转接上文:多节点部署k8s(5):配置master和node多节点-配置master02
[root@lb1 /]# vim /etc/chrony.conf
[root@lb1 /]# systemctl start chronyd
[root@lb1 /]# systemctl enable chronyd
[root@lb1 /]# chronyd sources
一、部署nginx服务
1、安装nginx
[root@lb1 /]# yum -y install pcre-devel zlib-devel
[root@lb1 /]# useradd -M -s /sbin/nologin nginx
[root@lb1 /]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
enable=1
gpgcheck=0
[root@lb1 /]# yum install nginx -y
2、编辑配置文件(lb1和lb2配置相同)
[root@lb1 ~]# vim /etc/nginx/nginx.conf
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.100.10:6443 weight=1;
server 192.168.100.20:6443 weight=1;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
http {
二、部署keepalived服务
[root@lb1 /]# yum -y install keepalived
[root@lb1 /]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_master
}
vrrp_instance VI_1 {
state MASTER
script "/usr/local/nginx/check_nginx.sh"
interface ens32
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.55
}
}
[root@lb1 /]# vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
[root@lb1 /]# chmod +x /etc/nginx/check_nginx.sh
[root@lb1 /]# systemctl start keepalived
[root@lb1 /]# systemctl enable keepalived
三、修改node节点
1、修改VIP(bootstrap.kubeconfig,kubelet.kubeconfig)
[root@k8s-node1 /]# vim /opt/kubernetes/cfg/bootstrap.kubeconfig
server: https://192.168.100.55:6443
[root@k8s-node1 /]# vim /opt/kubernetes/cfg/kubelet.kubeconfig
server: https://192.168.100.55:6443
[root@k8s-node1 /]# vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
server: https://192.168.100.55:6443
[root@k8s-node1 /]# cd /opt/kubernetes/cfg/
[root@k8s-node1 cfg]# grep 55 *
bootstrap.kubeconfig: server: https://192.168.100.55:6443
kubelet.kubeconfig: server: https://192.168.100.55:6443
kube-proxy.kubeconfig: server: https://192.168.100.55:6443
[root@k8s-node1 cfg]# systemctl restart kubelet.service
[root@k8s-node1 cfg]# systemctl restart kube-proxy.service
[root@lb1 ~]# tail -F /var/log/nginx/k8s-access.log
192.168.100.30 192.168.100.10:6443 - [22/Apr/2020:03:10:39 +0800] 200 1119
192.168.100.30 192.168.100.20:6443 - [22/Apr/2020:03:10:39 +0800] 200 1121
192.168.100.40 192.168.100.20:6443 - [22/Apr/2020:03:10:40 +0800] 200 1120
192.168.100.40 192.168.100.10:6443 - [22/Apr/2020:03:10:40 +0800] 200 1120
2、在master1上操作
1)测试pod
[root@k8s-master1 ~]# kubectl run nginx --image=nginx
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx created
[root@k8s-master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-2dq77 1/1 Running 0 42s
2)日志问题:绑定群集中的匿名用户赋予管理员权限
[root@k8s-master1 ~]# kubectl logs nginx-dbddb74b8-2dq77
Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log nginx-dbddb74b8-2dq77)
[root@k8s-master1 ~]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/cluster-system-anonymous created
[root@k8s-master1 ~]# kubectl logs nginx-dbddb74b8-2dq77
3)查看pod网络
[root@k8s-master1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-2dq77 1/1 Running 0 7m3s 172.18.0.2 192.168.100.30
[root@k8s-node1 ~]# curl 172.18.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
[root@k8s-master1 ~]# kubectl logs nginx-dbddb74b8-2dq77
172.18.0.1 - - [21/Apr/2020:19:22:46 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "
转接上文:多节点部署k8s(7):创建UI界面