前言暖春五月,疫情基本过去,值得庆贺。在这美好的一天,让我们来实践一下K8S高可用负载均衡Cluster吧。更新历史May07,2020-FirstDraft-左成礼原地址-https://blog.zuolinux.com/2020/05/07/k8s-cluster-on-centos7.html平台环境软件信息CentOSLinuxrelease7.7。1908(Kernel3.10.0-1062.18.1.el7.x86_64)DockerCE18.09.9Kubernetesv1.18.2Calicov3.8Keepalivedv1.3.5HAproxyv1.5.18HardwareInfoHostnameipmaster01192.168.10.12master02192.1910.106.103.14work01192.168.10.15work02192.168.10.16work03192.168.10.17VIP192.168.10.19集群配置初始化master/worker执行#cat>>/etc/hosts</etc/fstab#安装wgetyuminstallwget-y#备份mv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-基础.repo.backup#阿里云yum源wget-O/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo#获取阿里云epel源wget-O/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-7.repo#清理缓存并新建缓存yumcleanall&&yummakecache#更新yumupdate-y#同步timetimedatectltimedatectlset-ntptrueinstallDockermaster/workerbothinstalled#安装DockerCE#设置Warehouse#安装需要的包yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#添加Docker安装源yum-config-manager\--add-repo\http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#安装DockerCE.yuminstall-ycontainerd.io\docker-ce-18.09.9\docker-ce-cli-18.09.9#启动Docker并添加bootsystemctlstartdockersystemctlenabledocker#将Docker的CgroupDriver改为systemd#改为国内源cat>/etc/docker/daemon.json</etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF#添加配置cat</etc/sysctl.d/k8s.confnet.ipv4.ip_forward=1net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOF#Loadsysctl--system#安装当前日期最新稳定版本(v1.18.2)kubelet,kubeadm,kubectlyuminstall-ykubelet-1.18.2kubeadm-1.18.2kubectl-1.18.2--disableexcludes=kubernetes#startandsetkubeletstartsystemctlstartkubeletsystemctlenablekubeletHAProxy实现apiserver负载均衡群所有master节点执行yuminstallhaproxy-1.5.18-ycat>/etc/haproxy/haproxy.cfg</etc/keepalived/keepalived.conf</etc/keepalived/keepalived.conf<<结尾!keepalivedglobal_defs{router_idmaster02script_userrootenable_script_security}vrrp_scriptcheck_haproxy{script"killall-0haproxy"interval2weight10}vrrp_instanceVI_1{stateBACKUPinterfaceens192virtual_router_id50priority98advert_int1authentication{auth_typePASSauth_pass1111{8.92ipaddress}的配置文件10.19}track_script{check_haproxy}}EOFmaster03上keepalived的配置:#cat>/etc/keepalived/keepalived.conf<>/etc/hostsin在master01上执行kubeadminit来初始化kubeadminit\--apiserver-advertise-address0.0.0.0\--apiserver-绑定端口6443\--cert-dir/etc/kubernetes/pki\--control-plane-endpointk8s.api\--image-repositoryregistry.cn-hangzhou.aliyuncs.com/google_containers\--kubernetes-version1.18.2\--pod-network-cidr192.10.0.0/16\--service-cidr192.20.0.0/16\--service-dns-domaincluster.local\--upload-certs注意里面的内容保存结果中两行kubeadmjoin的开头,用于将其他master和worker节点加入集群加载环境变量master01执行管理集群如果用户是rootecho"exportKUBECONFIG=/etc/kubernetes/admin.conf">>~/.bash_profilesource.bash_profile如果用户不是rootmkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configinstallPod网络组件master01在#get上执行配置文件mkdircalico&&cdcalicowgethttps://docs.projectcalico.org/v3.8/manifests/calico.yaml#修改配置文件vicalico.yaml#找到192.168.0.0/16修改为192.10.0.0/16#部署Pod网络组件kubectlapply-fcalico.yaml实时查看pod状态watchkubectlgetpods--all-namespaces-owide将其他master节点加入到K8S集群中在其他master节点上执行使用kubeadm的执行结果initonmaster01包含join指令信息端口由6443改为16443exportMASTER_IP=192.168.10.19exportAPISERVER_NAME=k8s.apiecho"${MASTER_IP}${APISERVER_NAME}">>/etc/hostskubeadmjoink8s.api:16443--tokenztjux9.2tau56zck2\12j9-discovery-token-ca-cert-hashsha256:a2b552266902fb5f6620330fc1a6638a9cdd6fec3408edba1082e6c8389ac517\--control-plane--certificate-key961494e7d0a9de0219e2b0dc8bdaa9ca334ecf093a6c5f648aa34040ad39b61aecho"exportKUBECONFIG=/etc/kubernetes/admin.conf">>~/.bash_profilesource.bash_profile将所有Worker节点添加到K8S集群在worker节点执行使用master01上kubeadminit的执行结果中包含join的指令Theinformationportischangedfrom6443to16443exportMASTER_IP=192.168.10.19exportAPISERVER_NAME=k8s.apiecho"${MASTER_IP}${APISERVER_NAME}">>/etc/hostskubeadmjoink8s.api:16443--tokenztjux9.2tau56zoverck21\--2j9ray-token-ca-cert-hashsha256:a2b552266902fb5f6620330fc1a6638a9cdd6fec3408edba1082e6c8389ac517master01Viewtheclusterwatchkubectlgetnodes-owideAllareReady,indicatingthattheclusterinstallationissuccessfulDestructivetestingcanbeseenonthemaster01haproxymachine01shutdownthemasterThenyoucandothesameoperationonmaster02toseeiftheVIPcanfloattomaster03ConclusionTodayismainlytobuildaK8Shigh-availabilityloadbalancingclusterinactualcombat,whichisarecordofmyactualoperation.Sohaveyoufoundaplacethatcanactuallybefurtheroptimized?Iwillsendyouabowlofchickensouptodrink.Thesooneryouencounterproblems,thebetter.Ifyoudon'tencounterproblems,itmeansthatyourproblemsarebigger.Referencearticlehttps://wsgzao.github.io/post...https://www.kubernetes.org.cn...contactmeonWeChat公众号:zuolinux_com
