|
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备
2 j0 r) \( M8 v# K# e# M服务器规划
) [. k o7 D/ p& ]4 y9 Q( \1 p i m服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04
5 A, g! u7 z8 ~7 L l W7 e2 W' x1 |192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主
4 j5 O: U6 ~3 b4 t- U+ ]. I) [2 p6 r192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备# P6 [* @4 C' B q& Z6 y7 x
192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备
6 K3 E4 S( c+ ?7 k192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave
' o: K6 T, y( q! G192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave( L! u1 ~. Q. @/ w% A
192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave1 Q" c1 T L; n- }/ V! N2 ~
% X* m. s' x% n$ M) _! s" B三台master节点通过 vip 192.168.90.100 代理访问
" b5 A# ^3 d+ Y* Y( {& E* g$ r8 O t4 ^9 Y: u( S& ]& [/ o
环境准备
% D- J( I. |: g: o# j& X+ T按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:5 F# t. p1 |6 c0 f
同步时间7 H; W$ _! C- S( A
设置时区选择亚洲上海
# \% F' t2 x) `
0 Y8 S$ w0 y0 ueric@server1:~$ sudo dpkg-reconfigure tzdata5 k6 p8 X2 T1 I
[sudo] password for eric:' P4 U. }2 P8 Z
; {- C( i( r8 D- f& Z# j
Current default time zone: 'Asia/Shanghai'
% s8 J# R) f* ~3 jLocal time is now: Mon Aug 9 23:05:09 CST 2021.
# t6 g+ e4 p5 H7 {7 x v QUniversal Time is now: Mon Aug 9 15:05:09 UTC 2021.
" M' ~* d+ a( H) X% J) M1$ d# X- ? T/ e n
28 | P/ x4 n9 [- G( M
31 ]9 I8 J: \1 c% u$ n0 }! m, ?
4( w+ o! t8 D& x
5
& l; O/ X" o/ c, @6
# C" |# W9 Q/ |# m5 y8 xeric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate
! L7 v* m' Z( {& L3 x9 [Reading package lists... Done
7 P0 S2 N9 c& k' `) h0 z2 }......! C p8 j1 p$ H8 l
eric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器)) a# m. F. b7 M4 R/ [2 d# j
9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec& g. g, y9 P. f* z1 Y
eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间
" n' }7 f, s$ P) Deric@server1:~$ date --查看确认时间
( e/ L6 x b. ]& n# }1 ?Mon Aug 9 23:06:49 CST 20210 ^3 I& I7 J. {, t: X
1
& V+ r/ P- G: j) |. }$ ]: ~" p28 Y2 L. \: ?5 p" h; {
3
# M0 R. E/ B) a* h* y+ _4$ @" r& K0 ]6 W5 q
5
) k" ]/ {7 k) U0 L$ z }9 N5 _65 J9 E- v3 g& A) @0 q! z+ c
7
/ ]% `: H* b& W- a6 B& b+ D8* l9 q! B1 V- z8 K" d" s3 U* @
配置IPVS5 B/ U8 |4 M& U; [/ o
7 V/ B+ ~" z- p" s- _6 e! \
eric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具
) n- T6 B, B5 v; Q+ I( C, rReading package lists... Done3 m- ?3 v% [1 ~7 e7 _
......
4 \; w0 M2 b) n/ g4 E Geric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块1 ~+ [, o$ u) g3 O3 t0 x7 {
eric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存
" B+ A' V" e1 b5 Y3 g7 Xmodprobe -- ip_vs0 Y& E0 i+ p9 C1 h$ Y
modprobe -- ip_vs_rr2 B( Z8 y2 x$ b1 c1 D) R
modprobe -- ip_vs_wrr/ w2 X9 h( |* g) p
modprobe -- ip_vs_sh
4 B0 {( \6 S+ O- I: D( @+ Omodprobe -- nf_conntrack_ipv4
0 |/ @ O- E ]# X2 C, k c/ X/ H ~ `- k) n
---切换root用户执行脚本否则报错
0 q" ~) ^( o, n# F, p/ f( p9 zroot@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
/ y7 N! l* i+ \+ t E1 P; `ip_vs_sh 16384 0
6 s& S6 N! V- z' I* Uip_vs_wrr 16384 0
% ?: c: K A- { Aip_vs_rr 16384 0, `4 Z" @8 i8 x8 A8 X5 [+ s" y
ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr9 V. |5 o! g2 o9 {9 F" Y* ~
nf_defrag_ipv6 20480 1 ip_vs
3 k* d/ c* H" G' [1 nnf_conntrack_ipv4 16384 4, D8 ]9 I0 ?3 J
nf_defrag_ipv4 16384 1 nf_conntrack_ipv46 X( S$ K. b4 o8 ?9 F
nf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs/ q" P# Q/ S: Q+ E3 |8 L9 D. J7 ^. b! C
libcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs44 n+ S) z: ~9 C9 C0 ?8 N4 x |) A
$ z( X2 ]. i9 G4 c2 R$ W9 Z" G
4 _7 t2 q2 C1 M; z! t( D
15 O# D& c: ^/ u. l
2
1 Y; ^, v$ m* S4 x# n' @/ Y U3
4 f2 w& u5 Y2 ^4
' |4 o. N J1 W9 i( G) g% |4 X59 Z% O3 ?5 b5 b. U
6" t% i3 \: |: F* w0 k1 O& K9 K; Z% @) s0 I
7
7 N' ]/ `3 ~! t* x ^$ F8, q. ?7 S. h- l4 U4 S
9
) w$ d: A# ^: j; O) d10
/ Z2 L0 z8 Z# _: b11
; x) t; b' a/ w% i' N" F12
. V1 @+ B3 Q$ c# c1 M13( j S/ c$ s, V, K5 e( l& c
14
# e4 `3 @; B# ~15
* _# {8 D( b4 R, X16( c! C3 r" T; x4 S. v' H% f9 u
17* e" ^ g/ G o& u1 Y3 _$ }" T+ `
18! K) S0 Q8 \1 r9 Q; @6 t& t! ~
19
& }1 T# ^7 M3 P) k ?20
+ N$ c. p: k5 ^9 w. e21' s! r4 Q4 T) I: L# h- `4 D7 o
225 U* u" J* N6 t! w
23, L; ]4 u8 @: A8 `3 e
配置内核参数
% q- Y* l$ c w" c9 B! H/ w1 @7 B
root@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数
+ k; N2 X+ M0 U H% B! dnet.bridge.bridge-nf-call-ip6tables = 1
' s$ X# v* N2 F4 V, n! k0 nnet.bridge.bridge-nf-call-iptables = 1$ s1 s8 E+ N! E, d' p# }6 o, D% f
net.ipv4.ip_nonlocal_bind = 1
% [! L: m1 B+ C7 G" ^6 @net.ipv4.ip_forward = 1
' p$ p9 {- @3 e$ Gvm.swappiness=0
; U; M( Y9 m6 T7 g! u0 t) Mroot@server1:/home/eric# sysctl --system ---应用参数
1 Q+ N( [' ?0 J$ T* Applying /etc/sysctl.d/10-console-messages.conf ...
: X3 y8 `+ v! r" Y5 e; O: d( Q' okernel.printk = 4 4 1 72 n( O6 a7 O9 D7 y* k& t) i8 G
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...4 w/ I7 X: n7 J; U+ z
net.ipv6.conf.all.use_tempaddr = 2
1 x% Z6 C; ]6 ]/ E8 G+ S/ f- |net.ipv6.conf.default.use_tempaddr = 2
6 K2 H3 W& K7 W* Applying /etc/sysctl.d/10-kernel-hardening.conf ...' F3 i1 a# [6 ?3 P5 j4 Z8 U
......
3 a% \! L, H( {, X) G2 L$ @8 v* Applying /etc/sysctl.d/k8s.conf ... --生效+ T# o; Y& n! u/ Q" t; C
net.bridge.bridge-nf-call-ip6tables = 1( F5 u2 _+ F( V# Q6 d% S
net.bridge.bridge-nf-call-iptables = 1
. g# A T/ E3 U* [0 unet.ipv4.ip_nonlocal_bind = 1
- K; S/ ^, g" B. ]net.ipv4.ip_forward = 1
8 p! ~, H$ B/ T; r7 s/ [vm.swappiness = 0
/ A1 n% z) c+ h- n: ]- D6 h7 T- i' V: u
1
4 a) ^9 v* D+ U& }0 v8 N2
1 s: {! Q( t V7 \- y9 V3, J, R& [7 h" \0 x
4
6 y/ T! h3 J: O* Q59 k' ^# w n" {" N
6
) W4 M1 Q7 `# b- r! u! p+ F7 T72 k R; Q3 H% a8 y: s* b5 X4 j8 [
8
5 b1 e! V* e# f8 q+ V4 C2 R) e9; w3 b% s& \% w1 t# |7 M$ K. a3 q& L2 J
10/ c- w$ b2 O9 O1 Z9 r. _
117 \! i3 Q( |8 Q2 }
12: ?5 }* V3 g% t# X; U) g
13
0 o! N. W: K1 i, P; z! M8 L# W' Y14
; s! X" a# J0 J15$ V6 b+ H& }% g. E9 D+ r& p
167 q1 S5 i9 Y5 {+ p# K% o* y# q6 p
17( j: a) e( [5 I. P1 b; ? q9 |
18
7 m# [6 E2 L7 L1 `# E197 R. B ~: _. g4 l c' \9 ~
20
: g+ i0 V1 y! Y. t. J修改 cloud.cfg( [, n9 y G6 @; }
8 C0 X( ~/ m ?% Xvi /etc/cloud/cloud.cfg- m' C% [- O0 `5 x$ B
# 该配置默认为 false,修改为 true 即可% v, e0 D' o) }" f: H3 b7 {8 r
preserve_hostname: true
* } `9 t; f1 t1
# x! a( ?4 p# M0 Y& [) |4 E' y2
6 n2 @2 X: z: R9 F# p, L% e% ?5 o6 [3
/ R- }; a" I' n d% a克隆虚拟机并分别配置ip和主机名
. |8 h1 _ d. q2 r9 D& {. i2 J3 N- O) C9 N1 n O. {$ q
hostnamectl set-hostname server1 --配置主机名命令
# e7 R2 c7 X& b1 a/ O+ a1
9 o$ P' ^# f2 Z6 K- Z) cip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效" m1 b( }- O5 {. A
: r9 T6 T' Y+ Y: R) J/ v& Y5 @eric@server1:~$ cat /etc/netplan/00-installer-config.yaml: z+ d# ?* [/ l, G
# This is the network config written by 'subiquity'7 {; b% W: z$ m
network:5 Q! D2 j9 h7 F. ] a0 \
ethernets:$ w$ P; M6 J5 d- h; ?' X
ens33:
: _0 G! s. d$ S5 o d2 ?& f/ u dhcp4: false9 _2 g4 W5 R6 G' Z/ {( u" o1 K; p" e" Z+ v
addresses: [192.168.90.32/24]; w5 W9 H$ `% R7 w7 L# x2 T3 G9 r
gateway4: 192.168.90.1. q1 L+ V7 A# n# @) q( ~9 @) C3 c3 [: E
nameservers:
7 c: M, a) z* t1 T addresses: [8.8.8.8]" M8 o+ }/ E9 ?! a
version: 2
. M- h9 ^/ D, r1. D* Q$ A! }% e4 Q9 T$ V: m1 @, Z
2
) R( x' [, l. w$ K6 i: _31 }* I; J% c3 a+ D& ]
4: I |4 @2 I3 C0 Y9 v3 g
51 Q4 U, i( x5 m3 O
6
- X3 w$ D& V7 q# C- l7
* l* Z# R; Z% f& ]/ H E) v8 Q D& ?8
2 Q; E+ [- N* T* B# ~9
) y5 ?, h9 i" c# D2 }9 b8 i10
+ Z; I* o" d5 M9 U& r r; p116 B. T, C" N. [" ]
高可用原理0 @' P6 ]( k( \( G4 I; F
Kubernetes Master 节点运行组件如下:
/ d0 O3 p- P; @+ c: Rkube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制! ~/ k- z+ W) }1 N
kube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上
3 e; P" r3 J8 t$ J) akube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等' U: S. x# N* P9 V; L/ p) X# \ V+ S
etcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)
, H2 t2 ^- m0 K+ u
, o. h/ u& C% F V& Q8 Gkube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。! d# p' L p* Q7 [( q
kube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件
. E% N/ i, R$ \配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:
) Z: l6 @0 j* W, G7 H2 ~Keepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)
) C4 a6 O/ Y. O+ f; K Y+ S" RHAProxy 监听 Keepalived VIP
' @; d: S6 N$ z运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点7 K+ U, [4 E6 \% b3 |* x8 b. ~
Keepalived 是一主多备运行模式,故至少需要两个 LB 节点; N5 ]9 z/ t# {* H# |2 S: |
Keepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用
! @( ^% Y1 s% I1 q% { p所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver)$ t! f3 ^# h* d/ x- Z8 M
* Q' ^! p. s: r- ~2 K
/ J, f ^: Q, S, Z4 p) h( M
% I. }, }1 v+ x$ G* W' d) t# v1 g3 A1 G安装HAProxy和Keepalived
% z$ X. [% N9 F+ X; Y; }! jHAproxy启动脚本
) z% M8 ?" u; [2 u# v1 W4 fmaster1节点创建HAproxy启动脚本,并设置执行权限
4 n- q# _& Z+ a* E
! q, q) P" ^- _& Fsudo mkdir -p /usr/local/kubernetes/lb* v0 l- o* T' F; y. w. b; v
sudo vi /usr/local/kubernetes/lb/start-haproxy.sh+ x$ o p) W6 n& Y3 z, q' F
5 Y9 ]: [$ c, [ W( v# C# 输入内容如下
6 Q9 m5 a6 L: F( ]4 F- n#!/bin/bash! }+ G" K/ E* V3 B, v
# 修改为你自己的 Master 地址+ {, }% N% m8 Q, c
MasterIP1=192.168.90.31
7 r2 ^. n5 c/ h* j: w6 c6 U3 n9 PMasterIP2=192.168.90.32
8 u% m9 q; d# V+ OMasterIP3=192.168.90.33 y% h4 p) {. ~4 ~2 p0 L
# 这是 kube-apiserver 默认端口,不用修改/ L# K* ^* S7 `, v) `* |
MasterPort=6443
% V. s3 u. ?+ ?% ]3 p* c
6 r7 V. n; A9 K9 e+ N% W# 容器将 HAProxy 的 6444 端口暴露出去
+ {1 D! q7 p: m/ V* b x9 {: Ldocker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \
+ [3 q0 A `7 f- ] -e MasterIP1=$MasterIP1 \
1 i+ r, @6 \0 e/ C$ U* v# R7 c9 o* f -e MasterIP2=$MasterIP2 \4 C, e9 e0 O9 P8 O; m
-e MasterIP3=$MasterIP3 \. x1 \# E6 u: P+ ?: Q+ p, E
-e MasterPort=$MasterPort \
# h) D6 s8 K& S5 h( z- a6 F7 ` wise2c/haproxy-k8s; }- @5 c, p( v9 K4 Q: Q
1 v2 v h) k1 w% p5 ^ r
# 设置权限
3 A8 w: s, F2 f0 S: c0 t0 f" bsudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh) ?4 l; x; m" [" |2 c
. ]0 V$ j1 N+ y0 _. T8 a, {1. z/ G2 c" S% x1 b
2- ~6 H4 g! k, y3 I1 n4 I q2 H( H
3
2 s* ]1 I6 p0 x7 D9 j4
2 g p7 M( t5 @2 D _/ g: X5
2 {! t! B0 x# B. W7 r$ W6/ l8 m9 U1 J& o* Z4 O! S) B! v
70 a2 ^+ b! s- d* |) U Q% ?
8! W, S# \4 l, Y4 t! k: V0 O: U
9! s2 J9 p: {6 D: E, ]
10' |/ \( A% f) u( O) J
11
5 A0 w- \; H) A( U2 ~, | Y3 K12
3 o9 x2 ] B; @13
; r) D4 c7 c1 `* H, r0 o0 f: `" A14* n+ |# g9 M! f+ C
15. ~) F! n8 y; @- f
16
. b3 V& A7 f1 \) i/ C: ^17! N7 a# ~/ `3 @+ n* x
185 w7 U0 i$ N/ Y& s( @5 n3 y
19
$ I: o6 V. l* {5 ]% d20) k0 E, r$ X w) U
21
j3 V. E! d/ D+ y5 M' H22
3 M4 X3 g$ i4 `/ |4 {( ]/ F) JKeepalived启动脚本
6 C& w$ o- g. v- Y: f5 L* Y" x! g7 Rmaster01节点增加 keepalived启动脚本,并添加执行权限如下:4 y3 I, d/ U, s' E
: {: V0 ]' r) M6 N6 J9 c" {* jsudo mkdir -p /usr/local/kubernetes/lb
5 v: Q0 F! k3 E( P9 K# }' ], m3 v. f, isudo vi /usr/local/kubernetes/lb/start-keepalived.sh$ |6 _7 ^4 z' _8 i- B
# 输入内容如下
. O3 c( E, q) ?+ d2 d$ h#!/bin/bash
) B8 g% J* S% N# 修改为你自己的虚拟 IP 地址) N9 P, j0 u+ e& k% ?
VIRTUAL_IP=192.168.90.100
% P% p6 _7 K. c5 q1 U- Y# J. }6 I# 虚拟网卡设备名2 x4 J' l# @( O$ Y% I& t5 X# H
INTERFACE=ens33
" C; h7 h6 @8 b# j# q3 i# 虚拟网卡的子网掩码
8 |6 g9 |" n9 Q1 gNETMASK_BIT=248 d0 ^6 Z Z9 [+ P% @( e) B
# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口5 R5 \ H2 y `! @7 ?# v9 W
CHECK_PORT=64448 n* ?) r& g% g& I8 n# n1 D
# 路由标识符
3 ~- i& [4 B2 m( S V: N" S4 E8 ^RID=10, @: K( _+ T; }+ @' z1 O8 I
# 虚拟路由标识符0 C' ]7 ^6 J5 }4 D( d
VRID=160/ r h) k6 Q' f) P
# IPV4 多播地址,默认 224.0.0.18 a7 r6 z! E6 W+ S: J
MCAST_GROUP=224.0.0.18: [2 w( m) ?" b. |$ Z, w
docker run -itd --restart=always --name=Keepalived-K8S \
5 t& u. { d. k+ } --net=host --cap-add=NET_ADMIN \8 @5 f; \7 h5 j0 C
-e VIRTUAL_IP=$VIRTUAL_IP \
& m( |/ E* E% ~ -e INTERFACE=$INTERFACE \
# H9 ]6 n/ k9 a/ D" M& J -e CHECK_PORT=$CHECK_PORT \
# |2 M: L: v* c [, R1 n% R -e RID=$RID \4 ~& ]5 u% _9 U% ~
-e VRID=$VRID \
) D) `* {. `6 |8 k K K -e NETMASK_BIT=$NETMASK_BIT \
% T3 ?; f4 P% g$ P1 }5 C -e MCAST_GROUP=$MCAST_GROUP \
- K7 z u1 w- J% Z) y+ E( w" S9 w1 I1 ^ wise2c/keepalived-k8s& j0 D; I; Q5 N* ^3 t+ K
# 设置权限
7 @3 O/ r. p Dsudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh
0 ]/ g% I0 S+ m0 y; s. |- u/ ~% f% q ~7 f T" W3 c7 O
1
. N+ b p9 c8 i- s6 V2& p' {( T: C/ o, U( R9 u8 L- p) Z. K
35 n$ X$ [- i' G F8 \2 X' [ ]
4
, I' @, k6 ?1 L" \5( U8 [ x/ W- j) ~1 E9 x
6
4 T5 l2 C# J. ^# N5 t7 M6 c" y& U8 L# W& x2 B
82 O, C# D' I" |# p8 _
9; B, ?& ~5 L! v" P E+ `
10
4 o# q( b. ~, R( E, h; Z: b# V11
: J' Z; }% ~4 H" a: S12
- G0 u6 Q( r: x. X13! T: X4 C4 t! @# L+ C
14
* ^4 K$ y9 @% Y: ~) J& }; D+ M9 F15/ X9 J+ @3 J( o6 j* M) U. d4 P1 E
16
1 y) `4 I0 u' T* G6 d% {, H8 d9 ]0 a17
' t7 L$ D$ t. H' C E% S) D$ o18
: ]0 ?% g/ A* t7 R2 H" m8 F19
% z; X' g; K% @: S' e: Y- q/ }209 \# n2 t8 R$ w1 J2 l
21# `) Q* C- z$ g
22
& @5 M, B7 d+ @* v2 L5 B" t1 M23
/ {3 r" q. L% T$ }! G24
3 N; U5 x% D/ T. L7 Z25% W: H! l) y) r
262 S! Q8 v* s4 g H: o6 N& X! B
27
2 ]6 y5 Y( |' D28
0 {3 n# Y( E% m" f" g& T29
9 L0 P7 K5 s* Y$ v30, S9 q2 X3 h/ G0 k/ r
复制脚本到其他两台master
~ A5 m4 ~3 d# x9 i" g32 和 33 创建 目录 ,并复制脚本文件命令如下7 z9 j' N$ e( e5 N* [: M
* V, Y! o8 h K+ ^4 m1 `3 ?, ?& F
sudo mkdir -p /usr/local/kubernetes/lb3 o# P" P( V7 N" O- O
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录0 S$ e H/ [9 B9 P% [) _
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric" V2 N: _! e6 s: U
eric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb
/ C! f: m- \" b8 M9 {' u4 f) b19 _) C# s1 b3 |: [2 Q: K5 {
2
o7 J9 o0 }( A4 ~5 k# v! M3
: y: h/ I% W; Y4
' {+ m9 v: k% ~) W3 H# u启动容器) c2 [/ ~9 w C2 \
三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像: `4 Y, C3 Z# q+ P
0 [6 T& z, z9 u5 ^" S) D* l% d
sudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh) n0 H# s/ b4 t; z$ t& E% S
1
9 B' F3 R: B, j; g检验容器- t2 G7 `7 R3 D( {, S2 k
三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:
' H6 g" v5 v" G- u; W0 } S2 P% L$ M/ B
root@server1:/home/eric# docker ps7 u3 h! h$ e, R0 g8 ?& ^2 N
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0 {. D$ x$ J1 t# J# Y
2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S7 _' t+ {# D- z. B- L
97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S
8 i. k! \0 U. B m% r* w1
# @$ M4 {* n: X! b8 r24 L3 x2 n& t* i( |4 C9 F
3
. y0 B: B$ S* |4 {# d4# j! x: f2 I% {; Z( W1 U. k! p+ [3 @
虚拟IP验证
2 _" X3 W( S$ o31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:
4 F! W" C0 B+ ~- N+ s8 a- ~* |( O- r6 X2 l! M8 g7 Q! ^& H
eric@server3:~$ ip a | grep ens33( `- {4 f6 j0 E) H( Y# z" I% k4 x/ B; N
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 10004 D0 e4 y: S; G# Y5 G
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens33
- Z% S5 J7 B7 \6 `* F& u inet 192.168.90.100/24 scope global secondary ens33
4 u* @7 ~: d7 F8 K( T' l1) D/ S; a- S0 I0 Y& p0 e# P* w5 h0 F/ A
2- o* C7 t2 v, v) n0 {# `) h
3
) U% T" s; X2 a2 h ^7 t4
3 Y5 ?2 v$ s5 g A2 ~6 r3 H& h部署K8S集群
" N- F4 N/ c( u, n创建工作目录并导出配置文件
6 x6 C8 C6 k" y: t6 v
7 f% d0 Y7 K, h" P6 t# 创建工作目录
& }& V+ y; K$ @: C6 d9 q8 S- ]) xsudo mkdir -p /usr/local/kubernetes/cluster9 i0 Q: c4 W) e* s+ k0 Q& U5 V
# 导出配置文件到工作目录9 F, a4 @4 m, [2 }- c
su root
$ L3 j$ `4 S _2 k9 @. a kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml, \$ n r% i& p2 n# W+ W
1
1 O# h% _" M3 E& ~. {2# v) i' d+ ~& O4 V( J3 O2 w
33 M8 T" f3 n [( ?" F8 l4 r. n
4
! y* Y1 ^" q) ?3 \+ ?5
2 R, e+ J2 K+ I修改配置文件6 @& k# ?8 b |
33节点修改kubeadm.yml 内容如下
d4 y0 T; e. U9 |) Z: }8 F& {
root@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml
1 ^2 n& q4 a# _apiVersion: kubeadm.k8s.io/v1beta1
7 F/ R: w2 v* c7 z j' l M) |bootstrapTokens:
& v3 O& q% L3 z- groups:+ V) K- H7 l6 Q1 ?
- system:bootstrappers:kubeadm:default-node-token
1 I6 P L4 }" }# V token: abcdef.0123456789abcdef
/ U9 ]# c( a# M3 ` ttl: 24h0m0s& d8 g+ t1 a* h! ^6 J( }
usages:
1 w+ A3 e @& X% F - signing
+ d- R# k% _; d - authentication& n2 X1 o9 a7 H6 e5 y" O* S2 @$ P9 ~
kind: InitConfiguration
v1 ~) T+ I, g; IlocalAPIEndpoint:
: a/ a* W- `+ g/ j6 `" l advertiseAddress: 192.168.90.33 #节点ip' x" A2 v8 V [/ k/ x
bindPort: 6443
4 x) h* c9 G; m4 i8 O/ e) _9 E# anodeRegistration:) C+ Y3 |6 M* ^/ z$ O0 P" R2 @
criSocket: /var/run/dockershim.sock5 ]; O) ] ^8 F0 h* Z2 ?9 Q
name: server16 \ {8 U" B7 y4 b5 T5 v9 v
taints:* {/ i- W8 e* t# L, D: F' H
- effect: NoSchedule" L. J! z. s0 }: O5 w3 t
key: node-role.kubernetes.io/master# Y* p4 ]6 D: u+ D; T$ H
---# c0 Q2 }8 `" D) S- V1 y
apiServer:3 Q# ?/ U- }( ?! j2 \/ x0 S
timeoutForControlPlane: 4m0s
; Y# f9 E* b+ \6 o+ eapiVersion: kubeadm.k8s.io/v1beta1
, l: D" K) M2 u' z3 W: H0 p3 r) DcertificatesDir: /etc/kubernetes/pki
( o, m) v% C7 P) H/ D: {clusterName: kubernetes
; E; v3 t9 V5 ~( n, DcontrolPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口
" P j# C0 s$ h" L5 n u" n) m3 dcontrollerManager: {}
4 |4 T6 [ x3 b: E: xdns:
, \) f8 a/ V, n type: CoreDNS
: y5 V$ D/ p7 n+ hetcd:& d$ Q. k! i, Q( l" I; W3 }7 y
local:
) p7 d3 u* Q+ U0 b" d dataDir: /var/lib/etcd! I, I v L, W8 G# k+ K; g
imageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库+ u9 h6 N7 f! M9 e: H
kind: ClusterConfiguration
2 k! O' T, `; q; s: x" wkubernetesVersion: v1.14.10 # 版本号
: q8 [2 B" k0 N1 N5 ^) p4 wnetworking:9 [: L; B- G3 \& I6 ^9 {: m
dnsDomain: cluster.local0 d3 ]$ c4 f# P/ n: u# q3 t
podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16
v. w0 \6 V( k% {3 x serviceSubnet: 10.96.0.0/12
" C4 ?, {& D# a7 A9 vscheduler: {}# r) E/ ?' \1 E- t4 y
---
. b! H8 m. Q3 J. ?" c4 e# 开启 IPVS 模式
( b& J7 `) K B1 ]apiVersion: kubeproxy.config.k8s.io/v1alpha1+ {, G8 _! \) R% f3 f2 D( k! z y' X
kind: KubeProxyConfiguration
( e' [' r$ g' D: |featureGates:+ R. n f$ z6 s" X- T
SupportIPVSProxyMode: true( p, k3 h2 e: g# z7 k. @/ J, {
mode: ipvs
) p/ c. Q" i) m2 j/ {$ u
" q7 [6 @0 K4 o1
5 ^9 K$ [7 T+ o: G: \2- p( t7 k8 Z2 a! I" [! I4 A6 Y1 \
3
( p1 R0 \0 ~+ @' ^% t I) K" {48 k- U, O5 R0 N" b8 W( l1 F
5
* z) M0 ?2 Y) O! w0 K& `63 i0 u* n& \& x( L7 h1 f# g
7+ f/ H; j" W% u/ [0 u) T& ]9 c
8. H9 X2 v( v) c& A2 v4 R6 K* }$ o
9( s& T& I* d+ C$ s/ P- z
10$ _* X) J4 E( W
11
7 M- q5 K& h6 G129 J8 D- |- I* ^/ ~& R/ \! @
13
5 P v1 E' j9 }% d' e14
, |* ]! a1 l" \3 @15
; e3 _% `; k* T4 Y ?16
8 w& h7 O/ B- N+ {17/ I6 b/ @2 U7 k9 z4 q
185 r' y6 X; P& F" Q; m
19
1 `; o. @0 `+ \! Y/ U20
% _' h7 l0 ^# Y, Y: v: ^21
& ~# C3 m/ F$ G. A1 `5 ?4 {229 Z4 d9 y5 t; _( R
23
, |3 C* D6 d4 B: C2 z$ u24) C* M5 H( e, K b1 s! N
256 l1 b4 L$ H: Z4 W) Z6 H; ^
26, _' E4 W' M2 V- m* w9 p! l
27
, q) s& G$ ?& W3 h28. T# A& d" s9 W& V- d
29
1 Z3 k2 g! o1 m# r30
+ d7 U5 k$ Q; L: ~$ i31
" i8 u5 x8 d8 b7 }1 k# G322 |% n; ?* v" b( @" j! |. B+ U
33, I Q' W/ `& h0 x4 J: D* f4 Y
34
9 h! h$ I0 N& b. b( x35% g( s! ]3 E6 E4 P) h/ X
36* g A2 t5 k7 i! u. P( L9 m
372 V9 p9 D1 |! j5 i* m0 V1 F
381 t0 B& l' T) [7 a
39
/ `$ M4 r0 G& V' S# Q+ r- q! D. u40
: y( Y( {: Y+ A412 q- k1 Q h$ O1 A
425 I% W. R- S0 ]( ^
43
; Z# b2 r& |8 h; H. l( {1 p44
- m- t) r! ]6 f/ ~45
/ o+ y0 ~, L3 ~. A7 W1 G, b" a, f46* G5 B0 }( y) w* i4 E' V
47
9 D4 R$ Q a9 D7 F48
t& `# u# t" {4 V% x. H, ~! skubeadm 初始化master0 B) U$ q P& }0 s' B4 G# N
# J/ t4 z$ I8 s, k$ Z' l% s* I
kubeadm 初始化
" a6 B: w# }6 W8 V1 |. |- Q! c
6 D" k- T0 H# i6 r( Y6 j% {root@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log
2 [# K y+ f5 k+ n6 o......! v' U* P' X) ^1 T* j, g( d
Your Kubernetes control-plane has initialized successfully!$ w( R3 ^/ t. |* |( K
% t$ z# D- Z0 G z3 s# U( FTo start using your cluster, you need to run the following as a regular user: N5 I: I' W4 F
7 k( _. e7 V- f8 f& z1 n; f
mkdir -p $HOME/.kube
" U7 j1 M! Q X- ?. @4 g sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config( L5 A* W7 Q. V. ]4 x c$ |+ {- t
sudo chown $(id -u):$(id -g) $HOME/.kube/config0 \2 F4 b2 D; z; k4 q. u5 U6 g. d
3 O3 B2 l0 N8 j. `- [0 w
You should now deploy a pod network to the cluster.' r( G" ]6 p. q$ |1 u* i
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:# [/ Z! |* X0 w; |1 W
https://kubernetes.io/docs/conce ... inistration/addons/7 t5 I& V% ] J5 K3 k
! E+ @. v' J" O9 }
You can now join any number of the control-plane node running the following command on each as root:
! U7 A1 r- \. Y b' ]! z6 E, C% r& e% ?" a; _5 N9 O
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
" f0 Y: o9 b" E1 z+ |( S --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
/ b- r! v' K4 W --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
* Z; Y2 O5 ]/ V u) Y
5 c* i1 L; q* V- D7 v9 pPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!
5 y$ F1 v. F0 S8 ^( j [/ [8 SAs a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use( T3 \3 m$ _& l) X
"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward.
e# n/ H5 z6 ~! e6 U, e1 }3 r" Z- s. ?
Then you can join any number of worker nodes by running the following on each as root:( V9 X! }; A, f% K( ?) L3 [
; s! J4 _/ F7 Z9 G
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \) q( A6 ~7 |" e# m; ?! M
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e
- A( u- |4 e! D0 E7 c. S Y# m
/ U$ b: C+ s" F/ N4 P1 {1+ W. b( L" J' |/ s+ e& Z
2
' G" \; {% I4 |3; D, I& f0 d# W- m8 e
4, T1 [; {% ?+ W0 @9 s
5
5 O2 O" i7 T7 S0 n6
- ]$ p7 `3 f+ q- S7
3 _' P9 Z( P' _, J }! T& _( k8
4 Q$ G. L: u9 l2 v9
$ g/ }2 N5 ^0 Z100 Z2 v: q7 J2 U3 q
11+ k* U8 t( f: c( q( {$ a
12
x4 m: X7 C; ?! e a' M6 W& C131 E1 L/ x. x( k
14( ^ D; g2 v ` B
15
7 W. \3 f2 ^- B- u16
4 y+ f) I2 Y9 b8 `173 W. `/ h# B7 R& r
18
" V$ I( I6 A- m7 D+ h19
: O0 ^2 I) S/ z% M9 U. e20
, N' R2 K5 @" C& ~21
) c+ d) p+ n9 K22) ?* ^" N& k/ B
230 l# y5 q. N& R
24
, v( I# W3 w4 L; c, V25: B' P. C5 N% T. K3 {
26
" W& x; L' x T: p. ~7 F27
6 s9 d1 b) q4 J. ]" B28
# Z/ E" ?' A1 y: C" z' Q3 J根据日志输出,切换到普通用户eric执行以下命令( x' u& [' T7 o# e7 j2 C
& ~1 U' q7 D1 E$ \root@server3:/usr/local/kubernetes/cluster# su eric2 f& P1 \; o% d5 I: C/ L5 k; C, Z; r
eric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube
& t7 K. s# P4 \# t3 `5 d( keric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
, I4 q: F$ d; N- O4 Q4 x/ veric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config4 O) H9 \5 k4 u5 S- l8 G
1
8 K* B: f# r" I. A* a h) R2" y4 ?7 p- f! l, m" R+ [
3
3 F/ s: c9 |6 z* G% W' d4
3 o, L: y- s6 P验证是否成功0 b: x. b/ y, I$ H% D
eric@server3:/usr/local/kubernetes/cluster$ kubectl get node4 Z' y2 k5 n6 A# b8 ?9 V% q4 H
NAME STATUS ROLES AGE VERSION! l) C4 q' T& x$ a3 }) ^5 T& m; ~) K3 t
server3 NotReady master 4m11s v1.14.10
2 M+ c1 I7 A1 {4 V. _3 q1
0 A [4 \; c# Z/ x2
# q- k1 I* s& O9 M. U! [3: v% i; N1 z2 }2 p: ^8 Q
安装网络插件
# G3 Y$ z4 N' m' K1 z* Y1 | W$ w% R+ X
eric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml
5 C2 F4 u) x" c: g1 {5 [# econfigmap/calico-config created
+ S2 E+ V: N x* |+ U$ e......
* _8 W3 w! O' Z& y: [ vserviceaccount/calico-node created
; A0 e; D% y9 I( Y3 odeployment.extensions/calico-kube-controllers created, I& n H1 {$ r$ K/ R' E
serviceaccount/calico-kube-controllers created% K. s- P5 u3 J; M
1' j8 M& a6 U+ j9 c$ l5 O5 Z8 ~9 K* `
2
8 w0 _* ]! C: @9 U3
+ g, r, u& `+ ^4
7 c; h& T5 E9 v2 a. K3 z5
, d6 z# `: O! Y( F# y+ L6
! f( W, x+ a8 G" O6 d4 U9 E l# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态6 }2 I3 N# f2 k1 v( U
watch kubectl get pods --all-namespaces
& L1 i" R" c* qkube-system kube-scheduler-server3 1/1 Running 0 34m
8 j) v% s3 T, b4 g( GEvery 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 2021
& P/ n9 g" M" B" c! XNAMESPACE NAME READY STATUS RESTARTS AGE
2 X( f7 a$ \8 f; ^# n' R$ @9 v1 kkube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m* d" Q; R4 Y9 u% t% u, x
kube-system calico-node-sb2kb 1/1 Running 0 64m
1 e6 I; P L4 wkube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m) q# r" v2 K. z# f; {9 F
kube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m
9 Q) l1 Z ^3 {7 t/ Qkube-system etcd-server3 1/1 Running 0 65m" W. L) F( d# p) s
kube-system kube-apiserver-server3 1/1 Running 0 65m- u' ], k* d5 R3 O u& L% q7 c' [
kube-system kube-controller-manager-server3 1/1 Running 0 65m6 x. t1 R! N! K- y8 E
kube-system kube-proxy-q42pg 1/1 Running 0 66m0 b' a0 T/ _8 I- x
kube-system kube-scheduler-server3 1/1 Running 0 65m8 K9 j2 X# C- R b5 {# z4 X* [( n
1
/ N4 W; |7 r3 o25 ?" K7 P' A. o; q# e) R
3 E+ x5 k9 n+ o W6 Q, g! q3 A
4
( |* q9 f$ `: [) Q: f5
* m( ~! u7 k2 ]3 u: q3 E64 e) k8 h a7 y
77 T8 B- f% [. `
8& J2 E' m: s# x( X2 m1 n6 _' M
9 K% U" u3 t5 U! o, e
10
4 _9 ]0 ^0 s: u, b, l9 R; p112 u" w5 G! K$ A
12$ S0 s% ?$ |% U' u
13( k8 Y+ l7 ~, G
14
$ f! h; v9 k/ d# x# D2 M! U/ s+ u加入mater节点: M S; L/ d" Z- n6 l# Z3 {( j
31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。5 w- {5 ?1 q" s: J
注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数; |0 f5 a/ N) N/ |" ~& ? C- R" [2 F. p
+ ~: J; O( P C: C
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
' c' f! f2 ]' S% G) y9 l --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
: r) C- b# J7 E --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
- Q& ~ x! a" y* o( v/ }
Y7 s% u2 A4 |2 m; O8 w) X.....
5 u: x) u- S* I4 ^2 }9 l$ I4 T[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
+ K; x) I. `6 h[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]& d) A9 Z; o& w2 a3 |
, x: V- [6 }/ w% L5 F# V2 J
This node has joined the cluster and a new control plane instance was created:
, a* @9 V; l5 a8 W4 _/ [. o8 M: b5 }3 m( L
* Certificate signing request was sent to apiserver and approval was received.: Z7 V, a# D% ]( S$ k4 @
* The Kubelet was informed of the new secure connection details.
9 v5 ]6 g0 V# z/ i* Control plane (master) label and taint were applied to the new node.7 f4 Z* i) \0 o' @6 \* b# B+ m
* The Kubernetes control plane instances scaled up." q$ U V/ c3 U5 d) j9 W [/ i
* A new etcd member was added to the local/stacked etcd cluster.: _& ^- p" N6 X2 f& B- v2 S# \
* l* { f3 |* t
To start administering your cluster from this node, you need to run the following as a regular user:& K$ r& W b5 X# J8 m
6 x4 B" s6 I. K1 m( S2 \1 S
mkdir -p $HOME/.kube4 [& X$ e& ~4 {9 Q E% e/ t
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ R/ ]# |+ C1 l3 D; t' W% x3 F i2 w2 ? sudo chown $(id -u):$(id -g) $HOME/.kube/config
# f4 A* J" x* t8 C3 P7 N2 H, P; G# D _- M
Run 'kubectl get nodes' to see this node join the cluster.
8 c8 x; K0 ]; c' }9 m$ k
8 h0 g* j% z" Y; Z; c/ c& x* j" l1# T$ @8 }2 v5 r; [6 E
2+ s8 p6 l: f- o1 a, Q
3% R& }. p: ? O( d1 G. \
4
w# I# k* ]$ t/ T" R4 K5/ M. Q0 M/ k7 d( P8 h4 i: ~* }% d2 |
6
1 Y8 i, s8 `$ y5 I! o$ U7
2 s) J i. u: e2 E0 P* E8
+ b' ~; h; ^0 N) o9 ~+ {' W9
0 u* y. v$ M7 p4 ]' l2 a10
9 f! Z3 |3 X( a5 c2 S3 _11
1 F& q0 |7 a+ k. I9 ?6 U! H123 E+ u' J$ v( i: m: _
13( ]- ~4 w5 }- R' X# v
14+ [# S; G4 I( z+ v) X3 H( _! L3 {- G
15
# [3 ?& a9 [! E( }, g: E16
( m, V2 }2 |5 ]/ A4 N! e: ^4 j17
+ `) z5 d+ h5 D$ l+ ^18
7 X1 m2 b9 a D19
. |, u! O3 j( `0 b6 @20
7 ~6 U7 {4 @) R7 a) B, K21# c9 z, Y& q6 [) G" q
22( Z: H! O' V) [3 ^1 b, [# p: }! k
23
4 l6 d$ V% |/ c按照上述日志,执行配置命令:+ m X0 [) ]% S
) ?* H! F) r4 l3 p/ _! n5 {
root@server1:/home/eric# su eric
! `) N+ R# g6 K% J# I) y0 g; teric@server1:~$ mkdir -p $HOME/.kube
! J8 y) Q. ~8 s+ {& `eric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config( M+ q$ X% O' G ?% E
[sudo] password for eric:9 l, p3 T! k" `0 z
eric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
, y; J m9 U9 [1
/ j: O' [% l2 e9 g/ e0 A2& B8 I4 `* @1 a
3$ _) \$ v, w$ W6 X$ _' [# f
4+ }, m5 M) _+ B5 S! u
5
1 n6 H# U: q0 L0 m4 ]加入node节点: w8 G- W$ |1 G4 d: F5 S( _
三个从节点分别执行以下命令,加入集群
- p& ^' A* ~+ b5 d, h初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。# t6 d' O$ _) J( |7 K+ C7 l
/ `( e) q& a9 r
root@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \ o0 _% k9 B9 g3 x; Q
> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d051" P) e6 X, a4 x% @6 W0 E: J9 }
[preflight] Running pre-flight checks2 Z' R. Z5 @* O- G$ b% \. M
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
V3 x5 N* N2 X6 {$ F) }7 y [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09
! n7 ` R1 Y# O2 m9 c1 z$ q7 z[preflight] Reading configuration from the cluster...
Y5 I; \4 ^6 }! I) z' U[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
# b" m( {1 O# w7 t3 i[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace, c& t+ ~9 ~2 @- J8 J; E; ]9 [
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"8 j, Z( Q2 R. `- i: D+ \+ H9 t L, g
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
! {' y$ {4 M4 f: |7 j0 {* |: x[kubelet-start] Activating the kubelet service
4 b. K5 d, m. x; i[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
0 Z& P$ U( u/ m Y: X/ b; k
% T: D" I. ^) h% g! o, P' OThis node has joined the cluster:1 \$ z, ]. u) p; V) t* C
* Certificate signing request was sent to apiserver and a response was received.# v! b4 x9 A6 y, e; ^' N* i
* The Kubelet was informed of the new secure connection details. |6 I6 @- y1 F6 I; z6 P+ t1 W
# `" { ~' |3 M! |4 R! |0 {
Run 'kubectl get nodes' on the control-plane to see this node join the cluster. O" l5 o* z0 U; Y" O' `+ _
2 k& k" b- Q( Q6 P3 w9 D1, y: W. W/ s/ g' y
2
0 j. _5 ~; H% |3. ^, i( m# ?2 f6 x; o) k& t
4
+ y% M a. S' d5
! e; L4 Y4 i- g7 G5 r0 U3 a6
$ x8 H# `1 z& m2 i5 m# I% V4 R78 E' T' j* C$ v; w, [. ~
8
9 [6 H& O+ W5 B2 e. y* d9, _) b* @& N, s
101 ~& ^2 b8 y' D/ y* K
11# ?. r) [% `& _# B7 L6 o/ C, V% Q1 }
12% O4 V E# r3 Y K8 k" _
13* j* S% j8 i" t' y) A
143 ^0 s- k$ e+ R3 n4 C
15
9 \- Z9 n7 L: C9 Q+ Q3 A3 D16
6 i" j' ^5 |* V# W3 [0 K; K17
+ H p9 C7 Z' q$ n, Y' N* N; J7 _+ W189 O0 F: i6 C' @/ Q
验证集群状态$ q* l8 h# E& F: c# c
master节点执行如下命令验证集群状态6 A" j% h0 k) B" E: O+ G+ k: T
6 F! z; ~# E5 ]% h& Z' aeric@server1:~$ kubectl get nodes --查看节点
3 K; d% k, f$ R `NAME STATUS ROLES AGE VERSION5 h8 i; x T) B8 S6 _2 {0 |
server1 Ready master 7m35s v1.14.10* s' D/ o R* n" J
server2 Ready master 7m22s v1.14.10
* k$ Q0 B3 r! h8 Xserver3 Ready master 85m v1.14.10) V0 s9 {$ ?0 W0 g" G8 p
server4 NotReady <none> 43s v1.14.10
: Y$ x" |+ m& n o0 rserver5 NotReady <none> 42s v1.14.10
' ?8 d7 p; f1 K( k' Yserver6 NotReady <none> 41s v1.14.10
7 B% y' w9 w' y" U X% geric@server1:~$ kubectl get nodes -o wide --查看节点
( ^( I! j% O# n3 n1 g5 ENAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
& v) W9 M4 f2 k$ B, ]server1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
& L+ F- q! i/ {8 M6 oserver2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.85 U2 D; Z! p% X8 O1 G
server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
9 ]! ]7 U; B9 Xserver4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.84 I9 q7 a9 [7 A
server5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.83 D: N; F7 ?. n N |: _% A
server6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
% h* s4 O2 U7 c9 D- r* ~eric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod# R* B0 M( h+ u2 j1 x5 C/ Q b
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES! x% x1 H" R( J0 v8 b
calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>
; m7 B. P0 b% B' H7 t1 n' b! ?calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>8 u$ A- e5 a/ b- c5 |( J& H
calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>
3 }* B7 J- n' U( p. [calico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>& S- s& W3 t- {: n' Y d' G
calico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>6 \$ B' K, ^! V) a5 i. v
calico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
- W' W# _2 g f0 C+ mcalico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>
" m [/ x2 }" M" @, i4 N9 [coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>
, J6 A" i2 I0 q2 v: Y2 Ycoredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>
' m: ~) `- n4 [: T# T5 d: Aetcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none># ^' F) n4 j2 U0 b$ K3 R" y
etcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>
1 }% ~6 D6 s) n, F* c( Ketcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
5 l& w5 _3 s% a+ R$ `; z& T5 _kube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
- N* Z. U$ c& G* J$ }& }1 Q( o1 s8 Qkube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>: ~ I- E' x* t( a: b8 ^2 F8 f8 M$ K& y
kube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
( L) }3 z& d* V3 Z2 Dkube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>- @1 f7 I" x; O% }, L
kube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>9 M0 ?; b7 J0 B: B1 j" _4 X
kube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>6 ]4 S3 F' j& }2 G Y
kube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
$ k, m6 F( y, S) c/ [+ Vkube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>
1 ^% w1 W( N+ okube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>
9 Y% G4 c' J6 _- nkube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>$ Y% X5 `) X; N# a
kube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
. N. U$ a- ~$ G9 u; P2 ?kube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>
/ n9 Y' ~3 [; ?& j8 s1 Rkube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
, q! }5 V. G* Y7 W( dkube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
- |7 h K$ `8 K; n" ?kube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
5 B$ [2 i* S9 o/ R5 beric@server1:~$ kubectl -n kube-system get svc --查看服务
3 X+ _! r/ f& JNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
" ~0 q- l0 w5 g. t3 g2 Nkube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m% z1 J* e$ w& A8 s6 p# z/ i+ f
: u; S: {, n9 X
eric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态" q% s/ ?- C$ p+ U: |0 ]! j7 j% {3 W. Y
> --endpoints=https://192.168.141.150:2379 \7 j* X3 `( s" @# Z( x
> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \
2 m& S( k$ L8 w8 R: v- d> --cert-file=/etc/kubernetes/pki/etcd/server.crt \$ L3 R/ `& m! W- ]/ J
> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health) {' E7 \6 q2 @2 m% G. t8 d1 \
Error from server (NotFound): pods "etcd-kubernetes-master-01" not found4 `! \) L- m" A/ a5 _8 t# X
eric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
9 B% |) C$ }/ a8 ]( v: y0 x) E+ Nmember 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:2379: n D* p+ |6 T) s% p+ V v! ]* V$ {
member 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:2379) q1 K! ~0 U! j: N' Z, ?' m8 g
member 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:2379# ~* o" }8 [9 c$ Y: @
cluster is healthy
. `+ Q& J0 ?; |5 I+ S2 Y9 K1 U
1 X1 H7 T: l& l* O& @) _1
8 t8 ]1 U7 X2 U# s% V9 k% L2
" s) N3 p" y9 H! Y, {3
9 D' x3 T3 @# \! C5 ?4, S4 h; S7 j9 u7 J5 i
5
5 s- B% o/ W6 O3 P6; ? X5 y7 O! y" ]* F
7
8 H+ v/ r& Z3 i' A' O+ B7 [' w5 l0 l84 J8 V' @ \8 \6 C/ m7 L8 P! O
9: N! ]8 @8 A( J2 v+ H
10
, ^; }5 F' J# K4 f, U112 V$ o! M, q, V9 L! c
12; [ d: _7 \/ g8 M) g; c6 M0 n! Q' ]3 @1 T
13$ R% [) Q, O5 Z: V; d/ W+ I! x
14 L5 n* b& ~! p! j
15
$ a2 w d T( q' E161 N% G. p8 Z! k0 ?% L z' s1 M
17
6 _. O& P. w+ i( u183 Q8 s* J$ A' ~2 r- c8 J
19 w8 o4 l0 v: u0 T1 H2 \
20 O8 ^. z( q9 I* b# d+ E5 Y: ?7 }5 g
217 Y* P; N! v Z( v8 }. r5 n6 }; u
225 y9 p: g- P* F g9 b- D
23
7 s+ b7 M# `5 v* g" F, [ i243 c+ ?/ M2 Q h
250 A8 @) _ }, h H/ z! \) Y
265 [" V' l% D4 ]6 C9 e4 r* M3 C& E3 j0 I
27
! t# L* y2 n6 h' a28
5 M4 K" y( s1 r" x0 s29! i8 }2 w+ d& w! ^9 c0 L
302 ?0 p( X! `: t
31
" v% O9 ] y9 V/ J* g* w9 Q32
* ?) B, p E& C/ B33
5 x0 r9 }/ e/ g! ^& k0 d3 h347 W! a* s2 @, u- O: a! n/ I
35- g! `( M$ O1 z/ v, X% V9 \+ v
368 S9 r% p4 b* Z' z# P
37% G- B1 W- D% P
38! Z5 h' @6 y$ `7 c+ o
39
7 ?: h& F( W& v& m$ ^40
. A4 }' H6 O# n* C+ i413 U5 z' g) \6 W: [: g( y ?
42
W' Y) R+ J0 G43
" x2 M' U6 B4 S! Y44
$ F5 d8 o! f$ P; q8 k% H45) d8 L3 T8 K$ U7 p! B, `; w! K
46
) }$ q/ f) O$ M! ~% n47
$ G$ N6 ]. q7 h. b% }489 O3 W; O5 s; N, Q5 ^ q1 X
494 ?# j! j* F& q
500 Z/ [) `! G6 o0 ]! E$ }
51
' L0 x4 k: ]7 T! J$ y, g0 o52
- S' u7 ]% A% ?# c$ I) W53- s+ d; v! Y9 f" L* S' c+ f6 a/ P5 J
54$ i- n+ N& [0 z$ J
55
4 f7 K; R) |( M+ e' Y56/ ?9 E& I" M. a) V. |2 n
57
$ I) W( K" H* w# M$ o6 @ c58
. ~% B" R Y: M# t& ^59; Y# `4 z2 ]* \8 J9 C& @$ Z" x: p
60
9 ~0 @4 |8 w/ j7 C2 l验证高可用
( l( x+ d/ b- N' ]Keepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题$ `- f: _: o( w8 z- q; ?
开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机,; B& P3 p; w2 g
& p( y$ v0 n8 s
shutdown -h now --关机8 k$ W* F& l' r% k+ h0 U
1/ L: r7 o4 N, [# n
通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点0 t% p6 g" J- Q6 P
$ [, b1 b* {) i# S" r" [eric@server2:~$ ip a|grep ens: @$ E/ j2 v h6 w9 Y# \8 L
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 B( X7 D+ {. n# `0 ]- z Q
inet 192.168.90.32/24 brd 192.168.90.255 scope global ens33
$ u6 ` ?6 s$ |( b inet 192.168.90.100/24 scope global secondary ens33
) b9 A8 D" b' z6 o/ {6 u1 {$ }1) V4 T" w( I) w0 I- d5 W
2
" S* E1 m3 s8 W- [3
: j4 P5 ]+ m% C3 F# X4
/ ?$ w7 N6 ?9 e2 o- A- u0 f这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:" {9 ~: M( T. {6 M4 |* A5 [# @
: {" A% }5 |& t7 y" }! R7 {- feric@server1:~$ kubectl get nodes -o wide
; V: ?4 h0 S: ]: [& E9 JNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
& V1 [0 k7 k0 x: A# \# `server1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8( W) h- L/ J$ D1 W) x& j8 x% h
server2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
& o% Q& ^" r0 f" H6 Q8 G$ E4 iserver3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8 ?5 t7 G' @- Q8 B7 M5 M8 B
server4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
% _' \& W* B5 r" |0 H7 K* Rserver5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
; T* m0 }5 U* N ~( Pserver6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
* b! y! l; J# C/ T% d$ W! g3 N12 f' h; G- K1 G
2$ h8 h4 |0 o, m' I. J
3
7 S! u5 I" Q" [0 ^7 m41 E+ X' ?& n- K3 t% K9 J% x$ Z
5. a1 V% n& b0 b6 t
6
9 r8 |/ ]6 g2 p! I- e8 e2 @76 V- O+ ]- Z1 c9 H0 y
8+ i r5 C9 }: q
配置运行nginx容器& g. D2 K: S* c0 }% q; I, ?9 S
部署deployment4 Q T# O- l& D' u6 Q. C
创建 配置文件nginx-deployment.yaml如下:
) \+ k/ {7 o3 _7 ~: S* J
9 p+ ^- O$ N% r. s# L8 _; w: M( yeric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml' i* y' f' u! }% c7 ~& ^
# API 版本号$ P E7 g) G- D8 U% U
apiVersion: extensions/v1beta1- b2 E) c% ?: n6 B6 \2 w( y2 Z
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
: P8 S/ m+ A( U9 ~kind: Deployment, N# j) u) E- \+ E9 c# z9 H
# 元数据# ?3 c( E) l8 {( d! E# i
metadata:
+ m8 F' B6 D# U' u# y # Kind 的名称
6 O1 G9 m1 k6 w( k6 b; o name: nginx-app
* n) C" A6 C5 D; s. q" @. }0 {spec:
3 e3 {* f* I$ B; j6 b # 部署的实例数量" C! q% C0 @: z. G* v* @& k4 Z/ B
replicas: 2
3 K+ w7 V1 L1 e9 g' A, s) | template:
2 s! \: ?; x+ M metadata:& ^3 A0 ]; E$ O$ E3 {" f
labels:
1 x9 D0 r7 u5 d2 {& y1 I # 容器标签的名字,发布 Service 时,selector 需要和这里对应) T; {$ N4 F" L3 g" ]$ t
name: nginx
$ w9 }+ `* Z b$ W0 d8 Y7 ^ spec:8 u2 y3 a5 [1 c7 H1 _
# 配置容器,数组类型,说明可以配置多个容器
8 f2 `4 \( y8 c: T7 }% c! M containers:
& e$ @2 E \" z* Z* W # 容器名称
d x! w9 z8 `9 L" \# q0 T - name: nginx
/ _0 @/ ^( W+ n5 X; F% L # 容器镜像: R& \' `2 w% X/ m) T
image: nginx# g, d7 V! E/ `' u1 Y* D. ?3 R. p; _
# 暴露端口
1 r' _: G- y; s ports:+ ~ ?, @; M1 r
# Pod 端口9 j4 \: j5 i: Q9 b
- containerPort: 80
% I: J c# O2 B7 N& M! `3 c" H
. w: l" P- y8 k* q* @. k12 C& a4 _+ |$ c" j, Z% @
2" z8 M9 l' N' r( K
32 n) }7 o! J" H) V! A7 n
4
2 r+ `; c. E, y5
) ^3 L! T! L* G) c! x, { X6/ a; q" H' g. a, d0 U
7/ P$ S3 \& K' ~/ p$ T8 y3 Q: _7 t- s
8' _; X, B9 z4 y8 l+ T5 s
95 J9 Z( `1 i1 F9 S+ i" J" A- k
10
' M* }) j* d; P; D6 @) C0 K& g8 `11
) ]0 L J) U: w+ M9 M% G3 H12; N# p3 j9 v9 s; k6 Z) c: Y
13- V" y7 a$ {3 N+ Q9 X
14% A- F% W7 G3 L" w) w
15+ P) B& y- h8 V# @0 V
16 p1 p0 ~3 |/ q( L
17( j' q( k6 w, z3 o T# L- T
18$ N, O! [1 B6 e9 l* L4 y6 F
19
. C3 `8 `- l4 |, C20/ R" d( V& c, X1 L2 l: f) F
219 P, {: T- o+ G/ J2 c
22
# v1 L' v& ]4 k! Q23* |. D, x, ?! m* R0 m( O. P+ }
24! }. D6 c: v& D
25
7 X9 y k5 ]4 B& s266 U1 w/ i4 r7 e! [1 O% w
27& S4 y$ z5 ?. f( u: {( B
28
; v0 ~; h8 I) ~% Q' C6 V' ]添加部署
) J+ H+ c1 h" G# x/ ^; ~3 u3 n% U6 Q. f# r/ Q
eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml
* p4 r! q# N* g! c7 Zdeployment.extensions/nginx-app created" D& w; l, o1 G- p4 w- }0 w0 R" ?
14 a) R# P* s, I6 Y* \; V
2 ]7 }4 d4 L9 S: H3 u
删除部署命令
5 e" Q1 r5 n9 E9 j$ n; A$ {4 g9 k/ m
kubectl delete -f nginx-deployment.yml A: E% i4 e; S9 } E5 Q
1
' ^" g x' j7 p/ m) a8 `. Y# {发布service- s1 ?; r' z5 U' I" a3 _( h6 S$ ]" U
nginx-service.yml配置文件如下:
+ g2 J; s7 @6 Q6 I1 I0 z9 F$ }8 T0 A7 D# \
# API 版本号+ ]) [' S# \: D4 K" s- I
apiVersion: v1
+ o, v X* \' p8 l% }8 X) b d# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
, q5 R; L. p( n, H/ q1 u; {kind: Service
F2 U3 p4 q, \$ Y6 `# 元数据
, w5 t W% U& A# `, T$ V/ A& [6 w' @metadata:
/ e. R. b: c/ Z" Q # Kind 的名称
$ ? q0 N+ a& u name: nginx-http! o5 Q5 \$ n( b/ w* y3 X/ W [
spec:
6 r: n, C: X0 N/ a2 w6 g # 暴露端口
D3 j& u: H, V9 l$ u8 ? ports:3 G6 a$ ?9 R5 J3 n
## Service 暴露的端口8 m$ p* G% b+ a- l
- port: 80; G, `6 y/ ?3 a6 H. [/ V9 ~
## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上3 Z9 Y' S, [+ w3 z3 K
targetPort: 80
* f$ O8 z9 ^. [' S # 类型7 c& M. ~+ Q( P- F1 d" f# P! W
type: LoadBalancer
6 k- O) [* e; H* g4 d # 标签选择器
7 A/ Y5 v: T0 w' ]! o selector:/ y; J* S8 P7 o' L, I& y
# 需要和上面部署的 Deployment 标签名对应
- E- n0 L1 v$ S2 O# A. P% m name: nginx
) e$ J+ k4 Z( A" k' Q, g( |3 S: Y2 ?. B$ N' B
1. ]( o/ q7 D, F: E' g7 ]6 e1 k
2& i" a2 r. `8 b- h
3
9 P$ ]5 h+ }7 R4
; |! L. @' k* ?5! B! v; s' ~. l4 T
64 U; T/ k' ?$ s! W5 v% |* s
7
# A/ o, k- j2 b8 }) _4 G( O8# b3 {9 A8 o7 u/ }% w
9& w* q, n S O# @4 f' l2 n
10
" w( ^! N" Y/ c& E119 c0 j8 C+ ~5 C, U
12
, a4 {" W8 }5 ] @% E13
# f1 H$ \ K4 ?. O% {2 M0 C14& t* n) B# |+ P5 \8 w
15
+ ~, c; A3 E0 ^! w16 q# I% M# y0 O7 \
17! f% j2 X& @# ]6 o2 j+ `
18
E% t, B& N3 {& I19
+ f# [) D) W; t2 t' U201 w! u N/ u {3 f4 t% Q+ A
21' |+ N% n# F- e
eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml
+ M- o2 \) k1 h `1
: P5 r8 @5 z0 Y7 I9 o, c. R也可以deployment 和service一起部署
8 H; j& d8 q/ M! `/ O/ a配置文件合并在一起 内容使用 — 分割即可
5 @, P0 W9 {, P, L2 {- t3 Q
- |3 B6 C l# h+ @, M查看验证5 ?- D( i d& L" Q. {, }& c3 @
/ h; B# f$ Z$ Y+ V L
eric@server3:/usr/local/kubernetes/cluster$ kubectl get pods- W* v" N; b0 L* h' S3 K) k
NAME READY STATUS RESTARTS AGE0 _: B8 I! m4 D0 a B# n' }1 Y. T
nginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s
+ t3 e5 p/ {+ o) i8 f* Q( z2 [nginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s+ z7 p; D/ v1 }. y6 x$ X7 m. i0 B8 ?
eric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment
6 a) J# a% ?7 d2 ?NAME READY UP-TO-DATE AVAILABLE AGE& u; [/ _& `2 D* b
nginx-app 2/2 2 2 4m27s
; B" Y8 k- V0 s- n* J4 X8 Oeric@server3:/usr/local/kubernetes/cluster$ kubectl get service) h4 g. Y' l# I; Q7 n
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
" p) D& K P% @3 w$ W8 n7 ekubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h4 G, Q* H; F; n# P. ?7 W
nginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s" N o- t8 s) d; o b1 ^$ M
eric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
) q7 |* r b! W( gName: nginx-http
' `1 c. a+ h9 ]: @& j$ u" sNamespace: default
0 D2 z. }1 v) h8 E/ {Labels: <none>, ?1 j. Y9 m, X" Q
Annotations: <none>
3 P5 U$ N7 h, B) T: H0 [Selector: name=nginx
( _6 q! t" e0 w8 z5 P, r: ~Type: LoadBalancer
% A# u/ ]; z+ e) |IP: 10.99.153.515 j( F( _: B9 }. |- c# X
Port: <unset> 80/TCP
7 `! r& s* g8 D+ G4 W- M- K& cTargetPort: 80/TCP, q3 t) x# R J( Z& H @
NodePort: <unset> 31467/TCP% v) D- U8 S9 g2 {+ C! g
Endpoints: 192.168.205.67:80,192.168.22.3:80& G( ^8 A% j) D4 M0 O/ u* S3 p; X
Session Affinity: None
( S$ X0 X! A# W. N% u$ U5 E; x6 bExternal Traffic Policy: Cluster _' n5 y( v' z+ A1 L
Events: <none>
, M" x) U( e+ D' S4 c, i5 v" y; P1
; J0 v, \0 e- T2 n/ S2
3 L' }3 O o* p- e L. |3
1 @" M& P' j0 o4
: [: G! J& u/ V2 Y, T1 J+ ?* R3 |" A55 b' B( c( p- r
6
& {# Y* \% M3 \, s+ D* T" F3 L7+ ?4 f9 o8 D% S* a' M' B- }5 e4 Q
8+ a$ t% P8 M& o2 O
99 G% ?) w5 S/ z, q/ W% i8 I3 u; n
10
+ U' P6 }4 d6 d6 y110 [) q6 `9 c: p0 K3 q$ I
12; u! {+ n3 Z" W o
13
0 n7 B7 a8 p) i( e& ^14
, @: ^: i$ \' i5 _* S" t% Q5 |158 f* n) b0 z" w' E6 r: G. L; P! g- r
16
7 d6 u: V* s) G$ a17: b% B2 B. l& S a0 u7 e/ @1 s
186 v% D) ]( A' ]$ o+ B; m) O1 t
19
3 t# z J4 f6 S208 x# D+ e$ Q: A/ h
21
8 _! Y' ^/ O4 l+ k22+ u6 d& j% K/ o) Z0 i
23
1 R& ?5 Z1 B6 r' |% { D) E' t243 D" ~( j+ K9 n2 `1 z% m( D
25
4 X4 v) a" s- U* D26: e0 ^; a6 F, T- \
访问192.168.90.31/32/33:31467 可以访问到nginx页面
% E' n# \: h) A. i0 \+ m |
|
发表于 2024-9-19 15:07:15