k8s高可用多节点master搭建
建议master数量为奇数个(本章以测试为主,双节点测试,可以加相应IP)搭建环境请参照之前文章
架构:
master1 10.194.28.104
master2 10.194.28.110
虚拟ip 10.194.28.222
A
<1> 节点安装 keepalived
yum install -y socat keepalived ipvsadm conntrack
<2> 配置
[root@master1 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface ens192
virtual_router_id 80
priority 100 #优先级
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass just0kk
}
virtual_ipaddress {
10.194.28.222
}
}
virtual_server 10.194.28.222 6443 {
delay_loop 6
lb_algo loadbalance
lb_kind DR
net_mask 255.255.252.0
persistence_timeout 0
protocol TCP
real_server 10.194.28.104 6443 {
weight 1
SSL_GET {
url {
path /healthz
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.194.28.110 6443 {
weight 1
SSL_GET {
url {
path /healthz
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master2 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface ens192
virtual_router_id 80
priority 50 #优先级
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass just0kk
}
virtual_ipaddress {
10.194.28.222
}
}
virtual_server 10.194.28.222 6443 {
delay_loop 6
lb_algo loadbalance
lb_kind DR net_mask 255.255.252.0
persistence_timeout 0
protocol TCP
real_server 10.194.28.104 6443 {
weight 1
SSL_GET {
url {
path /healthz
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.194.28.110 6443 {
weight 1
SSL_GET {
url {
path /healthz
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
<3> 开启 keepalived master1 master2依次启动
systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
B
<1>初始化
#kubeadm init --config kubeadm-config.yaml
[root@master1 ~]# cat kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.14.0
apiServer:
certSANs:
- 10.194.28.104
- 10.194.28.110
controlPlaneEndpoint: "10.194.28.222:6443"
networking:
podSubnet: "10.244.0.0/16"
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
#mkdir -p $HOME/.kube
#cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#chown $(id -u):$(id -g) $HOME/.kube/config
#kubectl apply -f kube-flannel.yml
<2>复制相关文件
master2 #cd /root && mkdir -p /etc/kubernetes/pki/etcd &&mkdir -p ~/.kube/
master1 设置免密 #ssh-keygen -t rsa 一直回车 #ssh-copy-id -i .ssh/id_rsa.pub root@master2
sh ca.sh
[root@master1 ~]# cat ca.sh
scp /etc/kubernetes/pki/ca.crt master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.key master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key master2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/etcd/ca.crt master2:/etc/kubernetes/pki/etcd/
scp /etc/kubernetes/pki/etcd/ca.key master2:/etc/kubernetes/pki/etcd/master1 至此完毕
<3>次master节点加入集群(初始化集群成功时的信息)
kubeadm join 10.194.28.222:6443 --token za0pu8.itrd*********2n --discovery-token-ca-cert-hash sha256:1f3482c3******************e7acb3bd223d8c --experimental-control-plane
#mkdir -p $HOME/.kube
#cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#chown $(id -u):$(id -g) $HOME/.kube/config
以上完毕!!!