kubernetes集群搭建
集群环境
IP地址 | hostname |
---|---|
192.168.39.101 | master1 |
192.168.39.102 | master2 |
192.168.39.103 | master3 |
192.168.39.104 | HA1 |
192.168.39.105 | HA2 |
192.168.39.106 | Harbor |
192.168.39.107 | node1 |
192.168.39.108 | node2 |
192.168.39.109 | node3 |
网段规划
网段名称 | 网段 |
---|---|
node 网段 | 192.168.39.0/24 |
service 网段 | 172.31.0.0/16 |
pod网段 | 10.10.0.0/16 |
版本
Ubuntu 18.04
kubernetes v1.17.2
1.基础环境
最小化安装基础系统,并关闭防火墙 selinux 和 swap,更新软件源、时间同步、安装常用命令,重启后验证基础配置
(1)关闭swap:
# swapoff -a
(2)关闭防火墙和selinux
centos:
# setenforce 0
ubuntu:
# systemctl stop firewalld
(3)时间同步
# ntpdate time1.aliyun.com
or
# crontab -e
*/12 * * * * root /bin/bash ntpdate time1.aliyun.com
(4) 主机名解析
• 在个主机设置集群的 IP 和主机名解析:
ip | 主机名 |
---|---|
192.168.39.101 | 101-master1 |
192.168.39.102 | 102-master2 |
192.168.39.103 | 103-master3 |
192.168.39.104 | 104-ha1 |
192.168.39.105 | 105-ha2 |
192.168.39.106 | harbor.yu.com |
192.168.39.107 | 107-node1 |
192.168.39.108 | 108-node2 |
192.168.39.109 | 109-node3 |
2、部署harbor 以及haproxy高可用反向代理
安装docker,docker-compose ,harbor
root@106-web:~# bash docker-install.sh
root@106-web:~# apt install docker-compose
root@106-web:/usr/local/src# tar xf harbor-offline-installer-v1.7.6.tgz
root@106-web:/usr/local/src/harbor# vim harbor.cfg
hostname = harbor.yu.com
harbor_admin_password = 123456
root@106-web:/usr/local/src/harbor# ./install.sh
访问harbor
部署 harpoxy 和 keepalived
ha1
root@104-web:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 90
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.39.248 dev eth0 label eth0:1
192.168.39.249 dev eth0 label eth0:2
}
}
root@104-web:~# systemctl restart keepalived
root@104-web:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from