kubernetes笔记 -- 搭建K8s高可用集群

最新推荐文章于 2024-08-13 15:35:52 发布
最新推荐文章于 2024-08-13 15:35:52 发布
阅读量273 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42480750/article/details/109086474
版权

文章目录

一键化构建脚本参考:https://blog.csdn.net/weixin_42480750/article/details/109275738

环境准备

  1. 节点说明
IPHOSTNAME
13.13.51.51/16master01
13.13.52.52/16master02
13.13.53.53/16master03
13.13.71.71/16node01
  1. 配置/etc/hosts(all)
[root@master01 ~]# tail -4 /etc/hosts
13.13.51.51 master01
13.13.52.52 master02
13.13.53.53 master03
13.13.71.71 node01
[root@master01 ~]#
  1. 前提环境修改(all)
[root@master01 ~]# setenforce 0
[root@master01 ~]# cp /etc/selinux/config{,.bak}
[root@master01 ~]# sed -i 's/enforcing$/disabled/' /etc/selinux/config
[root@master01 ~]# 
[root@master01 ~]# swapoff -a
[root@master01 ~]# cp /etc/fstab{,.bak}
[root@master01 ~]# sed -i '/swap/ s/\(.*\)/#\1/' /etc/fstab 
[root@master01 ~]# 
[root@master01 ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master01 ~]# sysctl --system
[root@master01 ~]#

软件安装

HOSTNAMEIPSOFT
master0113.13.13.51/16docker、k8s、haproxy、keepalived
master0213.13.13.52/16docker、k8s、haproxy、keepalived
master0313.13.13.53/16docker、k8s、haproxy、keepalived
node0113.13.13.71/16docker、k8s
  1. docker、k8s(all)
[root@master01 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
[root@master01 ~]# sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@master01 ~]# dnf install docker-ce -y
[root@master01 ~]# systemctl enable docker.service
[root@master01 ~]# 
[root@master01 ~]# cat << EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@master01 ~]# dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernete
[root@master01 ~]#
  1. haproxy、keepalived(master01-03)
[root@master01 ~]# dnf install keepalived -y                         
[root@master01 ~]# dnf install haproxy -y
[root@master01 ~]#

配置高可用

参考文档:https://github.com/kubernetes/kubeadm/blob/master/docs/ha-considerations.md#options-for-software-load-balancing

  1. 配置keepalived
[root@master01 ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@master01 ~]# vi /etc/keepalived/keepalived.conf
[root@master01 ~]# cat /etc/keepalived/keepalived.conf
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 101
    authentication {
        auth_type PASS
        auth_pass 42
    }
    virtual_ipaddress {
        13.13.13.50/16
    }
    track_script {
        check_apiserver
    }
}
[root@master01 ~]# vi /etc/keepalived/check_apiserver.sh 
[root@master01 ~]# chmod +x /etc/keepalived/check_apiserver.sh 
[root@master01 ~]# cat /etc/keepalived/check_apiserver.sh 
#!/bin/sh

APISERVER_VIP=13.13.13.50
APISERVER_DEST_PORT=16443

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP}; then
    curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi
[root@master01 ~]# 

[root@master02 ~]# cat /etc/keepalived/keepalived.conf
....
    state BACKUP
    priority 100
....

[root@master03 ~]# cat /etc/keepalived/keepalived.conf
....
    state BACKUP
    priority 100
....
  1. 配置haproxy
[root@master01 ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@master01 ~]# vi /etc/haproxy/haproxy.cfg
[root@master01 ~]# cat /etc/haproxy/haproxy.cfg
global
    log /dev/log local0
    log /dev/log local1 notice
    daemon
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 1
    timeout http-request    10s
    timeout queue           20s
    timeout connect         5s
    timeout client          20s
    timeout server          20s
    timeout http-keep-alive 10s
    timeout check           10s
frontend apiserver
    bind *:16443
    mode tcp
    option tcplog
    default_backend apiserver
backend apiserver
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk
    balance     roundrobin
        server master01 master01:6443 check
        server master02 master02:6443 check
        server master03 master03:6443 check
[root@master01 ~]#

集群搭建

  1. 配置防火墙及服务(master)
[root@master01 ~]# firewall-cmd --zone=public --permanent --add-rich-rule='rule protocol value="vrrp" accept'
[root@master01 ~]# firewall-cmd --permanent --add-port=6443/tcp --add-port=16443/tcp --add-port=2379-2380/tcp --add-port=10250-10252/tcp
[root@master01 ~]# firewall-cmd --reload
[root@master01 ~]# systemctl start docker.service;systemctl enable docker.service
[root@master01 ~]# systemctl start keepalived.service;systemctl enable keepalived.service
[root@master01 ~]# systemctl start haproxy.service;systemctl enable haproxy.service
[root@master01 ~]# systemctl enable kubelet.service
  1. 配置防火墙及服务(node)
[root@master01 ~]# firewall-cmd --permanent --add-port=10251-10252/tcp --add-port=30000-32767/tcp
[root@master01 ~]# firewall-cmd --reload
[root@master01 ~]# systemctl start docker.service;systemctl enable docker.service
[root@master01 ~]# systemctl enable kubelet.service
  1. 初始化(master01)
[root@master01 ~]# kubeadm init --control-plane-endpoint "13.13.13.50:16443" --upload-certs --image-repository registry.aliyuncs.com/google_containers 

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join 13.13.13.50:16443 --token gjmj2c.a5npinfgxrtz32nj \
    --discovery-token-ca-cert-hash sha256:39a808fd1208abee57e9d9ccb7ba52554c42fd4977fa3ad0d3d517f37eff13c5 \
    --control-plane --certificate-key 9af25409b58438bb91a73fd7bf48509d538b9cd11dd1b8ca901263157adcc92c

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 13.13.13.50:16443 --token gjmj2c.a5npinfgxrtz32nj \
    --discovery-token-ca-cert-hash sha256:39a808fd1208abee57e9d9ccb7ba52554c42fd4977fa3ad0d3d517f37eff13c5 
[root@master01 ~]#   mkdir -p $HOME/.kube
[root@master01 ~]#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master01 ~]#   sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master01 ~]#
  1. CNI网络插件
[root@master01 ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created
[root@master01 ~]#
  1. 添加其它节点进集群
[root@master02 ~]# kubeadm join 13.13.13.50:16443 --token gjmj2c.a5npinfgxrtz32nj \
>     --discovery-token-ca-cert-hash sha256:39a808fd1208abee57e9d9ccb7ba52554c42fd4977fa3ad0d3d517f37eff13c5 \
>     --control-plane --certificate-key 9af25409b58438bb91a73fd7bf48509d538b9cd11dd1b8ca901263157adcc92c

[root@master03 ~]# kubeadm join 13.13.13.50:16443 --token gjmj2c.a5npinfgxrtz32nj \
>     --discovery-token-ca-cert-hash sha256:39a808fd1208abee57e9d9ccb7ba52554c42fd4977fa3ad0d3d517f37eff13c5 \
>     --control-plane --certificate-key 9af25409b58438bb91a73fd7bf48509d538b9cd11dd1b8ca901263157adcc92c

[root@node01 ~]# kubeadm join 13.13.13.50:16443 --token gjmj2c.a5npinfgxrtz32nj \
>     --discovery-token-ca-cert-hash sha256:39a808fd1208abee57e9d9ccb7ba52554c42fd4977fa3ad0d3d517f37eff13c5
  1. 查看集群节点状态
[root@master01 ~]# kubectl get nodes
NAME       STATUS   ROLES    AGE   VERSION
master01   Ready    master   18m   v1.19.3
master02   Ready    master   17m   v1.19.3
master03   Ready    master   16m   v1.19.3
node01     Ready    <none>   16m   v1.19.3
[root@master01 ~]#
高可用k8s集群搭建-1.31.1
weixin_52377412的博客
10-10 1820
三主三从高可用kubernetes集群搭建全过程
搭建k8s高可用集群(Keepalived 和 HAproxy)
这里是火火火的世界
03-20 4144
spec:hosts:中每一行代表一个机器,要把所有机器列出来,name:实例的主机名(就是第一步准备工作时设置的hostname),address和internalAddress是每个机器的IP地址,后面的user和password是能远程登录机器的用户名和密码。所有的master节点和worker工作节点配置docker镜像加速器(这里额外添加了docker的生产环境核心配置cgroup)使用如下命令在所有的master节点和worker工作节点安装docker并配置docker镜像加速器。
K8s高可用集群搭建
记录工作开发中遇到的技术难点,方便自己查看,也希望可以帮助到他人...
11-23 4507
用到的高可用技术主要是keepalived和haproxy。keepalivedKeepalived主要是通过虚拟路由冗余来实现高可用功能。Keepalived一个基于VRRP(Virtual Router Redundancy Protocol - 虚拟路由冗余协议) 协议来实现的 LVS 服务高可用方案,可以利用其来解决单点故障。
k8s搭建高可用集群
怨行客
02-10 398
【代码】k8s搭建高可用集群
搭建k8s高可用集群
u010864567的博客
05-24 714
部署二进制高可用k8s集群,自建harbor镜像仓库以及通过ingress访问集群内部服务
k8s3主1从-1.15.1-高可用搭建-ipvs模式-kubernetes高可用安装包和详细文档笔记整理
05-27
k8s中,一个高可用集群通常由多个控制平面节点(主节点)和工作节点(从节点)组成。在这个案例中,配置是三主一从,这意味着有三个主节点来确保控制平面的冗余和容错性。这种架构可以避免单点故障,提高系统的...
kubekey2.2.1搭建高可用k8s1.22.10集群-kubernetes安装包和详细文档笔记整理
05-29
在本篇内容中,我们将深入探讨如何使用KubeKey 2.2.1来构建一个高可用性的Kubernetes (k8s) 1.22.10集群。KubeKey是一个强大的工具,专为简化Kubernetes集群的部署和管理而设计。它支持多种基础设施,包括云环境和...
kubeadm初始化高可用k8s1.20.4集群-etcd集群独立在k8s集群外-kubernetes安装包和详细文档笔记整理
05-29
在本主题中,我们将深入探讨如何使用`kubeadm`工具来初始化一个高可用性的Kubernetesk8s)1.20.4集群,其中etcd集群独立于k8s集群之外运行。这对于确保数据存储的稳定性和可扩展性至关重要。etcd是Kubernetes的...
k8s1.20.4-高可用集群部署-新增项目-kubernetes安装包和详细文档笔记整理
05-29
在本资源中,我们聚焦于"Kubernetes 1.20.4 高可用集群的部署,这是一项关键的IT技术,尤其对于那些寻求优化云计算基础设施的企业和开发者来说。Kubernetes,简称K8s,是Google开源的一个容器编排系统,能够自动化...
sealos4.0.0部署高可用k8s1.24.0集群-kubernetes安装包和详细文档笔记整理
05-29
在本资料中,我们将深入探讨如何使用SealOS 4.0.0来部署一个高可用性的Kubernetesk8s)1.24.0集群Kubernetes,也被称为K8s,是目前最流行的容器编排系统,用于自动化容器化应用的部署、扩展和管理。SealOS是一款...
k8s 高可用集群搭建
liudongyang123的博客
03-25 4138
参考链接 1.keepalived高可用方案 基于kubeadm搭建k8s高可用集群 - 云+社区 - 腾讯云 2.keepalived+haproxy 高可用负载方案 使用kubeadm搭建高可用k8s v1.16.3集群 - 云+社区 - 腾讯云 以上两个是搭建k8s高可用集群的两个方案,区别就是一个用haproxy给master做了负载,因为光用keepalived只是保证了高可用,不做负载流量还是会转向虚拟ip也就是keepalived的VIP,用了haproxy,在每个master上都.
k8s高可用集群搭建
树袋熊
05-12 775
环境说明 [root@ha ~]# cat /etc/redhat-release CentOS Linux release 7.7.1908 (Core) 主机名 IP地址 说明 master-1 192.168.3.128 master-2 192.168.3.131 master-3 192.168.3.132 node-1 192.168.3.133 haprox主机 ha 192.168.3.134 haproxy主机 VIP 192.168.3.10
k8s高可用集群构建
weixin_45950088的博客
06-22 166
master节点部署 1、初始化master节点 (1)更改host并互相解析 hostnamectl set-hostname master01 vim /etc/hosts 添加互相解析 (2)安装所需依赖包 yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptabels curl sysstat libseccomp wget vim net-tools git (3)设置防火墙为iptables并设置空规则 systemctl st
搭建高可用k8s集群
最新发布
qq_36838700的博客
08-13 1324
注意:标题中 没有标记()的都是全部机器执行主机名称操作系统Centos 7Centos 7Centos 7Centos 7Centos 7内核版本IPNginx1.22.01.22.01.22.0————keepalived主从从————虚拟IP————
k8s-kubernetes--高可用集群搭建
Gong_yz的博客
03-20 2167
k8s集群用到的高可用技术主要是keepalived和haproxy; keepalived:Keepalived主要是通过虚拟路由冗余来实现高可用功能;haproxy: haproxy 类似于nginx, 是一个负载均衡、反向代理软件。 nginx 采用master-workers 进程模型,每个进程单线程,多核CPU能充分利用。
K8s进阶1——kubeadm工具搭建K8s高可用集群
百慕卿君博客
05-16 778
kubeadm方式搭建K8s高可用集群
k8s高可用集群搭建(二进制方式)
Luke
05-16 604
第一节 实践环境准备 1.1 服务器说明 我们这里使用的是五台centos-7.8的虚拟机三台主节点和一个从节点,具体信息如下表: 系统类型IP地址节点角色CPUMemoryHostnamecentos-7.8192.168.242.136master>=2>=2Gm1centos-7.8192.168.242.137master>=2>=2Gm2centos-7.8192.168.242.138master>=2>=2Gm3centos-7.8192.168.24
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值