernetes control-plane has initialized successfully!

    To start using your cluster, you need to run the following as a regular user:

      mkdir -p $HOME/.kube

      sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

      sudo chown $(id -u):$(id -g) $HOME/.kube/config

    You should now deploy a pod network to the cluster.

    Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

      https://kubernetes.io/docs/concepts/cluster-administration/addons/

    You can now join any number of control-plane nodes by copying certificate authorities

    and service account keys on each node and then running the following as root:

      kubeadm join master:16443 --token 24q1yw.y8a5fspmfgqafee4

        --discovery-token-ca-cert-hash sha256:1efc02c1e36672ed8cb2d9b72d7fb4ff01fd052e61fda3fd609e49133b6f412f

        --control-plane       

    Then you can join any number of worker nodes by running the following on each as root:

    kubeadm join master:16443 --token 24q1yw.y8a5fspmfgqafee4

        --discovery-token-ca-cert-hash sha256:1efc02c1e36672ed8cb2d9b72d7fb4ff01fd052e61fda3fd609e49133b6f412f

    按照提示执行:

    mkdir -p $HOME/.kube

    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

    sudo chown $(id -u):$(id -g) $HOME/.kube/confi

    部署flannel网络

    kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    查看状态

    kubectl get cs

    kubectl get nodes

    kubectl get pod -n kube-system

    部署将另一个master加入集群

    将密钥相关文件从主master复制到另一个节点

    ssh root@master73 mkdir -p /etc/kubernetes/pki/etcd/

    scp /etc/kubernetes/admin.conf root@master73:/etc/kubernetes/

    scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@master73:/etc/kubernetes/pki/

    scp /etc/kubernetes/pki/etcd/ca.* root@master73:/etc/kubernetes/pki/etcd/

    在备节点执行上面保存的输出

    kubeadm join master:16443 --token 24q1yw.y8a5fspmfgqafee4

        --discovery-token-ca-cert-hash sha256:1efc02c1e36672ed8cb2d9b72d7fb4ff01fd052e61fda3fd609e49133b6f412f

    --control-plane

    执行输出:

        mkdir -p $HOME/.kube

        sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

        sudo chown $(id -u):$(id -g) $HOME/.kube/config

    部署node节点

    在node节点执行之前保存的输出

    kubeadm join master:16443 --token 24q1yw.y8a5fspmfgqafee4

    --discovery-token-ca-cert-hash sha256:1efc02c1e36672ed8cb2d9b72d7fb4ff01fd052e61fda3fd609e49133b6f412f

    重新安装fannel网络(主master节点上执行)

    kubectl  create -f kube-flannel.yml

    查看集群状态

    六、部署应用

     略

  • 相关阅读:
    Elasticsearch搜索引擎学习笔记(二)
    Elasticsearch搜索引擎学习笔记(一)
    Redis集群(cluster模式)搭建(三主三从)
    Redis主从、哨兵
    oracle 数据查询 返回树形结构的每一级的id
    oracle 数据库查询 COALESCE字符函数
    java 生成不重复的6位数字 +年月日
    oracle 数据库查询CLOB类型 报错 【ORA-00932: 数据类型不一致: 应为 -, 但却获得 CLOB】
    oracle 数据表结构和数据 导入 导出
    sql 创建数据库表结构
  • 原文地址:https://www.cnblogs.com/lingshu/p/14417183.html
Copyright © 2011-2022 走看看