|
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备6 A K% Z# t2 k5 S. y, s- b# l
服务器规划
0 w- @ P$ {$ k% V! L) a0 H8 j8 d服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04; Y" r. T8 W. _8 W. @% u( ]
192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主7 X7 a$ P) K @9 K. `
192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备
$ ]1 G% u' d$ G" q" D0 G) y- x) M K) X192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备' s0 ^9 Q* Z5 \5 y
192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave8 p, P& p4 m0 _* {' h; u
192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave
8 A1 r, c: K7 p4 S192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave2 ?, p0 q9 e9 e) y" f9 f1 q
9 p" f6 e* e3 H3 a, H% P- t' J
三台master节点通过 vip 192.168.90.100 代理访问6 F! o/ v) T; ?& H0 {3 l1 s) u) a
3 i8 X& r0 T7 } F* p& @8 k) R' Z环境准备
1 @* K: o5 E! S* p5 H按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:1 p# z1 v: n, k$ E
同步时间0 n/ z. f5 b3 M0 B/ R- i; B! Q: q
设置时区选择亚洲上海9 W+ j4 u9 y, N. m. p: u
0 R' }% u |4 [' _( g( s8 \6 W; [6 b
eric@server1:~$ sudo dpkg-reconfigure tzdata. Q6 j# D3 F% ?0 L' O* i% b
[sudo] password for eric:
% @" {$ g! [( L7 p7 V& v& r' I) f+ W( U, g
Current default time zone: 'Asia/Shanghai'3 [9 Q( R7 l' }* H5 ?' u$ [0 @
Local time is now: Mon Aug 9 23:05:09 CST 2021.1 H: [6 D2 C9 b1 S/ X3 E4 h- P$ H
Universal Time is now: Mon Aug 9 15:05:09 UTC 2021.$ u$ D- e% s1 |7 R- e
1
7 V7 _6 n9 {+ j# H& G, _ h2
$ m7 V2 U6 V. c* F7 G& v. W7 u6 Y3
4 c: I. E6 V" z! X' X% F4) p) v; q" ?7 b8 X
5$ ]* V: @8 y$ H4 z/ v% P4 v( p6 W) T
69 L6 f7 \: F" V; k- A8 C
eric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate
3 j5 n4 S! n# O' R( O% G4 a# `% JReading package lists... Done
; u2 s( V0 p& a" z) N......
$ ]% `% r3 o& y% L0 Meric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器)
8 d" l- a7 @. O/ s 9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec. u/ V' o o+ Z( c G9 j& v
eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间* S4 H( G- {0 S3 C
eric@server1:~$ date --查看确认时间" T' ? [6 t4 I
Mon Aug 9 23:06:49 CST 20219 J8 ?1 u+ q( I% X
1! F4 y! f- I; H* O6 K, P
2" }5 T) Q, {7 P7 K$ j" i
3! [$ K) R# }( w1 U7 V( F$ ~
4
3 C s. U. E+ T# r% v" G. E56 t }2 ], ]) B) \5 D s3 ]" d
6
N1 j) S$ I: Y( D2 t/ Z7) d: b/ E+ v# e7 ?" c4 W
8
* R- M, p. i7 t; x! f; T1 n F配置IPVS" T4 p% U9 _1 e P+ h6 u: L
1 v3 b7 O. M; N3 T8 K% {1 D- s9 ~
eric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具
5 D# ]. V' @9 G8 OReading package lists... Done: C! W7 K/ s2 j I) P$ h
......; d; N( U5 D ]9 H6 t- H
eric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块) K. c. i5 |* J1 H7 m/ w) D/ J
eric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存
7 F3 x+ P& C. G* Z q0 V$ nmodprobe -- ip_vs8 b# b) Y# @& ~- S" {$ ^
modprobe -- ip_vs_rr
+ A6 ], |* R0 q6 u/ Emodprobe -- ip_vs_wrr
1 n; _! h+ ^- A4 lmodprobe -- ip_vs_sh
+ S) N" g4 U8 O" M. t6 y$ D: Z2 wmodprobe -- nf_conntrack_ipv45 v% O/ {( E' U7 G
+ Z3 x! f( e2 I3 L4 J+ [---切换root用户执行脚本否则报错
. s0 @# _, p. H8 O# I6 \root@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
8 t% m5 O$ z: O* |% [( fip_vs_sh 16384 0; d* ~$ V' i6 P8 t& H! a
ip_vs_wrr 16384 0
3 A; z+ L2 C* f4 eip_vs_rr 16384 0
1 q7 Z9 ^* J5 A! f/ kip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
2 K' e2 Y( k b6 l6 b: Z nnf_defrag_ipv6 20480 1 ip_vs. _8 G* K) S6 K3 y r$ S
nf_conntrack_ipv4 16384 4; Z2 L( X/ v, ~5 S; M6 R. \( A* @) l4 Z7 t
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4! F. Q6 W U3 H/ D
nf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs. M( w8 k! W9 p
libcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs4
* G' I: ?" m8 k$ s! f7 s5 l' s. J6 [
q( I8 L' Q5 s
1
7 c. m. \; l' p( X5 J21 @3 z% o% k) l
39 @, j8 }$ T4 a& I4 a% w
4
; `2 z) a- \& q* [. q1 C) O5
7 ~% p" t# c$ a$ E0 n+ @5 l6
7 R/ d' j: P& e7; H4 V( r* X0 N' O4 e K
8
0 i3 @, _, Z' N+ U) X! V0 R* V9# |; ]8 B1 O2 w7 ]* e; ?% T$ i" o, R
10
; p+ t" X# [! C& V' i1 K0 _ e8 Y11$ p6 [9 N S4 K9 D; @1 g% h
12
4 N* R0 Y! o0 z3 j# A) Q13
x- M, @* e- Y6 d, z) c14
3 Q) g7 ^3 j. a: }$ o15
% e) a2 @! X, I) y, e y) }$ p164 W$ g& X2 y3 _! h7 ^! E
17! k0 |+ m# V6 Q
18
# k3 H( N6 J2 V9 j& ^3 R! t- K19* s7 }5 {0 @' }3 C5 W1 v* E
20; I& C' Z- I9 [8 O* S5 G
21
1 H2 x* @. V4 j8 D8 `2 l22
' { y2 \# {$ `% u236 u6 }3 i! B, {4 o% Q
配置内核参数2 `5 C* m$ r9 _ P& Y& U* N4 r
3 A, X [6 A# O# X0 o" R' ~* `1 Y/ P
root@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数3 |9 e% V# p2 C, m T6 o) @
net.bridge.bridge-nf-call-ip6tables = 1
# y2 }9 [ S# ?5 P7 {$ @" |net.bridge.bridge-nf-call-iptables = 10 S5 c/ A( Q8 z0 F4 A2 E* R. W. k# p
net.ipv4.ip_nonlocal_bind = 1
3 ]1 L. q- L0 C, i. Jnet.ipv4.ip_forward = 1- Y' b3 X* S% T6 Z c+ m+ w
vm.swappiness=0
' s. L) h. [: c) u( Iroot@server1:/home/eric# sysctl --system ---应用参数
7 m2 C. r6 e( I* Applying /etc/sysctl.d/10-console-messages.conf ...
8 W$ O6 e5 f5 o: e4 zkernel.printk = 4 4 1 7
1 k4 S$ d4 Y" N( h! x* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
* ?5 }# f* {" a- E0 ^net.ipv6.conf.all.use_tempaddr = 2
' l0 ]) D% K: j" U' d: \net.ipv6.conf.default.use_tempaddr = 2
6 f/ H) ~( W& m# p* Applying /etc/sysctl.d/10-kernel-hardening.conf ...- o' H+ I8 |& P7 M
......' F7 Y9 u& n/ Y2 T1 [; e2 ^
* Applying /etc/sysctl.d/k8s.conf ... --生效
2 f( z7 n4 {: W) v" c& |net.bridge.bridge-nf-call-ip6tables = 1
/ W( l7 L' ?, `+ dnet.bridge.bridge-nf-call-iptables = 1$ d4 v. D4 a g; V4 x) t+ R
net.ipv4.ip_nonlocal_bind = 1+ n7 A) c9 p# Y
net.ipv4.ip_forward = 12 H" N* l" }! T
vm.swappiness = 0$ ?& p, E) U8 k6 [0 Z2 v
( R$ l" t* s2 _# ?( |% V
1
/ _) ^ L( C# L: E. d k: |; Y' _) D2
7 r; Q8 L8 A* j37 p# j* [; `0 P4 M( E; p& h
4
( Y( s( E" l/ m/ ?5
- z1 l3 n# `5 v, B5 n+ ^2 O+ Y6
5 U7 C) V9 p) p! u5 _ V+ Y. x7
8 K. t& Z6 n1 K" a; |8 d. s89 w+ K" Y. F/ a" e4 @: n
9
) m; Z# n: U6 [1 u: q3 d10$ a" q& P; L8 O3 x5 n! N* Z
114 b9 a7 E- I$ }, k+ R
123 g" Z c& A( J! F+ U0 V: W
13
5 G! z5 I7 |$ a2 T- @, F5 T140 n6 f! _/ j+ ?* L. v/ o
152 A9 E& o1 q/ t2 O& T
16 R% e5 e9 }( A& E$ o
17. V" H( f) |! X. _" P" O2 Z e
18+ I0 v9 N X% c/ B
19/ v( I7 E( z8 I0 f; Z
200 @& y4 b% z" d; B0 ]
修改 cloud.cfg8 P" j# @1 A2 x) ]: ^3 Y
6 C8 a" P6 j* d6 Hvi /etc/cloud/cloud.cfg
* @; C+ _( I1 u. W; M# 该配置默认为 false,修改为 true 即可! H4 g$ ~1 D' T2 L
preserve_hostname: true
5 y: `3 Q. N+ V6 s) K G) ~1- g" J! _' o' x
21 ]* f1 B: g/ ^4 R/ a& ?
3, U8 Z% h8 F3 i4 s
克隆虚拟机并分别配置ip和主机名
" t8 U. u- b9 ]/ g8 i9 p2 n% ?" s5 p/ T9 z# b$ R
hostnamectl set-hostname server1 --配置主机名命令
1 Z3 S2 H% S0 h9 d% ]18 l9 I1 O" L- p/ C" s
ip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效
* n4 ^& F( W/ J" o9 b0 v3 U. N' f% ^. r0 \- ^6 E! B/ q
eric@server1:~$ cat /etc/netplan/00-installer-config.yaml
8 l; A. O6 x# c2 l) Y! }# This is the network config written by 'subiquity'1 L! C- p. `' m
network:* u, D% {7 v' P4 F, u
ethernets:
8 S/ {1 c5 a/ _/ g* I. d ens33:, M8 P. j% m @+ f" W& F% E
dhcp4: false
7 Q/ Q( X' A/ P! w% _7 Z addresses: [192.168.90.32/24]
/ K+ b6 P+ _0 n' F& ] gateway4: 192.168.90.1: A2 U! ~, u9 Y4 A' Z7 m* ^
nameservers:5 X C: k, j, X
addresses: [8.8.8.8]2 _$ i9 A4 D7 k& S
version: 2
9 W) {+ e% ^7 l" D7 [, }. o# S1
5 T* G3 @6 L A7 O- C/ n, C2 M0 ^. A3 W8 s+ @- z0 k
3
$ i0 B. ~' N% t4
. C- }- L4 i' J9 J- ?- _. k4 O5
; _( |4 f Z7 ^7 J- J: U' b& H61 A V" S; P# {
75 I5 n0 l8 N7 r5 Y
8- b" U a1 e: p F# ]
9+ s: `, ?$ D5 j( h. [5 V
10 R0 A- P4 g" v: c2 n
11' q4 e5 R3 F5 Y+ r& W- }
高可用原理: W1 c. z- d* [! h; |8 D0 q) L
Kubernetes Master 节点运行组件如下:
( x9 A7 Y# I5 @" R% g: Mkube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制
* Q/ d: z. n1 `9 U, d' f& Akube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上9 [& H# h0 m, j* f
kube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等& ]- |2 a7 d* r @
etcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)
# V5 N. D8 b% O, g5 i' F+ O u* `! w" r Q) `0 D. @
kube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。
6 F3 T# _& }0 m* H/ c6 ukube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件 E- [: b) R. E2 h9 @( t9 E% x; C m
配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:
: ^2 B+ x+ m8 r* N8 [; X5 c8 _+ P- ^Keepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)
/ c \2 J1 \, `- dHAProxy 监听 Keepalived VIP7 T F/ n+ }+ e$ @ H A
运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点
& S) R7 ?1 ~1 J: X6 ~! F9 _! hKeepalived 是一主多备运行模式,故至少需要两个 LB 节点: @% B2 |7 d7 U2 l# C; I
Keepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用( ~0 V) ?& B1 S4 z- j
所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver)
1 n; R; r# ]- k) [8 l' n% j
8 d7 \* D! b3 h7 |! N- u8 ]3 a0 M$ |* v
6 f3 Y( V$ d) e安装HAProxy和Keepalived
. p' H2 N6 F; f3 PHAproxy启动脚本
( `* J/ c, {; F L2 J; K; X4 f; U% Emaster1节点创建HAproxy启动脚本,并设置执行权限
$ ?. ~& ^: v3 }' p2 e s2 I, n2 _0 Z$ ~
sudo mkdir -p /usr/local/kubernetes/lb0 |) l0 p. l1 ^0 F" F; j9 q
sudo vi /usr/local/kubernetes/lb/start-haproxy.sh& `* G# f) h9 q9 e% W
- A" e3 Z+ F. j/ [0 W+ W1 O# 输入内容如下
^ K% l# t6 S# F1 R* ?#!/bin/bash/ ~- {; R3 S$ V# |6 E1 V0 [# \
# 修改为你自己的 Master 地址
# _1 ^' l& {0 V2 g% @' sMasterIP1=192.168.90.31
4 L6 q, L6 t5 [9 i xMasterIP2=192.168.90.32
: g0 a# D) B tMasterIP3=192.168.90.33
2 O( W5 b. c. I4 D8 B, L T# 这是 kube-apiserver 默认端口,不用修改( }- U9 @' G' j% \
MasterPort=6443& F% U0 s; P( h6 j; C- t
8 Y Z; j( C+ y! c5 J$ g1 k# 容器将 HAProxy 的 6444 端口暴露出去
% n1 v3 P( R0 o0 |/ ^$ J; u0 b {docker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \
8 B. b( T9 b: k& X% @ -e MasterIP1=$MasterIP1 \
6 ?% ], O2 g1 U7 [% c" P -e MasterIP2=$MasterIP2 \
+ `+ L/ U7 K* b! K1 `6 N0 D -e MasterIP3=$MasterIP3 \
$ R# O2 V/ i/ }& I -e MasterPort=$MasterPort \2 S0 K0 e# X1 g, x
wise2c/haproxy-k8s
8 x! |7 W5 J. T J; g V5 ]1 X C
; e) g6 L4 s0 i9 W7 r# 设置权限
$ S* h. \, M- m; msudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh
# w- g {9 }* H- _7 `+ c3 R
2 J/ u! F0 w( ?9 S0 \% u N1
" @% _( P- P& H8 j. j& X6 v2
! T. u- k0 m: U2 |3
; I3 a5 R+ {2 o9 J1 ^4
/ Z3 I# d4 s9 y6 \' o5 s2 W5
! B( M9 C" D. r0 O6
; I6 a1 f6 b& |6 Y/ @7
/ w$ \' K* T1 C" W. F8# p4 S, R& c+ `8 [! D
91 A7 [" X4 L/ v4 x
10+ x8 Z9 C B3 p/ z3 I+ i u
11
- ^: L* O' s% P+ _126 a( t2 q& `$ U
13
7 }! i- g* }% v! f+ B; r14% @5 Z$ O2 ^0 d$ c" a0 A
15: d6 D9 L; U- P9 H# m6 Z+ L! K4 ?
16
9 B, }: P8 l1 L2 k" A, I0 [17$ x! m" H* r' ]5 P
18
; x$ A' W; {3 ~2 ?) D+ _" n, n; P" ~19
+ J" _9 x5 P. f201 F H V, U* ]) C4 o' M
21
$ o+ N3 l7 N# ` V% \' p [- S22
9 N- K8 G( ?6 C/ M. K9 a, Y. i* W, QKeepalived启动脚本
4 J9 \0 H' @+ l! ?- K; m0 N& y; [master01节点增加 keepalived启动脚本,并添加执行权限如下:, @: D1 Z4 f& K( ~- l+ a1 o
; Z) j$ m( f8 R1 B, o# s4 \, f
sudo mkdir -p /usr/local/kubernetes/lb. h: i. V0 N4 e+ \- n _
sudo vi /usr/local/kubernetes/lb/start-keepalived.sh5 x6 Y+ ]2 w; W1 L+ I: \
# 输入内容如下, b D% W& Q+ K% m6 B
#!/bin/bash3 {. q/ W5 y1 o4 M1 G
# 修改为你自己的虚拟 IP 地址+ F9 G* |1 u9 J1 d1 H5 n; E
VIRTUAL_IP=192.168.90.1005 {4 W/ a1 g9 u1 h7 O/ F9 v
# 虚拟网卡设备名7 S; S. I2 E. f- M
INTERFACE=ens33" Q8 m; v9 ` {2 `2 ^+ z- p- a* |
# 虚拟网卡的子网掩码
. Y' l0 K- T9 D. m* M1 GNETMASK_BIT=24: K" I, @2 L( h5 {, Q
# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口% ~ D7 U" N8 [# e$ g
CHECK_PORT=6444( Q7 r. B1 {3 c+ Q
# 路由标识符4 N$ [$ u, l- B5 R
RID=10
& Z4 {$ ^0 Z7 F4 b* ]4 F# 虚拟路由标识符
/ ?8 O0 t) i8 l WVRID=1609 w* U7 ~6 p. u
# IPV4 多播地址,默认 224.0.0.18
+ }( O& i1 O7 S" GMCAST_GROUP=224.0.0.18# J* p0 }2 V6 p- P, E0 T! a
docker run -itd --restart=always --name=Keepalived-K8S \, Y. V, B% E ~, ^% @" C# i2 ~% F
--net=host --cap-add=NET_ADMIN \
) R/ u* i+ ?5 d" E" ^- Z -e VIRTUAL_IP=$VIRTUAL_IP \
+ d8 ^+ Y2 ~+ d$ e& k( P- y, o -e INTERFACE=$INTERFACE \
* R1 k; m3 J8 f4 ~7 l: E -e CHECK_PORT=$CHECK_PORT \4 D" f. U+ J/ Q# h H
-e RID=$RID \
" c: I: {% L: t$ S -e VRID=$VRID \! }: O. c s) c* ~4 Q# V
-e NETMASK_BIT=$NETMASK_BIT \' d4 d- s7 n/ A1 X) F7 m- S4 ~
-e MCAST_GROUP=$MCAST_GROUP \
2 a* P |+ W/ s wise2c/keepalived-k8s, [# K, Y6 r! ~/ E# z
# 设置权限
- k& S3 K7 i h% Ksudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh6 x* X8 ]& o+ f; b- i( |) v
+ k/ Q: j, c! _5 H1 ]1
/ }4 q2 {+ h/ E+ [2/ Q& N8 P/ G# @6 l3 t
39 `' ~( f; d9 D; p
4
5 B" o" _6 k: U7 Q* K5! p9 c4 Z- H( M2 r1 w; a9 x$ F
6
$ ]$ ~3 c! s3 p1 x* n8 D: t- ~7 V( g7 i' d. x1 v1 M; z5 H
8
6 q. j2 n' u7 Y3 `9; B+ W1 y1 T2 P3 D9 E
10
! B2 z7 }0 t1 i7 ~) `/ x. U; D11- Y. b1 p4 ]# b0 s2 G
12
9 X2 a1 x! `$ z13
3 V3 c, P* d, m. I, f' p+ ~' @4 M14
! a4 ]5 s( N' r2 @* h" o15, z- G+ _! z' A N7 I4 T
16& l8 w4 L) |( L$ k" \/ G6 O3 X
17
) B2 Y# L; z- H' I& C186 f" h5 c1 D2 f, h" B& H
19
: k* ?9 ~7 M$ F20
, t( V$ Y0 i0 V, ~5 x5 J& l21# @- O: e) }2 ^. o; X3 W0 t: h
22
& [" _+ \( u( ^! h# N23
1 h) K4 B$ I/ A6 i, G: g, W; L24
: h) O0 G% f0 y25
2 W6 b/ S, ?1 J! f$ B1 Z" b26* z5 k) Q' i& I3 C
27/ B9 z. k8 _( n/ x
28& `5 ?3 z: C. U3 y7 e' J2 @
29, E8 W" R6 `/ j: u0 a2 S
30
! }) J5 k+ \4 q/ T9 l3 ^复制脚本到其他两台master
- `- W3 P( ^. D# \5 v- ]( \! P32 和 33 创建 目录 ,并复制脚本文件命令如下4 ~, l5 u @$ |: P D
3 i: X0 K6 V Q3 d7 E# L! R7 {sudo mkdir -p /usr/local/kubernetes/lb7 j. K# R2 f9 w# Z3 N
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录, ?+ c$ Y/ J, G" T( K- d6 a/ V7 ], t
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric1 M) M$ x0 b5 X, p
eric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb: @; n$ ~2 m' E& C+ q/ H0 j
12 A( z- F- l5 Q+ U v1 d) M$ d+ }
2, T8 E1 a0 u. ?2 e4 w
3
* t& S$ x% Q8 q4 u) C$ X4
; Q0 U# t, s. V9 v! R$ _5 l启动容器) [* w3 o7 a2 L3 N/ w5 A8 Z
三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像
: ~) {: N8 x/ u2 T7 c
* y6 m& b' ]$ m5 j7 ]sudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh
1 @5 o: H$ ^6 I% I R1 L* w9 A; b. _
检验容器
& y8 z8 _2 L" n& {三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:
* e# S1 r9 S; C, `/ Z% M9 [* G0 e/ U3 p
2 x; W. l# ]1 P5 T: r4 d8 ~- t) |root@server1:/home/eric# docker ps# a- z( f- I+ w
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES9 x% q% e: E, h, k* G8 ?
2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S( J3 v6 K) `/ _( `( t3 E6 }( Y% l
97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S8 }$ g6 b6 h3 Y8 G& Z
1
9 ~$ ^4 n: l: l5 H( b6 A( \# w; W2
: E% Q, ]/ c$ N' W- ]: N( X) R3
. n5 p& f! Y( m4# w# Z6 `: ^0 F4 d+ K
虚拟IP验证; q1 U1 T$ v, y
31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:
" P' E$ T' u' ]6 j4 }# \3 o$ Q3 S" {( i
eric@server3:~$ ip a | grep ens33
" S ] |% Z, h: y4 |! y( q2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 j2 V1 t4 |& d9 e. C$ b
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens33) V* G J5 n+ q8 h' u# `
inet 192.168.90.100/24 scope global secondary ens33" I7 ]: `$ ?& B$ V& e
1
; F% d; y. @/ t, B2
+ m+ x8 e) r# B5 ^* k$ N. l1 S% P3
! S8 y! {% L& A, G7 \4$ W( \+ A) {2 A P( c/ B- C
部署K8S集群6 b- ]% r: J2 T
创建工作目录并导出配置文件
1 P# |5 T" {! H% ~' P5 n/ ~
2 E' b! R) J" Q% ~4 r# 创建工作目录
3 J7 @& U/ m$ k2 M; s0 ksudo mkdir -p /usr/local/kubernetes/cluster3 W" \. G* K. A6 q
# 导出配置文件到工作目录
* W$ N# z2 f( F1 @- n" i/ B3 Tsu root
3 a' y4 t9 r7 ^6 G. u( J) i kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml6 i. X7 \& d# ^3 t/ L
1
# o6 t* v# a- N2 I. D2
8 C, p+ u; m7 u& X2 K; x n3
7 F: |8 G# ]2 C1 `8 {6 v3 S' w4 o' F: A4
5 r. x. p( _4 |54 Y8 ^$ ~0 w4 L: q/ X" b1 y
修改配置文件+ ~, @ \) z c' ^5 M
33节点修改kubeadm.yml 内容如下- Q/ r: D+ B( R: j5 ^* k7 s
" ], n+ t( k: F) g0 \root@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml2 C, m) b. T% [( b: ?/ Y
apiVersion: kubeadm.k8s.io/v1beta1/ H% Y4 M/ f% K+ e& u9 F- f
bootstrapTokens:0 R2 m+ X7 ^( w
- groups:5 a2 D; G# w# p+ b& W
- system:bootstrappers:kubeadm:default-node-token* {# l1 K1 A- p/ E
token: abcdef.0123456789abcdef5 \% e+ L7 F S% W8 T
ttl: 24h0m0s; g3 Y- a! y9 \3 J6 s4 }
usages:" P, c1 |7 t4 L: @" @
- signing
! ?- b, w: @! r. V2 _8 \ - authentication' a9 t) w e6 `2 h- H! ~: W6 E' f/ S
kind: InitConfiguration$ u0 {; \/ R- T4 w {
localAPIEndpoint:
5 i1 b' T4 C* g0 d/ y advertiseAddress: 192.168.90.33 #节点ip
8 p$ C: v( v& C( ~0 M5 a bindPort: 64438 s! ~3 O7 o" n2 Y8 r
nodeRegistration:, R, Y4 j0 X6 n$ F3 z; S$ v
criSocket: /var/run/dockershim.sock5 h* X' p- U: n) }, K, P0 X+ V" M
name: server1
( }2 a. `- `! W2 Y& \8 d1 D taints:
4 ]& f$ C5 Y$ k# \; I) h - effect: NoSchedule
# n" ?3 V- {0 P1 @2 } key: node-role.kubernetes.io/master' s$ W2 a6 K- C0 J, S: o" v
---+ A1 ]6 Q; ]# {" M @0 M
apiServer:. B- J8 c$ g3 r
timeoutForControlPlane: 4m0s
0 f" |! l/ X+ ^ K) D. iapiVersion: kubeadm.k8s.io/v1beta10 d" ~3 S" O% O9 G
certificatesDir: /etc/kubernetes/pki
! d. O1 N/ q) L* U* `. qclusterName: kubernetes9 }) O* i" m! P0 c' g) ]
controlPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口
4 U" A9 {+ A6 B7 N% }% _controllerManager: {}6 ?3 D, ]6 c5 t* t: I
dns:
, j+ i0 |$ H. Y0 z9 i type: CoreDNS3 z& f6 N5 Z8 u9 [: s4 t
etcd:
. a1 t7 A; {0 d8 q; X: F local:
; L( V* {$ M2 Z( N6 }( i% T dataDir: /var/lib/etcd% [ t6 m4 b+ W- h1 h
imageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库
u* P9 p. T- q' ?kind: ClusterConfiguration
9 S7 V; a2 ~8 f5 W& B6 H, @kubernetesVersion: v1.14.10 # 版本号. K8 U' L5 g2 k9 ^) [, y5 }
networking:* K" P! Q( p+ d& k1 J6 y
dnsDomain: cluster.local
, {9 }: y. L; @* _9 |6 Z9 F! J podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16
4 k* f- u3 b5 B8 }7 s0 Q3 K serviceSubnet: 10.96.0.0/123 o$ |' }5 N- U3 `0 b
scheduler: {}
, |5 B. U+ \7 q- J! Q--- q$ D+ w3 \! r* E" J0 @
# 开启 IPVS 模式
/ d( Y+ A' ]/ e5 S- q1 e3 Q9 }apiVersion: kubeproxy.config.k8s.io/v1alpha1
2 e0 @' s3 O- y1 ?kind: KubeProxyConfiguration- B8 x! O9 G: j6 L9 [1 B0 ^3 V
featureGates:0 Z; g; o0 E i6 p: v2 G: `2 x
SupportIPVSProxyMode: true5 t: L b9 ]: ~" C! f
mode: ipvs! ?) K2 Z3 E5 v2 ?- o
( u2 X& u! e1 u e, n) e
1/ c6 R, _( s0 A6 d/ q, o
2+ Z. q6 \5 l8 ?8 }/ N, Y. p
3
# G {5 x9 S. i& P5 J' L4 ^, M" c2 O+ D. m3 a' F+ O
5
4 G! O7 E& a) Z2 n" m64 {4 p# ^& v# b* {; X3 n# d6 _3 X
7* r+ ]5 M$ N- x
84 G* T6 `7 C% x+ m) T
9
/ y, N, G; v; b# @3 |9 Z0 z103 C8 m" ~* l3 D% x* I& ^; h
11
& V1 n Z p' A ~$ y% r12
5 q- _; a9 v% k: x1 d. Y G13, n) o& D; M- h3 J
14
5 G- F. [$ R% o2 e0 I8 ~159 z9 D- t5 C% B |+ y$ G/ ^
16) U' \* I2 z; p w
17
3 I% X) p: H1 |$ [3 }18
' {% {. _- w1 `. r+ w. P19
5 {$ m# j; p( m- L8 g" G; a! p20" U! t% p# C& c
21
# r' r8 K% m+ W B( Q22
: g! C7 t7 L) X. \, Z/ L5 a( |/ B" i23
+ n" Q6 T7 g- ~' `& e24/ i0 d8 r1 o+ j1 v, G+ O
25
: u$ u7 P& z8 b8 G264 |: @' ]+ @2 \9 E& a- X# ^
275 t; n+ n1 |9 c) t& X
28
0 W' P9 D, ^" U) d! @ d29# k" u. J$ B( G1 b9 c8 B. U2 z( o
30
1 r% V( l8 P. M3 B31, W0 X8 s! u+ F$ i
32+ B6 `$ [' Y: B3 n& P7 b$ Y
33& O) t% q+ q2 a* n) J1 j- J
34
9 ]9 A9 n6 i" C( Y35
/ n4 S2 ]% s8 q4 s% q362 P+ [9 ~, E8 A: V$ }% N
37
) S/ u2 y: n3 s38
+ u" [5 O- c+ B5 _1 k& B! d39
r& |2 D! f4 G% K2 c M- M) z* d40: G6 I1 k5 g" T7 L# |
41" ^& t5 V) C' t
42' b: S4 B0 \0 B8 m5 n
43
! |" H4 [9 j! ~% l44
* L# Y# ~2 e+ M. ~0 f' D" W45" j F9 _+ j5 y6 k# v8 n3 y1 _
46 j1 F9 v. W- W; h( c8 h/ A- ~5 C
47. j9 P1 y+ P- F% }: k# L, x
48* f' N ?9 S$ F2 t$ X, [7 a) R
kubeadm 初始化master& \4 z- |) u4 }% D, B2 d
6 W9 w/ d4 x& f# [' [
kubeadm 初始化
7 \. J3 ]8 {: G3 H1 z# A! J7 @6 n. n; X+ k( L6 B
root@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log
( N3 e" K; `4 y3 z8 ~......( }: i3 G% @% B! z' ^/ J
Your Kubernetes control-plane has initialized successfully!) Z7 X, @' w( x. B$ r
: Z+ P& ^( Z2 [
To start using your cluster, you need to run the following as a regular user:, N/ Y! K- p) \( s
1 n: |# e% a0 C* |. v! J7 [
mkdir -p $HOME/.kube
2 D' v( \5 P8 ~+ m8 `# g3 h sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config! H4 P; f% }9 ^ c% q# }
sudo chown $(id -u):$(id -g) $HOME/.kube/config% A4 C+ J" [8 S! z, ]
. P0 S& `' @4 r5 Y1 [% G* _1 `( u
You should now deploy a pod network to the cluster.+ W0 v0 ^/ ?' e( X' f, C* R1 g9 e
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
" l+ o8 |: M( H https://kubernetes.io/docs/conce ... inistration/addons/
: x+ J( D9 v3 U# `$ D) c5 l0 J9 _& c4 ~9 d, c
You can now join any number of the control-plane node running the following command on each as root:6 d }7 c, m! s7 u! }
9 W0 F( h4 a8 B& x: h# P
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
$ Z4 Z" Z& b, \ --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \' L& G$ ~' {# L' S3 v4 \+ \
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf2 L0 e) L9 \/ U5 l2 u
: [, y0 x- g) v
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!% K" N" N8 M4 }/ n# h
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
7 f/ u3 I' F u0 N/ T" [" K) @; v' `"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward.$ x- |; ]4 l# m7 n* W2 z
' G3 Z; @4 U! Z+ d8 Z
Then you can join any number of worker nodes by running the following on each as root:# i+ K/ k) r; y+ P* q9 z; @
* t5 ?3 r8 S, H5 [) j) B/ K
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \7 Z. K6 R# K0 G& I% h$ o! R1 L
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e' A% _& y5 O& [0 V' \+ T' x
: y& N+ e$ ~( ?% T14 ]( I1 }" [7 ]& ]5 z" ?2 t
2
0 a2 }- X: \! G7 z. t3
5 G! Q2 v6 N G- x48 M" I) O8 x4 Q, A2 |. P7 Y
5; a4 r. e. x5 Y5 O
66 k/ F- }% j9 j( I8 K6 _2 e+ ]
7
g2 E* p# |! R. @ \! S1 N83 J1 O) Y: `& Q2 ?4 z( R: g
9* J8 r9 c; K% b5 h
10
P. M+ ]+ o A, h. E) \+ q114 A# t% ]- \, E
12. M/ H' P0 x+ ]. H
13
$ A, X( f* G: N k3 a# E8 V" u14
2 o, [5 S/ A/ e5 X$ O15. F0 @1 d8 t: A, X
16# B( x' Z+ l. Y- F
17 j' E0 o, w2 q3 P! K
18
+ ~/ h) B9 _8 J19* m! U! ^+ N. B) r! A/ G6 [
20
6 k/ o u& k; L8 }' F! P' ]! S3 q21
# |/ H6 @. h! f4 e/ F6 o- @227 J) }; g7 H# S. x$ ]: F% V
23+ t0 g% i5 Q/ H. h4 a
242 \5 R0 I) c9 M4 u2 u& z
25
% O" N4 }" x9 g8 T# L269 s6 I( e* [8 X1 A" D3 q8 j6 Z
27
6 G Y+ a ]6 M2 O/ Q& H* P4 I28
9 c4 i* D* N; o( J% n. E根据日志输出,切换到普通用户eric执行以下命令
4 ^- z. \" l! F4 `
) U2 y* w) z1 `& q4 `1 _! \; Droot@server3:/usr/local/kubernetes/cluster# su eric
5 k. X# Y0 M1 s9 Z# D% Xeric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube, P! i* y2 g# w3 M7 o+ \
eric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config6 ?5 s/ O1 k% G2 L
eric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config$ P( k# [4 t+ h7 a' @$ O
1( H/ X8 m" n0 v$ x! G9 g
2
* ^/ `% M, U* `3 f5 l6 _/ v2 V- |39 S: ]$ z) ]0 N. [" Q7 m
48 T$ n! f$ X) w# i) T6 y! u. B
验证是否成功; N* t) I# n3 T9 ^0 c% l
eric@server3:/usr/local/kubernetes/cluster$ kubectl get node
& `, }) U" q: q' Y! nNAME STATUS ROLES AGE VERSION G$ O, ^ c: Q; s
server3 NotReady master 4m11s v1.14.10
+ Q- Q, e; H* O: _; Z3 T" G1/ Y+ M1 K$ p3 @) x6 o' @( u- T8 `! c, t
2) n2 e8 \) f( V' R0 o' E1 Y B
3
7 ]% z/ j' L e5 E" }7 Q安装网络插件
: Q% M$ ]. b5 o
* K9 V0 Q4 Q! I* feric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml
+ d7 C, F/ A5 E+ \* \configmap/calico-config created$ K! S' F- H9 d% K* T
......2 e a5 Q) U8 P) A4 V
serviceaccount/calico-node created8 b( c6 F# S- a& g
deployment.extensions/calico-kube-controllers created( y! u6 m, l+ n" i# o/ g7 I# k5 f
serviceaccount/calico-kube-controllers created: M2 E2 U1 B4 r. x K R! I a
1
' L5 @ ^% n1 @7 H6 c0 G0 b9 D4 Q; g% I24 q4 f: n2 ~, C/ F. [
3
v8 U, n7 l+ C6 R49 z" {4 a" `9 K) Q! Y& U" J
5- s6 B6 v; _ F: P; O I
6
6 @2 d- r0 y% R$ {! j$ M# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态 r0 Y% I) t8 m& Y6 ?
watch kubectl get pods --all-namespaces3 z+ n" G, l1 L0 \/ ]: {
kube-system kube-scheduler-server3 1/1 Running 0 34m
, {. c- f$ q9 X5 ?6 r4 ]2 WEvery 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 2021
4 w9 R! i7 T! G3 mNAMESPACE NAME READY STATUS RESTARTS AGE
- e& h5 C) y/ k" {kube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m0 f7 c6 e2 J! d6 J
kube-system calico-node-sb2kb 1/1 Running 0 64m
: H" P+ C' r5 m! Tkube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m
, Y" B" V2 {- k8 S9 x' @: Lkube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m
' w* X |6 ~7 G6 A& m; Xkube-system etcd-server3 1/1 Running 0 65m6 g& f1 a; E+ E% W9 }9 u0 w
kube-system kube-apiserver-server3 1/1 Running 0 65m* o0 n5 c& r3 B1 [' f
kube-system kube-controller-manager-server3 1/1 Running 0 65m
4 A# z* d2 [/ ^kube-system kube-proxy-q42pg 1/1 Running 0 66m- N! w! T4 D. K6 I7 T5 c/ x8 ~" u
kube-system kube-scheduler-server3 1/1 Running 0 65m" P' u; {4 g: m
1
6 P* b! h, V2 G) ?3 g, K2
3 I2 l0 i- J. P5 L3) }/ |7 I1 ~5 i1 ~
4* I- C* @+ u8 w
5* Z( w6 N) O' ]7 V- M) t) L
6
0 _7 k3 H2 j; [, s7
* {6 K( v6 b8 N# @8) k4 g& q4 { Q- D
9" K' U. H, X! W* k
10& D. Y. i4 `; Z F& N" G, d
11
" w8 z% C, S% p; M# S# o" j12/ T+ C# y2 ^/ A, t& {0 U, k, x
13! G% t) D5 `. k7 I3 c& X
14+ @4 _2 ]* E! y
加入mater节点
/ R" o/ T) S$ O+ Z: u31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。
7 s% ?5 z3 }, G6 s, q注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数% N+ s! T+ S' h2 x( P1 |3 f2 q
. I2 G, L$ f: y' O2 p4 s- L
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \4 l8 b8 j# \% X" @0 v) \0 C
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \0 R+ w0 k, Z5 a4 @5 O
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
# L! s& d, I# [! o3 W9 _2 V1 N( k# v+ v- O( u' u2 @6 h/ g4 L% `% o
.....0 w" U( G1 t' r$ e, j
[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
7 M! L( t8 r8 D& d# S/ e[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]5 G' X7 A% u5 g5 f
2 \* w: Y2 O/ m; t" ~+ NThis node has joined the cluster and a new control plane instance was created:
+ I& U' d4 r9 l1 d
) N1 o( a- L( z7 F2 o* Certificate signing request was sent to apiserver and approval was received.
0 u' E! e6 i5 U- H( |* The Kubelet was informed of the new secure connection details.8 C3 |1 q0 W, q# l+ }, N7 U/ ]' M
* Control plane (master) label and taint were applied to the new node.- G4 L% M) h3 p3 H: Q, j) X
* The Kubernetes control plane instances scaled up.. m# k6 Y( Y+ U' B. c
* A new etcd member was added to the local/stacked etcd cluster.4 K4 ~* K5 ~$ Z/ G
! U9 R: s( G& `4 H" k" s. WTo start administering your cluster from this node, you need to run the following as a regular user:7 O/ T, e" ?! W. x+ N6 U: W
6 c( G" w2 O; {: L y |
mkdir -p $HOME/.kube
6 P d0 S9 G1 P0 o2 v, ` sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
, y& ` ^8 S5 } W# b4 @1 t0 i4 o, U sudo chown $(id -u):$(id -g) $HOME/.kube/config' G$ E% p" e$ o; J3 F
# H4 D; i- z/ @7 xRun 'kubectl get nodes' to see this node join the cluster.
5 L8 Y0 F$ D5 R, N
) j4 m, c$ g; q! T( N* Y% G1
6 {( a. A1 u5 w$ b) \% ]2
5 x0 u; g: M- v3 G U+ a3
) B' E. w9 I; p. j0 W6 m( t4$ J' X2 T7 j( t. I+ `5 E' ]! {( n
5
- x" B+ r' l- r% ~4 _6 w6 E o+ W66 b5 G7 H4 _/ d
7
+ K) ?: x& j1 U; j y4 ~+ ^8
) H/ w' K! N6 s9* Z3 N0 i. x' i
10
4 l9 i* N. L+ `% P9 j0 a( D11
; M! g" Z9 Q% E2 U12) y O, ]( k- W2 ~. V
13
" D7 e; X$ E$ ~$ i; |- M$ T14
+ V4 M0 e: L- _: K5 L6 P* a9 ^: \! F15
! q, o0 o4 t! W7 O+ A5 K16
' K2 o* \7 M0 H6 |17
( G; @4 D" U6 ^2 E$ p180 M5 [3 c2 q M' d! L' c
19
) a2 d5 p0 ?. T: P$ T/ A20
) N9 c4 P0 B) h8 K21$ W+ x6 V( S; w
22% j( ^# V* E( l* m4 O: i" F5 I
236 `, c2 f6 a' b5 K
按照上述日志,执行配置命令:) y! Z8 Q" q3 @9 o. j
4 x! }" P4 M' o ^( @# T7 rroot@server1:/home/eric# su eric4 R4 N4 R" C3 o, `( q6 z- S
eric@server1:~$ mkdir -p $HOME/.kube0 V; x$ C: j; H5 U
eric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
! \ g# ~+ K# ~# B% E[sudo] password for eric:) o* ~. T3 O& r$ j
eric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config' y! @+ @6 `' w
1
7 v! ^: y, W' v: U6 a2
. A; }* G& z4 h {0 f' h& Q- b$ F3
* f9 }6 {+ X0 g% a& {8 ^& J42 L9 z. n- I7 Q& ?2 X. o' n
53 s6 T4 B, m# r' l0 u! e- K
加入node节点" p8 c/ U2 [7 u
三个从节点分别执行以下命令,加入集群
8 V7 \& i+ Y7 f1 p初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。' Q3 j: g! Y- e+ ^
: C1 h& |/ D7 w( f5 `' \) E O1 H% {3 e) q
root@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
" ?! d8 N6 j O# D2 o> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d0517 U! m7 I) P$ O ` f
[preflight] Running pre-flight checks ]- O; H; X' t9 b5 i7 N+ ~
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/. b$ y7 n( J% I8 A- s f& h8 q, I
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09+ v6 y* ^( h3 `: P" y C8 q m8 Z
[preflight] Reading configuration from the cluster...
, I( _. ]2 W- v9 l/ D/ T[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'' A8 Q; j- t( [$ P9 K# u8 ^
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace7 D! ?$ v4 U% Q0 I5 L* W0 y
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
; v6 ~ q( W/ x: A/ w[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env". n/ ?7 t7 V q
[kubelet-start] Activating the kubelet service) h7 H2 R( F, T
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...5 C2 ^# L6 R' X
! j9 c4 e$ f1 q }0 |& D$ `9 ZThis node has joined the cluster:& D% Z2 A" q! r8 l
* Certificate signing request was sent to apiserver and a response was received.
+ [1 ?5 X1 O" B. }1 H* The Kubelet was informed of the new secure connection details.7 V3 H" i$ ?2 m5 M
. P& U2 a3 X4 X6 b C; L
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
% N3 ^5 V. ]3 c. p
# U r+ M6 O. ]; j S+ \1 I* `' f0 }0 | K. ^ c1 W5 h
2+ O1 p% y% _5 ^) J1 @1 b
3& J, d' |2 U% s
4$ c3 h5 c1 p- G3 e' H! R" ^6 D
5
) Q* r1 r. f% C" Q- I6( f1 v8 B8 ~6 h1 q5 L, A6 X
7) o- ~+ N+ ?1 [0 e2 c
8
g) a$ X& P# P4 t' c9
( D, _/ y, G! v0 n+ l; |7 Y* T108 f3 B: T2 A e6 b
11
/ q7 {* u6 l/ ~% _# C/ u1 n; P12 n" }9 j) A* [" L$ d- M( A" I
134 O3 U% ^+ B5 V# z
14% x* s( m7 N7 W- U1 [
15
4 H2 G* \" \6 N- T* O5 c; S8 I16
* d) h% n" s1 d9 i; T17' S. R, C; Z& b
18
* g: S) H) f% `5 B9 Y( S验证集群状态
- ]3 ?5 m; ]0 V1 Bmaster节点执行如下命令验证集群状态+ y( l6 Z/ v: g* t. q
! {. R N2 y, {$ E; D7 a" W) Weric@server1:~$ kubectl get nodes --查看节点' ]% u- H) W! [& h6 }" e5 X: u
NAME STATUS ROLES AGE VERSION" ~. o0 X& B: Q& k# |( ]! ]
server1 Ready master 7m35s v1.14.106 E5 H) V5 h) ?8 M/ Z$ `9 D3 b% E( G
server2 Ready master 7m22s v1.14.10
G+ K! I% o. U# @, a; Zserver3 Ready master 85m v1.14.10* e7 d$ C G# I4 h2 t! A5 v* W
server4 NotReady <none> 43s v1.14.102 Z$ X& E; r) _' m
server5 NotReady <none> 42s v1.14.103 `% |& p) G+ _2 `8 k
server6 NotReady <none> 41s v1.14.106 Q" H: u( s3 s- V6 s, r$ v% M
eric@server1:~$ kubectl get nodes -o wide --查看节点/ Y6 ?" q. k3 n/ A- l
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME4 Q; s0 S7 ~1 Q4 r" s4 I) U
server1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.80 a" z( p) W7 n9 ^- r' J" d. }( D
server2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.81 a& I1 f; r4 t% V: m+ ~" f1 ^
server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
3 u( I. {* e! R& ?- ~8 _server4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
3 @( {) l6 h) ^$ m7 Eserver5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
: [2 J3 [3 ^3 Nserver6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
- V1 X7 i k, N" b+ Seric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod. K4 E6 n+ n( I5 m
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES8 @/ E" F- V* g
calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>( x1 C) j: x. e
calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>
0 ?. `- B- q; @calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>1 _" J# i6 ^6 t2 u; b) q7 l& ^, `
calico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>
1 b/ i, ]4 B$ R2 W: Wcalico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>
0 T# }% \: [8 ocalico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
- q+ C9 X9 n8 q4 t4 [calico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>1 M7 O/ E5 F% H2 H3 q! p
coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>
; ?% x5 s- M2 F" v; Dcoredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>
+ v R. G& c6 netcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>( g4 p# A; l" a
etcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>
, X2 _7 s- m3 H" getcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
" x, m1 S( g( K$ I4 t9 r! ckube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>0 S) |3 r" b4 u7 m* g! x
kube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
9 x3 {& U; P5 Kkube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
2 Y5 Z5 B! v+ q E& F$ J+ G6 Nkube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>: y7 y |! N( Y% {
kube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>: u* e: X: P. [2 E2 \0 f1 {
kube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
+ i- w" X6 k" x8 Gkube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>7 U5 \% j+ i8 C0 G8 f8 p
kube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>9 |4 ?" Q2 Q- m
kube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>2 |5 N4 X# |7 c8 I$ t5 S: R( l# `5 p
kube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none># i6 v$ j: ~, R; g% X
kube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
7 @$ s, M) j+ j* t1 ^+ hkube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>/ x+ T0 n# }7 o3 ~( B
kube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>. G9 W2 Z& ^5 w/ d) f6 V
kube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>5 v! {9 W% a- S/ V+ ]: \( d
kube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>9 C, n1 b; D. S7 J7 v9 u
eric@server1:~$ kubectl -n kube-system get svc --查看服务; a( C' G' }$ M6 R
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
" O6 A9 [# d; @; U+ N1 }kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m
. q; X" _# m* O- |* \; z7 c1 k) K. j. S- X3 y
eric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态" X; n6 s9 M2 T' q' a
> --endpoints=https://192.168.141.150:2379 \5 `6 e1 _5 j o& A
> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \
' E$ S+ n2 O( t. F% Z8 R# H& f4 A6 i$ D> --cert-file=/etc/kubernetes/pki/etcd/server.crt \$ n4 d2 \4 z$ Y E) B% r; |9 L
> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health$ ^% ^* ]% h" d$ h
Error from server (NotFound): pods "etcd-kubernetes-master-01" not found5 n. o5 `, y" J3 m L! Q8 _4 ~" ?
eric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
9 n+ P$ ~2 Z9 b( I9 g# W9 ~member 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:2379" L8 L7 b% G- r) K4 f
member 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:2379* l5 \ r4 r8 a
member 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:2379
4 P8 Z9 H. p8 \7 T1 lcluster is healthy5 x! l2 U! `/ K0 C+ I- X
' J7 ?% J: E/ m, a2 B1
. R0 Y, p: g; L0 h( {2
d2 q# S( W1 B, R @, H39 g$ J9 r- N7 C( p: e, U g
4
* f: n8 d" S0 z! Q; |# Z# U* o53 Z* k7 W+ r* z: t* N* r
6# w8 I: G8 w% T- Z+ E) E
7
+ N4 n4 q- t* T- X. Z) r/ u: F1 d86 D4 s' M' F0 }8 Q7 V1 B
9
8 @4 O+ q6 G+ H/ D( N" z- f N9 u102 J0 k9 r* o; b# N4 f
11
5 w; K3 w% K. \' r. d7 Q12
2 W3 L0 n! G4 I. z" h+ D0 _13
/ g% n2 L9 v; b7 s, c14 u% T, x6 ?8 p: d# k3 F' ^
15
+ J9 Y, `; F% j9 n: Q2 t16
' B$ S" v9 X6 j1 r2 S' d) q17& F+ H/ U9 r; d6 v% e/ k
18; g' u1 }% q; _: y% z
19" T. p$ e& e4 g% j3 w. }0 g, x6 [
20
4 v# a# S2 O6 X6 }' g1 h21" V% ~1 n# ]8 s* W- d8 w
22/ J+ D$ R$ l7 T9 H: M9 M
23
! k7 c. d0 G, l+ m; w# ?24
. y( w* m! K* p* n* V25
( A, `# i6 c5 v# A0 E. a5 R26, r: o% u/ T3 N1 Y6 Z- D( m
27
+ r V- R$ A W# Y28
; j7 K7 H, x1 b) @, H! ?/ Q4 _29
: ~! N- }- v( |* a0 ?303 O3 b% e, J9 T4 ]/ A
31
$ N0 x& P1 c2 x32
8 i' [6 N. m/ c) A2 w2 c) x33
; b [( `& t5 s, O: ]34" S1 D( M) I2 W9 h8 G
35; |. _* |" _% i
36( H8 p: o H( C5 X
37! Y' w8 b9 b. i- F3 D6 @/ n7 U
38
( ^2 I( Q+ S: T( i5 b39. N6 _- _+ V' `( Y( \ Y- i7 _
40& d) t8 _% U" N( ^( f
41. [3 R5 [; x$ b5 ^5 W5 J
42 O! `; u, O* l S1 j. S
43
! V$ B& ~3 N/ b. [- F( T( D: V447 l" [3 p" c0 s- N+ z" k: G
45! x: f5 i0 G0 p! ?# z
46
9 F) l9 y2 N! p47, p$ E9 E. F7 F
48
`( Z0 u+ i p, A" W. t' C496 s% @$ K* r$ J
50
1 ~6 H l. A3 O1 h1 K2 {* y' t51
* I' L1 m5 ?# M- v8 r" ]52' O$ g4 s& M z" D4 _
53
( w4 s* E0 [( y. U; i9 Z54
i) X X$ c' b' i- ?! \' @4 i55% v9 E6 i5 n- z% y+ j
56% U! D; N5 Z, \" B3 [9 q
57# [( |: c0 D' `9 \% p. T
589 G0 l& U6 U/ ^$ n: Q1 l
59
1 k L0 G( l+ J8 |+ P60
' L& x: G0 y+ E1 N% u- q& c: H验证高可用4 e, g: K' h, L
Keepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题
3 z9 z( R. o% e7 t. U开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机,
, g8 H) A# j" K* A, }- o/ r/ b* S3 C H; T3 n
shutdown -h now --关机7 |/ N Z5 R6 [8 I) f y1 H5 V+ f" [
1
& @4 X U9 F+ [" ]通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点' T9 w1 Z0 }- W; f( f7 h
8 s: m; c8 c1 m8 v
eric@server2:~$ ip a|grep ens8 j8 \. L/ m; @4 D& V6 W
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 10003 r: L/ ?1 H+ m2 O- U. R$ x8 ]
inet 192.168.90.32/24 brd 192.168.90.255 scope global ens33' K8 B5 i( T8 w
inet 192.168.90.100/24 scope global secondary ens33
^- p; Z, E' e9 c' i1
9 }# z7 ]- W5 b4 A2
& c, Z2 n% u+ s7 L3! B# S) T1 }+ X( K
48 Q5 e0 _0 `4 Y9 Z% \# s3 D
这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:1 n3 X- n7 ]( W/ u) {: J" a
* p3 y7 U5 F! V4 b- x! D/ K: R: \eric@server1:~$ kubectl get nodes -o wide
7 `; _5 Z% j3 v, L3 x8 ]NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
, f- E) ~, p" }0 r# W0 E Kserver1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
$ M Z0 N5 A# k% D, \! Vserver2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8 m, q. s1 Z+ y: N% d
server3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
4 _6 h3 Z, P- u3 L) b9 g! ~2 tserver4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8. i1 _4 c# y$ M4 q
server5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
% h* P6 }, t: {1 H+ Oserver6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8$ i% _! K+ X$ W1 W$ j: ~3 t% v3 T
1- O0 o+ @, A* i" U
2
( G" ?6 _: u3 u* C. w" G+ z) M3' g2 z7 S: l! g2 Q3 N, t! ?8 c
4 N& o* j0 G: |: {1 b0 a
56 j! f8 Z7 W0 O1 B, O1 C' g
6' i+ l6 w0 w5 K8 B$ S% h
78 t0 _' H2 f% F7 h
8) c" i3 B) D- d& C$ D
配置运行nginx容器
?6 g9 i" y& j6 g- S部署deployment
+ G; ?0 w) l0 \6 T& Y/ P创建 配置文件nginx-deployment.yaml如下:% P5 _9 \; K/ U( b
. |" m1 ]- P4 ]! D# m3 j) k
eric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml K6 j8 [1 H/ O7 W: Y. Z
# API 版本号
, o- }! l# R( U, G$ q4 n1 T ?0 hapiVersion: extensions/v1beta1; {- X) p2 C! N/ _6 [
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress$ A$ V( V9 C+ r; J X' D
kind: Deployment
. {; K( N. P/ Y# E4 v6 f4 B# 元数据6 ] g6 e& p$ C1 X0 b
metadata:
' o4 F; q. N/ D" O @ # Kind 的名称
6 y" L' f4 _; ^) G5 z name: nginx-app3 {8 L" V6 T8 A8 B# n ^- F) Z
spec:
3 r4 u. B7 A: `8 e # 部署的实例数量. i! l( h) n4 R! a% Y" W* t2 x
replicas: 2
9 x$ I7 ~" J7 _( C- I template:
/ t' \+ y a- r" ] metadata:
) v6 G" y: j* D5 |) k. w labels:
- ^" q5 I' [' S' ? # 容器标签的名字,发布 Service 时,selector 需要和这里对应5 S$ s; `3 Z3 e, _/ B# P7 [- F2 u
name: nginx# k4 i( q1 Z4 Y7 V/ T3 Z5 U
spec:
3 c0 t/ I$ V! @8 K! V' ~' I # 配置容器,数组类型,说明可以配置多个容器" i/ M' E; K& c$ r+ B% j- w
containers:! {- N4 Y4 E2 R
# 容器名称 @; `* v- w, o4 P( F
- name: nginx
& M }5 c2 e% ^$ F2 ?$ H4 h# E # 容器镜像+ v1 w" l8 t$ k3 l" M3 N
image: nginx
5 Y# H, c8 u0 i; c3 | # 暴露端口
# T: I3 m6 {/ q( `) g7 \; n! H ports:
3 [, b- h5 { l0 ~$ L9 g0 L% E% o # Pod 端口
% l @! X( r( C# n6 r$ } - containerPort: 80/ L: p2 `7 l' y
# h8 ^8 c& n3 y0 S' a
1
) ^3 ^4 r4 `7 V$ o27 c: ~8 H% q7 \: z; \% |
38 R1 q! Q; y8 f3 o; g
4+ E J9 k8 o5 |; g* S# C W3 e# B1 V% o
53 L- y I' e0 P! x! A$ y
6+ D2 U! V4 m0 s6 J" P
7
Z v% }6 t$ _& N1 n8
! }) ~1 M# E" Q; c8 X2 u9/ }; Q" G/ e- S( c% p1 q- p4 z3 }
104 ^& C9 ~' U [0 @
11 m% z& m7 D) |
12
A( h- l7 O: m3 o+ u% P13
]1 f5 Y' l0 U14$ ?1 c: L4 ^* Y- k1 q" U
157 r! ?7 M2 t/ c: h4 w
16' H `) c, P/ B8 l0 [8 r
17; \ s) }3 C+ N2 B2 Y
187 t0 g8 @: i! ] ]
19
3 E* x( c, T6 }+ D9 b3 E20
" R, q/ Z1 v, X) j+ o! M21
3 O% x/ q' c" }5 k! `3 F% G7 i- q22; d( Z' t: x, L7 N4 G. A5 k. z
23. l& W' q2 E0 Q$ ?% |7 Y
24
# r9 @" `9 R9 `9 M0 K6 x+ n25% y1 |* n& \7 b4 J7 h6 }
26
. `- X1 d) E) l' x0 s" t) }27
8 i, Q. W) P9 U: P3 Y8 l2 n) y28! u( m$ b+ n6 e0 r
添加部署
/ `' J/ T$ z: T. T, C9 }7 a
4 k8 Y& g& P. M/ r7 S+ v- [) \eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml 2 g% y1 R+ @- e# ]1 @: r/ @) {
deployment.extensions/nginx-app created' d' @5 ]) n7 w \$ {
1% Q5 Y' z) w9 B1 v8 w$ b( E
2* X' [8 x& B, m, N
删除部署命令
( d/ y( B' N; y" k
2 w8 Z: i1 B& X! R& h$ v/ nkubectl delete -f nginx-deployment.yml) B* E( } P) t6 I& s5 O
1' V1 N5 l0 S$ ]
发布service" C, F6 D7 u0 n' T
nginx-service.yml配置文件如下:
, p8 G& B4 s6 @* n! U3 S$ B: J7 Z* O c( {
# API 版本号* o6 y- L' S# V6 J0 j
apiVersion: v1
5 {7 ]1 g* W* C1 ?# R. O* K# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
2 R8 E4 ]; e3 Q% r! i1 Y- O5 Ykind: Service3 k2 O9 a9 g2 r) B
# 元数据$ j8 ^ ]- G# ~- O, S
metadata:. a2 T0 z* X% g8 x2 \* d e
# Kind 的名称
+ S, H, f* d; e5 |' h5 D( ~" i name: nginx-http
: t# L0 l) `+ x7 rspec:( {" u# ~! I9 W& c% U7 m
# 暴露端口4 M/ G: R# ~1 o, R% r* \! _
ports:
W- b# U$ l( O3 u* e2 D6 m2 A) g ## Service 暴露的端口9 x% N. b5 k3 _
- port: 80: z5 e4 {5 n. o) ^; r4 R }' J
## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上
( `4 l+ K* V- O( I/ p* m targetPort: 80
) p9 ^) ~0 I0 Z+ c # 类型
. d- t9 N, B, x) ~: e; U type: LoadBalancer
7 M1 _! k/ O* G) i7 G # 标签选择器" c# x1 R; Q/ i! v( e. j# f/ D
selector:
: i/ p8 I1 ]) G; ?) D6 O # 需要和上面部署的 Deployment 标签名对应9 }. C. i! k) Q' p3 p# H3 X1 N- c
name: nginx" X8 g5 o- M; X \
! P# E: _3 V0 x$ A
1
; h" U& Z/ h3 s- }+ `, o& I7 R2
2 ~( }" N: ~$ |- s8 ^" x3
3 I" b! P& N% o+ {4 F: x0 `4
# a: |( f/ m7 O. T+ h5
2 D1 L3 G5 W K6: c* m4 V- N2 s2 t% V; ~
79 k2 W# x; t7 B0 `
81 l" V8 i1 N. J! l1 ^
9
- H# W: C- @1 I/ a- @4 y( X/ V10, L5 ~; b# E! q5 T) @7 L
11' N2 j$ J+ ]0 Q- ~2 A+ ~
12. x6 t8 S9 S0 `' q
13
, O4 X; M1 z/ ~, u' ?14+ H9 d; V8 D, s$ i6 }& g
15
3 e/ ~) z$ s; o9 w, }% _5 e164 e2 m6 p0 b# S
17
0 V+ W, O( @$ x9 w187 b) c/ q" e( v& @
19) y8 d# K' E3 I% ?( Z* |
20
4 A- i" r$ O' S1 V1 K; F21 g" f6 }- ]6 a, {1 d5 F
eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml
4 `) l3 P& P: r M' f7 t: |1
h! q2 _0 U# h/ q' Q! O. z" U也可以deployment 和service一起部署7 O+ u0 }/ w( C* q) T, S' X7 y: ]
配置文件合并在一起 内容使用 — 分割即可
0 V; y; E) A+ ~( }) s3 h) z" J0 [& ?0 ?
查看验证7 S$ F) G4 Y3 a% e5 U. N T
# x3 e7 I2 M6 ? C' k; m4 O
eric@server3:/usr/local/kubernetes/cluster$ kubectl get pods
2 r5 o3 {+ T& c v. c; pNAME READY STATUS RESTARTS AGE. [! S: B4 y9 u/ c
nginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s
* `( D d$ e1 V$ Y$ j# I' y. wnginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s9 {4 N0 ]7 A( e6 U* M) @' {
eric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment M4 x. ^( E3 f/ v; [# `6 v
NAME READY UP-TO-DATE AVAILABLE AGE
2 I! q! G8 D4 o, v* z& X5 `nginx-app 2/2 2 2 4m27s6 G) p) w* H/ P$ f/ m6 s
eric@server3:/usr/local/kubernetes/cluster$ kubectl get service/ Q( K3 j( D8 ]0 H9 A4 Z
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
! t) ^* u: q, @kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h
! H& ^- ?3 H7 i$ z' m9 {, d- K- ]nginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s
% X: N' W# Y0 p6 D8 }! Xeric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
4 l2 c; z6 D& Z9 E3 E9 r2 P) fName: nginx-http
. i0 g0 N- [) j5 A6 gNamespace: default
1 p9 \% ~& ^, H s) E4 lLabels: <none> g. `# O% j' b5 I- d/ a& q w
Annotations: <none>: U: n) B" l6 {; w0 j( ]
Selector: name=nginx; L- v4 @7 U; T6 D
Type: LoadBalancer# e, @: C0 Y+ p2 q, F, q7 _1 m! n% A
IP: 10.99.153.51, ~! C7 w# U0 j1 N: A' j* Y0 }
Port: <unset> 80/TCP3 A- e9 }5 s4 j/ r# B
TargetPort: 80/TCP ~$ v+ I" h% f! E8 C& X4 o! |% V
NodePort: <unset> 31467/TCP. {2 R8 h: u/ j! I
Endpoints: 192.168.205.67:80,192.168.22.3:80
X" R4 I6 W% v5 H! v$ K. sSession Affinity: None- _5 p6 Q B2 c: S. P( Z
External Traffic Policy: Cluster
# g! y: s3 I9 T3 gEvents: <none>
' \% q9 s. B) f0 @$ f, u' q5 S9 e! H) g9 [1
( A6 ?, o1 }3 e/ M, F' l2
6 _9 m& Z- d( _31 G" X5 x( U Y$ |& j8 Y, d
46 w- N+ D# J u# S0 A
5
4 l5 ?, B- Y$ ^& ?6/ [) a$ D3 V; P) s1 r
7
3 O# l& G0 G- a+ \0 ^ y+ o8
6 i; |3 _6 L- R9# m& W: i+ \9 Z2 P
10
% {4 R# ~. P0 g' ^- @) c11) ?, T- z. F6 t
123 `# {3 m8 D1 k& _, G1 G
13
. _0 P# `; o4 h2 U N! f/ J148 F. |2 m& i7 z
15
, ~+ k4 {( X/ r5 O. P16. _3 r, R4 E& f+ v- \1 p* ?, x# u' g
171 i2 Q \# ^3 l- `
18
) j8 g- _7 G; J; @19- b9 \. @* l9 f
20
# v6 E' K( w2 b+ s" U21# G' R/ n3 G% a# M H* R
22# }( P3 o0 z" s( X0 q
232 S. e8 o( M% z* ?, |2 z. e$ b
24
( A4 E9 c8 @0 n( k: M1 b" X25
) ~' n; K& C. n" G26
& k$ M/ |. t( x0 [7 L( ?4 }访问192.168.90.31/32/33:31467 可以访问到nginx页面8 T$ i5 u* Y4 G; h% M
|
|
发表于 2024-9-19 15:07:15