|
|
#系统centos7 所有节点是yum 安装的kubernetes 版本#前提是集群已经正确运行没有任何问题#原理参照 kubadm 和kargo 三个master做高可用所有node上安装haproxy 负载均衡反代三台kube-apiserver的8080端口 api-server为无状态服务#注意,之前用过nginx配置反代三台apiserver出现创建pod 容器非常慢,3-5分钟,应该有BUG ,建议用haproxy反代,非常顺畅.#controller-manager 和scheduler 为有状态服务,同一时间只有一台当选,会在三台master机之间进行选举,由其中一台担任leader的角色#节点构造如下5 N V0 s( ~, L H2 d
cat /etc/hosts#master
+ r. k9 @8 O$ C* y192.168.1.61 master1.txg.com #512M4 m8 [4 |9 J2 |9 o/ `8 H
192.168.1.62 master2.txg.com #512M
; N0 g3 d+ a9 s7 a6 `8 K( ]5 n1 G192.168.1.63 master2.txg.com #512M#master软件包
# e. }2 M7 t8 }- H# rpm -qa|grep kube# D: B9 E3 e2 D9 v. b z8 c6 p
kubernetes-client-1.5.2-0.2.gitc55cf2b.el7.x86_64
6 }7 M, L9 ]8 s b5 _kubernetes-master-1.5.2-0.2.gitc55cf2b.el7.x86_64+ G0 b: ?7 s" {0 W: C
flannel-0.7.0-1.el7.x86_64#etcd-server0 l& A6 i5 f. j) r7 F! d
192.168.1.65 etcd1.txg.com #512M, \* b; P1 g$ @) K7 V: c& o
192.168.1.66 etcd2.txg.com #512M: n9 t8 g. o% H6 n: W
192.168.1.67 etcd3.txg.com #512M#node节点
! J2 s. C: H# S2 H7 b1 e192.168.1.68 node1.txg.com #4G0 h% v* F8 E( h8 D" r8 D }& j
192.168.1.69 node2.txg.com #4G
2 J4 y v$ ^5 D192.168.2.68 node3.txg.com #4G
; n" Q- M. w; e/ J$ P( N8 a192.168.2.69 node4.txg.com #4G#node节点软件包/ _# P% X5 T/ m$ H% [% |
[root@node4 ~]# rpm -qa|egrep 'kube|docker'
- Z9 _- V3 r5 G. d" o: | |- Okubernetes-client-1.5.2-0.5.gita552679.el7.x86_64
: b' L8 i( j- v0 }/ \2 kdocker-common-1.12.6-11.el7.centos.x86_64) h$ f# D ^, ~
docker-1.12.6-11.el7.centos.x86_642 F5 l4 _, l4 H r
kubernetes-node-1.5.2-0.5.gita552679.el7.x86_64- J0 {5 O( @& L. o1 I% g$ w
docker-client-1.12.6-11.el7.centos.x86_64
}4 S- V y0 A# iflannel-0.7.0-1.el7.x86_64[root@node4 ~]# uname -a% I$ q, g4 l6 g/ d
Linux node4.txg.com 3.10.0-514.6.2.el7.x86_64 #1 SMP Thu Feb 23 03:04:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux修改master server上的配置文件,我的配置文件在/etc/kubernetes/下面
3 Y, k0 _2 C i4 g+ Z) z( o' v[root@master1 kubernetes]# pwd
7 n+ M. Z: z7 a) k# N/etc/kubernetes7 y! N4 u6 s) R3 L
[root@master1 kubernetes]# ls
- l: a. J `5 o% vapiserver config controller-manager scheduler ssl sslbk1.修改controller-manager和scheduler配置文件在KUBE_CONTROLLER_MANAGER_ARGS=" " 中间加入 --address=127.0.0.1 --leader-elect=true6 L p5 m5 ~( A0 V( D; ]. a* j
KUBE_CONTROLLER_MANAGER_ARGS=" --address=127.0.0.1 --leader-elect=true --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem"
, E7 R) l3 v$ E, r" M, x修改scheduler 为 KUBE_SCHEDULER_ARGS=" --address=127.0.0.1 --leader-elect=true"
9 Y0 _9 C' {; G+ N0 j让节点有选举master leader 功能,ok master配置完成同步master1上的配置文件到master2 3 节点2.所有node节点安装 haproxy , yum install haproxy#配置haproxy.cfg文件 监听5002端口,所向代理kube-apiserver:8080[root@node4 ~]# cat /etc/haproxy/haproxy.cfg3 {. ]. B& A) Z7 H5 V7 B S
#---------------------------------------------------------------------Example configuration for a possible web application. See thefull configuration options online.http://haproxy.1wt.eu/download/1 ... -------------Global settings#---------------------------------------------------------------------
3 h# G$ z. c4 P0 iglobal
# `4 O' d( `4 o+ ^. A( ~# to have these messages end up in /var/log/haproxy.log you will
( k! h, K; r7 U& ]# need to:* H: I1 X0 g7 B2 t- u$ X
#
! f" W" }/ X* n# 1) configure syslog to accept network log events. This is done E1 d8 G3 v/ ?* v. K5 {5 \* B
# by adding the '-r' option to the SYSLOGD_OPTIONS in. M* r$ G; {( t7 L4 x; C0 \
# /etc/sysconfig/syslog+ r% x; l4 w+ i. U; W
#, ^9 J3 l# Q/ E% f9 D ?2 {
# 2) configure local2 events to go to the /var/log/haproxy.log
$ V& X" i: F8 @' _7 t0 Y# file. A line like the following can be added to+ U6 m: O) K# ^7 J T
# /etc/sysconfig/syslog) `" A# K3 p' D1 ?1 m! s- `/ N; D& f
#
5 ?7 m8 X: Y0 K' f) Q5 a2 D6 ^#5 B# C) }% ^9 a( _" N' {$ ^8 t
log 127.0.0.1 local3# local2.* /var/log/haproxy.logchroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon# turn on stats unix socketstats socket /var/lib/haproxy/stats#---------------------------------------------------------------------common defaults that all the 'listen' and 'backend' sections willuse if not designated in their block#---------------------------------------------------------------------2 B/ {* O7 l; K8 u: C( ~/ r
defaults
2 G G2 E0 D3 ~2 V+ z% Tmode http3 t. x6 N4 M# u. T% K
log global7 _/ R+ E0 L+ @* ^7 u
option httplog
+ G0 X; D8 Z" R& m; @1 foption dontlognull
+ N% H. q2 G# [4 }* Xoption http-server-close4 Z0 Q- C$ J9 ^2 B( m4 k i: N
option forwardfor except 127.0.0.0/8
$ f: u4 `3 g* u7 q+ G7 V- w' L9 Koption redispatch6 p. Z* d# E$ W. ], z/ H- F
retries 3
2 @) j0 s$ e/ q1 Y7 e. ttimeout http-request 10s0 b$ |/ {8 j( X4 x
timeout queue 1m
+ C1 V9 ` a+ ^9 I0 H" `0 itimeout connect 10s
' P9 G6 N; ]# |timeout client 1m( l2 `" T5 A+ Y, F
timeout server 1m& Q" C B1 w1 I, d
timeout http-keep-alive 10s, ^+ p# n' ~, v4 J4 f0 \
timeout check 10s
$ B+ G9 F& }5 T6 m6 F8 i7 o- Gmaxconn 3000#---------------------------------------------------------------------main frontend which proxys to the backends#---------------------------------------------------------------------' k( D$ A+ U3 l7 Y( h% ~6 L, q
frontend main *:50022 C7 [4 [6 q T
stats uri /haproxyacl url_static path_beg -i /static /images /javascript /stylesheetsacl url_static path_end -i .jpg .gif .png .css .jsuse_backend static if url_staticdefault_backend app#---------------------------------------------------------------------static backend for serving up images, stylesheets and such#---------------------------------------------------------------------5 t1 h+ d, a# D& {2 A9 s' A
#backend staticbalance roundrobinserver static 127.0.0.1:4331 check#---------------------------------------------------------------------round robin balancing between the various backends#---------------------------------------------------------------------
6 t+ [" q& t& p8 h# t2 j. Mbackend app% @3 _& B7 h& ]8 [; F
mode http6 j1 X* M* w6 f$ K4 f8 i L+ ~
balance roundrobin
1 b) Q W6 ~/ v- S& qserver app1 192.168.1.61:8080 check# s1 @6 j. h; Z
server app2 192.168.1.62:8080 check
j: @( |* `. m& bserver app3 192.168.1.63:8080 check#server 部份按照自己apiserver 三台 配置进来即可3.配置rsyslog收集haproxy日志! |8 g8 }) R9 ^ K
[root@node4 ~]# echo -e '$ModLoad imudp \n $UDPServerRun 514 \n local3.* /var/log/haproxy.log' >> /etc/rsyslog.conf4.配置node节点配置#配置config 文件 KUBE_MASTER="--master=http://127.0.0.1:5002" 参数指向haproxy的5002端口[root@node4 kubernetes]# pwd2 V$ s# V! d: e( }$ @
/etc/kubernetes9 V7 C9 z0 P& r6 m
[root@node4 kubernetes]# ls
: \) y: U; v; e' C% [config kubelet proxy[root@node4 kubernetes]# cat configkubernetes system configThe following values are used to configure various aspects of allkubernetes services, includingkube-apiserver.servicekube-controller-manager.servicekube-scheduler.servicekubelet.servicekube-proxy.servicelogging to stderr means we get it in the systemd journalKUBE_LOGTOSTDERR="--logtostderr=true"journal message level, 0 is debugKUBE_LOG_LEVEL="--v=0"Should this cluster be allowed to run privileged docker containersKUBE_ALLOW_PRIV="--allow-privileged=true"How the controller-manager, scheduler, and proxy find the apiserverKUBE_MASTER="--master=http://127.0.0.1:5002"#配置kubelet KUBELET_API_SERVER="--api-servers=http://127.0.0.1:5002") P9 M5 A z9 C( f# r- L- g: Y
[root@node4 kubernetes]# cat kubeletkubernetes kubelet (minion) configThe address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)KUBELET_ADDRESS="--address=0.0.0.0"The port for the info server to serve on#KUBELET_PORT="--port=10250"You may leave this blank to use the actual hostnameKUBELET_HOSTNAME="--hostname-override=192.168.2.69"location of the api-serverKUBELET_API_SERVER="--api-servers=http://127.0.0.1:5002"pod infrastructure container#KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"Add your own!KUBELET_ARGS="--cluster_dns=172.1.0.2 --cluster_domain=cluster.local"#所有node节点照此配置完成5.#重启所有node节点上的服务,在这里我用ansible来处理,ansible请自行脑补,建议大家用ansible来批量处理会快很多
; n: {. m3 l- \#没有安装ansible的,请自行手动重启[root@master1 ~]# ansible -m shell -a ' systemctl restart rsyslog.service ;service haproxy restart ;systemctl restart kubelet.service;systemctl restart kube-proxy.service' 'nodes' K% a; T( U' _$ Y, c
node3.txg.com | SUCCESS | rc=0 >>
% Q+ ?" f1 _- R3 l5 w# ?; fRedirecting to /bin/systemctl restart haproxy.servicenode4.txg.com | SUCCESS | rc=0 >> w/ a- S! Y0 F! O) x
Redirecting to /bin/systemctl restart haproxy.servicenode2.txg.com | SUCCESS | rc=0 >>
3 _8 O) ] v" gRedirecting to /bin/systemctl restart haproxy.servicenode1.txg.com | SUCCESS | rc=0 >> k, e$ o* F' L+ {( }5 ^
Redirecting to /bin/systemctl restart haproxy.service#查看所有node上 haproxy 日志 200为正常
# q6 p" s2 j: w: q[root@node3 kubernetes]# tail -f /var/log/haproxy.log
; y( W8 Q B) g2017-05-09T11:23:12+08:00 localhost haproxy[18278]: 127.0.0.1:42970 [09/May/2017:11:23:11.992] main app/app1 52/0/0/186/238 200 2507 - - ---- 6/6/5/2/0 0/0 "PUT /api/v1/nodes/192.168.2.69/status HTTP/1.1"
e u8 ]; r& r3 u# u9 R3 _2017-05-09T11:23:22+08:00 localhost haproxy[18278]: 127.0.0.1:42970 [09/May/2017:11:23:12.229] main app/app2 10000/0/1/1/10002 200 2519 - - ---- 6/6/5/1/0 0/0 "GET /api/v1/nodes?fieldSelector=metadata.name%3D192.168.2.69&resourceVersion=0 HTTP/1.1"
" N# o( R. ^3 E, J+ }2017-05-09T11:23:22+08:00 localhost haproxy[18278]: 127.0.0.1:42970 [09/May/2017:11:23:22.232] main app/app3 60/0/0/123/183 200 2507 - - ---- 6/6/5/2/0 0/0 "PUT /api/v1/nodes/192.168.2.69/status HTTP/1.1"
a+ ?7 _, ~7 b0 }2017-05-09T11:23:28+08:00 localhost haproxy[18278]: 127.0.0.1:42722 [09/May/2017:11:22:21.385] main app/app1 7384/0/1/0/67387 200 167 - - sD-- 5/5/4/1/0 0/0 "GET /api/v1/watch/pods?fieldSelector=spec.nodeName%3D192.168.2.69&resourceVersion=2348326&timeoutSeconds=424 HTTP/1.1"
% @+ h- S% d2 y6 h& ~2017-05-09T11:23:32+08:00 localhost haproxy[18278]: 127.0.0.1:43096 [09/May/2017:11:23:32.416] main app/app2 0/0/0/1/1 200 2519 - - ---- 6/6/5/1/0 0/0 "GET /api/v1/nodes?fieldSelector=metadata.name%3D192.168.2.69&resourceVersion=0 HTTP/1.1"
9 ~8 w* _3 W+ X6 E2017-05-09T11:23:32+08:00 localhost haproxy[18278]: 127.0.0.1:43096 [09/May/2017:11:23:32.418] main app/app3 53/0/0/92/145 200 2507 - - ---- 6/6/5/2/0 0/0 "PUT /api/v1/nodes/192.168.2.69/status HTTP/1.1"
2 Y2 C5 r, u4 g' k* W$ ]2017-05-09T11:23:35+08:00 localhost haproxy[18278]: 127.0.0.1:43096 [09/May/2017:11:23:32.564] main app/app1 2459/0/1/1/2461 200 2507 - - ---- 6/6/5/3/0 0/0 "GET /api/v1/namespaces/kube-system/secrets/default-token-p5l8p HTTP/1.1"$ G. W6 v3 G- `4 ^: {/ {
2017-05-09T11:23:42+08:00 localhost haproxy[18278]: 127.0.0.1:38410 [09/May/2017:11:14:38.515] main app/app3 0/0/1/1/544002 200 254800 - - ---- 6/6/4/1/0 0/0 "GET /api/v1/watch/endpoints?resourceVersion=2347840&timeoutSeconds=544 HTTP/1.1"
6 u4 p8 r; V) z$ a2017-05-09T11:23:42+08:00 localhost haproxy[18278]: 127.0.0.1:43096 [09/May/2017:11:23:35.024] main app/app3 7540/0/0/1/7541 200 2519 - - ---- 6/6/5/1/0 0/0 "GET /api/v1/nodes?fieldSelector=metadata.name%3D192.168.2.69&resourceVersion=0 HTTP/1.1"
+ ?( C! z+ a1 ?2017-05-09T11:23:42+08:00 localhost haproxy[18278]: 127.0.0.1:43096 [09/May/2017:11:23:42.566] main app/app1 51/0/1/111/163 200 2507 - - ---- 6/6/5/2/0 0/0 "PUT /api/v1/nodes/192.168.2.69/status HTTP/1.1"#重启所有master节点上的服务ansible -m shell -a 'systemctl restart kube-apiserver.service;systemctl restart kube-controller-manager.service ;systemctl restart kube-scheduler.service ' 'masters'6.查看leader信息位于哪个节点[root@master3 ~]# tail -f /var/log/messages
1 H5 R1 ]0 [: QMay 9 11:09:43 master1 kube-scheduler: I0509 11:09:43.354272 4636 leaderelection.go:247] lock is held by master3.txg.com and has not yet expired
1 }* S/ P! H- R; C( ?$ tMay 9 11:09:43 master1 kube-controller-manager: I0509 11:09:43.887592 4532 leaderelection.go:247] lock is held by master2.txg.com and has not yet expired#这时, kube-scheduler leader位于master3 和kube-controller-manager 在master2[root@master3 ~]# kubectl -n kube-system get ep kube-controller-manager -o yaml+ z% \, f; g: N, A+ }! V7 `
apiVersion: v1
+ W H) M8 r) {6 Kkind: Endpoints( o9 R2 J9 Y8 |& h8 l/ a: J
metadata:! O/ U& N$ m: \3 d' u2 P
annotations:
1 W7 L+ y/ |, M/ j+ \- zcontrol-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"master2.txg.com","leaseDurationSeconds":15,"acquireTime":"2017-05-08T10:41:07Z","renewTime":"2017-05-09T03:14:02Z","leaderTransitions":0}'
+ w! Q1 ~" _: P/ M. [/ [! s/ m" H6 h1 dcreationTimestamp: 2017-05-08T10:41:07Z! W, c$ A/ S; @, L1 B
name: kube-controller-manager$ B3 [ D6 U, A0 S
namespace: kube-system9 d5 ^7 D; W5 w4 o8 U! i4 b
resourceVersion: "2347791"1 ]6 s' L& } A' G
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager) q. ^( }* v/ u1 ]* y; D. {; X2 u
uid: d7dae24f-33da-11e7-9a51-525400c2bc59
+ Y; E8 N L. P) V jsubsets: []6 |# z/ L& H! F* S) R# `$ b
[root@master1 ~]# kubectl -n kube-system get ep kube-scheduler -o yaml1 S+ R5 y$ q% E/ M3 W' q
apiVersion: v1
8 `5 N E2 q3 _4 y9 u+ Z# M# U0 _kind: Endpoints3 E) Y# B/ Y3 p) U' S2 H
metadata:) \9 ~6 i6 ]0 L* R! y
annotations:
+ G! L" p( v- A4 Fcontrol-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"master3.txg.com","leaseDurationSeconds":15,"acquireTime":"2017-05-08T10:41:08Z","renewTime":"2017-05-09T03:14:27Z","leaderTransitions":0}'
. V- }+ U) g3 c6 r+ Q9 |# [- |) h' z( o% zcreationTimestamp: 2017-05-08T10:41:08Z
) v. ]9 t) j! i' M" Fname: kube-scheduler4 ?) x1 W5 E$ }
namespace: kube-system
2 Y3 \2 ^0 G& k. f2 n) j8 gresourceVersion: "2347830"
9 f& E3 U6 X$ tselfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler4 Q8 q4 o. p: Q
uid: d87a235a-33da-11e7-9eb5-52540081c06a+ D& D9 A' R# `/ a
subsets: []#至此配置高可用集群配置完成 |
|
发表于 2021-7-19 09:39:14