K8S 1.22.3 多master节点部署

集群节点:

master01 192.168.90.110
master01 192.168.90.111
master01 192.168.90.112
node01 192.168.90.113
node02 192.168.90.114

1、部署安装K8S前置环境

参考:基于kubeadm 部署K8S1.22.3 踩坑_ice_bird的专栏-CSDN博客

2、在所有的master节点卡iptable转发

iptables -P FORWARD ACCEPT

3、在所有的master节点安装keepalived和haproxy服务

yum -y install haproxy keepalived

修改haproxy配置文件 /etc/haproxy/haproxy.cfg

#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend apiserver
    bind *:16443       #端口可以自己调整
    mode tcp
    option tcplog
    default_backend apiserver

#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserver
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk
    balance     roundrobin
    server  master01 192.168.90.110:6443 check
    server  master02 192.168.90.113:6443 check
    server  master03 192.168.90.114:6443 check

修改keepalived配置文件 /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL
}


vrrp_script check_apiserver {
    script "/etc/keepalived/check_apiserver.sh"         # 检测脚本路径
    interval 3
    weight -2
    fall 10
    rise 2
}



vrrp_instance VI_1 {
    state MASTER             #主节点为MASTER,其他节点为BACKUP
    interface ens192         #网卡名称
    virtual_router_id 51     #id所有节点保持一致
    priority 100             #主节点优先级100,其他节点优先级数值逐步下调
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111       
    }
    virtual_ipaddress {
        192.168.90.115        #keepalived虚拟IP可自行调整
    }

    track_script {
        check_apiserver       # 检测模块
    }


}

创建/etc/keepalived/check_apiserver.sh检测脚本,keepalived配置需要使用

#!/bin/sh

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP}; then
    curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi


#${APISERVER_VIP}  keepalived cluster 的虚拟IP.
#${APISERVER_DEST_PORT} Kubernetes API Server端口,在haproxy.cfg配置的端口.

修改各个master节点的keepalived配置,state、interface、权重各个节点会有所差异。

启动keepalive和haproxy

# systemctl enable haproxy --now
# systemctl enable keepalived --now

开启后可以在keepalived的master节点上看到虚拟IP地址

K8S 1.22.3 多master节点部署

 可以停止haproxy进行测试,虚拟IP会迁移到优先级高的服务器。

4、在所有节点安装kubeadm kubelet kubectl

5、在master01上创建kubeadm-config.yaml用于初始化

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.90.110               #本机地址
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  imagePullPolicy: IfNotPresent
  name: master01
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: "192.168.90.115:16443"      #虚拟IP地址及端口
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.22.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}
~                   

初始化完成后,先在master01执行

#执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

然后拷以下文件到其他master节点

    scp /etc/kubernetes/pki/{ca.crt,ca.key,sa.key,sa.pub,front-proxy-ca.crt,front-proxy-ca.key} root@192.168.90.113:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/etcd/{ca.crt,ca.key} root@192.168.90.113:/etc/kubernetes/pki/etcd
    scp /etc/kubernetes/admin.conf root@192.168.90.113:/etc/kubernetes/

    scp /etc/kubernetes/pki/{ca.crt,ca.key,sa.key,sa.pub,front-proxy-ca.crt,front-proxy-ca.key} root@192.168.90.114:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/etcd/{ca.crt,ca.key} root@192.168.90.114:/etc/kubernetes/pki/etcd
    scp /etc/kubernetes/admin.conf root@192.168.90.114:/etc/kubernetes/

文件复制完成后在其他master节点执行初始化返回的命令,master节点比node节点

多--control-plane --certificate-key 参数

kubeadm join 192.168.90.115:16443 --token jbze8q.1hs7cgz1tso347j8 --discovery-token-ca-cert-hash sha256:7690c7d2e7e1727506174918fdf9abcee2e5dab2775ac47e24485991fd6abcde --control-plane --certificate-key 621b4cf9efbd111123dc17d1ed55ff5b14b49937442b09c1dcec4415530731b7

在node节点执行以下命令

kubeadm join 192.168.90.115:16443 --token jbze8q.1hs7cgz1tso347j8 --discovery-token-ca-cert-hash sha256:7690c7d2e7e1727506174918fdf9abcee2e5dab2775ac47e24485991fd6abcde

kubeadm join过程中如果出现证书过期,可以用以下命令重新生成

kubeadm token create --print-join-command

如果是添加master节点,则需要加certificate-key,获取方式如下

kubeadm init phase upload-certs --upload-certs

如出现coredns无法启动的情况,可能要检查/etc/kubernetes/controller-manager.conf文件

添加cidr参数

    - --allocate-node-cidrs=true
    - --cluster-cidr=10.244.0.0/16

参考链接:kubeadm/ha-considerations.md at main · kubernetes/kubeadm · GitHubK8S 1.22.3 多master节点部署https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#options

利用 kubeadm 创建高可用集群 | KubernetesK8S 1.22.3 多master节点部署https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/high-availability/

上一篇:常用Dos命令


下一篇:maven mvn archetype:generate使用