@kubernetes(k8s)使用adm安装实现keepalived高可用

最新推荐文章于 2024-08-17 17:24:53 发布
最新推荐文章于 2024-08-17 17:24:53 发布
阅读量1.1k 收藏 1
点赞数 2
分类专栏: kubernetes 文章标签: kubernetes k8s adm keepalived
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_55972781/article/details/119521688
版权

文章目录

adm-keepalived

一、环境准备(全部执行)

1、服务器的环境准备

1》nod节点CPU核数必须是 :  大于等于2核2G ,否则k8s无法启动 ,如果不是,则在集群初始化时,后面后面增加参数:  --ignore-preflight-errors=NumCPU
2》DNS网络:   最好设置为本地网络连通的DNS,否则网络不通,无法下载一些镜像 
3》linux内核: linux内核必须是 4 版本以上就可以,建议最好是4.4之上的,因此必须把linux核心进行升级 
4》准备3台虚拟机环境(或者3台云服务器)

2、本地机器准备

主机名IP
m01192.168.15.66
m02192.168.15.67
node01192.168.15.68
vip192.168.15.69

3、设置主机解析

#主机名称更改
[root@m01 ~]# hostnamectl set-hostname m01
[root@m02 ~]# hostnamectl set-hostname m02
[root@node01 ~]# hostnamectl set-hostname node01




#添加hosts解析(三台全部执行)
[root@m01 ~]# cat >> /etc/hosts << EOF
192.168.15.66 m01
192.168.15.67 m02
192.168.15.68 node01
EOF

4、关闭防火墙–关闭selinux

[root@m01 ~]# sudo systemctl stop firewalld
[root@m01 ~]# sudo systemctl disable firewalld
[root@m01 ~]# setenforce 0
[root@m01 ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

5、关闭swap

[root@m01 ~]# swapoff -a
[root@m01 ~]# sed -i 's/.*swap.*/#&/' /etc/fstab

6、配置镜像源

#安装镜像源
[root@m01 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- -100  2523  100  2523    0     0  60651      0 --:--:-- --:--:-- --:--:-- 61536

7、安装常用软件工具包

[root@m01 ~]# yum install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables conntrack sysstat libseccomp -y
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * epel: hk.mirrors.thegigabit.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                      | 3.6 kB     00:00     
extras                                    | 2.9 kB     00:00     
updates                                   | 2.9 kB     00:00     
......
....

8、时间同步

# 安装chrony:
[root@m01 ~]# yum install -y chrony
iptables conntrack sysstat libseccomp -y
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
······
....

#备份配置文件,以防万一(不做也行)
[root@m01 ~]# cp /etc/chrony.conf{,.bak}



#注释默认ntp服务器
[root@m01 ~]# sed -i 's/^server/#&/' /etc/chrony.conf




#指定上游公共 ntp 服务器
[root@m01 ~]# cat >> /etc/chrony.conf << EOF
server 0.asia.pool.ntp.org iburst
server 1.asia.pool.ntp.org iburst
server 2.asia.pool.ntp.org iburst
server 3.asia.pool.ntp.org iburst
EOF



#时间写入内核
[root@m01 ~]# hwclock --systohc


#设置时区
[root@m01 ~]# timedatectl set-timezone Asia/Shanghai





#重启chronyd服务并设为开机启动:
[root@m01 ~]# timedatectl set-timezone Asia/Shanghaisystemctl enable chronyd && systemctl restart chronyd



#验证,查看当前时间以及存在带*的行
[root@m01 ~]# timedatectl && chronyc sources
      Local time: 日 2021-08-08 22:05:12 CST
  Universal time: 日 2021-08-08 14:05:12 UTC
        RTC time: 日 2021-08-08 14:05:12
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ott137.hkcable.com.hk         2  10   317   22m    -14ms[  -14ms] +/-  258ms
^* ott129.hkcable.com.hk         3  10   237  1128    -16ms[  -16ms] +/-   85ms
^+ send.mx.cdnetworks.com        2  10   377   603    +39ms[  +39ms] +/-  126ms
^- time4.isu.net.sa              2  10   357   603    -18ms[  -18ms] +/-  303ms

9、系统内核更新(建议奈何为4.4之上)

#查看可安装的内核版本
[root@m01 ~]# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * elrepo-kernel: mirror-hk.koddos.net
可安装的软件包
kernel-lt-devel.x86_64         5.4.138-1.el7.elrepo elrepo-kernel
kernel-lt-doc.noarch           5.4.138-1.el7.elrepo elrepo-kernel
kernel-lt-headers.x86_64       5.4.138-1.el7.elrepo elrepo-kernel
kernel-lt-tools.x86_64         5.4.138-1.el7.elrepo elrepo-kernel
kernel-lt-tools-libs.x86_64    5.4.138-1.el7.elrepo elrepo-kernel
kernel-lt-tools-libs-devel.x86_64
                               5.4.138-1.el7.elrepo elrepo-kernel
kernel-ml.x86_64               5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-devel.x86_64         5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-doc.noarch           5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-headers.x86_64       5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-tools.x86_64         5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-tools-libs.x86_64    5.13.8-1.el7.elrepo  elrepo-kernel
kernel-ml-tools-libs-devel.x86_64
                               5.13.8-1.el7.elrepo  elrepo-kernel
perf.x86_64                    5.13.8-1.el7.elrepo  elrepo-kernel
python-perf.x86_64             5.13.8-1.el7.elrepo  elrepo-kerne




#下载内核源
[root@m01 ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
获取http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
准备中...                          ################################# [100%]
	软件包 elrepo-release-7.0-5.el7.elrepo.noarch (比 elrepo-release-7.0-3.el7.elrepo.noarch 还要新) 已安装


#安装最新内核版本
[root@m01 ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * elrepo-kernel: mirrors.tuna.tsinghua.edu.cn
 * epel: ftp.iij.ad.jp
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
.......
....





#查看当前可用内核
[root@m01 ~]# cat /boot/grub2/grub.cfg |grep menuentry
if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
  menuentry_id_option=""
export menuentry_id_option
menuentry 'CentOS Linux (5.4.138-1.el7.elrepo.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-507fc260-78cc-4ce0-8310-af00334de578' {
menuentry 'CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-507fc260-78cc-4ce0-8310-af00334de578' {
menuentry 'CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted menuentry_id_option 'gnulinux-3.10.0-693.el7.x86_64-advanced-507fc260-78cc-4ce0-8310-af00334de578' {
menuentry 'CentOS Linux (0-rescue-b9c18819be20424b8f84a2cad6ddf12e) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-b9c18819be20424b8f84a2cad6ddf12e-advanced-507fc260-78cc-4ce0-8310-af00334de578' {





#设置操作系统从新内核启动
[root@m01 ~]# grub2-set-default "CentOS Linux (5.4.221-1.el7.elrepo.x86_64) 7 (Core)"





#查看内核启动项是否修改
[root@m01 ~]# grub2-editenv list
saved_entry=CentOS Linux (5.7.7-1.el7.elrepo.x86_64) 7 (Core)



#最后重启生效
[root@m01 ~]# reboot




#重启后查看
[root@m01 ~]# uname -r
5.4.138-1.el7.elrepo.x86_64

10、增加命令提示安装

#安装软件包
[root@m01 ~]# yum install -y bash-completion 
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * elrepo-kernel: mirrors.tuna.tsinghua.edu.cn
 * epel: ftp.iij.ad.jp
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
.......
....


[root@m01 ~]# source /usr/share/bash-completion/bash_completion 
[root@m01 ~]# source <(kubectl completion bash) 
[root@m01 ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc

11、ipvs安装

#安装软件包
[root@m01 ~]# yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp



#配置ipvs
[root@m01 ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
  /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
  if [ $? -eq 0 ]; then
	/sbin/modprobe \${kernel_module}
  fi
done
EOF



#模块文件授权及执行
[root@m01 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules




#查看监控模块状态
[root@m01 ~]# lsmod | grep ip_vs





#修改内核启动参数
[root@m01 ~]# cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF


#立即生效添加的内核参数
[root@m01 ~]# sysctl --system

二、docker安装

#卸载就版本
[root@m01 ~]# sudo yum remove docker docker-common docker-selinux docker-engine






#安装依赖的软件包
[root@m01 ~]# sudo yum install -y yum-utils device-mapper-persistent-data lvm2




#安装源(选择其一即可)
[root@m01 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
--2021-08-08 22:19:24--  https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
正在解析主机 repo.huaweicloud.com (repo.huaweicloud.com)... 58.215.92.70, 180.97.163.21, 117.91.188.35, ...
正在连接 repo.huaweicloud.com (repo.huaweicloud.com)|58.215.92.70|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1919 (1.9K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/docker-ce.repo”

100%[=======================>] 1,919       --.-K/s 用时 0s      

2021-08-08 22:19:24 (318 MB/s) - 已保存 “/etc/yum.repos.d/docker-ce.repo” [1919/1919])




# 添加Docker repository,这里改为国内阿里云yum源(可选,建议使用)

[root@m01 ~]#  yum-config-manager \
>   --add-repo \
>   http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
已加载插件:fastestmirror
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo









#安装docker并更新系统
[root@m01 ~]# yum update -y && yum install -y docker-ce
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirror-hk.koddos.net
 * epel: ftp.iij.ad.jp
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
.....
....





#配置镜像加速器(选其一即可,建议其二)
[root@m01 ~]# cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://hahexyip.mirror.aliyuncs.com"]
}
EOF
#配置镜像加速
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]
}
EOF
ps : 注意,由于国内拉取镜像较慢,配置文件最后追加了阿里云镜像加速配置







#启动并加入开机自启动
[root@m01 ~]# systemctl enable docker && systemctl start docker






#查看docker的状态
[root@m01 ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.8
 API version:       1.41
 Go version:        go1.16.6
 Git commit:        3967b7d
 Built:             Fri Jul 30 19:55:49 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.8
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.6
  Git commit:       75249d8
  Built:            Fri Jul 30 19:54:13 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.9
  GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
 runc:
  Version:          1.0.1
  GitCommit:        v1.0.1-0-g4144b63
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

三、安装kubelet

#配置镜像源
[root@m01 ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF




#安装软件包(建议版本安装1.21.3)
[root@m01 ~]# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes  (默认安装最新版1.22.0)
#因为这里是自己的本地虚拟机测试环境,所以直接安装最新的版本踩坑,如果要安装指定版本可以在后面指定版本号如下:
 sudo yum install -y kubelet-${version} kubeadm-${version} kubectl-${version} --disableexcludes=kubernetes
#指定版本安装
[root@m01 ~]# yum install -y kubelet-1.21.3 kubeadm-1.21.3 kubectl-1.21.3  
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirror-hk.koddos.net
 * epel: ftp.iij.ad.jp
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
.....
....




#启动并加入开机自启
[root@m01 ~]# sudo systemctl enable --now kubelet

四、安装haproxy(全部安装)

#高可用需要一个负载均衡器,这里直接使用了一个单节点 haproxy 代替一下,实际生产环境中使用 keepalived 保证 haproxy 的高可用
[root@m01 ~]# yum install -y haproxy
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * epel: my.mirrors.thegigabit.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
docker-ce-stable 
·······
·····       
 
 
 
 
 
 #添加配置项
[root@m01 ~]# cat > /etc/haproxy/haproxy.cfg <<EOF
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind    *:8006
  mode    http
  stats   enable
  stats   hide-version
  stats   uri       /stats
  stats   refresh   30s
  stats   realm     Haproxy\ Statistics
  stats   auth      admin:admin

frontend k8s-master
  bind 0.0.0.0:8443
  bind 127.0.0.1:8443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  #添加主机名称及IP地址
  server m01       192.168.15.66:6443  check inter 2000 fall 2 rise 2 weight 100    
  server m02       192.168.15.67:6443  check inter 2000 fall 2 rise 2 weight 100
  server node01    192.168.15.68:6443  check inter 2000 fall 2 rise 2 weight 100
EOF

五、安装keepalived(所有主节点执行)

1、安装keepalived安装包

[root@m01 ~]# sudo yum install keepalived -y
[root@m02 ~]# sudo yum install keepalived -y
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                      | 6.5 kB     00:00     
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * epel: mirror.sjtu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
......
....





#备份配置文件,添加新配置文件
[root@m01 ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak

2、修改配置文件(m01与m02)

【MASTER01】
#配置文件修改
[root@m01 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_kubernetes {
    script "/etc/keepalived/check_kubernetes.sh"
    interval 2
    weight -5
    fall 3
    rise 2
}
vrrp_instance VI_1 {
    state MASTER                 #注意标签BACKUP
    interface eth0               #注意使用的网卡
    mcast_src_ip 192.168.15.66   #自己的IP
    virtual_router_id 51
    priority 100                 #使用的权重设定
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.15.69            #漂移的vip设置
    }
#    track_script {
#       chk_kubernetes
#    }
}
EOF




#启动keepalived并加入开机自启动
[root@m01 ~]# sudo systemctl enable --now keepalived.service haproxy.service kubelet.service
【MASTER02】
[root@m02 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_kubernetes {
    script "/etc/keepalived/check_kubernetes.sh"
    interval 2
    weight -5
    fall 3
    rise 2
}
vrrp_instance VI_1 {
    state BACKUP                 #注意标签BACKUP
    interface eth0               #注意使用的网卡
    mcast_src_ip 192.168.15.67   #注意使用的ip地址
    virtual_router_id 51
    priority 90                  #使用的权重修改
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.15.69            #漂移的vip设置
    }
#    track_script {
#       chk_kubernetes
#    }
}
EOF




#启动keepalived并加入开机自启动
[root@m02 ~]# sudo systemctl enable --now keepalived.service haproxy.service kubelet.service

六、集群初始化(m01)

在这里插入图片描述

1、生成初始化配置文件

[root@m01 ~]# kubeadm config print init-defaults >init-config.yaml
[root@m01 ~]# ll |grep init
-rw-r--r--  1 root root    976 88 21:13 init-config.yaml

2、init配置文件修改(附件)

【附件】
[root@m01 ~]# cat init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.15.66
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  imagePullPolicy: IfNotPresent
  name: m01
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  certSANs:
    - 192.168.15.69
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.15.69:8443
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/k8sos
kind: ClusterConfiguration
kubernetesVersion: 1.21.3
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

3、init开始

#初始化
[root@m01 ~]# kubeadm init --config init-config.yaml --upload-certs
W0808 21:13:32.175756   92363 strict.go:54] configuration schema.GroupVersionKind{Group:"kubeadm.k8s.io", Version:"v1beta2", Kind:"InitConfiguration"}: error unmarshaling JSON: while decoding JSON: json: unknown field "imagePullPolicy"
[init] Using Kubernetes version: v1.21.3
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
········
····





#实时查看拉取过程(实时监控拉取过程)
[root@m01 ~]#  while true; do docker images; echo ; sleep 3; clear; done
REPOSITORY                                                             TAG        IMAGE ID       CREATED         SIZE
calico/node                                                            v3.20.0    5ef66b403f4f   8 days ago      170MB
calico/pod2daemon-flexvol                                              v3.20.0    5991877ebc11   8 days ago      21.7MB
calico/cni                                                             v3.20.0    4945b742b8e6   8 days ago      146MB
calico/kube-controllers                                                v3.20.0    76ba70f4748f   8 days ago      63.2MB
registry.cn-hangzhou.aliyuncs.com/k8sos/kube-apiserver                 v1.21.3    3d174f00aa39   3 weeks ago     126MB
registry.cn-hangzhou.aliyuncs.com/k8sos/kube-scheduler                 v1.21.3    6be0dc1302e3   3 weeks ago     50.6MB
registry.cn-hangzhou.aliyuncs.com/k8sos/kube-proxy                     v1.21.3    adb2816ea823   3 weeks ago     103MB
registry.cn-shanghai.aliyuncs.com/hzl-images/kube-proxy                v1.21.2    adb2816ea823   3 weeks ago     103MB
registry.cn-hangzhou.aliyuncs.com/k8sos/kube-controller-manager        v1.21.3    bc2bb319a703   3 weeks ago     120MB
registry.cn-shanghai.aliyuncs.com/hzl-images/kube-apiserver            v1.21.2    106ff58d4308   7 weeks ago     126MB
registry.cn-shanghai.aliyuncs.com/hzl-images/kube-controller-manager   v1.21.2    ae24db9aa2cc   7 weeks ago     120MB
registry.cn-shanghai.aliyuncs.com/hzl-images/kube-scheduler            v1.21.2    f917b8c8f55b   7 weeks ago     50.6MB
registry.cn-hangzhou.aliyuncs.com/k8sos/pause                          3.4.1      0f8457a4c2ec   6 months ago    683kB
registry.cn-shanghai.aliyuncs.com/hzl-images/pause                     3.4.1      0f8457a4c2ec   6 months ago    683kB
registry.cn-hangzhou.aliyuncs.com/k8sos/coredns                        v1.8.0     7916bcd0fd70   9 months ago    42.5MB
registry.cn-shanghai.aliyuncs.com/hzl-images/coredns                   v1.8.0     7916bcd0fd70   9 months ago    42.5MB
registry.cn-hangzhou.aliyuncs.com/k8sos/etcd                           3.4.13-0   8855aefc3b26   11 months ago   253MB
registry.cn-shanghai.aliyuncs.com/hzl-images/etcd                      3.4.13-0   8855aefc3b26   11 months ago   253MB






#初始化完成,并保存生成的指令
-----------------------------------------------------------------------
(加入所有master)
 join 192.168.15.69:8443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:552a8af303d27bdcf20700ef6a318e002dca6fad97abb24be68e71d587f4c6c3 \
	--control-plane --certificate-key 623076797c43edd46533603426006d0e8c4c4bad5ec91b72a807bf82529270fd

(加入所有node)
kubeadm join 192.168.15.69:8443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:552a8af303d27bdcf20700ef6a318e002dca6fad97abb24be68e71d587f4c6c3
------------------------------------------------------------------------ 






# 小插曲 #
###############################   错错错  ##################################################
#搭建时出现以下错误:
[root@m01 ~]# kubeadm init --config init-config.yaml --upload-certs
	[init] Using Kubernetes version: v1.22.3
	[preflight] Running pre-flight checks
	error execution phase preflight: [preflight] Some fatal errors occurred:
		[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
	[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
	To see the stack trace of this error execute with --v=5 or higher
........
....



################################# 方案 #######################################
#解决方案:
[root@m01 ~]#  echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables

3、配置 kubernetes 用户信息

[root@m01 ~]# mkdir -p $HOME/.kube
	  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	  sudo chown $(id -u):$(id -g) $HOME/.kube/config



ps : 如果是root用户,则可以使用:export KUBECONFIG=/etc/kubernetes/admin.conf(只能临时使用,不建议使用)

4、安装网络插件(calico)

【calico官网】

在这里插入图片描述

#下载网络插件
[root@m01 ~]# curl https://docs.projectcalico.org/manifests/calico.yaml -O
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  197k  100  197k    0     0  83317      0  0:00:02  0:00:02 --:--:-- 83353




#添加环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile




#部署calico网络插件
[root@m01 ~]# kubectl create -f calico.yaml 
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico
·······
····





#部署即查看pod创建状态
[root@m01 ~]# kubectl get pods -n kube-system 
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-58497c65d5-kchf8   1/1     Running   0          43s
calico-node-cv7wm                          1/1     Running   0          43s
coredns-978bbc4b6-bc6pp                    1/1     Running   0          7m1s
coredns-978bbc4b6-hn7hw                    1/1     Running   0          7m1s
etcd-m01                                   1/1     Running   0          7m6s
kube-apiserver-m01                         1/1     Running   0          7m6s
kube-controller-manager-m01                1/1     Running   0          7m6s
kube-proxy-n427d                           1/1     Running   0          7m1s
kube-scheduler-m01                         1/1     Running   0          7m7s

七、初始化加入(m02)

1、加入集群

[root@m02 ~]# kubeadm join 192.168.15.69:8443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:552a8af303d27bdcf20700ef6a318e002dca6fad97abb24be68e71d587f4c6c3 \
> --control-plane --certificate-key 623076797c43edd46533603426006d0e8c4c4bad5ec91b72a807bf82529270fd
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks before initializing the new control plane instance
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
········
·····

2、配置用户信息

#添加用户信息
[root@m02 ~]# mkdir -p $HOME/.kube
	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config






#查看node状态
[root@m02 ~]# kubectl get nodes
NAME     STATUS   ROLES                  AGE    VERSION
m01      Ready    control-plane,master   119m   v1.21.3
m02      Ready    control-plane,master   98m    v1.21.3
node01   Ready    <none>                 91m    v1.21.3

八、初始化加入(node01)

root@node01 ~]# kubeadm join 192.168.15.69:8443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:552a8af303d27bdcf20700ef6a318e002dca6fad97abb24be68e71d587f4c6c3 
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
········
····






#查看镜像拉去状态(从初始化成功)
[root@node01 ~]# docker images
REPOSITORY                                           TAG       IMAGE ID       CREATED        SIZE
calico/pod2daemon-flexvol                            v3.20.0   5991877ebc11   8 days ago     21.7MB
calico/cni                                           v3.20.0   4945b742b8e6   8 days ago     146MB
registry.cn-hangzhou.aliyuncs.com/k8sos/kube-proxy   v1.21.3   adb2816ea823   3 weeks ago    103MB
registry.cn-hangzhou.aliyuncs.com/k8sos/pause        3.4.1     0f8457a4c2ec   6 months ago   683kB

九、检查集群状态

################################## 检查集群状态 ####################################
##查看集群服务配置状态(m01与m02)
[root@m01 /]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-58497c65d5-kchf8   1/1     Running   0          118m
calico-node-cv7wm                          1/1     Running   0          118m
calico-node-wpgm2                          1/1     Running   0          103m
calico-node-zmkl5                          1/1     Running   0          96m
coredns-978bbc4b6-bc6pp                    1/1     Running   0          124m
coredns-978bbc4b6-hn7hw                    1/1     Running   0          124m
etcd-m01                                   1/1     Running   0          124m
etcd-m02                                   1/1     Running   0          103m
kube-apiserver-m01                         1/1     Running   0          124m
kube-apiserver-m02                         1/1     Running   0          103m
kube-controller-manager-m01                1/1     Running   1          124m
kube-controller-manager-m02                1/1     Running   0          103m
kube-proxy-52r2q                           1/1     Running   0          96m
kube-proxy-hwdxr                           1/1     Running   0          103m
kube-proxy-n427d                           1/1     Running   0          124m
kube-scheduler-m01                         1/1     Running   1          124m
kube-scheduler-m02                         1/1     Running   0          103m





#查看节点状态(全部正常)
[root@m01 ~]# kubectl get nodes 
NAME     STATUS   ROLES                  AGE     VERSION
m01      Ready    control-plane,master   32m     v1.21.3
m02      Ready    control-plane,master   10m     v1.21.3
node01   Ready    <none>                 4m13s   v1.21.3




#查看vip
[root@m01 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a2:de:c6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.66/24 brd 192.168.15.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.15.69/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::57eb:becd:18b6:b774/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

十、集群测试

1、keepalived测试

#停止keep alive服务m01
[root@m01 /]# systemctl stop keepalived.service 




#vip已经漂移了
[root@m01 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a2:de:c6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.66/24 brd 192.168.15.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::57eb:becd:18b6:b774/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever



#查看m02
[root@m02 ~]# ip a       #vip已经漂移到m02上
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:d8:98:7b brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.67/24 brd 192.168.15.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.15.69/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::abd2:cfda:7db:56ff/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::57eb:becd:18b6:b774/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::a95:bcab:b48f:c797/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever




#重新启动keepalived服务(根据设定的权重,可以来回让vip漂移)
[root@m01 /]# systemctl resatrt  keepalived.service 
[root@m01 /]# ip a        #vip又漂移到m01
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a2:de:c6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.66/24 brd 192.168.15.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.15.69/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::57eb:becd:18b6:b774/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever




#简单测试keepalived,向后的脑裂问题,可以添加配置脚本(此处略)详情如下

【keepalived详解】

2、集群服务测试

#创建 nginx 测试
[root@m01 /]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created




#启动创建的实列,指定端口
[root@m01 ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed                               #启动已创建的nginx





#查看状态pod
[root@m01 /]# kubectl get pod
NAME                     READY   STATUS    RESTARTS   AGE
nginx-6799fc88d8-hvcnt   1/1     Running   0          75s




#查看服务状态
[root@m01 /]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        142m
nginx        NodePort    10.106.245.215   <none>        80:30785/TCP   6s




#测试访问
[root@m01 /]# curl 10.106.245.215
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
#浏览完测试

在这里插入图片描述

ଲ小何才露煎煎饺
关注
专栏目录
Kubernetes(5)-在集群测试运行Nginx+tomcat
Blog of Stevenux
04-02 1323
集群环境: IP 主机名 角色 192.168.100.142 kube-master1,kube-master1.suosuoli.cn K8s 集群主节点 1 192.168.100.144 kube-master2,kube-master2.suosuoli.cn K8s 集群主节点 2 192.168.100.146 kube-master3,kube-master...
docker_k8s_adm1.15.tar.gz
08-02
docker_k8s_adm1.15.tar.gz
k8s-5 部署keepalived服务
renren_100的博客
07-28 1036
1,安装keepalived高可用软件 yum -y install keepalived 2, 创建一个监听端口脚本 vi /etc/keepalived/check_port.sh #!/bin/bash #keepalived 监控端口脚本 #使用方法: #在keepalived的配置文件中 #vrrp_script check_port {#创建一个vrrp_script脚本,检查配置 #script “/etc/keepalived/check_port.sh 6379” #配置监听的端口 #i
keepalived详解与配置与应用
最新发布
m0_63255850的博客
08-17 1781
功能: 基于vrrp协议完成地址流动 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义) 为ipvs集群的各RS做健康状态检测 基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务virtual_server IP port #定义虚拟主机IP地址及其端口virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群virtual_server group string #使用虚拟服务器组​。
K8S安装过程二:安装Keepalived服务
架构师实战感悟
11-28 647
安装部署 keepalived 服务
搭建k8s高可用集群(Keepalived 和 HAproxy)
这里是火火火的世界
03-20 4138
spec:hosts:中每一行代表一个机器,要把所有机器列出来,name:实例的主机名(就是第一步准备工作时设置的hostname),address和internalAddress是每个机器的IP地址,后面的user和password是能远程登录机器的用户名和密码。所有的master节点和worker工作节点配置docker镜像加速器(这里额外添加了docker的生产环境核心配置cgroup)使用如下命令在所有的master节点和worker工作节点安装docker并配置docker镜像加速器。
k8s高可用keeplived配置-master高可用
weixin_46755536的博客
04-07 147
keeplived 主 ! Configuration File for keepalived global_defs { router_id LVS_1 } vrrp_script checkhaproxy { script “/opt/check.sh” interval 1 weight -30 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authe
k8s---adm构建
白雪滑落树梢
12-18 1783
文章目录
kubernetesk8sadm方式安装[超级详细]
weixin_57095087的博客
12-27 1508
集群规划【1master节点2node节点】 主机名 IP地址 推荐配置 k8s-master 192.168.91.132 1C2G40G k8s-node1 192.168.91.133 1C2G40G k8s-node2 192.168.91.134 1C2G40G 网络规划 network IP地址段 解释 NodeIP 192.168.91.0
k8sadm方式部署
2301_76288258的博客
02-27 1568
kubectl需经由API server认证及授权后方能执行相应的管理操作,kubeadm 部署的集群为其生成了一个具有管理员权限的认证配置文件 /etc/kubernetes/admin.conf,它可由 kubectl 通过默认的 “$HOME/.kube/config” 的路径进行加载。--apiserver-advertise-address:apiserver通告给其他组件的IP地址,一般应该为Master节点的用于集群内部通信的IP地址,0.0.0.0表示节点上所有可用地址。
k8s学习笔记——keepalived非容器安装
潮落拾贝
08-01 145
//用keepalived 配置vip 配置 keepalived host1 上 keepalived 配置 $ cat /etc/keepalived/keepalived.conf vrrp_instance VI_1 { state MASTER interface eno1 virtual_router_id 51 priority 101 advert_int 1 authentication { auth_type PASS ...
K8s集群部署之高可用
weixin_33724570的博客
03-23 767
2019独角兽企业重金招聘Python工程师标准>>> ...
K8s keepalived+多Master部署】
sxsl_lwp的博客
11-24 2008
K8s keepalived+多Master部署
k8s-k8sadm构建成功版本(双M双N)
huhaiand的专栏
10-24 1364
k8s构建过程记录。 第一部分:基础概念 略 第二部分:开始搭建 物理机(虚拟机)--主机环境准备: 1,规划:根据实际情况规划服务器配置,如学习用的单节点部署(即M和N在同一台主机上);测试环境的单M单N节点;生产环境用的多M多N节点。确定服务器数量,并确保所有服务器在同一网段,可直接互访(网段知识自行了解)。 2,服务器配置要求:MN节点最低配置要求仅能勉强运行起集群,部署应用等体验非常差,建议4C4G及以上起步。 3,部署阶段要求均可访问外部网络;允许外部网络访问内部需要在网络入口上进行
kebeadm 搭建k8s笔记
weixin_30945039的博客
05-09 313
在所有节点上设置SELINUX为permissive模式# 修改配置$ vi /etc/selinux/configSELINUX=permissive $ setenforce 0 所有节点设置/etc/hosts主机名,请根据实际情况进行配置$ cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 loca...
云原生k8s解密、K8S集群安装部署、Calico插件安装部署
Djdhdhskn的博客
07-06 915
【代码】kubernetes
K8S高可用集群架构部署 dashborad插件部署 Nginx实现动静分离 K8S在线升级
Yosigo_的博客
08-14 1198
docker的namespace:是利用宿主机内核的namespace功能实现容器的资源隔离 k8s的namespace:是基于名称实现项目容器的隔离,叫命名空间 master节点组件: kube-apiserver:Kubernetes API server 为 api 对象验证并配置数据,包括 pods、 services、replicationcontrollers和其它 api 对象,API Server 提供 REST 操作和到集群共享状态的前端,所有其他组件通过它进行交互。 kube-sch..
k8s-adm安装高可用集群
m0_58969269的博客
08-09 296
# kubernetes安装 服务器配置至少是2G2核的。如果不是则可以在集群初始化后面增加 --ignore-preflight-errors=NumCPU ### 1.系统优化 ``` #关闭selinux setenforce 0 # 关闭防火墙 systemctl disable --now firewalld # 关闭swap分区 swapoff -a #修改/etc/fstab echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' >
双master节点+keepalived方式部署K8s 1.18.20
hedao0515的专栏
04-02 1568
双master节点+keepalived方式部署K8s 1.18.20
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值