1 . k8s高可用结合负载均衡介绍
配置高可用(HA)Kubernetes集群,有以下两种可选的etcd拓扑:
集群master节点与etcd节点共存,etcd也运行在控制平面节点上
使用外部etcd节点,etcd节点与master在不同节点上运行
在前面k8s学习中,围绕一个k8s的master节点操作,当此节点dowm掉后k8s将无法进行后续的部署管理工作。此时通过haproxy配置k8s master主机实现负载均衡,通过k8s三台master主机实现k8s集群高可用。
外部etcd拓扑
2. K8s高可用+负载均衡集群部署
项目准备:
准备7台虚拟机server1-7
server123 : k8s高可用集群master节点
server5 : harbor仓库
server67: k8s高可用集群提供haproxy负载均衡
server4:k8s woker 测试节点
2.1.pacemaker+haproxy的高可用+负载均衡部署
2.1.1部署pacemaker
server67安装pacemaker相关组件,设置开机自启
先在server67配置repo源
cd /etc/yum.repos.d/
vi dvd.repo
[dvd]
name=dvd
baseurl=http://172.25.76.250/rhel7.6
gpgcheck=0
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.76.250/rhel7.6/addons/HighAvailability
gpgcheck=0
server67上安装服务,并设置开机启动
yum install -y pacemaker pcs psmisc policycoreutils-python haproxy
systemctl enable --now pcsd.service
修改server67的hacluster用户密码为westos
passwd hacluster
在server6 pcs注册认证server7 server6
创建集群命名mycluster,server67为成员,集群成员也可以后续添加
pcs cluster auth server7 server6
pcs cluster setup --name mycluster server7 server6
设置集群服务启动并开机自启
pcs cluster start --all
pcs cluster enable --all
集群检测,发现报错,解决它:
设置stonith-enabled=false,再次检测不再报错
crm_verify -L -V
pcs property set stonith-enabled=false
crm_verify -L -V
查询pcs状态将无Warning
pcs status
设置vip 172.25.76.100,用于故障无缝切换
pcs resource create vip ocf:heartbeat:IPaddr2 ip=172.25.76.100 op monitor interval=30s
查看集群状态 vip位于server6,Online: [ server6 server7 ]
pcs status
可以看到vip在server6上,我们查看server6的Ip
ip addr
2.1.2部署haproxy
server6和6安装的haproxy对他进行部署
配置haproxy.cfg,启动服务查看端口6443
vi /etc/haproxy/haproxy.cfg
*********************
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen monitor *:80
stats uri /status
stats auth admin:westos
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend apiserver *:6443
mode tcp
default_backend app
#---------------------------------------------------------------------
backend app
mode tcp
balance roundrobin
server k8s1 172.25.76.1:6443 check
server k8s2 172.25.76.2:6443 check
server k8s3 172.25.76.3:6443 check
将配置文件传至server7,启动服务
查看端口6443
scp haproxy.cfg server7:/etc/haproxy/
systemctl start haproxy
netstat -antlp
访问 172.25.76.6/status,此时k8s节点未建立,还是红色
然后将server67的haproxy服务停止
systemctl stop haproxy.service
haproxy服务放入pcs集群
pcs resource create haproxy systemd:haproxy op monitor interval=60s
查看集群状态 vip在server6 haproxy 在server7
pcs status
建立group:hagroup 成员 vip ,haproxy,查看状态,二者同步,位于一台主机
pcs resource group add hagroup vip haproxy
pcs status
pacemaker+haproxy的高可用+负载均衡部署成功
接着部署k8s
2.2 k8s高可用集群部署
server123安装k8s高可用集群:
由于之前的server123已经装过k8s 所以只需要对他进行清理缓存
- kubeadm reset
- rm -rf /etc/cni/net.d/*
- ipvsadm -C
- reboot
若要配置k8s 则看此博客
k8s部署
配置后 重新进行初始化
编写kubeadm初始化文件
kubeadm config print init-defaults > kubeadm-init.yaml
vi kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.25.76.1
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: server1
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: "172.25.76.100:6443" #监听端口提供给haproxy
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: reg.westos.org/k8s #镜像地址为本地仓库
kind: ClusterConfiguration
kubernetesVersion: 1.22.2
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # pod网段
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #使用IPVS模式
拉取使用镜像
kubeadm config images pull --config kubeadm-init.yaml
在server1上
k8s高可用集群初始化
–upload-certs更新证书
kubeadm init --config kubeadm-init.yaml --upload-certs
生成了token带回server23加入master需要用
添加环境变量添加命令行补齐 查看节点状态
echo "source <(kubectl completion bash)" >> ~/.bashrc
source .bashrc,
export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl get node
kubectl get pod -n kube-system
发现有节点未成功Running,原因是未安装网络插件
部署flannel,提前准备flannel到harbor仓库
vi kube-flannel.yml
Type: "host-gw"
拉起资源清单,再次查看节点,各个节点工作恢复正常
kubectl apply -f kube-flannel.yml
kubectl get pod -n kube-system
添加server23进入server1的k8s高可用集群中
kubeadm join 172.25.76.100:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:588f2dc86dffc3d7b0278a9acbeae64cf50a51c320aceb132b925b1e89954728 --control-plane --certificate-key c15de013bf498e7ed7b402b099dab9ec6bd190f1374493f87f86fdc68f489ee6
查看node,均处于ready状态,部署成功
我们还可以添加server4为k8s的work端
server4需要有docker kubectl kubeleet kubeadm
加入集群,此时是worker不是master的tocken看清楚
kubeadm join 172.25.76.100:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:588f2dc86dffc3d7b0278a9acbeae64cf50a51c320aceb132b925b1e89954728
查看节点
然后再server1上运行一个容器
kubectl run demo --image=myapp:v1
kubectl get pod -o wide
curl 10.244.3.2
每个节点只有添加了环境变量才可以查看节点信息:
export KUBECONFIG=/etc/kubernetes/admin.conf
3.测试
将server1关机
poweroff
我们可以看到负载均衡的监控显示k8s1红了
在server2上查看pod节点,发现demo还在运行
kubectl get pod
然后将server2也关机
poweroff
此时在server3上查看pod节点,失败
因为master节点只剩一个了,所以就挂了
此时将23开机
在server3上再次查看pod发现可以看到了
测试2:
haproxy节点
将server6的pcs停掉
pcs node standby
vip和haproxy都转移到了server7上
pcs status
server6的负载均衡掉了会对k8s集群没有任何影响
可以看到vip也在server7上
重新将server6的pcs打开
pcs node unstandby
pcs status
查看,发现server6启动后,vip和haproxy还在server7上,它不会转移到server6上,因为只要哪个或者就在那,节约资源