目录
一.多master的二进制集群分析
- 区别于单master的二进制集群,多master集群对master做了一个高可用,如果master1宕机,Load Balance就会将VIP转移到master2,这样就保证了master的可靠性。
- 多节点的核心点就是需要指向一个核心的地址,我们之前在做单节点的时候已经将vip地址定义过写入k8s-cert.sh脚本文件中(192.168.18.100),vip开启apiserver,多master开启端口接受node节点的apiserver请求,此时若有新的节点加入,不是直接找moster节点,而是直接找到vip进行spiserver的请求,然后vip再进行调度,分发到某一个master中进行执行,此时master收到请求之后就会给改node节点颁发证书
- 建立负载均衡缓解了nodes对master的请求压力,减轻了master资源使用
二.实验环境分析
角色 | IP地址 | 系统与资源 | 相关组件 |
master1 | 192.168.43.101/24 | centos7.4(2C 2G) | kube-apiserver kube-controller-manager kube-scheduler etcd |
master2 | 192.168.43.104/24 | centos7.4(2C 2G) | kube-apiserver kube-controller-manager kube-scheduler |
node1 | 192.168.43.102/24 | centos7.4(2C 2G) | kubelet kube-proxy docker flannel etcd |
node2 | 192.168.43.103/24 | centos7.4(2C 2G) | kubelet kube-proxy docker flannel etcd |
nginx_lbm | 192.168.43.105/24 | centos7.4(2C 2G) | nginx keepalived |
nginx_lbb | 192.168.43.106/24 | centos7.4(2C 2G) | nginx keepalived |
VIP | 192.168.43.100/24 | - | - |
- 本实验基于单master基础之上操作,添加一个master2
- 利用nginx做负载均衡,利用keepalived做负载均衡器的高可用
注:1.9版本之后nginx具有了四层转发的功能(负载均衡),多了stream模块
-
利用keepalived给master提供的虚拟IP地址,给node访问连接apiserver
三.具体部署
搭建k8s的单节点集群
- 参考,单master集群部署
搭建master2节点
master1的操作
- 复制相关文件、脚本
##递归复制/opt/kubernetes和/opt/etcd下的所有文件到master2中
[root@master ~]# scp -r /opt/kubernetes/ root@192.168.43.104:/opt/
The authenticity of host '192.168.43.104 (192.168.43.104)' can't be established.
ECDSA key fingerprint is SHA256:AJdR3BBN9kCSEk3AVfaZuyrxhNMoDnzGMOMWlP1gUaQ.
ECDSA key fingerprint is MD5:d4:ab:7b:82:c3:99:b8:5d:61:f2:dc:af:06:38:e7:6c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.43.104' (ECDSA) to the list of known hosts.
root@192.168.43.104's password:
token.csv 100% 84 5.2KB/s 00:00
kube-apiserver 100% 934 353.2KB/s 00:00
kube-scheduler 100% 94 41.2KB/s 00:00
kube-controller-manager 100% 483 231.5KB/s 00:00
kube-apiserver 100% 184MB 19.4MB/s 00:09
kubectl 100% 55MB 24.4MB/s 00:02
kube-controller-manager 100% 155MB 26.7MB/s 00:05
kube-scheduler 100% 55MB 31.1MB/s 00:01
ca-key.pem 100% 1679 126.0KB/s 00:00
ca.pem 100% 1359 514.8KB/s 00:00
server-key.pem 100% 1675 501.4KB/s 00:00
server.pem 100% 1643 649.4KB/s 00:00
##master2中需要etcd的证书,否则apiserver无法启动
[root@master ~]# scp -r /opt/etcd/ root@192.168.43.104:/opt/
root@192.168.43.104's password:
etcd 100% 516 64.2KB/s 00:00
etcd 100% 18MB 25.7MB/s 00:00
etcdctl 100% 15MB 25.9MB/s 00:00
ca-key.pem 100% 1675 118.8KB/s 00:00
ca.pem 100% 1265 603.2KB/s 00:00
server-key.pem 100% 1675 675.3KB/s 00:00
server.pem 100% 1338 251.5KB/s 00:00
[root@master ~]#
##复制执行脚本到master2中
[root@master ~]# scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.43.104:/usr/lib/systemd/system/
root@192.168.43.104's password:
kube-apiserver.service 100% 282 30.3KB/s 00:00
kube-controller-manager.service 100% 317 45.9KB/s 00:00
kube-scheduler.service 100% 281 151.7KB/s 00:00
master2的操作
- 基本环境设置
##修改主机名
[root@localhost ~]# hostnamectl set-hostname master2
[root@localhost ~]# su
##永久关闭安全性功能
[root@master2 ~]# systemctl stop firewalld
[root@master2 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master2 ~]# setenforce 0
[root@master2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
##关闭网络管理,防止IP地址变化
systemctl stop NetworkManager
systemctl disable NetworkManager
- 修改kube-apiserver中的IP地址
[root@master2 ~]# cd /opt/kubernetes/cfg/
[root@master2 cfg]# ls
kube-apiserver kube-controller-manager kube-scheduler token.csv
[root@master2 cfg]# vi kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=https://192.168.43.101:2379,https://192.168.43.102:2379,https://192.168.43.103:2379 \
##修改bind地址,绑定本地地址
--bind-address=192.168.43.104 \
--secu