kubernetes多节点部署
一、k8s多节点部署
多节点部署需要单节点的基础之上
——————master02部署——————————
【1】在master01上复制kubernetes目录到master02
[root@master ~]# scp -r /opt/kubernetes/ root@192.168.60.20:/opt/
【2】在master01上复制kube-apiserver,kube-controller-manager,kube-scheduler管理服务
[root@master ~]# scp -r /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.60.20:/usr/lib/systemd/system/
【3】在master01上复制etcd证书
[root@master ~]# scp -r /opt/etcd/ root@192.168.60.20:/opt/
【4】在master02上面修改配置文件kube-apiserver中的IP地址
[root@master2 ~]# cd /opt/kubernetes/cfg/
[root@master2 cfg]# vim kube-apiserver
--bind-address=192.168.60.20 \
--advertise-address=192.168.60.20 \
【5】在master02上面启动master三个组件
[root@master2 cfg]# systemctl start kube-apiserver
[root@master2 cfg]# systemctl start kube-controller-manager
[root@master2 cfg]# systemctl start kube-scheduler
【6】添加kubectl的环境变量
[root@master2 cfg]# vim /etc/profile
export PATH=$PATH:/opt/kubernetes/bin/
[root@master2 cfg]# source /etc/profile
【7】在master02上面查看节点信息
[root@master2 cfg]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.60.100 Ready <none> 7d23h v1.12.3
192.168.60.60 Ready <none> 8d v1.12.3
——————————————————————kubernetes负载均衡部署——————————
【1】重新增加服务器作为nginx代理
192.168.60.40和192.168.60.50是nginx代理服务器分别是nginx01和nginx02
【2】下载nginx服务
[root@nginx01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
[root@nginx01 ~]# yum install -y nginx
【3】添加nginx反向代理服务功能
[root@nginx01 ~]# vim /etc/nginx/nginx.conf
events {
worker_connections 1024;
}
——————————————————————————
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.60.10:6443;
server 192.168.60.20:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
———————————————————————————
http {
【4】启动nginx服务
[root@nginx01 ~]# systemctl start nginx
【5】下载安装keepalived双机热备
[root@nginx01 ~]# yum install keepalived -y
【6】添加双机热备功能【nginx01和nginx02是不同的】
//nginx01双机热备安装
[root@nginx01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.60.201/24
}
track_script {
check_nginx
}
}
//nginx02双机热备安装
[root@nginx02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.60.201/24
}
track_script {
check_nginx
}
}
【7】添加nginx自检功能
[root@nginx01 ~]# vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
[root@nginx01 ~]# chmod +x /etc/nginx/check_nginx.sh
【8】启动双机热备功能并验证【注意启动之前必须nginx服务启动】
[root@nginx01 ~]# systemctl start keepalived
[root@nginx01 ~]# ip add //应该可以看到漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:40:57:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.60.40/24 brd 192.168.60.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.60.201/24 scope global secondary ens33
【9】验证在nginx01上面关闭nginx服务和恢复nginx服务漂移地址的变化
[root@nginx01 ~]# pkill -9 nginx
[root@nginx02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.60.201/24 scope global secondary ens33
[root@nginx01 ~]# systemctl start nginx
[root@nginx01 ~]# systemctl restart keepalived
[root@nginx02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::ede1:e07b:68c4:a8e7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@nginx02 ~]#
【10】统一node节点上面bootstrap.kubeconfig,kubelet.kubeconfig,kube-proxy.kubeconfig配置文件的IP地址
//IP地址修改为漂移地址192.168.60.201/24
server: https://192.168.60.201:6443
【11】重新启动kubelet和kube-proxy服务
[root@node1 cfg]# systemctl restart kubelet.service
[root@node1 cfg]# systemctl restart kube-proxy.service
【12】修改自检
[root@node1 cfg]# grep 201 *
bootstrap.kubeconfig: server: https://192.168.60.201:6443
kubelet.kubeconfig: server: https://192.168.60.201:6443
kube-proxy.kubeconfig: server: https://192.168.60.201:6443
【13】在nginx01上查看nginx的k8s日志
[root@nginx01 ~]# tail /var/log/nginx/k8s-access.log
192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:14:06:27 +0800] 1566
192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1119
192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1120
192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:19:09:34 +0800] 1566
【14】在master01上面测试创建pod
[root@master ~]# kubectl run nginx --image=nginx
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-bb9tc 0/1 ContainerCreating 0 16s
【15】因为查看日志是不能使用匿名访问的所以要创建用户
[root@master ~]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
[root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
【16】查看pod网络并在相应节点访问
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-bb9tc 1/1 Running 0 118s 172.17.85.2 192.168.60.100 <none>
[root@node2 ~]# curl 172.17.85.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@node2 ~]#
【17】在master01上查看日志产生
[root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc
172.17.85.1 - - [07/Oct/2020:06:11:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
[root@master ~]#