- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备
7 e4 K( `7 Y1 y# b; K5 I服务器规划
( u, W' D# t- L( r服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04
( e& U+ M& f6 l% N192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主) L6 X( S$ w4 {' i; X8 u. p
192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备( U5 B) u/ W1 X% q2 Q: A
192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备
* e+ T! R; i% m- I5 \ ]192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave% _! g% S! `7 h; w1 } U' d
192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave3 R/ i# v( v* E* N, i3 K0 H5 O
192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave
m6 D/ g0 J: A! ?9 z7 p/ U6 z7 [9 F/ _6 q
三台master节点通过 vip 192.168.90.100 代理访问
- A u) y4 `! A* U2 h& L
: X# n8 S; \, @0 e* \6 Y( ^9 `9 q环境准备
1 `( u# P4 E, ~; Z! b1 w按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:1 y& ~0 p; v1 c( |3 Q
同步时间
z$ m7 K( X/ M设置时区选择亚洲上海( S+ l) k; [& {+ y5 ?+ B
2 ^! T: z# H+ {) J" eeric@server1:~$ sudo dpkg-reconfigure tzdata- k( |# i7 @- k0 K: p
[sudo] password for eric: \ c% Y. b v! V8 x; V$ W
, K) H2 S0 A# n) t
Current default time zone: 'Asia/Shanghai'" R1 G3 c5 `1 ]' H
Local time is now: Mon Aug 9 23:05:09 CST 2021.
+ j4 U. i, x. ]$ TUniversal Time is now: Mon Aug 9 15:05:09 UTC 2021.
# `5 e# S6 y5 o) y3 b1
1 Q# ]4 y! n/ u+ p* {; B: E6 F2
) k: l7 H }% b( P/ i( Q3
- ]6 C3 @+ l7 r' O/ W- j" M4
8 p6 ~4 Q. b8 A% `3 k7 W5& C( I. K; V z$ r. W- L, _9 T
67 c) {5 y* v1 V. D9 t* B" W' S
eric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate
6 r5 S6 O8 }. r% A8 X# Q6 y! N) S6 f, RReading package lists... Done% M/ T; f5 S' d$ Q
......5 W( J! c5 l, `& c% j8 y
eric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器)
. T8 z: Z) M8 c$ r p2 l2 p1 j' | 9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec6 z U4 E# U+ F: r' U- e! g3 m
eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间
+ }# X. P4 m4 ~' Q9 q4 S; ?eric@server1:~$ date --查看确认时间/ S. o9 t2 _% K4 a/ Z' H" G# l
Mon Aug 9 23:06:49 CST 2021
/ g w" P8 `; l) I1
) I' @# s$ P# k* \$ g% V2) b$ f9 M% X* @- Y/ H- ]
37 n4 x# |+ j3 E6 t5 F/ i
4 e8 ^7 E/ l* f: h5 U
5 ^ r8 h# i$ r, H0 `- W6 ~/ O8 f
68 O6 H" V& b) l7 @2 `
7
' f. Z# C% { J* A80 o7 l0 y3 J& k3 f7 o# P' F' m
配置IPVS. n1 J% ?. w" m5 {5 p
X1 l/ V& v/ d0 \9 T+ R4 K$ Y. N, c
eric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具" Q! a) j( b& k# D6 P- j/ |8 @# W) U
Reading package lists... Done2 z$ p/ c: m' A/ x- ]6 E! f6 B
......3 C6 L* P7 C& n. W5 p
eric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块' T: a( G/ o! w0 E& N: Z% a
eric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存6 C" q$ M: F9 G
modprobe -- ip_vs3 g, ~! s; U1 {
modprobe -- ip_vs_rr
f8 |8 `' H+ b9 dmodprobe -- ip_vs_wrr
+ w/ Q- s; m# K2 G$ \: c/ K& Jmodprobe -- ip_vs_sh
& Z) a0 ]! e7 k# L* @: rmodprobe -- nf_conntrack_ipv4& t+ R7 j. N q1 j. V8 j R/ o
: R+ U/ l- A+ f' u4 h9 s
---切换root用户执行脚本否则报错4 P2 a% ^% ^5 g! ~( g( g5 z
root@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
+ M+ \; e! l8 U, J# f* Aip_vs_sh 16384 0
) E7 b9 C8 m# V3 K+ m, e8 U! Hip_vs_wrr 16384 0
- K2 g- t% Y. P) Bip_vs_rr 16384 02 Q; e/ m, H4 I) e/ ?- M
ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
% `$ A0 z9 q- }! M" Znf_defrag_ipv6 20480 1 ip_vs
" {% H# w; G6 \% [+ R3 f- ~nf_conntrack_ipv4 16384 4
! \5 n8 F0 {5 u! z% m$ y/ e$ Nnf_defrag_ipv4 16384 1 nf_conntrack_ipv4
0 J }/ r% l7 }+ M) N! O$ ~& o9 unf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs
8 \( J: W7 |. H! R: o# alibcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs4
# ~4 n9 c, f& I! [; [4 r3 m7 I$ l$ v. m5 Q9 g
0 { D) [0 q. r4 T7 C g
1" o( H# F# N$ O6 P* @
2
& U3 D3 |# D$ c; M3
, s/ _# A( w$ n: S9 t: q& b4
* x( Q, I! H3 |0 I5
6 E0 `' Q# |: I9 P6
, v! E7 z* U/ C# J, T! c7
8 U" X5 w3 b8 a+ F9 h7 N8- ], F0 Q2 ]* C* Z( m+ U
9
3 R# V" \ _( K/ p10
: V" X( _$ W) C( b% b8 M11
# Q q/ k& p& L0 A% u- }8 K) y12
4 T/ l& c7 {7 b, S) _2 n13
# S) D7 a& R) [7 m8 H# X3 s0 n8 \( ]14
8 z1 i D" J5 Y15
+ D; c2 b; x8 @7 F/ p16
6 u! y9 `8 w2 b* U2 i17% r8 F2 ? _2 i: B) X
186 c- |8 N% A! c% D# n8 K9 P3 C$ l
19: p e- j4 ~* h9 l" C/ I
20 g/ g( \: z) h( J8 m1 N
21
# ]$ l5 q) h+ n4 d5 p22) G! e/ ^9 a. Y6 X
23& z3 g9 Z3 z( G/ n2 l u! Q
配置内核参数
) w5 y: k* {( H9 ?; d D
7 r; o8 G0 A+ {" j6 a nroot@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数
) M2 E/ w% J$ ]/ P( \net.bridge.bridge-nf-call-ip6tables = 12 I: Z! S9 h( ]* p) y& }0 x' e
net.bridge.bridge-nf-call-iptables = 1
8 c* \8 m/ D0 }% M1 |net.ipv4.ip_nonlocal_bind = 10 Q. x' O5 B1 C9 \' i4 d( v
net.ipv4.ip_forward = 16 p! {. u) |* B. Z; _
vm.swappiness=00 p, |1 [! o' l( i# m& s* ]0 a+ h( K
root@server1:/home/eric# sysctl --system ---应用参数- N* P2 H) q) ?$ X' O5 L |
* Applying /etc/sysctl.d/10-console-messages.conf ...) A8 Y6 n0 z, G: [$ Q
kernel.printk = 4 4 1 7
6 L {" A! R4 ]+ _$ S* }* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
7 d) p, \4 o4 J% N onet.ipv6.conf.all.use_tempaddr = 2
% X' q! I; d6 `1 K5 x* K6 Onet.ipv6.conf.default.use_tempaddr = 2
9 H& F+ q3 S) S2 [/ T& w6 f1 d* Applying /etc/sysctl.d/10-kernel-hardening.conf ...- \5 U% a' k5 A3 u2 \& D
......
5 U3 X- _! W A% \& g# `* Applying /etc/sysctl.d/k8s.conf ... --生效8 b. q. ]# E$ |3 `
net.bridge.bridge-nf-call-ip6tables = 1* a; ~; r1 c o( f+ @
net.bridge.bridge-nf-call-iptables = 1# d& R& B- g1 A% s/ x
net.ipv4.ip_nonlocal_bind = 1
6 {& `" L& e" Xnet.ipv4.ip_forward = 1
' [) o K6 t9 P+ S0 h A4 Lvm.swappiness = 08 L% w- u/ Z, b: `3 H! D5 R8 H/ A
8 K5 e( X" X! `8 v ^9 m
1" b+ g. X/ E; W
2
" z! P, p) K. J; }, S. W3
9 F9 }$ t) q$ T: H" p- j4+ P% M" D# [" R4 z# j7 X$ a
51 m+ P/ o, B. H/ ]7 j6 U, s) u( N' @+ D
6
; v' ]( V) B. y* `78 \1 T) I% g' K5 H! [ Q& r: [, J g
8( w6 }0 C, P N1 E! k! G
9
) \4 X( \# }* |- r* |9 g0 i7 V109 I2 q& R; U5 M& i2 S5 Y7 a
11
! }. e% K9 N4 O* V! F12# L, C; H% Y( U3 F+ V! z! |5 u; }) N7 H* o
135 {, r+ w( a7 x; {; H, \
14
: ~$ Y3 H" Z+ a% J ^" J15
- R& {% L/ m5 _+ j1 T16" e' f, c% T e
17( \. U( h/ }! k. ~4 T0 u; m
18& G1 e, ~* ~9 N) h" h/ F
19
" i- \+ p9 }8 Z) U' C6 v w: O! b20! I* N" ?* X4 q+ J6 G6 t( ]! f2 a
修改 cloud.cfg& Y2 {( L4 E6 A% A; q3 K; a
' N/ @2 _3 ~4 f- P2 x* [! E% Uvi /etc/cloud/cloud.cfg
, }, ]3 w, D& k2 Y/ e# 该配置默认为 false,修改为 true 即可
" d, C1 Y, _5 J& {. Q6 Jpreserve_hostname: true# V8 x* b3 R4 U% Y u$ P
1
j7 r* _/ O' [# |) Y7 F, C5 m2
$ ?+ E& I4 f/ J( O. W/ b( o37 j$ R" e, B# k( T# q4 f; Z$ x
克隆虚拟机并分别配置ip和主机名; b/ K7 |' y0 ^( `
" ]% ]$ E% s! a; U
hostnamectl set-hostname server1 --配置主机名命令, k+ W/ R" V7 M/ n, Y0 C& b
1+ y! i5 c% R# \7 U
ip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效 U; |* _5 k: M( O/ G& X: s( \0 W( t
( |2 n* e# h3 {% v+ U# i) keric@server1:~$ cat /etc/netplan/00-installer-config.yaml
% G% _8 T/ H. j* H8 A" Y# This is the network config written by 'subiquity'8 J, p* g7 s; q$ K8 B# l- h
network:' W6 t+ ^1 }) h8 d0 D
ethernets:* @: } e6 k: O7 k0 J! n
ens33:
. ^/ o# m% W$ R1 [: H dhcp4: false, ?( Q4 e4 J1 @2 g
addresses: [192.168.90.32/24]1 S* Q* d$ n3 }0 J8 ^
gateway4: 192.168.90.1; g3 ?8 u. t% x! `' D: z' ~
nameservers:
C$ d, A! v, ~% z D, v- ?$ ^7 ? addresses: [8.8.8.8]
) E# Q' A4 {* `+ P% A version: 2# y) [. _# }0 z) l
1& f# y7 k8 v- U/ t* I4 n" B
2: @2 j$ |1 ~1 Q2 V4 }" y" U4 X
3. q. s4 m7 E/ ^! b! | O8 `3 g. L8 r
4
) }: U# B0 E# v$ ~5
8 \' c$ i x U( D) c [: U65 u; C/ K) s; X9 P2 u4 S
71 x, S2 b% i5 w3 s5 Z
8* ^6 J* W% t0 y% [
9
: D8 J% ]$ y! z2 P9 d10
9 C l# u. Q# p$ H: r9 I0 V- F& u11* F$ W( O* X0 C5 Z1 Z& q \
高可用原理
, |- p$ t9 G+ S/ I7 cKubernetes Master 节点运行组件如下:9 I& d/ Q6 Q6 `
kube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制7 C# X9 ?8 e p: a, U S8 K
kube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上7 \& h, E) L" q
kube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等" I1 v2 D- K( Y$ {. Z
etcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等): e( s/ x# C4 ~
( Q) p; }. Y, q+ t% t% \* U
kube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。% X/ j& h x% j& u+ x8 b
kube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件
+ B9 M! E- S1 R* a; ?: |配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:) `! V/ `, @8 Q! r
Keepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)$ i+ S7 T f/ R/ u2 N
HAProxy 监听 Keepalived VIP* S( K0 p: b; l$ T+ @
运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点
* `# _9 K2 d# v) U+ pKeepalived 是一主多备运行模式,故至少需要两个 LB 节点4 p( E3 b9 R ?+ ]- I0 o2 d
Keepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用
0 u) t5 [" C5 ?& X2 \% k- u8 u, R所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver)
4 w' y$ I2 |# ~* G! L
: u# ^, P4 {% B9 {2 Q0 [" |$ c2 X& ]9 K# T9 A
" e' M/ w. `5 u. d/ Y5 ?2 L- A* a
安装HAProxy和Keepalived
( w7 @1 Z" N. {. a$ QHAproxy启动脚本5 W+ Q- o0 R( B/ U( r0 s
master1节点创建HAproxy启动脚本,并设置执行权限
: Z! u( R& M7 `6 @7 M4 _8 p* y! w+ p3 o6 O& O
sudo mkdir -p /usr/local/kubernetes/lb% N$ R4 y2 T$ y
sudo vi /usr/local/kubernetes/lb/start-haproxy.sh
+ a5 d+ O8 A3 M+ L7 b- H) X! U1 \ c! `
# 输入内容如下
; M) I# Z0 {# n9 I) Y4 |* D, j, v#!/bin/bash' D* `- h# c! I0 |
# 修改为你自己的 Master 地址
: e. m0 B9 b1 C' N. _MasterIP1=192.168.90.31
2 S2 r/ ~ k( z8 P' hMasterIP2=192.168.90.32! a+ o9 F& N8 t/ R8 X
MasterIP3=192.168.90.33/ J- D3 b7 F, ^2 c0 H: b
# 这是 kube-apiserver 默认端口,不用修改6 D/ l, a. L7 K4 h
MasterPort=64430 k3 }5 P. Q/ Z' p2 r G8 }& V) t
" i" c( g: T6 e- O: b* g( V3 j: x4 k# 容器将 HAProxy 的 6444 端口暴露出去
" p; Z0 N* V# q/ ?) C; Udocker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \) l) Y: t8 H2 [, d! z; O/ N# S5 X( d
-e MasterIP1=$MasterIP1 \ `. q& ~6 @8 V% Z* |3 m: J
-e MasterIP2=$MasterIP2 \" a3 W2 o( s9 g( Q8 w1 R
-e MasterIP3=$MasterIP3 \1 R7 y" e' ^- p5 r* F/ Z+ h3 v
-e MasterPort=$MasterPort \# Z) Q6 g- D7 F
wise2c/haproxy-k8s( o9 X6 C q m7 u8 e1 L# X+ Y
( @3 j! L0 `0 c* V" J& a( Q' G9 J2 E# 设置权限
0 b* N- l y( H0 @; K9 Y7 Fsudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh" T; y$ v" ^ ~& Y0 t
2 c/ d: i' M$ H6 z
1
2 @; @) `- _" w# L$ T23 A, s0 i4 P) _, ]$ o- t; h
3
5 D% Q$ D( \9 ?! v+ e/ M" `; ]4
' G% k, w' z: W$ b ~ R+ l5
- ~5 p& a) C9 s5 F% ]4 l2 Q1 y6
0 Q. i8 L1 H4 r$ }( R! T9 m, S75 g/ F; T8 l: |% H' I
87 m3 p! Z1 E4 }. a
9: q% ]* `) I7 F% s/ D# E
10! n. b+ j) p1 U5 j% A
11
" c9 Q4 F3 F' J9 r$ w5 \8 f, J12* V* L# B4 g8 g- \' F+ Y6 p
13. v ~ A+ P1 q, k. M6 R$ T4 p
14
4 T4 C" q# C% J \* \0 x8 |15 z( [" a. T& G3 Z: F) w
16
5 x* f! S) \5 \6 K* Z1 }17
1 C5 L5 o' {; s- r184 j7 w5 i# H9 [, {
19
9 q, o8 I2 [; C20
, E* |: z1 j- `- A' \21- u; I! U4 `$ I: ]* y
22: [" c# S5 d6 g) g% I
Keepalived启动脚本
: y8 U" v0 M, \master01节点增加 keepalived启动脚本,并添加执行权限如下:
1 J. j2 i1 G% N4 D x3 P: X% m
$ s c: j+ J' j/ u1 Dsudo mkdir -p /usr/local/kubernetes/lb( O% y& R9 b0 F/ ^4 q1 N% y
sudo vi /usr/local/kubernetes/lb/start-keepalived.sh$ _) y: E5 L/ H6 y2 s# P- ~6 b6 i: j
# 输入内容如下
, ?1 Z/ e. x$ N5 G! k W#!/bin/bash1 q, P" t J4 b
# 修改为你自己的虚拟 IP 地址
9 r: ~' T! _0 c( l- g1 iVIRTUAL_IP=192.168.90.100
) {, R) c) V, G/ D, B2 ]( v7 E( `# 虚拟网卡设备名
9 @* J! b* v( [: \INTERFACE=ens33
% V! Y( U/ r( D0 l3 v; n# 虚拟网卡的子网掩码+ ?9 f! j$ J, J8 t
NETMASK_BIT=24
9 ]4 R }% w" R+ n% W; t# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口
$ b( w( S: t. c' _# {" L% J+ RCHECK_PORT=6444
$ h7 I; E* P+ f8 N' ~2 K8 F# 路由标识符# T) C* {4 x$ w3 v# ^( B
RID=10' c( o" \/ M+ x( ^
# 虚拟路由标识符
8 C0 C$ ?+ K& MVRID=160
9 K' @4 o; R% d* b) n$ ~ h# IPV4 多播地址,默认 224.0.0.18
. S- Q' z( {& }3 ?: B' wMCAST_GROUP=224.0.0.18
. S. ^/ _, O5 B. Q: {6 ?0 Jdocker run -itd --restart=always --name=Keepalived-K8S \
( A& g- |$ X. R( S --net=host --cap-add=NET_ADMIN \
4 \' R3 |) Q' U5 j -e VIRTUAL_IP=$VIRTUAL_IP \
0 E* ~" v' h1 O/ @9 q -e INTERFACE=$INTERFACE \
; _7 T, F9 T6 X1 m6 h -e CHECK_PORT=$CHECK_PORT \
/ d$ n# S7 _6 G9 |2 O' O -e RID=$RID \5 o' |* G0 X, H" M" K
-e VRID=$VRID \
; j0 x! k g% J6 s# M0 r$ v2 ]7 n0 Q -e NETMASK_BIT=$NETMASK_BIT \! [! N# X. m% O7 V0 M9 Q. v+ n9 i
-e MCAST_GROUP=$MCAST_GROUP \
. W/ O6 N, Y; V wise2c/keepalived-k8s
5 T+ c& _# `+ \- p6 J9 t5 X' ?# 设置权限& B- L% P$ z2 Y
sudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh' S; ^; @/ ]8 C' ^4 e
3 F' I6 Z. y* O7 P A% }1
) b/ z X- U) U7 m; a1 X21 P5 I# R6 w6 y# t; r8 Z, d1 e2 ^
3
p' I8 P) g, l2 t4 E! y- v4
) I! Y7 i) W) `1 b+ N0 z5
# u/ W5 z! K& M6 x; Q; M6' t0 b# y$ W( J2 S
7* P6 {% g! ?: m" |' |: Q
8
& U( \9 ]. u) L95 N) f5 w. x* t; x
10( E- b+ g9 m+ |* i5 N% k
11; l0 H# n( k' R- k8 Q2 e- Z( O$ ~, s
12, y# B3 h _' G' v0 K
13
# `0 y" c( u0 D3 _" Y, R" [14) K7 z; T* ^2 G
15
; ?9 c$ v2 V) Y2 C3 B164 e! d. a/ O B" ~! o' T1 _
17
- ]' E% O& b( s4 r18
) `# V2 f3 B) s! f: u8 ]- u/ i' C$ O8 G19; Q+ M' [& u# \
203 L% [+ K! {& m
21
- |: ^; g$ [( r3 P22
+ z5 M' b) Q( O V* q234 Q* d, x! Z) n: C. x
244 ^- _' b7 J6 q6 o) c$ ~& K
25; D% e1 ]0 `5 O# s5 Z% H( @
26
9 l3 |/ M! L Y8 |" Z27
4 E- z1 D3 z- i( o- T281 u2 ~) h; ]3 U2 B. u! O
29% _, l( Z8 ~; f8 s; ]
308 f: A3 k$ O/ Y: o# e
复制脚本到其他两台master
4 Q5 I3 O- ?3 x32 和 33 创建 目录 ,并复制脚本文件命令如下
, [* _8 ~) L* S s- ^3 m! \
n. F0 i: y, a2 R9 C' z- a; \sudo mkdir -p /usr/local/kubernetes/lb
; h% o" v* u" }! uroot@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录
0 y; D1 D) m% ]) [' }root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric c# @+ ~; l! F1 R( ^
eric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb0 X: t1 X& {) a5 U9 r+ f2 F% v- n
1; v+ A3 V4 Q2 W1 \% s$ c
2
9 N. i' L" {/ j3
, _8 i* f- _# s) z: k% f4
' D8 ^! p) b5 D0 f6 }& K$ }启动容器
$ H1 d5 d2 }% i6 b+ \& [' k+ z# c三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像3 s/ w2 b/ @7 d5 e1 M! C& F
# _8 A; m! ~$ E2 ?& c
sudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh
# H$ J3 l4 M3 N0 Q+ t1( V: H) V/ q5 w
检验容器
* |# W( b3 r% o. f+ \$ m三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:
1 g8 k$ \0 N2 z D5 }7 g: l9 ^& q5 A' f7 M9 J7 B
root@server1:/home/eric# docker ps
3 m9 `8 t, \' y) M# l( qCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0 i$ G7 s1 y, h2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S$ V+ X3 }* T: W) R
97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S
+ S7 x# Z. y) f E* _1, s) M+ @- I- d5 }. e
23 s5 }& f' y3 k; u" ?$ c1 `
3
5 \2 e* n+ z" q9 D& q( z4! C- t$ }9 D' i# ^4 P% s2 T! }
虚拟IP验证
' w/ R0 {- \& T31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:8 q" v: z9 n% E7 ^
+ v! n) O9 u# D2 P; W5 {7 v
eric@server3:~$ ip a | grep ens333 e& N/ t/ A" ~4 `: K/ V7 c
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000+ Y* l( i- B+ ]
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens33& r( x2 R' j. l3 p4 \ U
inet 192.168.90.100/24 scope global secondary ens33
, O' U0 S+ I& P( W1 {! o1
" x: W2 o( h3 K* C2: ~0 O; \8 J) v, s
31 O7 F9 C9 L1 p( k- l' Q/ t& V# m8 z
42 @' Q1 I- V" {. F
部署K8S集群1 B2 {& |8 w1 Y9 J* @) t( I0 H# T3 A
创建工作目录并导出配置文件3 Z; @; c+ m; g
e, d1 X. ]" H
# 创建工作目录
% s" M. X' a6 K0 @1 y. F. r( K% lsudo mkdir -p /usr/local/kubernetes/cluster+ J% H" E6 V4 z& Y& d1 H- j4 F
# 导出配置文件到工作目录' G" Q) U5 b: a: d
su root
8 O4 L- j8 t5 ^( @% J# n: y kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml
3 i* Z8 z1 l4 R" C; `) B2 z1
- H1 p, [, y, J; X0 }9 i2
, H- y6 T) ~2 t$ W; `9 c3 u% z3 c) q33 a) q. f6 f# ^1 Z; g
47 r) f2 y8 t! ?0 R9 e
5
% I. Q; G1 S3 b: |% u修改配置文件0 N1 w6 h: V2 W- z1 a! I& b8 a1 f$ `, Z
33节点修改kubeadm.yml 内容如下
4 Z/ J& P* v/ h0 B. O4 C" t
' T2 W' F" z; Z: p1 ]$ ^3 x- Droot@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml
% F3 Q8 d; [8 Q# C y1 zapiVersion: kubeadm.k8s.io/v1beta1+ H* o( Z2 J$ ~( B+ [3 Z
bootstrapTokens:" P; Q( X: v! b: T! V4 Z
- groups:
% }2 U# m9 s" ~ - system:bootstrappers:kubeadm:default-node-token% e2 Q/ ]6 R. m& @
token: abcdef.0123456789abcdef
* Q/ h4 {+ f+ i7 |' F0 s+ }- } ttl: 24h0m0s
) P7 p, X1 Y0 C4 X5 @ usages:
5 j0 I ~* J2 O+ p0 [. R - signing4 d4 n) n( V* K# c+ d' G5 N8 W# b
- authentication5 U6 n! k/ X2 O0 C" \: q5 g- }/ l
kind: InitConfiguration: G k- E& l J" X7 W2 }7 q4 k% p
localAPIEndpoint:5 N( u0 W# m# N* y0 T+ T3 ?- a' A
advertiseAddress: 192.168.90.33 #节点ip
4 \4 A) D7 R1 Z" E) Q bindPort: 6443+ p; @8 h0 @8 ?. H1 M
nodeRegistration:
% s- N f+ }2 @' h0 i3 l criSocket: /var/run/dockershim.sock
$ V3 X% ]. w1 a3 R$ ]$ |% q; Z name: server1" L& {2 j$ C4 L# c; D
taints:
$ s4 I C- T' ^. }( n4 j - effect: NoSchedule
/ f3 ~$ P0 h- w% W/ P key: node-role.kubernetes.io/master
1 E W- z7 a! S" C4 E. [2 [' {% y---# ?% L) v& R# ^9 e7 v1 @% h2 e4 y
apiServer:
# ?; x9 j( \5 G% e$ o+ L0 d timeoutForControlPlane: 4m0s( o4 b2 O: \8 \6 D5 P% z
apiVersion: kubeadm.k8s.io/v1beta1: }, J$ h9 J) i7 s3 e I
certificatesDir: /etc/kubernetes/pki2 X) d- m+ n" q, @: K$ v9 s
clusterName: kubernetes
' o3 ~! n5 a+ F+ @% VcontrolPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口
0 P, u" n/ |# b$ Z- T/ k$ c9 lcontrollerManager: {}
- U& w9 m- `: Y0 j( v7 ~dns:
2 `; T" I- H {2 E4 f% E8 w type: CoreDNS- x2 C, X, ~7 [$ m
etcd:
3 P5 `3 H% \# }5 e local:
6 ]8 L% |$ W( E6 ]" o5 x dataDir: /var/lib/etcd
1 I6 v9 i+ e& b+ a: RimageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库
9 }+ f! f4 f7 E8 Nkind: ClusterConfiguration
# }, p: t X- W/ ?2 v1 X7 @kubernetesVersion: v1.14.10 # 版本号' o* t h) c6 O' e: F3 Y
networking:' p" l$ w6 e2 p7 \/ I
dnsDomain: cluster.local; K* l) x! H, y5 t
podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16 ) d# k S* W; s1 ~$ ?
serviceSubnet: 10.96.0.0/12) p( N7 Y; l ~. D
scheduler: {}$ m, u5 p4 S2 b* d" L/ Z
---
" L i$ ]# s" O1 e: ^' I# 开启 IPVS 模式( Z1 B% A6 u" \3 u6 i9 N: w
apiVersion: kubeproxy.config.k8s.io/v1alpha1( } w# i; u0 I6 w$ w# L+ @: {
kind: KubeProxyConfiguration; _0 e& o/ s6 A5 `/ g& z
featureGates:
9 X. O+ @- Q5 u; i# o1 o* y5 q2 Q SupportIPVSProxyMode: true
9 e; q7 @$ u6 M* k" smode: ipvs+ b' t: }* Y; V
4 L# ^2 q/ [* [2 K+ m* |
1
' a) T1 [! I. u% v. U, n2
9 N/ E0 h7 u. v; s0 G& z% }3" `! F/ W5 J+ P6 ^* K+ H
4% h) L: X' j! X* A2 U
5
* Q" ^: G$ K& }3 O7 }& i/ L1 G6
) w. ~+ l- N0 w% r) d2 f: S; ]7
! G0 y! d* F8 h9 o$ }$ P% r K8
$ B7 A+ @" M3 p. |' b2 s9/ j, P) x+ f# H
10
5 g5 `0 X/ x3 {2 j7 Z- @% P11
+ K& y8 z. F) l% k! x5 h12
0 k! V9 b' m( F6 v13
; U; k3 {! X" ]% u0 e: o14
. d$ I5 U- T9 s4 X, T2 \15" N" R8 p2 ]' e. r4 Q% e" S- H
16
8 n6 d; E8 k% F t17( p5 N ] X3 R9 O* P! n6 j
18
1 m' [5 V2 Z& c. F19, N0 Z4 w2 w D5 W% M3 T/ y
20/ P+ {+ p0 Y# F' [: r% d1 L
21
( I# N' w8 C1 L! ~; \22' R( B% j* F4 b |1 w, Y. U, g
23
1 u2 t- l& D# E- j+ `6 X* p24! s l4 I: M/ ~" i* T
25
}8 F0 Y/ ~ b7 Y- f( O26
j) `+ t+ ?% ~/ G4 H% x$ W& a c: H271 ?( _5 j9 ~3 K2 t( A+ N" w# G3 i% k
28
+ N# }0 y, V/ `+ a' Y3 P& K29
. ^+ V: y- `& H0 _30/ j' w4 \- a( U# \3 b0 c# x
317 ` w4 d; F6 f& O3 @& Y
322 H# e+ x' V& V4 ^$ I! Z% ~: M
33
, m' b$ l: W- M/ u34
8 E! l1 F: V8 J9 T% C3 }35
& x% u0 \: q( Y0 P36
, D( `0 y; m- O$ n; a. G9 e3 T6 @# x& t37
5 |* H9 D9 l" d+ C, n/ A38# p( q, S) E) X& O7 Y
39
7 I7 W/ B, m. ]3 j3 E404 u; `/ y" G3 |; Y
41) G6 N- ~1 q: q4 O$ j8 u% a
42
5 V" M9 y) R' n: K+ {9 _( F( u43
/ r# T" q+ a3 f$ F44
9 K" p. T4 u4 V' x5 s& u- D q6 K45
1 o" D# o' a$ W8 {3 e6 T46
1 C( t& X: E. c' g, j6 |9 N47 T) ?( W1 ]' A- ^( Y
48
4 c: w9 g4 |. Q8 ^ S3 m: Xkubeadm 初始化master5 Z! Y' {% N! S/ R3 p1 e
% d+ P) ]8 p7 t/ |; l- hkubeadm 初始化. c& l: M4 x4 t! F' ?& q
, _- p6 A, j1 W$ F' X9 X# i: o/ ~
root@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log& b: u4 d; o: h3 ~
......" g. H+ N8 q( S. K( \
Your Kubernetes control-plane has initialized successfully!
- O2 g" k! c1 K k7 g- ?- w4 M
1 c, b i. H0 g) i+ I6 d+ Z& QTo start using your cluster, you need to run the following as a regular user:
3 K4 u% `1 `! {' P- Q+ o+ U( c- v z9 Y2 N
mkdir -p $HOME/.kube! Y- v3 h0 k% z$ H4 }1 s2 c
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config" N; L. [8 |# e; h( @
sudo chown $(id -u):$(id -g) $HOME/.kube/config! I! k* n$ C" E) z( s
}9 c3 b' |0 V2 h2 S4 }
You should now deploy a pod network to the cluster.
P: n! i& n' G! mRun "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
% _ L5 _( ]4 k( L9 e https://kubernetes.io/docs/conce ... inistration/addons/
3 q v5 j; `4 I
# ?3 C. u( }2 l2 ^( yYou can now join any number of the control-plane node running the following command on each as root:1 `' p; U0 ~$ E7 f5 y( x3 d' u
$ i, }; e z( F7 G2 M$ O3 u' o kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
* i0 J7 R: ^& r --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
- l( H+ A, ?/ A- a/ a- ]; c --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
) V: r: X+ j4 q+ Z
2 @( ?5 ?. `, [" Z8 D# FPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!
( l$ W+ O( ^' }As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
* g4 y' q0 c. d: R) t"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward.* p& K. ?6 X8 y' M$ c3 z
w% Y# \. o, \7 e. q
Then you can join any number of worker nodes by running the following on each as root:$ |4 d% k/ S6 o4 k. i4 Y
* K1 e1 t% J. dkubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
/ |- ^! {- G1 j --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e2 p( U$ c1 L/ i! f" P7 c
* m* J5 M1 ^4 j1# w0 ?' F$ p2 R' i5 R
2
3 p7 K- ^" |5 I& N37 z# K0 ^; G" J8 y# ^0 ~
42 L4 g7 R! W" B9 q6 b
5( r; N: s' I2 W, b3 P; `
6! o+ J* ]! d& O$ ]
7
# }; Z* s) O5 @4 o4 G8
& V( b: @9 J! {9
: _' m; b' W2 U: M& [10* B6 K0 J. _$ g8 G
11
8 N- j* ^5 V: v3 Z% ?" K" @0 M12
' s* d* e0 o3 y' V7 G+ U: ?& L! p13
- p& E0 r( z; B2 e14
- o. `* I. W0 ?+ {0 j8 Q u15
( W+ f; T( ^* X16
9 O/ m0 p7 _: a17
4 ^- ^! W4 F! H8 d1 X d18' n, ?! V) w. R4 c# q( x
19/ C! w! W8 x$ ?# f" o6 X1 `
20
% B$ j! o) c" L2 i) }% |) ^21! K1 i! T) X" m& E+ u
22
& [+ k5 d: a. h/ G. K23% T4 R; u1 e/ F$ I
24" Q( N# o5 K. t. O
25
. z) y" y, P( k6 M+ b" T7 _ W260 g4 H# N& p) ?: ]4 @% a
27
4 R: ?; d/ U5 l5 d28) a# \$ N# R, f \- o! b2 ?& V6 b
根据日志输出,切换到普通用户eric执行以下命令& G+ ~7 n/ c8 L- n- }3 u
( O# m: z Y* i8 [/ |4 k& L
root@server3:/usr/local/kubernetes/cluster# su eric7 }! l/ ~6 Z$ h0 E& G& E
eric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube- N% F5 P9 f3 l; ^4 G
eric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
4 z( w% \- z) y/ B. {5 ^- Y, l, Ceric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
# K, a- K4 t/ y. @, n; i1" |. x: b" P0 G1 X# z4 O
21 e; Z! X# G) B+ z/ a0 B# ^; V6 e( S
3
) D" u j% _5 W: f4 L; g. `# C& B8 U
验证是否成功
O, ?. R, A* Ieric@server3:/usr/local/kubernetes/cluster$ kubectl get node r1 F) l' K6 R0 J3 m# W& O: o
NAME STATUS ROLES AGE VERSION. e+ K7 a% Z7 G5 U
server3 NotReady master 4m11s v1.14.10
8 W0 m4 a9 b- M1 A+ y8 ~12 i, b! I `1 W: w0 w& e
2- p( I6 B6 \5 b H6 B( }& ?
3
* a7 B$ ?3 c* y1 W3 p9 l+ Q& X; M安装网络插件
$ \' J& T2 d8 E% R9 r( M1 w+ P0 ^1 o6 I6 }! _2 y( g2 _
eric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml; |# o" x* h5 b+ B
configmap/calico-config created7 J; f4 @' i0 I9 t* @
...... s7 {4 B. x0 r3 t/ e5 ?' B- ^
serviceaccount/calico-node created2 [1 N' W- J4 l6 M y, X
deployment.extensions/calico-kube-controllers created
; C1 L7 N x3 | b& P* y6 Hserviceaccount/calico-kube-controllers created4 M' u4 I9 `- P
1
2 A2 g9 k7 {+ R7 o6 i! q2& u7 [) d$ J4 B4 r+ v6 g t
3
! M- h8 n# {) |* S4
; y2 a% O# Z, i( l9 ^3 d% K56 {1 a0 Q$ N, L: I0 Y
6 I5 ^7 [. d. O
# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态
- Z7 i; b4 p& Hwatch kubectl get pods --all-namespaces- u9 D; h7 I; z
kube-system kube-scheduler-server3 1/1 Running 0 34m
m1 w; K+ x! g2 O5 v$ Q) mEvery 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 20214 d* X! U2 @( k8 M0 ~# f) G
NAMESPACE NAME READY STATUS RESTARTS AGE9 f0 k4 a' C+ j4 J( q+ s
kube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m
$ J' L+ a8 {+ X; ]) P. Y1 pkube-system calico-node-sb2kb 1/1 Running 0 64m
) ?6 @2 x6 w8 X Y; O: Z9 lkube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m
: ]1 n+ E. b! d/ t# ]/ [, ^( [kube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m# ?8 _4 B9 t& p
kube-system etcd-server3 1/1 Running 0 65m/ E3 p3 \ K8 ?0 J) H& {( o7 y5 c
kube-system kube-apiserver-server3 1/1 Running 0 65m
t H; j7 o( P6 Fkube-system kube-controller-manager-server3 1/1 Running 0 65m
0 H+ l% [. ?; |0 ?0 Pkube-system kube-proxy-q42pg 1/1 Running 0 66m8 {; n- p5 k, R. e e. i- P
kube-system kube-scheduler-server3 1/1 Running 0 65m$ Q: w: N) a6 q: M
1+ N: z9 }( W5 H" z" r4 Z
29 V- E* J2 }) o
32 a* L" P! j- d
4
G3 e% s' }+ i4 q- u, R& Y5* U, `, C' l+ N. {
6
1 S P1 m+ u. b, f" v+ o! }! Q7
1 M1 j& X6 c5 v# b k: t8
$ [1 o& W4 h p- y& b2 ]9
7 S5 Z8 j# u5 `& q1 P$ Q& A7 Z! j# A: x108 Z; i: Q1 ` T0 f0 I1 h
11. a. ^, M% {. M1 ^- X( H
12$ o; o: _: W0 \& o# z+ G0 b
13
! P8 G3 O% t4 |1 Y14, h8 x1 f/ O# I* J& b* V* K
加入mater节点
4 P0 X% C4 b: x$ r1 H) Y) R# m31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。. e F9 Y) C* I2 G
注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数
' n" J3 U x! M7 Q7 H$ e$ Q# R! k/ v+ F+ P: a% L
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \; ]6 e3 u$ q G
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \- W: S& W( q! a' Z7 G
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
; T" K+ Y/ i8 k. X& b
+ C! ~% m( ^+ d+ ^! l* U; ^( E.....
+ \0 R2 W" v! y$ V[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
$ h* _: M- F/ o[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]/ z, R+ g% o. a
# h: t4 X! {* Q: F3 J4 {This node has joined the cluster and a new control plane instance was created:& }/ W! C) Q7 b
6 \0 b6 x# a8 u/ Z' ]/ Z
* Certificate signing request was sent to apiserver and approval was received.& O* ?: O6 Z: W8 L" q1 `/ s
* The Kubelet was informed of the new secure connection details.3 }$ J% z3 b4 [6 r U2 |
* Control plane (master) label and taint were applied to the new node.4 m! K/ i( z6 ^+ d5 \+ B% y p
* The Kubernetes control plane instances scaled up.0 p* I2 a0 p6 d% F. c a
* A new etcd member was added to the local/stacked etcd cluster.; L5 |2 e; Z. r; U R! g. M, D9 x
7 N' ] Z. ]) B' b8 O8 Z) sTo start administering your cluster from this node, you need to run the following as a regular user:
- R; f5 j7 f3 {- z5 W& l7 p4 N- P4 C' f: P: v7 \
mkdir -p $HOME/.kube+ X) B' X+ v& H
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config6 F) {5 M, D% Z
sudo chown $(id -u):$(id -g) $HOME/.kube/config
6 s) `: O( O1 d- E0 h0 R4 g% m( d8 D
Run 'kubectl get nodes' to see this node join the cluster.
/ u; W0 ]3 l) M9 x# j8 B3 a8 C
* l" Q) f* I/ e0 x. F1# c( C/ S; U( `
2" g0 \$ E1 h' [ r) b
3
: F4 c! C+ U3 J, v% ^. ]9 W43 `1 _( |9 l6 c$ Y! G V. ~/ N
55 W& I/ i. J* Y. u
6* @5 q. p5 v4 b# p) e8 m
7
# P0 b5 E8 r5 K$ J; J- Y8& ?( H- w* n; c9 F) r s8 ~$ O
99 H6 C: X& Y4 o
10) n3 X9 h G. l6 h! Y
11+ g4 z- T0 L; N) c
12
J Y- g' L5 c% u130 D' ^% [3 y" Y; z
14; `! o6 h, X3 S- T u
150 \& \1 N+ L% ]& Y/ ~7 \0 d& `; j% ?
16
* l+ @% x) r9 T% u; s176 c. Q! x) ?. R6 ~, ~! U
18% T$ d; m6 A! @- p" \
193 p1 u/ d5 B3 m* h# h
20: E; r" f) b+ q3 B' J. V5 ]
21$ @, S; T1 a, ~& x0 L
22
, e# q: g) H7 p8 f23
9 ?4 p8 i4 C" o2 d按照上述日志,执行配置命令:
9 |( \. z( S1 h( I! ~2 v8 d/ c$ i2 a# }
root@server1:/home/eric# su eric
" @. U9 O! I* Y9 _eric@server1:~$ mkdir -p $HOME/.kube
5 Z/ B/ w" m7 ?% X8 keric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config, ]) t7 u# e2 r# P
[sudo] password for eric:$ V Y7 m) z p* J% m( C. S2 C
eric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config2 e2 t O0 Z2 S
1
, I0 E/ s" D! s z: m0 n) K' O/ _2
- S; G4 }2 b; a1 G: Y* a3
+ M" e* }+ a1 V. O4
% b6 G* h5 R& P# p3 I2 x57 H5 a2 z% x/ T
加入node节点
+ T! I# `8 h, ?4 |' L三个从节点分别执行以下命令,加入集群8 V5 y/ w+ N( @/ T. c7 y
初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。& w0 x m, d8 B% k, P
9 r+ s1 o( u5 f: m eroot@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
# N7 i! t ^) K/ O* |> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d051
% |7 m4 y4 a ]* o E[preflight] Running pre-flight checks3 g1 G4 t( q* R0 ~8 S
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/, n7 l* |' v+ a+ J5 j4 P
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.097 z, j# R4 s K6 j& _5 Y) V
[preflight] Reading configuration from the cluster...
: {" V( e* C6 n) Q[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'4 s; ~4 n8 r+ s" s6 |4 D. y
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace7 m) r' t6 M4 q0 J0 M
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
4 Q* O0 a/ b, f& f8 {+ o% T9 F/ K[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
; Y- j2 f, T0 ]' O3 {" P1 j/ @[kubelet-start] Activating the kubelet service( o) b( }- s" x" k' A/ k
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...1 M% E- \* j' c! t
& {( _1 Y2 ]- E( sThis node has joined the cluster:9 C5 @+ {& K$ \) a0 |: i( t% r/ g* C- U
* Certificate signing request was sent to apiserver and a response was received.
3 [8 S+ Y/ s3 V: r* The Kubelet was informed of the new secure connection details.' @( G: o5 u1 w' t+ A* N, @ d
, U8 R U* V2 ~4 U; H; E0 O: n5 uRun 'kubectl get nodes' on the control-plane to see this node join the cluster.
8 J0 ~6 P- A8 j* N+ c5 q E
" K+ {, t4 Z" c: {% ?: ]# a- S1
* o( \# z+ X, r# J21 {* R! y, l* y5 @
34 Z! K: A& b# `" z
4
9 E1 D( P$ }: B: F0 |# e5
4 ?+ p) \ }- h2 a# u& i6
, A, u! x5 I- ^! B9 A7! ^- d) \4 G% ^; E1 P& H; [
8
- F- o' \2 `0 d9 H. s) T$ k# L9
2 h4 G [* f$ W+ J2 o' ]10& \( \( C! r: R" ^% w* H; t
11
! G' j0 q4 j* Q' j. v- C. h12
" K% W* H: ]4 Y, ^! ^" y130 ~1 o. u! M8 F. D) f/ j+ b* T
14) k2 p' F4 c/ S% w( Q
156 Q7 m) o; p9 @. u; [, T# @$ P
16: M4 i7 p5 \% U* Y
17$ F& F, t8 `/ b
18
, }7 ` }, x* P% P% {8 P验证集群状态
# I2 l3 G* g! s% w" I& S7 L& L. j& qmaster节点执行如下命令验证集群状态2 T/ V+ |/ m, ^9 N9 J% C5 U
0 m! w; F$ G+ l! c$ P1 X @! Q
eric@server1:~$ kubectl get nodes --查看节点* ~& u2 w. Y: l" [( w* j
NAME STATUS ROLES AGE VERSION
: A2 [9 X5 K6 B: s5 i; jserver1 Ready master 7m35s v1.14.10
/ C! |/ _* ~) d! Z( vserver2 Ready master 7m22s v1.14.10
4 a- ~3 `- Q/ A. W, O- M- ?4 jserver3 Ready master 85m v1.14.106 |- L/ B$ _0 x$ |
server4 NotReady <none> 43s v1.14.10
; ]1 r% g# l7 S6 D9 d; `server5 NotReady <none> 42s v1.14.10) ]" _ L, `2 G' _8 T
server6 NotReady <none> 41s v1.14.10" B8 d: W- T9 O* A" k# L
eric@server1:~$ kubectl get nodes -o wide --查看节点. Y5 j+ m% G% m2 t8 p
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
* U6 U% e, ^8 u, pserver1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8- A" e5 H+ o- c/ @+ t3 r
server2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
h& s0 y9 y0 }, A! G9 D1 |server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
% U# i2 u7 m9 R0 R) C' iserver4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
8 ]& d( Q/ `- K0 [* S: yserver5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
V V/ |' J) |$ S8 Pserver6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.80 m; ` J; a! M- Z3 t- o0 k
eric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod
- \, B g& z: @5 X$ eNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES* u# M0 G7 n% K% P7 j
calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>7 z/ i7 w) q4 T6 M6 T, V% A# h
calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>3 V2 ~% k3 J% y6 A
calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>
) O x: Q/ [. ]$ w# T3 fcalico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>2 i6 L5 e' x+ H
calico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>/ Q% z3 W/ J8 S8 a% |: N+ `
calico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>: }1 s8 {0 t& b @( t
calico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>6 I0 X! L6 `9 P8 ^# S
coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>
2 K1 @0 K* e1 u- e% F% K8 S, Tcoredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>
5 f! w0 \0 m; |+ [( |4 k3 _etcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>' C8 l. q" q+ o& c
etcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>
2 g$ y1 e% D) P* ?& X tetcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
2 J' a' }: g. f& M0 f1 {kube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
$ E7 b3 G+ {* U2 y$ z+ Kkube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>5 B1 Z: n; R, s2 J' ?
kube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>9 i5 ?2 X# F3 Z7 v5 ?8 B) w3 W
kube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>9 b! A: N4 k s F0 k
kube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>3 d8 M4 y0 s; H+ h: t
kube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>1 G0 |6 @! z8 }4 }3 I
kube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>; h' f5 p$ v. T3 y" c$ l
kube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>8 E/ b! k& g, h. Q+ r
kube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>
. f( h3 F8 K- P4 {' Qkube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
& N* h* ~ v: `# s8 X5 Nkube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>1 F9 a {6 R8 p( t) k& D6 T9 ~
kube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>
+ h! p: q% K. T) D3 _kube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>! W& e: K7 Q2 f. k- |$ V
kube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
/ ]0 h5 {/ w; Ykube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>4 r9 x! ^3 C9 h5 d4 t0 R! V e
eric@server1:~$ kubectl -n kube-system get svc --查看服务# M$ C; _, W9 O! I8 ?5 O$ y
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE+ m" Y* P% T& Z; f& U
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m
8 h2 h* C8 X) W% h5 s9 l9 z
" E$ C2 ~8 ~7 d! ?" h* N+ V3 u4 beric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态
9 ?( w3 x. ?& l, |# ~# l/ X9 D> --endpoints=https://192.168.141.150:2379 \3 @" ^/ N& [: @: J, B6 Q
> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \6 ?% ?- A/ M* {! x u- G! @; i- l
> --cert-file=/etc/kubernetes/pki/etcd/server.crt \
8 v: B$ f) @, c* r1 s# b# v> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
8 n5 L$ v- v& HError from server (NotFound): pods "etcd-kubernetes-master-01" not found
7 n6 n0 u+ `8 Ieric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
! n' ~7 D' L9 M1 D2 Q& H) Pmember 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:23795 N1 K# c* G$ x c- D9 C; Y
member 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:2379
( ~& L& o0 M! J0 E$ }* Vmember 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:2379) h- P3 x! I; h6 O! t2 H
cluster is healthy
3 g( |7 b; j: O' K0 j {! T7 ?, ^$ R; w! p# ~8 j
1
" \, ^. c% ?6 I0 @26 Q& |9 N: \ X. U2 F5 B
32 A4 e$ T5 i7 G' Z. D$ N- n- A+ C" s* l
4
& X- t9 H, q7 i4 ?) x5
# B8 j4 h5 O4 A, d* k6
* \$ g2 r9 h) c5 Y$ [( i7
: b/ q3 |5 m y7 m( n5 h i& `8% v! p, b: r7 }
9, @6 s" \9 {. T* f$ C! }
10
- [( F2 G+ K) n11+ T, ^7 F& P5 l; N7 ?
12: }9 b \. [$ d& }8 `6 ]
13
5 M1 C' N J2 q& M$ U2 }1 \144 R8 U) Y0 J( e$ Z' K
15
3 |+ w( k3 N0 f16& k; m# h( G* @' r
17
. G3 }7 O D9 B; O9 {" w* s" b18
# C, ? }0 W2 [ e+ T19- G k" w+ ^, ~: _1 c
20
9 D9 ]) \* ~9 v) w* `. |21
" {8 v4 W* w7 k4 i7 ~& c4 ^3 Q3 K22& n% f+ A5 p) J* B( z. L
23
" }1 B" f# j0 _# b1 \3 v- R24
, b' w- k* n, \ ^ N25: }& s' \* b/ W; `# H8 i9 ?4 e
26
; f3 j5 x9 Y/ z: z5 f27
* c$ q9 M/ J2 n( a1 m% V28
5 [! m7 m4 t# a( D0 s7 Q29
0 {9 |/ {0 O! Z) P30
" A" }& g( N, V4 n1 i# d( @# M31! c, d/ \9 l( U8 M2 W0 F1 M
32
8 J7 [# ?% `8 a' b33
0 n7 Z2 F' E- Z5 }3 k341 j6 A1 f. y4 |( W
35
5 ]$ z0 ^5 W8 L2 u6 S+ c/ m36. a' K+ U: V% g2 c* I. p
37% _+ l' @# a, W2 `0 d
38# h5 e; ~: Y$ z# N& C' F4 g
398 O* H9 v" _: R# X+ m/ J5 x! G
408 b- N+ v; B+ d5 z- ?8 O* b
41; Y% I: M J; M7 ]( x4 y
42; O, q6 }- [1 t2 l
43
; s. U4 l% d$ i5 J0 _44
6 ~) J5 M; B+ O* X" x/ Q4 |1 {45
! B; P5 a; ^, s" \) W$ o46) m' g% _+ v# s, _1 j" t$ L* J' U
472 m/ J9 J& b* x; n; \
48& [1 w: c7 n1 A# N& c. ]+ f, T
49
T& P5 v7 w- u6 [* l" t50
2 c: u* r4 g0 J! Q& k, u; r4 R51 g% F2 \6 b% t
52
9 t @$ h* c* P, T! J. w530 h' E; l: S4 v, ?. ^) r) I+ O
54
) ?2 }0 R: Y& `$ O& q8 _55
) U3 `9 i8 G" ]1 M+ k56
- e$ A1 |" `4 [( S) @; F57( |1 k2 N. X8 C2 ]
58
6 I; K- L: f( f59, c z; O2 q- w# Q& Z, m T" q& g4 H
60 M- H* p' b% F4 s8 Y1 S# [; D9 \
验证高可用% z" X% x% p& B" U% s8 w( `9 M
Keepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题
' V% f" w$ K: a. k% D9 ?开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机,
( \& o+ H4 R( g0 t
/ C+ \: G2 N( @* y( h- [3 ?8 tshutdown -h now --关机2 f8 y; R, C% ]: c* T
1" d+ m; W2 W+ x% p; h
通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点# _1 Y# K4 F: X, s2 s3 d- o+ a& K- o) g
0 t0 ]& {$ w& l# ]0 ~% k! seric@server2:~$ ip a|grep ens# }5 x3 D5 T8 A( W3 N: p
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000) s6 ^9 T; E7 p9 q
inet 192.168.90.32/24 brd 192.168.90.255 scope global ens33# ^* C$ }1 W3 ]0 @
inet 192.168.90.100/24 scope global secondary ens33
. Y5 D7 U9 i( g# L' t1- {) i* r1 O$ Y% t& m* s. R
2
s# a" l e6 u$ m6 l2 h4 [2 L% [3 k! L3( _. b: L8 U/ P3 I
4
& I- v' H& U. Z a- N* j% g这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:
; o: Y+ s$ j: k, E* u' n4 H1 I+ k3 _( Z8 w1 z5 i) _! `- e7 N
eric@server1:~$ kubectl get nodes -o wide
0 v6 ?: j; W3 }& MNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
3 w( c% ?* L0 q: I! I, D! s& q4 fserver1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8& g- v d2 N4 \1 f4 I$ i5 ?
server2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
2 E8 T8 S8 x% vserver3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.81 d. X k, X/ A0 y' z6 g8 f p I
server4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8( J& F+ M: R7 |3 `# Y) ?( d5 G
server5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
5 ]! P2 x, d0 r2 s" O& Z( c; xserver6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.89 h( T$ k0 B6 N3 [8 W
10 q2 H/ I0 x( Q) b
21 k _7 c; a' o, v7 E9 U, [! M
38 J+ |- k, p/ L# z# v$ j- c7 X
4
5 c. v4 l8 r/ h5 w: m# {5! ^1 P" B+ ^+ n+ ~" A
6; m3 K) }3 y4 D
78 a+ B/ f# {3 e. `4 P* N9 d
8
* C8 P+ n( ~5 l0 L& B' i( m0 O4 S) Q配置运行nginx容器7 | x0 x6 ]6 K. _
部署deployment
5 t3 [3 G! H k创建 配置文件nginx-deployment.yaml如下:9 |: e, j! l" d
& t" \3 `3 c0 o8 A! p
eric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml
; y$ y+ X) q6 G; J/ H# API 版本号9 Z2 M" T V1 V9 B
apiVersion: extensions/v1beta1
% Y8 N; M& i+ d8 G! ]( ?# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
. b! K. H$ U% `' Skind: Deployment
7 l4 q; n, U* p8 a) i+ x# 元数据' f+ p, O& R- M3 }+ ~
metadata:
' S% F: T; D+ G # Kind 的名称
- I# z9 Z3 V1 _- T) S/ v: Z name: nginx-app* u# q" P5 f. e1 Y) R
spec:* g* ?. W4 d/ X. ?$ i. b7 P
# 部署的实例数量
4 u+ `0 B L& v# e replicas: 2
6 x* T, f: p; p template:/ d( r- t4 a4 [8 B0 f; A6 W- N
metadata:8 t* n \& m4 T6 T9 q1 h" r
labels:/ i8 u3 t, z8 q& }! @) o5 E1 E
# 容器标签的名字,发布 Service 时,selector 需要和这里对应
, q& W% B+ Y( x) S$ M name: nginx
9 p9 A3 F% h1 c4 i/ l0 |) F/ S spec:
7 f& p$ O' K# D% I: o # 配置容器,数组类型,说明可以配置多个容器
Q6 \8 A% W* Q" o# f containers:
" B. c% O: y( u( x# [/ Z! D& x9 k, X # 容器名称
* D; ~' |5 \& y9 v: w @ - name: nginx3 r) H2 F1 l6 _) M* G
# 容器镜像) a1 o3 a3 `1 ?/ M8 d
image: nginx
0 c, x- O; E7 L8 l5 P% m# X) J # 暴露端口( m$ p' q6 z) X) l, o
ports:
% z9 b9 d$ S4 l7 t1 U. Z # Pod 端口
2 [4 ?7 ?# @9 U9 K$ s, Z: u - containerPort: 80
# b- U4 r9 B7 m9 e
! Y, Y8 |+ }) ?5 B19 x3 g; K" L2 l- B! |
2# B* d3 I0 g' G8 @
3! p, R# c# y. `
48 i$ ?0 t, Y3 d) x c4 t7 d9 y7 W3 L
5
7 A I) s8 b- ~2 H) i; `6" r& B1 p8 d8 u' g0 O& J
7" l/ E& ~- ^: p6 A$ t
88 a ^# p4 R* W' P9 n
9
: D8 @" O, Q3 C# i+ ]102 Z' P+ p& D% u0 o4 {% g) i0 T' A
11
1 f" v4 }' ? H12+ A- E% R, O# e* f( _7 \
13
3 y2 N; g5 G+ U7 H& P2 f! z3 l8 t14' n) k8 I& r& e! {5 v6 u
15
) ^9 a$ m z6 _! h4 H; N16
: G8 o+ Y5 k7 O8 Z- h- G17# H; F% M0 q" L" C' b' ?
18, U8 U/ M1 t6 h! O4 |. l
190 f8 N0 `3 ~2 [ J9 {* d6 N
20
P3 J5 _$ U% f0 S$ q. J211 C' [5 k! W" [5 z* Q
22
: D7 n1 ^4 v" J* S4 I0 I; F9 _& S23: i. `3 `* |( h) V, \! J' \: A" U
24
6 D8 J% @; y* O/ f8 X/ ~. _25! h& h; R' W* g2 [& v& P$ T- p
26- u& e: B2 g3 Q3 J4 D) E
27( b4 x8 M4 E$ B8 |
28
& i5 T# G6 V' L& {9 d+ x; M* s; ]6 ^, o添加部署
1 s6 v; @+ r9 ?6 d+ O) K; x. `1 j% w
7 B( c# H, W* Teric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml , D s6 O J- @) N
deployment.extensions/nginx-app created, ^$ q% U2 @' K" U3 i" v( U2 h
1
% S+ v! |2 A: u% `2: ?* k& ^" @. O+ q9 N1 p$ J8 x
删除部署命令) e4 _4 @! b' s& Q+ _, @
* p/ d# `, N7 O) f6 vkubectl delete -f nginx-deployment.yml
$ Q3 f$ }; s. ~9 V* o4 R X: R1
0 n4 k6 s/ r. O y& C发布service
1 q$ x6 g- l( `/ E3 s; b* y. z! d# Knginx-service.yml配置文件如下:- z9 n2 y) L8 R
( Q% D1 ?' R+ e) {# API 版本号" d1 s6 T7 ?" G7 o) d* @
apiVersion: v11 _3 S7 y& I9 {0 ^2 }/ c2 z# I$ E2 }
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
t+ h4 m- J. q& ykind: Service& p- O) t" c2 v4 K
# 元数据
7 j, G7 ]8 ]" ~. zmetadata:- ~% E0 H8 O2 Q8 l$ w& ]* y
# Kind 的名称
- K. J) `& |1 w2 }. q! \6 t name: nginx-http
0 @9 N% ^5 o1 Kspec:: o6 A6 S2 U' R- Q+ C: d2 R/ p
# 暴露端口
: N: Y9 [% `4 e) y) O, u ports:
g" ^+ B6 _! ~6 j ## Service 暴露的端口
/ }2 H. {' `3 B1 @4 w+ \1 y& Y - port: 80: a, A9 n, z$ }" w8 m
## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上& _* ~$ E! t! z+ y
targetPort: 80
' q0 p% I5 j& o7 W # 类型
! v" e: b4 f o0 G! f1 U( p2 U- i type: LoadBalancer
4 S% q8 _8 f# x: `5 X3 b5 o # 标签选择器
/ A" e/ c- B/ @$ U. X7 Q7 q selector:' o. |! z6 E% _/ v2 H. K" }+ O, W
# 需要和上面部署的 Deployment 标签名对应
% @7 M( w1 ~0 U9 T2 k4 ` name: nginx
5 \/ }& o$ B& v" D1 a* O2 v; u
1
% ~) g, t6 Z6 Q" }. a8 H) Q21 _ G$ r+ e- R. u) S0 _, r
3
" L6 G6 M% E5 M, Y* d- k( F, T4- U' G6 r6 e* n) y6 C7 N* g
5
* F$ d2 N5 n+ q" p% G' q. [ b2 J6
! W5 C: K' [ l1 p$ d/ h7* j. p j3 L: u! n7 t% C! k$ z
8
8 ~9 O: c4 R6 D) R% l' G9
0 o$ J% l( ?4 H, y! V3 N101 _& v, J7 K7 D$ Y: l) _
11 n9 J* d& K( p a$ F
121 p9 O. G. t! C: R4 [. m
13
! t( p. A9 J+ o, K4 B9 d4 p1 |14! s9 D3 x6 p6 P8 f% s$ S* K
156 _: \/ u8 ?/ f* o4 u
16" |+ n+ g5 w# o$ L0 q7 i* i
17
}" C7 O5 i: C- P180 h% ]1 d/ Y! x' G- f# ^- p
19- M& s7 G0 h* I* y' p
204 F) g; |' f$ E9 r' Z
21
; i, W2 m! q* \8 J- veric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml
% j# {, Z& |; p1 R6 |' J; j1. L7 B3 o. N" c8 e' k# Z
也可以deployment 和service一起部署% e, ~1 n. @- A; e# m
配置文件合并在一起 内容使用 — 分割即可$ q$ v3 C" D5 }7 l! l
: u5 B1 J0 Y3 [
查看验证
0 I4 ~5 F5 o6 D; q
( Q' ?. b+ i, e4 E; Ieric@server3:/usr/local/kubernetes/cluster$ kubectl get pods- y7 F+ V% o3 |( T+ @% O) u/ D, v% ?
NAME READY STATUS RESTARTS AGE5 A# T& `; i Z: _0 H. ?0 @
nginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s9 ~5 G1 N5 H6 r; x6 o
nginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s
! _3 \ q1 p9 ~6 ~. P9 Y6 ieric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment; I- x1 K# `* l2 t- j/ k9 m! i
NAME READY UP-TO-DATE AVAILABLE AGE# M" i; A# c! p) j0 C
nginx-app 2/2 2 2 4m27s
" T& {. Y* \9 H9 u6 i- leric@server3:/usr/local/kubernetes/cluster$ kubectl get service/ C3 Y+ K6 A( d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
7 l& l8 q6 }& u6 N+ i- A$ B; xkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h
5 t7 e: ~. ]# \. {! Mnginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s
8 {+ }( t( G1 ~) Aeric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
) {7 S2 t! f. XName: nginx-http
: |$ S5 G9 h" |5 RNamespace: default
/ f p& l+ k6 SLabels: <none>
' F2 \* t! z- }- O1 OAnnotations: <none>
$ Y6 O: w7 i: R+ e5 V+ KSelector: name=nginx
5 H9 i) F9 j9 [Type: LoadBalancer( y5 u/ {, S2 J9 @( T+ x! @/ V
IP: 10.99.153.51% }! {3 N$ s8 @6 q
Port: <unset> 80/TCP
$ l/ ~& b, G' b+ K) {$ yTargetPort: 80/TCP& P5 W& r3 J) l8 w2 S
NodePort: <unset> 31467/TCP5 M: F: j6 u( s( r
Endpoints: 192.168.205.67:80,192.168.22.3:80
$ P/ p! l' y, o( C1 ?: z; ASession Affinity: None
1 a; A$ X/ u4 W- x w0 z) nExternal Traffic Policy: Cluster
' ` T! _: P Y" b( e" e" D/ [Events: <none>
5 B1 _9 x1 M0 t4 H1
9 A+ m. v2 c4 F. I24 h5 u X7 X, C3 X) ]
3/ F9 U D: D) b1 ^) K
4
, d$ G! B3 Y# F7 S5! N8 \* k$ A9 s3 k L9 T
66 D' q, M, [- T. [
7
3 b6 k I! G, H8
" R% L) r5 U g3 w9
$ u& J$ U; u t9 L: }10
$ h$ z( n) @( Y) ~2 P: `11& @8 a# L8 L4 o2 |$ _* U
12
, n8 S( v2 B$ {2 c. _3 C13! e6 V9 G) K& A! |
14
; }; l5 h8 ?' h X+ R% S3 Z15
& R* `- ^9 k6 Q4 o: [16* G# o7 S" t# v
17
, x; [0 a3 L3 I- Q8 Z, h! T18
# I$ \/ l% x7 Z% ?8 O! g N/ `. F194 T0 W/ F! F& r4 k) D
20
& U5 Z2 W; V: X A4 h$ U- N5 S217 C. V: x+ R" D
226 M W7 i; Z) a$ F. L- X
23* o8 f; ?) k4 Z3 R1 v! D% M
24
0 @0 D) U) p' R$ w, n% {25
5 Y/ \+ i A8 d26
! l- V: d/ w" `访问192.168.90.31/32/33:31467 可以访问到nginx页面$ W# f( U/ L: o$ k2 e7 t2 ^; V
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2024-9-19 15:07:15
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜