Kubernetes进阶篇 —— 高可用集群

k8s高可用集群

集群拓扑

Loadbalancer部署

安装 keepalived haproxy

yum install -y keepalived haproxy 

配置haproxy

vim /etc/haproxy/haproxy.cfg

keepalived配置

vim /etc/keepalived/keepalived.conf 
###
 1 ! Configuration File for keepalived
  2 
  3 global_defs {
  4    notification_email {
  5         root@localhost
  6    }
  7    notification_email_from keepalived@localhost
  8    smtp_server 127.0.0.1
  9    smtp_connect_timeout 30
 10    router_id LVS_DEVEL
 11 }  
 12 vrrp_script check_haproxy {
 13   script "/etc/keepalived/check_haproxy.sh"
 14   interval 5
 15 }
 16 
 17 vrrp_instance VI_1 {
 18     state BACKUP                 ##主为MASTER 备未BACKUP
 19     interface eth0
 20     virtual_router_id 51
 21     priority 90                  
 22     advert_int 1
 23     authentication {
 24         auth_type PASS
 25         auth_pass 1111
 26     }   
 27 
 28     track_script {
 29       check_haproxy
 30     }   
 31     virtual_ipaddress {
 32         192.168.1.100
 33     }
 34 }
 35   
###

docker部署

yum install -y docker-ce      ##所有节点安装docker-ce

vim /etc/docker/daemon.json
###

  1 {
  2   "exec-opts": ["native.cgroupdriver=systemd"],
  3   "log-driver": "json-file",
  4   "log-opts": {
  5   "max-size": "100m"
  6   },
  7   "storage-driver": "overlay2",
  8   "storage-opts": [
  9   "overlay2.override_kernel_check=true"
 10   ]
 11 }
~    
###

配置私有仓库证书，具体的在讲述 docker部分 的文章中

k8s集群部署

禁用swap分区
配置内核参数

vim /etc/sysctl.d/k8s.conf
###
1 net.bridge.bridge-nf-call-ip6tables = 1
2 net.bridge.bridge-nf-call-iptables = 1
3 net.ipv4.ip_forward = 1
4 vm.swappiness=0
###
sysctl --system  # 令配置文件生效

加载内核模块

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

• 安装 ipvsadm

yum install -y ipvsadm

kubeadm部署

yum install -y kubeadm kubelet kubectl
kubeadm config print init-defaults > kubeadm-init.yaml
vim kubeadm-init.yaml

预先拉取镜像

kubeadm config images pull --config kubeadm-init.yaml

kubeadm init --config kubeadm-init.yaml --upload-certs

• master节点

kubeadm join 192.168.1.100:8443 --token abcdef.0123456789abcdef     --discovery-token-ca-cert-hash sha256:f4f9a5a2738f41ebde614fa63cabf40baedfa84bb8319cccc01ff0e8a3415cfc     --control-plane --certificate-key e8f6f35925a450607448202370ea252b6337655fb04655e1ff67db770a0c9c4b --ignore-preflight-errors=NumCPU
##因为我虚拟机只分配1个cpu，所以这里加入参数忽略错误

• 普通节点

kubeadm join 192.168.1.100:8443 --token abcdef.0123456789abcdef     --discovery-token-ca-cert-hash sha256:f4f9a5a2738f41ebde614fa63cabf40baedfa84bb8319cccc01ff0e8a3415cfc

因为我的主机名原因保错，更改主机名

Flannel网络组件部署

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看

kubectl get node

flannel镜像拉取失败，这是国内网络的问题
把yaml文件下载下来，修改kube-flannel.yml，替换quay.io

:%s/quay.io/quay-mirror.qiniu.com/g

重新部署

测试