2024年最新kubernets学习 -环境搭建_,2024年最新熬夜整理华为最新Golang笔试题

最新推荐文章于 2024-10-10 10:32:27 发布
最新推荐文章于 2024-10-10 10:32:27 发布
阅读量296 收藏 6
点赞数 4
分类专栏: 面试 学习路线 阿里巴巴 文章标签: go 学习 面试
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/2401_84925558/article/details/138980233
版权
面试 同时被 3 个专栏收录
12 篇文章 0 订阅
订阅专栏
学习路线
12 篇文章 0 订阅
订阅专栏
阿里巴巴
12 篇文章 0 订阅
订阅专栏

img
img
img

既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上Go语言开发知识点,真正体系化!

由于文件比较多,这里只是将部分目录截图出来,全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频,并且后续会持续更新

如果你需要这些资料,可以戳这里获取

modprobe -- overlay
modprobe -- br_netfilter

配置内核

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

加载内核

sysctl --system

创建配置文件

mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml

修改配置文件

vim /etc/containerd/config.toml

修改以下内容

找到containerd.runtimes.runc.options,修改SystemdCgroup = true
将所有的sanbox_image修改为registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6

启动containerd并配置开机启动

systemctl daemon-reload
systemctl enable --now containerd


cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

说明一下Cgroup drivers:systemd cgroupfs 区别
那么 systemd 和 cgroupfs 这两种驱动有什么区别呢?

  1. systemd cgroup driver 是 systemd 本身提供了一个 cgroup 的管理方式,使用systemd 做 cgroup 驱动的话,所有的 cgroup 操作都必须通过 systemd 的接口来完成,不能手动更改 cgroup 的文件
  2. cgroupfs 驱动就比较直接,比如说要限制内存是多少、要用 CPU share 为多少?直接把 pid 写入对应的一个 cgroup 文件,然后把对应需要限制的资源也写入相应的 memory cgroup 文件和 CPU 的 cgroup 文件就可以了

所以可以看出来 systemd 更加安全,因为不能手动去更改 cgroup 文件,当然我们也推荐使用 systemd 驱动来管理 cgroup。

K8s组件安装

下载kubernetes1.23.4 https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1234

wget https://storage.googleapis.com/kubernetes-release/release/v1.23.4/kubernetes-server-linux-amd64.tar.gz

下载etcd3.5.1 https://github.com/etcd-io/etcd/releases

https://github.com/etcd-io/etcd/releases/download/v3.5.1/etcd-v3.5.1-linux-amd64.tar.gz

解压kubernetes组件

tar -xf kubernetes-server-linux-amd64.tar.gz  --strip-components=3 -C /usr/local/bin kubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy}

解压etcd组件

 tar -zxvf etcd-v3.5.1-linux-amd64.tar.gz --strip-components=1 -C /usr/local/bin etcd-v3.5.1-linux-amd64/etcd{,ctl}

将组件发送到其他节点

MasterNodes='master2 master3'
for NODE in $MasterNodes; do echo $NODE; scp /usr/local/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy} $NODE:/usr/local/bin/; scp /usr/local/bin/etcd\* $NODE:/usr/local/bin/; done

下载CNI https://github.com/containernetworking/plugins/releases/tag/v1.1.1

wget https://github.com/containernetworking/plugins/releases/download/v1.1.0/cni-plugins-linux-amd64-v1.1.1.tgz

所有节点创建/opt/cni/bin目录

mkdir -p /opt/cni/bin

解压cni并发送到所有节点

tar -zxf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin
for NODE in $MasterNodes; do     ssh $NODE 'mkdir -p /opt/cni/bin';     scp /opt/cni/bin/\* $NODE:/opt/cni/bin/; done

生成证书

master1下载生成证书工具 https://github.com/cloudflare/cfssl

wget https://github.com/cloudflare/cfssl/releases/tag/v1.6.1/cfssl_1.6.1_linux_amd64 -O /usr/local/bin/cfssl
wget https://github.com/cloudflare/cfssl/releases/tag/v1.6.1/cfssljson_1.6.1_linux_amd64 -O /usr/local/bin/cfssljson
chmod +x /usr/local/bin/\*

所有节点创建etcd证书目录

mkdir -p /etc/etcd/ssl

所有节点创建kubernetes目录

mkdir -p /etc/kubernetes/pki

生成etcd证书

master1生成etcd证书
生成自签证书颁发机构(CA)

cat > ca-config.json << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "876000h"
      }
    }
  }
}
EOF


cat > etcd-ca-csr.json << EOF
{
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "etcd",
      "OU": "Etcd Security"
    }
  ],
  "ca": {
    "expiry": "876000h"
  }
}
EOF


cat > etcd-csr.json << EOF
{
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "etcd",
      "OU": "Etcd Security"
    }
  ]
}
EOF

生成证书CSR文件:证书签名请求文件

 cfssl gencert -initca etcd-ca-csr.json | cfssljson -bare /etc/etcd/ssl/etcd-ca

颁发客户端证书

cfssl gencert \
   -ca=/etc/etcd/ssl/etcd-ca.pem \
   -ca-key=/etc/etcd/ssl/etcd-ca-key.pem \
   -config=ca-config.json \
   -hostname=127.0.0.1,master1,master2,master3,192.168.56.101,192.168.56.102,192.168.56.103 \
   -profile=kubernetes \
   etcd-csr.json | cfssljson -bare /etc/etcd/ssl/etcd

将etcd证书复制到其他节点

for NODE in $MasterNodes; do
     ssh $NODE "mkdir -p /etc/etcd/ssl"
     for FILE in etcd-ca-key.pem  etcd-ca.pem  etcd-key.pem  etcd.pem; do
       scp /etc/etcd/ssl/${FILE} $NODE:/etc/etcd/ssl/${FILE}
     done
 done

生成kubernetes证书

cd /etc/kubernetes/pki

生成CA证书

cat > ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "Kubernetes",
      "OU": "Kubernetes-manual"
    }
  ],
  "ca": {
    "expiry": "876000h"
  }
}
EOF


cfssl gencert -initca ca-csr.json | cfssljson -bare /etc/kubernetes/pki/ca

生成apiserver证书

cat > ca-config.json << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "876000h"
      }
    }
  }
}
EOF


cat > ca-config.json << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "876000h"
      }
    }
  }
}
EOF


cat > apiserver-csr.json << EOF
{
  "CN": "kube-apiserver",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "Kubernetes",
      "OU": "Kubernetes-manual"
    }
  ]
}
EOF


cfssl gencert \
	-ca=/etc/kubernetes/pki/ca.pem \
	-ca-key=/etc/kubernetes/pki/ca-key.pem \
	-config=ca-config.json \
	-hostname=10.96.0.1,192.168.56.88,127.0.0.1,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,192.168.56.101,192.168.56.102,192.168.56.103 \
	-profile=kubernetes \
	apiserver-csr.json | cfssljson -bare /etc/kubernetes/pki/apiserver

生成apiserver的聚合证书

cat > front-proxy-ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
     "algo": "rsa",
     "size": 2048
  },
  "ca": {
    "expiry": "876000h"
  }
}
EOF


cat > front-proxy-client-csr.json  << EOF
{
  "CN": "front-proxy-client",
  "key": {
     "algo": "rsa",
     "size": 2048
  }
}
EOF


cfssl gencert   -initca front-proxy-ca-csr.json | cfssljson -bare /etc/kubernetes/pki/front-proxy-ca 


cfssl gencert \ 
	-ca=/etc/kubernetes/pki/front-proxy-ca.pem \
	-ca-key=/etc/kubernetes/pki/front-proxy-ca-key.pem \
	-config=ca-config.json \
	-profile=kubernetes \
	front-proxy-client-csr.json | cfssljson -bare /etc/kubernetes/pki/front-proxy-client

生成controller-manager证书

cat > manager-csr.json << EOF

{
  "CN": "system:kube-controller-manager",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "system:kube-controller-manager",
      "OU": "Kubernetes-manual"
    }
  ]
}
EOF


 cfssl gencert \
   -ca=/etc/kubernetes/pki/ca.pem \
   -ca-key=/etc/kubernetes/pki/ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   manager-csr.json | cfssljson -bare /etc/kubernetes/pki/controller-manager

配置一个集群项

kubectl config set-cluster kubernetes \
     --certificate-authority=/etc/kubernetes/pki/ca.pem \
     --embed-certs=true \
     --server=https://192.168.56.88:8443 \
     --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig

设置一个环境项,一个上下文

kubectl config set-context system:kube-controller-manager@kubernetes \
    --cluster=kubernetes \
    --user=system:kube-controller-manager \
    --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig

设置一个用户项,set-credentials

kubectl config set-credentials system:kube-controller-manager \
     --client-certificate=/etc/kubernetes/pki/controller-manager.pem \
     --client-key=/etc/kubernetes/pki/controller-manager-key.pem \
     --embed-certs=true \
     --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig

使用某个环境当作默认环境

kubectl config use-context system:kube-controller-manager@kubernetes \
    --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig

生成scheduler证书

cat > scheduler-csr.json << EOF
{
  "CN": "system:kube-scheduler",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "system:kube-scheduler",
      "OU": "Kubernetes-manual"
    }
  ]
}
EOF


cfssl gencert \
   -ca=/etc/kubernetes/pki/ca.pem \
   -ca-key=/etc/kubernetes/pki/ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   scheduler-csr.json | cfssljson -bare /etc/kubernetes/pki/scheduler

设置一个集群项

kubectl config set-cluster kubernetes \
     --certificate-authority=/etc/kubernetes/pki/ca.pem \
     --embed-certs=true \
     --server=https://192.168.56.88:8443 \
     --kubeconfig=/etc/kubernetes/scheduler.kubeconfig

设置一个环境项,一个上下文

kubectl config set-context system:kube-scheduler@kubernetes \
     --cluster=kubernetes \
     --user=system:kube-scheduler \
     --kubeconfig=/etc/kubernetes/scheduler.kubeconfig

设置一个用户项,set-credentials

kubectl config set-credentials system:kube-scheduler \
     --client-certificate=/etc/kubernetes/pki/scheduler.pem \
     --client-key=/etc/kubernetes/pki/scheduler-key.pem \
     --embed-certs=true \
     --kubeconfig=/etc/kubernetes/scheduler.kubeconfig

使用某个环境当作默认环境

kubectl config use-context system:kube-scheduler@kubernetes \
     --kubeconfig=/etc/kubernetes/scheduler.kubeconfig

生成admin证书

cat > admin-csr.json << EOF
{
  "CN": "admin",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "system:masters",
      "OU": "Kubernetes-manual"
    }
  ]
}
EOF


cfssl gencert \
   -ca=/etc/kubernetes/pki/ca.pem \
   -ca-key=/etc/kubernetes/pki/ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   admin-csr.json | cfssljson -bare /etc/kubernetes/pki/admin

设置一个集群项

kubectl config set-cluster kubernetes \
	--certificate-authority=/etc/kubernetes/pki/ca.pem \
	--embed-certs=true \
	--server=https://192.168.56.88:8443 \
	--kubeconfig=/etc/kubernetes/admin.kubeconfig

设置一个环境项,一个上下文

kubectl config set-context kubernetes-admin@kubernetes \
	--cluster=kubernetes \
	--user=kubernetes-admin \
	--kubeconfig=/etc/kubernetes/admin.kubeconfig

设置一个用户项,set-credentials

kubectl config set-credentials kubernetes-admin \
	--client-certificate=/etc/kubernetes/pki/admin.pem \
	--client-key=/etc/kubernetes/pki/admin-key.pem \
	--embed-certs=true \
	--kubeconfig=/etc/kubernetes/admin.kubeconfig

使用某个环境当作默认环境

kubectl config use-context kubernetes-admin@kubernetes \
	--kubeconfig=/etc/kubernetes/admin.kubeconfig

生成ServiceAccount Key

openssl genrsa -out /etc/kubernetes/pki/sa.key 2048


openssl rsa -in /etc/kubernetes/pki/sa.key -pubout -out /etc/kubernetes/pki/sa.pub

发送到其他节点

for NODE in master2 master3; do 
for FILE in $(ls /etc/kubernetes/pki | grep -v etcd); do 
scp /etc/kubernetes/pki/${FILE} $NODE:/etc/kubernetes/pki/${FILE};
done; 
for FILE in admin.kubeconfig controller-manager.kubeconfig scheduler.kubeconfig; do 
scp /etc/kubernetes/${FILE} $NODE:/etc/kubernetes/${FILE};
done;
done

kubernetes组件配置

etcd配置

master1

cat > /etc/etcd/etcd.config.yml << EOF
name: 'master1'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.56.101:2380'
listen-client-urls: 'https://192.168.56.101:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.56.101:2380'
advertise-client-urls: 'https://192.168.56.101:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'master1=https://192.168.56.101:2380,master2=https://192.168.56.102:2380,master3=https://192.168.56.103:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-output: default
force-new-cluster: false
EOF

master2

cat > /etc/etcd/etcd.config.yml << EOF
name: 'master2'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.56.102:2380'
listen-client-urls: 'https://192.168.56.102:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.56.102:2380'
advertise-client-urls: 'https://192.168.56.102:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'master1=https://192.168.56.101:2380,master2=https://192.168.56.102:2380,master3=https://192.168.56.103:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-output: default
force-new-cluster: false
EOF

master3

cat > /etc/etcd/etcd.config.yml << EOF
name: 'master3'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.56.103:2380'
listen-client-urls: 'https://192.168.56.103:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.56.103:2380'
advertise-client-urls: 'https://192.168.56.103:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'master1=https://192.168.56.101:2380,master2=https://192.168.56.102:2380,master3=https://192.168.56.103:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-output: default
force-new-cluster: false
EOF

创建service文件

cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Service
Documentation=https://coreos.com/etcd/docs/latest/
After=network.target

[Service]
Type=notify
ExecStart=/usr/local/bin/etcd --config-file=/etc/etcd/etcd.config.yml
Restart=on-failure
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
Alias=etcd3.service
EOF


mkdir /etc/kubernetes/pki/etcd
ln -s /etc/etcd/ssl/\* /etc/kubernetes/pki/etcd/
systemctl daemon-reload
systemctl enable --now etcd



export  ETCDCTL_API=3
etcdctl --endpoints="192.168.56.101:2379,192.168.56.102:2379,192.168.56.103:2379" \
	--cacert=/etc/kubernetes/pki/etcd/etcd-ca.pem \
	--cert=/etc/kubernetes/pki/etcd/etcd.pem \
	--key=/etc/kubernetes/pki/etcd/etcd-key.pem \
	endpoint status --write-out=table

高可用配置

所有节点安装keepalived和haproxy

yum install keepalived haproxy -y

haproxy配置

cat > /etc/haproxy/haproxy.cfg  << EOF
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind \*:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind    \*:8006
  mode    http
  stats   enable
  stats   hide-version
  stats   uri       /stats
  stats   refresh   30s
  stats   realm     Haproxy\ Statistics
  stats   auth      admin:admin

frontend k8s-master
  bind 0.0.0.0:8443
  bind 127.0.0.1:8443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server master1    192.168.56.101:6443  check
  server master2    192.168.56.102:6443  check
  server master3    192.168.56.103:6443  check
EOF

keepalived master1配置,注意每个节点IP和网卡不一样

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check\_apiserver.sh"
    interval 2
    weight -5
    fall 3  
    rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface enp0s8
    mcast_src_ip 192.168.56.101
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.56.88
    }
    track_script {      chk_apiserver 
} }
EOF

master2

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check\_apiserver.sh"
    interval 2
    weight -5
    fall 3  
    rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface enp0s8
    mcast_src_ip 192.168.56.102
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.56.88
    }
    track_script {      chk_apiserver 
} }
EOF

master3

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check\_apiserver.sh"
    interval 2
    weight -5
    fall 3  
    rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface enp0s8
    mcast_src_ip 192.168.56.103
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.56.88
    }
    track_script {      chk_apiserver 
} }
EOF

健康检查配置

cat > /etc/keepalived/check_apiserver.sh  << EOF
#!/bin/bash

err=0
for k in $(seq 1 5)
do
    check_code=$(pgrep kube-apiserver)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 5
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
EOF


chmod +x /etc/keepalived/check_apiserver.sh


systemctl enable --now haproxy
systemctl enable --now keepalived

组件配置

创建相关目录

mkdir -p /etc/kubernetes/manifests/ \
	/etc/systemd/system/kubelet.service.d \
	/var/lib/kubelet \
	/var/log/kubernetes
ApiServer
vim /usr/lib/systemd/system/kube-apiserver.service

master1

[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]


![img](https://img-blog.csdnimg.cn/img_convert/eca339b65dc515111f5d813ef7773988.png)
![img](https://img-blog.csdnimg.cn/img_convert/725d8952be3f27d409ec2a1fb1bf6051.png)

**网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。**

**[需要这份系统化的资料的朋友,可以添加戳这里获取](https://bbs.csdn.net/topics/618658159)**


**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**

alived/check_apiserver.sh  << EOF
#!/bin/bash

err=0
for k in $(seq 1 5)
do
    check_code=$(pgrep kube-apiserver)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 5
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
EOF


chmod +x /etc/keepalived/check_apiserver.sh


systemctl enable --now haproxy
systemctl enable --now keepalived

组件配置

创建相关目录

mkdir -p /etc/kubernetes/manifests/ \
	/etc/systemd/system/kubelet.service.d \
	/var/lib/kubelet \
	/var/log/kubernetes
ApiServer
vim /usr/lib/systemd/system/kube-apiserver.service

master1

[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]


[外链图片转存中...(img-oBJNfG3A-1715877003274)]
[外链图片转存中...(img-fKMjUWZC-1715877003275)]

**网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。**

**[需要这份系统化的资料的朋友,可以添加戳这里获取](https://bbs.csdn.net/topics/618658159)**


**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**
web3钱包系统开发
a19942438797的博客
11-24 1783
早在2018,就有人开始谈论web3了,它其实是一个相对概念,通俗意义上可以理解为新一代互联网的简称。Web3相对web1、web2来说的,像移动通信技术3G、4G、5G一样,是高度依赖机器学习、人工智能及区块链等技术的下一代互联网技术的统称。
华为0830-题解-频率搬移值分配| 二叉树构建+层序遍历
2301_79125431的博客
09-06 271
中兴领军:二面美团:二面后人才库(就当寄了,“美团,卸载”)华为云:免笔试阿里控股:笔试依托,约了二面阿里淘天:笔试ak,等约面(快点吧)京东:笔试依托,hr打。公司:喜马拉雅 岗位:运营岗 状态:已经实习三个月工作内容:入职都在跟进同一个项目,当一个小帮手,文档,表格,ppt这些是日常实习少不了的。不知名小厂实习4个月,岗位是大数据的实施岗位。末流211本科意外被天美捞去群面,进去之后发现是9人还是10人一起面,其中不乏清华和新国立的大佬,也有美硕和英本英硕的大佬,其余基本都是985的硕士吧,且有着大。
2024力扣热门100题之字母异位词分组【中等】(1),2024最新微信小程序页面跳转方法总结
2401_84910943的博客
05-11 523
输入: strs = [“eat”, “tea”, “tan”, “ate”, “nat”, “bat”]输出: [[“bat”],[“nat”,“tan”],[“ate”,“eat”,“tea”]]解法1:字符串拆分后排序,再聚合,最后再使用哈希归类。输入: strs = [“a”]解法2:求字符串权值,按权值分类。输入: strs = [“”]strs[i] 仅包含小写字母。输出: [[“a”]]输出: [[“”]]
MCDF实验——Lab4
热门推荐
qq_39794062的博客
02-18 1万+
在之前的Lab3中,通过一个初具规模的MCDT的验证环境学习到: 验证环境按照隔离的观念,应分为硬件DUT,软件验证环境,和处于信号媒介的接口interface。 对于软件验证环境,需要经历建立阶段(build),连接阶段(connect),产生激励阶段(generate)和发送激励阶段(transfer),只有当所有的激励发送完毕并且比较完全之后,才可以结束该测试。 从Lab4开始,要验证更大的子系统,即MCDF。与MCDT相比,MCDF主要添加了寄存器控制和状态显示功能,同时也添加了一个重要的数据
Go语言面试宝典:50道必会题目与精解
成长之路
02-24 6542
本文提供了50道覆盖Go语言核心概念、并发编程、内存管理、包管理、错误处理和测试等方面的面试题及其详细答案,旨在帮助开发者全面准备Go语言技术面试
2024Idea创建一个JSP web项目_idea创建jspweb数据库项目,阿里巴巴二面被血虐
2401_84904661的博客
05-11 802
【代码】2024Idea创建一个JSP web项目_idea创建jspweb数据库项目,阿里巴巴二面被血虐。
开源echarts实现的BI数据可视化图表,总有你能用上的
2301_79125642的博客
11-28 485
我投的是无线逻辑,意向地是东莞和上海。我签了一个军工研究所,我们学校盖章有两个,一个是用人单位人事部盖章,一个是用人单位上级主管部门盖章,但是他们给我盖的章只有用人单位人事部的章,上级主管部门盖章的。双非本24届毕业生,无竞赛无实习,不考研不考公不靠编,Boss上沟通了一千七百多家,大多都是已读不回,好多都是未读,投出的简历也只有一百多家,找了快两个月的工作。技术面,问了一个多小时,很专业,但是问了很多我没干的事,问到最后我不耐烦了,直接给他说,我开头就说过了,我没做这块工作,懂了吗?
uniapp开发小程序获取定位信息(腾讯地图)
weixin_62639453的博客
02-06 7803
定位一直是一个让人头疼的问题,不是这个有问题就是那里有问题。这里结合我多方查找和实际运行,获得的一些经验给予分享。
Go语言面试宝典
weixin_43030335的博客
07-19 787
go语言面试常考问题
2024新版IDEA创建JSP项目
Hello_super的博客
09-28 4092
2024新版idea创建Java web项目
uni-app腾讯地图显示定位
06-27
uni-app腾讯地图显示定位
Golang面试宝典——Go语言语法糖
请叫我雯子小姐的小爷的博客
12-22 520
最近几Go的热度持续飙升,国内外很多大公司都在大规模的使用GoGoogle是Go语言诞生的地方,其他公司如Facebook、腾讯、阿里、字节跳动、百度、京东、小米等都在拥抱和转向GoGo语言的开源项目也非常多,如kubernetes、docker、etcd。随着市场对Go语言人才需求的增长,很多开发者都投入了Go语言的怀抱。本系列文章将以第一视角与大家一同开始Golang面试之路,希望大家能够有所收获,拿下心仪的offer。
IDEA搭建JSP环境
ldj0821的博客
01-03 1万+
一、前期准备 JDK11、Tomcat10、IDEA 二、操作步骤 1.打开IDEA->File->Project新建一个Java项目
Golang泛型实战 | 使用泛型结构体实现gorm baseMapper
请叫我雯子小姐的小爷的博客
09-08 1409
Golang泛型实战 | 使用泛型结构体实现gorm baseMapper
MCDF实验4
Ethan567的博客
12-30 1112
MCDF实验4,画出验证化简框图,理解实验验证环境,明白功能测试点的展开位置。
MCDF实验4(4)
IC小白的成长之路
07-01 1108
mcdf_checker中添加的检查
MCDF 实验4 (1)
IC小白的成长之路
06-19 1828
目录fmt_pkg.sv 代码分析fmt_pkg.sv 中的 fmt_driver do_consume() 的代码解析 ​do_receive() 的代码解析 do_config() 的代码解析driver 分为 inititator 和 responder, 之前的 chnl_driver 和 reg_driver 都是 initiator 发送数据或者指令, 而 formatter 的 driver 是一个 接收数据的 从端 slave, 所以我们的 driver 类似要模仿一个 fifo 缓冲数据
Golang面试宝典:必备知识点与实践技巧
最新发布
weixin_30415591的博客
10-10 973
本文还有配套的精品资源,点击获取 简介:掌握Golang核心概念、语法、并发、内存管理及标准库是面试成功的关键。本文涵盖变量与常量、类型系统、函数、结构体、切片、Map、Goroutine、Channel、并发控制、内存管理、错误处理、标准库使用、设计模式及最佳实践等面试重点。通过实战练习加深理解,并关注最新发展,助力求职者在面试中脱颖而出。 1. Go语言基础知...
MCDF实验_lab4(4)
baidu_36202094的博客
07-03 2794
MCDF实验
华为od golang
08-02
华为OD机考Golang是指华为公司在机试环节中使用Golang编程语言进行考察的一种方式。在这个环节中,参加机试的人员需要使用Golang语言完成一系列的编程题目,以展示他们在该语言上的编程能力和技巧。这些题目可能涉及...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值