kubeadm部署k8s高可用集群 Kubernetes 1.18.14(其他版本替换版本号1.18.14即可)

简介: kubeadm部署k8s高可用集群 Kubernetes 1.18.14(其他版本替换版本号1.18.14即可)

kubeadm部署k8s高可用集群 Kubernetes 1.18.14(其他版本替换版本号1.18.14即可)


集群角色

角色

IP地址 主机名
master1 192.168.26.100 k8s-01
master2/node 192.168.26.120 k8s-02
master3/node 192.168.26.130 k8s-03
node 192.168.26.170 k8s-04

vip

192.168.26.150


在192.168.26.100这台master操作


这里写个脚本

我们用master1机器做ssh免密

快速修改hosts和主机名

##先添加hosts文件
cat >> /etc/hosts <<EOF 
192.168.26.100 k8s-01
192.168.26.120 k8s-02
192.168.26.130 k8s-03
192.168.26.170 k8s-04
EOF
[root@localhost ~]# yum -y install expect ##4台都安装
[root@localhost ~]# ssh-keygen ##一顿回车 生成公钥
vim ssh-hosts.sh
#!/bin/bash
##下方ip地址和主机名修改成自己的
##656768是密码也修改成自己的
for i in 192.168.26.100 192.168.26.120 192.168.26.130 192.168.26.170 k8s-02 k8s-03 k8s-04;do
expect -c "
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$i
    expect {
        \"*yes/no*\" {send \"yes\r\"; exp_continue}
        \"*password*\" {send \"656768\r\"; exp_continue}
        \"*Password*\" {send \"656768\r\";}
    } "
done
for host_name in k8s-02 k8s-03 k8s-04;do
scp /etc/hosts $host_name:/etc/
done


上面的脚本已经同步了hosts文件,下一步修改对应的主机名

hostnamectl set-hostname k8s-01 ##先修改自己的主机名
ssh k8s-02  ##第二台
hostnamectl set-hostname k8s-02 
exit
ssh k8s-03  ##第三台
hostnamectl set-hostname k8s-03
exit
ssh k8s-04  ##第四台
hostnamectl set-hostname k8s-04
exit
回来100节点 ping检查以下是否有误
[root@k8s-01 ~]# ping k8s-01
PING k8s-01 (192.168.26.100) 56(84) bytes of data.
64 bytes from k8s-01 (192.168.26.100): icmp_seq=1 ttl=64 time=0.020 ms
[root@k8s-01 ~]# ping k8s-02
PING k8s-02 (192.168.26.120) 56(84) bytes of data.
64 bytes from k8s-02 (192.168.26.120): icmp_seq=1 ttl=64 time=0.252 ms
[root@k8s-01 ~]# ping k8s-03
PING k8s-03 (192.168.26.130) 56(84) bytes of data.
64 bytes from k8s-03 (192.168.26.130): icmp_seq=1 ttl=64 time=0.234 ms
[root@k8s-01 ~]# ping k8s-04
PING k8s-04 (192.168.26.170) 56(84) bytes of data.
64 bytes from k8s-04 (192.168.26.170): icmp_seq=1 ttl=64 time=0.151 ms


ok 初始环境准备完事,开始修改各节点系统配置


1. 配置系统环境 (全部机器执行)

以下操作默认每台机器都要执行

##可以每个步骤手敲,也可以直接建个脚本scp到各台机器,自动部署
vim k8s_init.sh
#!/bin/bash
##安装相关软件
yum install -y epel-release conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
wait 
##关闭防火墙firewalld
systemctl stop firewalld && systemctl disable firewalld
wait
##关闭iptables
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
wait
##关闭防火墙SELINUX
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
wait
##关闭swap分区
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
wait
##开启网络转发
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
wait
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
wait
##系统配置
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
wait
sysctl -p /etc/sysctl.d/k8s.conf
##安装docker环境
yum remove -y docker \
           docker-client \
           docker-client-latest \
           docker-common \
           docker-latest \
           docker-latest-logrotate \
           docker-logrotate \
           docker-selinux \
           docker-engine-selinux \
           docker-engine
wait
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce-18.09.9-3.el7
systemctl start docker
systemctl enable docker
sed -i "13i ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT" /usr/lib/systemd/system/docker.service
wait
##配置加速器
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://bk6kzfqm.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF
wait
##重启docker
systemctl daemon-reload
systemctl restart docker
wait
#安装k8s组件
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#重建yum缓存,输入y添加证书认证
wait
yum makecache fast
wait
yum install -y kubelet-1.18.14 kubectl-1.18.14 kubeadm-1.18.14
wait
##将 Container Runtime、kubelet 配置成使用 systemd 来作为 cgroup 驱动
echo "KUBELET_EXTRA_ARGS=--cgroup-driver=systemd" > /etc/sysconfig/kubelet
wait
systemctl daemon-reload
systemctl restart kubelet
systemctl enable --now kubelet
systemctl status kubelet
#安装bash自动补全插件
yum install bash-completion -y
#设置kubectl与kubeadm命令补全,下次login生效
kubectl completion bash > /etc/bash_completion.d/kubectl
kubeadm completion bash > /etc/bash_completion.d/kubeadm


2.master节点配置高可用 (3台master机器执行)

1.安装/配置keepalived haproxy

yum install keepalived haproxy -y
##修改配置文件
##修改k8s-01的配置文件
vim /etc/keepalived/keepalived.conf
global_defs {
    router_id LVS_DEVEL_01 //此处变量应保持唯一
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"  //健康检查脚本
    interval 8 
    weight -5
    fall 3  
    rise 2
}
vrrp_instance VI_1 {
    state MASTER    //主节点
    interface eth0  //网卡名
    mcast_src_ip 192.168.26.100   //本机ip
    virtual_router_id 51     //两台主机需保持一致
    priority 150   //权重,主节点应大于备份节点
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.26.150/24  //虚拟ip
    }
    track_script {
       chk_apiserver
    }
}


k8s-02和k8s-03类似

#vi /etc/keepalived/keepalived.conf
global_defs {
    router_id LVS_DEVEL_02
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh" 
    interval 8
    weight -5
    fall 3  
    rise 2
}
vrrp_instance VI_1 {
    state BACKUP  //备份节点
    interface eth0
    mcast_src_ip 192.168.26.120
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.26.150/24
    }
    track_script {
       chk_apiserver
    }
}


2.编辑3台master的检测脚本

#vi /etc/keepalived/check_apiserver.sh
err=0
for k in $(seq 1 5)
do
    check_code=$(pgrep kube-apiserver)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 5
        continue
    else
        err=0
        break
    fi
done
if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi


3.配置haproxy.cfg (3台master都要操作)

cat > /etc/haproxy/haproxy.cfg << EOF
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon 
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------  
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
#---------------------------------------------------------------------
# kubernetes apiserver frontend which proxys to the backends
#--------------------------------------------------------------------- 
frontend kubernetes-apiserver
    mode                 tcp
    bind                 *:16443
    option               tcplog
    default_backend      kubernetes-apiserver    
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend kubernetes-apiserver
    mode        tcp
    balance     roundrobin
    server      k8s-01           192.168.26.100:6443  check
    server      k8s-02           192.168.26.120:6443  check
    server      k8s-03           192.168.26.130:6443  check
#---------------------------------------------------------------------
# collection haproxy statistics message
#---------------------------------------------------------------------
listen stats
    bind                 *:1080
    stats auth           admin:awesomePassword
    stats refresh        5s
    stats realm          HAProxy\ Statistics
    stats uri            /admin?stats
EOF


4.启动和检查两个服务

systemctl enable keepalived.service
systemctl start keepalived.service
systemctl status keepalived.service
ip a s eth0
[root@k8s-01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:bf:bf:a5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.26.100/24 brd 192.168.26.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.26.150/24 scope global secondary eth0
       valid_lft forever preferred_lft forever
systemctl enable haproxy
systemctl start haproxy
systemctl status haproxy
ss -anput |grep haproxy
[root@k8s-01 ~]# ss -anput |grep haproxy
udp    UNCONN     0      0         *:56573                 *:*                   users:(("haproxy",pid=69064,fd=6),("haproxy",pid=69063,fd=6))
tcp    LISTEN     0      128       *:1080                  *:*                   users:(("haproxy",pid=69064,fd=7))
tcp    LISTEN     0      128       *:16443                 *:*                   users:(("haproxy",pid=69064,fd=5))


3.初始化集群(k8s-01操作)

kubeadm init \
  --control-plane-endpoint "192.168.26.150:16443" \ 
  --kubernetes-version "1.18.14" \
  --pod-network-cidr "10.0.0.0/8" \
  --service-cidr "172.16.0.0/16" \
  --token "abcdef.0123456789abcdef" \
  --token-ttl "0" \
  --image-repository registry.aliyuncs.com/google_containers \
  --upload-certs
##上面的命令会有格式问题请勿直接粘贴,用下面粘贴版本 
kubeadm init --control-plane-endpoint "192.168.26.150:16443" --kubernetes-version "1.18.14" --pod-network-cidr "10.0.0.0/8" --service-cidr "172.16.0.0/16" --token "abcdef.0123456789abcdef" --token-ttl "0" --image-repository registry.aliyuncs.com/google_containers --upload-certs
##初始命令会拉取集群镜像根据网络不同,等待时间不同,耐心等待


参数解释:

–control-plane-endpoint:为控制平面指定一个固定的虚拟IP地址。其值应与负载均衡vip一致,若负载均衡与master位于同一主机,请指定与6443不同的端口号。


–kubernetes-version:指定kubernetes版本号。


–pod-network-cidr:指定pod网络的IP地址集。


–service-cidr:为service VIPs指定IP地址集。


–token:用于控制平面和节点之间建立双向结构。


–token-ttl:设置token过期时间。“0”表示不过期。


–image-repository :指定拉取控制平面镜像的仓库。


–upload-certs:上传控制平面证书到kubeadm-certs Secret。

##输出以下结果说明成功
##如果失败,检查vip是否启动成功 
##kubeadm reset 后重新执行初始化
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
##这段用来配置kubectl管理集群(只要安装了kubectl就能配置管理集群)
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config ##提示没有admin.conf 就从master机器scp一份
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
 https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane node running the following command on each as root:
##这段用来加入master节点
  kubeadm join 192.168.26.150:16443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e7fd94ec50ce57faea088f3358808f7155ffab364cac8ee2a4c8e66a8f7b6f8f \
    --control-plane --certificate-key 0b6faa9d215fd51d97587ece45480abe58b88607c8cb776fc85d0edd354c8dab
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
##这段用来加入node节点
kubeadm join 192.168.26.150:16443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e7fd94ec50ce57faea088f3358808f7155ffab364cac8ee2a4c8e66a8f7b6f8f
##配置kubectl管理
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


master节点用这段

node节点复制这段


4.其他节点加入集群

k8s-02

kubeadm join 192.168.26.150:16443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e7fd94ec50ce57faea088f3358808f7155ffab364cac8ee2a4c8e66a8f7b6f8f \
    --control-plane --certificate-key 0b6faa9d215fd51d97587ece45480abe58b88607c8cb776fc85d0edd354c8dab
##配置kubectl管理
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


k8s-03

kubeadm join 192.168.26.150:16443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e7fd94ec50ce57faea088f3358808f7155ffab364cac8ee2a4c8e66a8f7b6f8f \
    --control-plane --certificate-key 0b6faa9d215fd51d97587ece45480abe58b88607c8cb776fc85d0edd354c8dab
##配置kubectl管理
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config


k8s-04(node节点)

kubeadm join 192.168.26.150:16443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e7fd94ec50ce57faea088f3358808f7155ffab364cac8ee2a4c8e66a8f7b6f8f


如果需要在node节点管理集群 也可以同上配置kubectl管理即可


这里我就跳过


查看集群状态,NotReady说明正常,因为还没配置网络


5.配置网络calico (k8s-01执行)

wget https://docs.projectcalico.org/v3.15/manifests/calico.yaml
vim  calico.yaml
## 搜ip地址192  大概是3580行 修改成刚刚初始化的pod网段后删除掉注释 保存退出


修改后效果

kubectl apply -f calico.yaml ##等待calico的pod启动成功 需要下载镜像 
kubectl get nodes  ##查看集群网络状态
$ kubectl get nodes
NAME     STATUS   ROLES    AGE     VERSION
k8s-01   Ready    master   19m     v1.18.14
k8s-02   Ready    master   14m     v1.18.14
k8s-03   Ready    master   14m     v1.18.14
k8s-04   Ready    <none>   6m30s   v1.18.14


6.修改标签,并且清除污点让master节点能运行pod

kubectl taint nodes <node-name> node-role.kubernetes.io/master-  ##删除污点
kubectl label nodes <node-name> node-role.kubernetes.io/node=    ##给节点打标签
kubectl get nodes  ##查看集群状态
NAME     STATUS   ROLES         AGE     VERSION
k8s-01   Ready    master        19m     v1.18.14
k8s-02   Ready    master,node   14m     v1.18.14
k8s-03   Ready    master,node   14m     v1.18.14
k8s-04   Ready    node          6m30s   v1.18.14
相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
目录
相关文章
|
2月前
|
Prometheus Kubernetes 监控
k8s部署针对外部服务器的prometheus服务
通过上述步骤,您不仅成功地在Kubernetes集群内部署了Prometheus,还实现了对集群外服务器的有效监控。理解并实施网络配置是关键,确保监控数据的准确无误传输。随着监控需求的增长,您还可以进一步探索Prometheus生态中的其他组件,如Alertmanager、Grafana等,以构建完整的监控与报警体系。
127 60
|
29天前
|
Kubernetes 关系型数据库 MySQL
Kubernetes入门:搭建高可用微服务架构
【10月更文挑战第25天】在快速发展的云计算时代,微服务架构因其灵活性和可扩展性备受青睐。本文通过一个案例分析,展示了如何使用Kubernetes将传统Java Web应用迁移到Kubernetes平台并改造成微服务架构。通过定义Kubernetes服务、创建MySQL的Deployment/RC、改造Web应用以及部署Web应用,最终实现了高可用的微服务架构。Kubernetes不仅提供了服务发现和负载均衡的能力,还通过各种资源管理工具,提升了系统的可扩展性和容错性。
81 3
|
12天前
|
存储 Kubernetes Devops
Kubernetes集群管理和服务部署实战
Kubernetes集群管理和服务部署实战
31 0
|
2月前
|
NoSQL 关系型数据库 Redis
高可用和性能:基于ACK部署Dify的最佳实践
本文介绍了基于阿里云容器服务ACK,部署高可用、可伸缩且具备高SLA的生产可用的Dify服务的详细解决方案。
|
13天前
|
Kubernetes 监控 Cloud Native
Kubernetes集群的高可用性与伸缩性实践
Kubernetes集群的高可用性与伸缩性实践
46 1
|
2月前
|
JSON Kubernetes 容灾
ACK One应用分发上线:高效管理多集群应用
ACK One应用分发上线,主要介绍了新能力的使用场景
|
2月前
|
Kubernetes 持续交付 开发工具
ACK One GitOps:ApplicationSet UI简化多集群GitOps应用管理
ACK One GitOps新发布了多集群应用控制台,支持管理Argo CD ApplicationSet,提升大规模应用和集群的多集群GitOps应用分发管理体验。
|
2月前
|
Kubernetes Ubuntu Linux
Centos7 搭建 kubernetes集群
本文介绍了如何搭建一个三节点的Kubernetes集群,包括一个主节点和两个工作节点。各节点运行CentOS 7系统,最低配置为2核CPU、2GB内存和15GB硬盘。详细步骤包括环境配置、安装Docker、关闭防火墙和SELinux、禁用交换分区、安装kubeadm、kubelet、kubectl,以及初始化Kubernetes集群和安装网络插件Calico或Flannel。
166 4
|
2月前
|
Kubernetes Cloud Native 云计算
云原生之旅:Kubernetes 集群的搭建与实践
【8月更文挑战第67天】在云原生技术日益成为IT行业焦点的今天,掌握Kubernetes已成为每个软件工程师必备的技能。本文将通过浅显易懂的语言和实际代码示例,引导你从零开始搭建一个Kubernetes集群,并探索其核心概念。无论你是初学者还是希望巩固知识的开发者,这篇文章都将为你打开一扇通往云原生世界的大门。
128 17
|
2月前
|
Kubernetes 应用服务中间件 nginx
搭建Kubernetes v1.31.1服务器集群,采用Calico网络技术
在阿里云服务器上部署k8s集群,一、3台k8s服务器,1个Master节点,2个工作节点,采用Calico网络技术。二、部署nginx服务到k8s集群,并验证nginx服务运行状态。
646 1