本文介绍搭建K8S集群的高可用,保证在主master节点挂掉之后,node节点的kubelet还能访问到另一个主节点的apiserver等组件进行运作。
实验部署
单master部署查照(
Kubernetes单master节点二进制部署
)
master2 部署
(1)将master1上kubernetes工作目录拷贝到master2节点
[root@localhost ~]# scp -r /opt/kubernetes/ root@192.168.49.179:/opt
(2)在master1,将kube-scheduler.service、kube-apiserver.servic、kube-controller-manager.service三个服务启动脚本拷贝到master2节点
[root@localhost ~]# scp /usr/lib/systemd/system/{kube-scheduler,kube-apiserver,kube-controller-manager}.service root@192.168.49.179:/usr/lib/systemd/system/
(3)在master2修改kubernetes配置文件kube-apiserver
[root@localhost ~]# cd /opt/kubernetes/cfg
[root@localhost cfg]# vim kube-apiserver
(4)将master1上的etcd证书复制到master2上面
[root@localhost ~]# scp -r /opt/etcd/ root@192.168.49.179:/opt
(5)启动master2上的服务,并设置开机自启动
systemctl start kube-apiserver
systemctl enable kube-apiserver.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
(6)查看node节点状态
#设置环境变量
[root@localhost cfg]# vim /etc/profile
#在末行添加
export PATH=$PATH:/opt/kubernetes/bin
[root@localhost cfg]# source /etc/profile
#查看node节点状态
[root@localhost cfg]# kubectl get node
4、负载均衡部署
(1)配置nginx
#配置nginx的yum源
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
[root@localhost ~]# yum list
#安装nginx服务
[root@localhost ~]# yum install nginx -y
#nginx添加四层转发
[root@localhost ~]# vim /etc/nginx/nginx.conf
插入
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.49.209:6443; //master01
server 192.168.49.179:6443; //master02
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
#检查语法
[root@localhost ~]# nginx -t
#启动服务
[root@localhost ~]# systemctl start nginx
#测试nginx服务能否访问
(2)配置keepalived
#安装keepalived
[root@localhost ~]# yum install keepalived -y
#更改配置文件
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的
priority 100 # 优先级,备服务器设置 90
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.49.99/24
}
track_script {
check_nginx
}
}
#编写nginx的监控脚本
[root@localhost ~]# vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
查看漂移地址(使用ip addr命令查看)
(4)故障转移测试
#停掉主服务器的nginx服务,查看keepalived服务状态
[root@localhost ~]# pkill nginx
[root@localhost ~]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
#到backup节点上查看漂移地址,能看到漂移地址说明故障转移成功
[root@localhost ~]# ip addr
如果把主服务器的服务再次开起来,漂移地址会重新回到主服务器节点上面去,因为配置文件中主服务器的优先级比从服务器的优先级高,keepalived会优先选择优先级较高的服务器
(5)更改node节点配置文件,将访问master节点的apiserver地址更换为VIP地址
[root@localhost ~]# vim /opt/kubernetes/cfg/bootstrap.kubeconfig
#更改地址为VIP
server: https://192.168.49.99:6443
[root@localhost ~]# vim /opt/kubernetes/cfg/kubelet.kubeconfig
#更改地址为VIP
server: https://192.168.49.99:6443
[root@localhost ~]# vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
#更改地址为VIP
server: https://192.168.49.99:6443
[root@localhost ~]# grep 99 /opt/kubernetes/cfg/*
#重启kubelet.service
[root@node01 bin]# systemctl restart kubelet.service
#在负载均衡节点查看日志
[root@localhost ~]# tail /var/log/nginx/k8s-access.log
版权声明:本文为weixin_45693462原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。