|
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备3 H' {$ X" P& S8 d
服务器规划. Y4 Q' s$ o; v: [0 _& m# l
服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04
% b4 W1 _7 g+ ~& h192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主) [2 `: \5 e r( i" `4 R+ e
192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备) }6 Y" P6 y* x3 m/ e
192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备
9 G0 @ Z( V2 v+ t2 I& w& \, y192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave
8 f/ Z) I r, {& x- H D192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave
& u4 e& p' d5 i( y$ n! D192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave9 O) t6 _$ L( ~3 H: O
, M, R2 o9 S- @- X( L1 P三台master节点通过 vip 192.168.90.100 代理访问
) d- `4 c V: g6 U6 @! h
$ i3 S3 f# b$ P8 h T: a; C环境准备
0 | A* L8 `& D |% G8 E3 l+ U3 v9 ]按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:
8 T& B) E& E! l0 B同步时间
2 H$ |/ z( N6 I" q% ?! F, P! f) r设置时区选择亚洲上海
0 R! t0 `6 t" g) Z2 S; W3 B5 `) r, P, j9 k0 f6 X
eric@server1:~$ sudo dpkg-reconfigure tzdata6 z" x7 Y2 ^5 ?! }0 M/ Z+ \
[sudo] password for eric:/ }- J- D6 {% I3 S' ~3 G
2 i, I6 e# e* Z, @" j$ }! ECurrent default time zone: 'Asia/Shanghai'
: u, c( ?4 M* VLocal time is now: Mon Aug 9 23:05:09 CST 2021.
- f, e" t2 ]3 ? L$ hUniversal Time is now: Mon Aug 9 15:05:09 UTC 2021.
$ u7 r! B- x1 F+ X1 O1
% u9 n4 C1 |) X6 h$ v% X2' A1 j' e& L# {5 J& y$ P/ A) P
3- f* a* J5 a7 W" `' ]$ f# _
4 U3 v2 z3 F, T1 e: P
54 C# a# |3 K/ @9 m* `
61 \+ z: p1 c0 \9 ?) W
eric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate8 {* o+ x# J6 t
Reading package lists... Done
4 |5 D+ j. t0 l5 f; V$ Q2 d3 s8 g......
4 i* q4 s. ^! @! }/ D6 ceric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器); P0 t$ ?' \" c U
9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec
5 ?( n, a+ @0 }1 `eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间9 V& n/ W* J7 c4 }9 C
eric@server1:~$ date --查看确认时间5 M/ a, ]; i0 T1 H; O
Mon Aug 9 23:06:49 CST 20214 |* P. g g4 n
1
1 A3 C7 A$ ~6 f/ I) e% H! D$ I% A7 v2/ F' d: a$ e& g. d7 f
3, p7 ^$ n" N. A4 [
43 V6 `. {* y) G7 C* ]
5
% h% _. X( x" W6 q1 g6
5 U) O C; x8 f8 ~. u8 J( ]4 z7
. L9 K e4 J' v$ j9 r& k# N8
6 J7 T& a6 C" l& \配置IPVS4 ?4 f0 x, i* C7 O8 G/ q* A
) x. x) x3 z; Y Heric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具
6 r# R8 m+ b- @) s- eReading package lists... Done! K- Z# \% T, F2 U, B" K, C
......( }8 {) ^+ @3 A. G, H& J
eric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块& N o$ O/ ~* c) I! E* o
eric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存; k; v, ?* _% a/ D: B
modprobe -- ip_vs2 Y2 y$ R/ q( h% _8 v
modprobe -- ip_vs_rr
/ S$ B' X7 m# t% D4 C$ G! O, H9 fmodprobe -- ip_vs_wrr+ Z5 x; {4 N. h5 z
modprobe -- ip_vs_sh
- l# ~& W3 ^- ~6 K r7 dmodprobe -- nf_conntrack_ipv4) a N* V; f( u; L: t& a
4 A0 [# x4 g3 n4 N1 ?
---切换root用户执行脚本否则报错
& K+ I0 Q D8 }6 X; M' t% e8 K, |root@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4: `* }1 J- m2 G; A+ d! c8 A/ z1 _
ip_vs_sh 16384 0
& U: \# t& x4 a& G" [ip_vs_wrr 16384 0& H1 D4 b5 w: v }' H
ip_vs_rr 16384 0
7 z! @) b) p* B4 H4 ?ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr- D B* E7 ]9 ^8 r, L- p1 y
nf_defrag_ipv6 20480 1 ip_vs' K9 }% X0 v/ Q" ~( c
nf_conntrack_ipv4 16384 48 X4 y- ^. D X) X2 R; v
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
+ p+ J( x0 t' K6 D$ tnf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs
5 ]8 H% k0 M2 mlibcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs4: [) `" c2 p9 o* M! Y, Z2 l. E/ Q; {
' G/ R* m: J. u( E& I
: l0 U: ^: o8 [- d8 ~; O14 v" U% F2 J; _4 v
2
! [# q" O/ M/ i4 N* Q) ^3
2 n5 B4 p5 L* x, ?. `46 S! h6 ~ A! R. N2 O: h- E2 V) \0 G1 _
5
, F! s+ B- ^5 j$ H/ g* I6
! k# m o# `2 k78 I' o, g' a; B
8- }5 n3 ?4 W+ P8 p$ A& H
9
, J: [9 @& s' A10
' @6 d9 W+ r, D9 a$ `11
% |9 E4 b7 f+ H12
2 l9 f8 U" u1 o2 r13# d3 f8 J9 R# L- G
14
z8 v2 b/ |8 G7 Y, @9 M3 S15, `: T6 ~* V% W2 T
16; d8 S& d' Y' ?; }0 J# |
17
1 \" K( z7 H" S; B |4 S18
. g% V5 Z4 n0 v% l A# c) q* i/ I19
% g- E3 {( T/ P/ `& ]20% W$ g9 z) j, n2 }5 s( ~# P
21
$ x5 y- n9 \/ ]7 d22
7 ?/ d! C9 g" m! T6 e7 E1 c* S23
^. w9 h, V/ X3 u/ ~& N: G7 N4 n8 w配置内核参数$ V! U m3 F$ t" w" O
- ~" y; }4 K/ Xroot@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数
( _- w4 ]8 q4 b4 r2 _) L6 _) U enet.bridge.bridge-nf-call-ip6tables = 1: |: e! I6 T5 z; o0 c
net.bridge.bridge-nf-call-iptables = 1
K* R3 N% N8 H1 w' jnet.ipv4.ip_nonlocal_bind = 1
' Z: X' q6 g; g* q% I- Mnet.ipv4.ip_forward = 1# u2 H* L& r6 U+ O" Y0 ^
vm.swappiness=0, q, C8 f$ A4 i4 h
root@server1:/home/eric# sysctl --system ---应用参数7 P' a& x0 j1 A/ a8 H
* Applying /etc/sysctl.d/10-console-messages.conf ..., ~( P! r3 y2 P) j* e
kernel.printk = 4 4 1 7
8 l: m/ Q* s) P* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...) s! i% R9 L( k- j7 b+ i
net.ipv6.conf.all.use_tempaddr = 2
/ ]; x2 E- @6 |; F8 |5 Gnet.ipv6.conf.default.use_tempaddr = 26 V" q+ _/ E' f
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
2 B$ ?# J5 c1 K0 B2 L! K......
( s. B; ^9 |4 w. n. e# ?/ f* Applying /etc/sysctl.d/k8s.conf ... --生效7 Y# B! O z/ ? y3 q* Z
net.bridge.bridge-nf-call-ip6tables = 1
( y- \$ P7 F( z: nnet.bridge.bridge-nf-call-iptables = 1
2 g7 O4 h" m" h2 Z Pnet.ipv4.ip_nonlocal_bind = 1
: u1 A! x- V! }4 u. f! V4 W2 o' Dnet.ipv4.ip_forward = 1& B6 X, b, I: a! x; B
vm.swappiness = 0
5 ^$ f$ m# }9 M9 R2 I
( P# x; `; p/ D0 a% b' G1
, T$ d) z' s, F2
( a9 o, X+ n3 `0 I3
# l& R: t! F1 ]/ i+ H) i- R4
9 D2 H8 G# C9 e/ P( Z* W1 M5
: k5 H! f; `# K7 P6
3 o1 n# q2 T1 { |! C7
9 f4 I& [- Z' L! \: D% f3 J2 j81 R" N5 @5 Q: L( y
9
$ M8 M8 X8 U- ~$ |, j5 N+ ]0 z% s& F10+ t! |( ~" ^3 y" g0 i
11
% r( ~6 `3 M' C! {! f, u9 ]% O- ?12+ s' l+ t% s- E$ ]
13
/ }4 K! N" [$ |14
2 q: |& F1 [5 b U8 q7 F15( b$ U2 \/ u+ E- ~ N0 S) T- s
16% V1 |' [) {: w8 X
17 \6 z! y/ G t3 w
18
/ L" L! u# {1 Y- x' Z% h* b19
6 w; \2 z) d! q! _( D20- |, g8 Z. `4 J: z1 V
修改 cloud.cfg
8 D- L# \8 u: M" ^' L0 j/ s }1 y* o
vi /etc/cloud/cloud.cfg
, u, j/ O( ~. I* }* ~7 g# 该配置默认为 false,修改为 true 即可1 o( g1 }( [, g8 O0 Q+ ]+ ^
preserve_hostname: true
$ i% a9 s% m$ Y1
) s& w! {' v6 S% l2- A' M/ [2 Q8 }" ?$ q
3' L% u/ c: m$ m+ s, w+ N
克隆虚拟机并分别配置ip和主机名
- e: {$ X/ c- z+ J* W3 B$ A$ G% N4 |! |/ i$ l, L3 k
hostnamectl set-hostname server1 --配置主机名命令
! p$ f. ~9 h/ I9 U! N6 s17 f: X( `0 d6 c1 s' d
ip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效- ~: G: w3 E; U! z9 u% w' _
$ D4 g. y* H# _$ ]( `
eric@server1:~$ cat /etc/netplan/00-installer-config.yaml+ t/ R" c2 g4 z$ J( A2 J5 S0 F
# This is the network config written by 'subiquity'& d H) d; J6 Y
network:
7 B4 i+ p0 d/ r, f. k' v) ~; J. S ethernets:8 F1 x4 S) i" H* M3 _
ens33:
6 n/ J& M8 k7 d* \ dhcp4: false: s7 K' N# u8 y0 c
addresses: [192.168.90.32/24]4 l" Q: ]" z0 L6 }% H
gateway4: 192.168.90.1" m) ?9 ]; m2 z4 G% L
nameservers:
0 O7 S+ b3 r c addresses: [8.8.8.8]
! f& e6 w6 E7 ~5 E& A version: 2; ~8 [+ y1 j# b0 g; b
1# g$ @& ]- g9 w; f {# ^& P8 G, P
23 A. h5 j+ P3 k( U* }9 g
3* f4 p' x/ m* o4 y2 ]; X& V
4+ |* J0 i, m& }; U
5: ?$ Q( {* W N5 u% Y/ O* Z
69 E' \2 ]5 F* I9 U0 Z/ T
7; c7 y2 \' t* ?) `5 ~
8
9 d, f7 N% c" `2 k: [8 ~% z/ L94 h! W: B9 N0 O$ A3 `' B q
10
5 ~% ^: I# y3 p) [11* S" K) g, a- x6 t) G7 P
高可用原理
* G! @9 f a' c, D) N! ~% O% lKubernetes Master 节点运行组件如下:
/ a. J% @2 F+ s" s2 l& U: c8 }kube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制
$ D1 _( u) S9 G2 \3 ~2 Xkube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上
9 H: `. `; l& N; K! L: Gkube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等7 @5 _- V, \( S3 k! a& {( N9 g
etcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)
5 |/ K0 k- P' W6 x7 U+ y" K. k
3 j3 K- \" _; K; }; Nkube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。
8 F1 N" p2 U/ q0 vkube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件$ r/ W" [7 f& s7 B* a+ ~! N) J# [" p
配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:
: M) f4 ^6 P7 i1 l1 i. ]Keepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)
1 f5 X& q0 |& w& V/ [( X0 }HAProxy 监听 Keepalived VIP" n7 M- v( z9 A) G
运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点% _9 {9 {$ t% ?; n& O4 h: h+ c
Keepalived 是一主多备运行模式,故至少需要两个 LB 节点
% A# E/ c2 t2 c& Y6 X cKeepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用3 b; j) e1 L7 S: C* a7 v- R4 S$ p: m
所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver). M c$ i/ O& O4 w2 M, h
5 w( h& n+ A% U$ ]( V8 O1 G
9 Q+ l5 w; X1 ?$ f* B4 G; ^8 j( W
! G* G# W% |5 k/ @% P" R安装HAProxy和Keepalived
' i7 P2 x$ @+ u- r f. r3 _/ {HAproxy启动脚本4 _, O5 j( V. R( k) B
master1节点创建HAproxy启动脚本,并设置执行权限
2 j% O$ C* v' E4 C$ `0 p: \6 J& m7 \
sudo mkdir -p /usr/local/kubernetes/lb) B0 {, D/ l) V
sudo vi /usr/local/kubernetes/lb/start-haproxy.sh
: `, Z+ b2 ~1 z+ z1 g% H4 |
2 y9 k; Q$ f4 o) F# 输入内容如下
& _3 o `0 `9 g- K7 s! |#!/bin/bash
7 h- L. o. b7 n E2 j# 修改为你自己的 Master 地址
1 f1 ?, p2 o" Z) |# n7 D4 ?MasterIP1=192.168.90.31
! @( u/ v) k( Y* G( n& {- e/ U, yMasterIP2=192.168.90.32: r; v7 E- E* Y K0 r2 [2 W
MasterIP3=192.168.90.335 i$ v1 D T, _4 p$ p
# 这是 kube-apiserver 默认端口,不用修改4 `6 A" y$ _! M6 z# _
MasterPort=6443' v! ^; |1 j5 k3 p, A! \# q
0 O a4 x- ?- X% H/ N9 w* W
# 容器将 HAProxy 的 6444 端口暴露出去% R# j" v1 Z5 q% k9 g* H
docker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \' R! R- q$ g5 v$ J- c, L( W
-e MasterIP1=$MasterIP1 \4 x$ ~& S4 X8 ?7 |+ K
-e MasterIP2=$MasterIP2 \, b0 j Y. R2 R* |7 N$ m" U* K
-e MasterIP3=$MasterIP3 \
% \: i& |; X; D5 b( j -e MasterPort=$MasterPort \
" E# z9 p. M& N$ ^ wise2c/haproxy-k8s
. I, C8 C8 v$ s, q/ E" U$ G, C2 o) j
* P) r2 F. s: I; n5 k# 设置权限4 l' w5 R6 p0 L; A6 v7 U4 A9 E+ C
sudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh; ~6 m( a# X) u
, {4 p/ ]0 I5 j) P$ l% @1' y B% {. E; J& Q) _0 Z0 @
2
" R( b# B2 m7 ~" u39 d0 W$ d- Y; a/ C+ Z3 p
4. q, s4 H) T2 }$ C. }$ Z. W' N
53 N( ]' i# O4 ^' c0 u5 M
6
$ N9 L9 w; Q) Z7 }7+ `& v% N5 Y5 k# S1 }
8
$ o$ ?) |+ }; B! m3 j& e9 B5 }96 {+ u: p% \! e& T
10
! _4 b/ k2 c# `. R11
: G- O+ G9 Q4 Y1 ?) U0 c12- m R0 y+ s+ {6 _
13/ d) Z) q. \: ]0 v$ Z: O0 e
14. L+ O) h: Q8 f' B
152 K% X: f4 b$ t1 `+ F
16; C: e1 }4 i0 W& p4 F2 v
17
2 w! W2 Q# o* m9 D7 b0 l3 |18
: H6 R. g( h2 R3 |, X4 o190 M; l, w6 F( D! m
20. G5 l8 A2 i2 [
21: t) i+ a& J& `8 o2 _# S: C
22
r$ _: c( ]( G' d/ f- t( PKeepalived启动脚本
1 K2 [ y4 P% ?5 `0 ~, Zmaster01节点增加 keepalived启动脚本,并添加执行权限如下:
0 @3 Q/ B+ R6 v. h: f# _
2 A- Q/ o2 C ssudo mkdir -p /usr/local/kubernetes/lb
' S E: T" M' }( E! \sudo vi /usr/local/kubernetes/lb/start-keepalived.sh# L! Z% a# x2 w" T; {! r) T3 A
# 输入内容如下
1 c% z+ ?) a1 y0 `" j u#!/bin/bash
5 U, [' i% k3 o/ M: D& e$ N. T& ]3 o# 修改为你自己的虚拟 IP 地址
6 @7 {' E# ?- ^4 c; W: IVIRTUAL_IP=192.168.90.1007 {8 @, Z I. d
# 虚拟网卡设备名
8 X6 M w g7 T) r% I' aINTERFACE=ens33
0 R9 s# v$ r! ]# 虚拟网卡的子网掩码 I0 k* H+ H$ @
NETMASK_BIT=242 i2 ^. s; D% p9 z/ a* P- h3 B
# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口
( f" s: L' N4 wCHECK_PORT=6444
$ |, Y% M) C0 t, \" R# 路由标识符5 R8 ~. X5 ]( Y" r
RID=100 X2 K) X- q7 |( L# U) \1 s
# 虚拟路由标识符
4 c* `' A: p" F4 F% X1 t4 ]VRID=160
1 ?8 ?8 u7 J. _# IPV4 多播地址,默认 224.0.0.18
2 j$ J9 y# Q0 P' ~) ~3 L4 R: t2 u9 MMCAST_GROUP=224.0.0.18, `. ?# E# {* K
docker run -itd --restart=always --name=Keepalived-K8S \
: _: d; W6 j( ?7 Z# Q4 F1 F( a --net=host --cap-add=NET_ADMIN \3 Y+ m) ^5 h5 n( h. ]. J' K
-e VIRTUAL_IP=$VIRTUAL_IP \
$ o7 _! F$ E, D -e INTERFACE=$INTERFACE \
: h/ ~) y, ^! ~5 h5 {' c+ V2 J5 B -e CHECK_PORT=$CHECK_PORT \: `* g, q* h% `% W; T1 m' _
-e RID=$RID \
2 S/ B* C2 }3 I- ?0 O -e VRID=$VRID \5 }9 f1 g$ o T( x: R
-e NETMASK_BIT=$NETMASK_BIT \
/ ]8 z% H; r6 G. z/ r% T x4 v -e MCAST_GROUP=$MCAST_GROUP \
! J) N1 _4 `( @; j* s; G4 x6 \ wise2c/keepalived-k8s: W0 A9 {- R8 ~1 G2 u7 e
# 设置权限. i* Y: R1 Z' w: y \: |- i& A
sudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh5 k7 n7 ?% |( ?1 U M+ e
) u" m, M3 u! j' B1
* R6 T* p. I% ~2- @. R) H. b; l% p2 E
3
1 K- V9 @2 {) K5 v9 y43 {# u7 W( a/ }7 F" Q6 D
5
; N, C0 s0 T; a6 e62 W9 G5 B( ^- U( ^' ^
7
5 r! c' V9 w8 G# H! S8
0 g4 A. I- Z# a0 a9
7 F, b3 c& f0 O- m' Y* w; ^9 m10
4 K: y7 H* r- I7 O0 ~0 f11& x M' f, W1 @; f2 n2 @
12
6 r* l1 K! a# k, n13
( P& O; }9 J, u0 q' O8 @0 X1 I149 b! M# K4 O( d7 E% r$ J
15. f8 Q: z: s7 ?% }" t
16
8 b: l) S; H# a3 Q1 T17$ O0 _, L' s( p
18
$ w% `3 E5 B2 D5 |; G19$ h; h2 E% l% u/ o
20
# K2 b( }: p, C$ z/ K. j+ r5 t* q21: X* n9 l, R3 O7 y: e
22
1 o1 J% n* s/ @: }. C( o23
# f$ @$ ~$ Q) F1 Z24
8 K# `7 A Q0 q" ~% y) L25
8 d/ z; u/ A1 H9 j0 K1 q% p264 d! z6 r; n) }( }. b
270 ]; {! v. [0 F% D3 Q
28
$ a# m/ ^8 S* j. D! M6 j7 b+ d29
1 L. O5 x2 D7 w6 [) f- ^8 }4 L30, S0 c9 y5 @7 u# m3 P( r% h) }! {
复制脚本到其他两台master9 E6 _" Y& j: N! M v$ n
32 和 33 创建 目录 ,并复制脚本文件命令如下
* F+ N! E4 B- E9 L, D+ A7 _( }2 E- ?. y1 ~8 a9 M K+ j
sudo mkdir -p /usr/local/kubernetes/lb6 ^& l; H1 d. g8 V2 Q2 r* |
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录
s7 _9 S! P+ N, N& ?" U5 @root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric+ a9 ~# {" ^& w4 q2 D1 `
eric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb
* V4 J! {% B/ y; Q2 M4 F1
7 j! H# A( T3 c( U Y! X+ I3 U2
' Y" e2 w' W: k& A3
: ^& p9 |# u/ h+ c3 r! W: L1 e4' [. N l9 C4 J
启动容器; Z' A6 m6 s) G
三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像! Q O, H( K+ M+ i/ m
) T4 y1 X! y' V& I3 k# z* ^, [* ?sudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh
+ r/ X9 C* d5 y1
4 _% r- f/ J9 J! A+ J检验容器" m3 }/ l* }: z7 k( G4 ]
三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:
" |- v) B0 E- Z/ t9 t
6 {1 I1 A4 w! y3 x+ M, ^root@server1:/home/eric# docker ps
9 ]; ~; K$ \/ y5 j' A) W$ \3 `. NCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES5 V3 S M {5 X# q7 B, f9 o9 E
2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S
2 @+ H( s6 }( g: q. A0 @- x* C97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S
1 c8 V5 O$ m1 P4 O. Q" @7 j1
! i0 K8 S1 ~0 ^+ e2 q# e2
+ N1 x; Z* Z2 a3
/ J$ w) f: f. w! ^3 v8 v6 P4
# W# z( C9 z8 j5 \- p- N虚拟IP验证1 n! Q. b. K9 v- `0 j1 @
31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:7 p2 i. R3 }/ O
. }$ g) [/ ~7 y' ~4 V9 K5 A
eric@server3:~$ ip a | grep ens33
) Y. J# `( s! M' z& X3 b# j2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000" T9 H( b9 d1 y! B
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens33* U8 `7 I& S( |0 {& b+ T# V: W# t
inet 192.168.90.100/24 scope global secondary ens33
* w/ I. p* @+ M6 i) r5 u# Y1 w" W1" `0 t5 A7 D4 O
2
! t0 V; `( G. H( X3: P- p8 `% F9 p( t; }' V
4
+ y# U% a- U6 k1 {部署K8S集群
& N) K" U8 i5 l2 O3 O创建工作目录并导出配置文件
& K/ `5 U8 ~, D! I r& |& c8 A# |8 |$ l# x! ~! h
# 创建工作目录. A) Z$ S3 {' l: u8 H3 P
sudo mkdir -p /usr/local/kubernetes/cluster
' K$ E5 P. w, b, f; O# 导出配置文件到工作目录
( w6 f; i' O& o& Q. vsu root
6 h1 i9 m6 b8 ?$ N& s$ m kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml; ^. Y* @* O6 z( Z
1
3 Z+ f: r9 l$ } X2/ O7 c7 O# U; [. y N0 ]( d
36 Q2 G! _* ]: x) ?/ d \; T! Q6 H
4
7 ~ C0 }! h) ~6 X58 ~) N" r4 m9 h: O& @
修改配置文件 T" Z" f5 W1 E, ~7 k, p
33节点修改kubeadm.yml 内容如下+ Y& I( Y1 r+ `* g( c/ q) u
' E: a b8 @6 P( e% F8 Qroot@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml# {. }/ d2 Z/ h8 U: U
apiVersion: kubeadm.k8s.io/v1beta1
( a- f0 C% J7 H6 F6 n) m% k; Q, p8 q1 SbootstrapTokens:0 _. }0 n5 { e# d2 H+ T
- groups:! a# k" n# m' s, C- }2 p; I
- system:bootstrappers:kubeadm:default-node-token/ V0 Y0 e$ @% ^: x! ^! F9 I7 U
token: abcdef.0123456789abcdef
+ z* T- a) p7 J; |; z, M ttl: 24h0m0s. p' ]6 o0 i! _: D& E$ u
usages:
6 j: n7 M7 Z1 P+ r& K; y/ y - signing4 y! n# t% E2 Q3 U2 S6 o) `
- authentication$ H/ g# e7 h3 a6 _
kind: InitConfiguration
2 y$ _8 o( `& h2 D5 E3 qlocalAPIEndpoint:
0 a+ @3 _4 w7 l, B advertiseAddress: 192.168.90.33 #节点ip+ a! ?4 o- K l! p
bindPort: 6443" s' B. ~0 M1 a( `% y
nodeRegistration:
+ }: A8 S6 M- \! a criSocket: /var/run/dockershim.sock' Z. H, X0 j; w Q# q6 n
name: server1+ R1 N! n, `% B3 o
taints:# E; `' u$ O o9 @/ v
- effect: NoSchedule
' C- T. ]" ~4 q8 V key: node-role.kubernetes.io/master& q1 y! b& d& V# n
---4 O# {' J7 s: E3 v( J
apiServer:
' w+ l: `3 T2 Q" |, X timeoutForControlPlane: 4m0s2 F& J! \+ V$ W% _2 d% s T3 X# M
apiVersion: kubeadm.k8s.io/v1beta1( K6 a5 v' Z3 G8 e9 m! ?4 g
certificatesDir: /etc/kubernetes/pki* h; Z4 u% o% |+ c0 w7 @& z; N
clusterName: kubernetes
. L# w1 C7 X. icontrolPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口
/ W, c [& {7 K2 UcontrollerManager: {}, p6 \. E( C' R
dns:
! v6 y. y* d2 p$ ?- C- B! c6 E type: CoreDNS' t- M! O# K. d7 r. ^+ M4 l/ H
etcd:
5 P! o8 O+ K6 w- R( K9 a6 I local: h! i# X1 N5 ^5 N% ]
dataDir: /var/lib/etcd
0 _& E" L- k1 J% I, g1 E' wimageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库, {+ q3 _! x5 S* t3 Y
kind: ClusterConfiguration" s* [/ A* c. i C3 V9 A
kubernetesVersion: v1.14.10 # 版本号( u x# P) U; h9 K8 e
networking:
- Q0 g( W9 x. z @5 P dnsDomain: cluster.local
4 H( u/ F; l8 k5 c9 R podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16 7 H/ _, U3 |( h2 J4 o1 a
serviceSubnet: 10.96.0.0/12
6 P$ [. N: ~, i1 g/ Y# Ischeduler: {}* c3 Y3 q7 @. q: x! v
---4 N; a4 G2 n6 A; `
# 开启 IPVS 模式
9 v' l* k- s- u* s- N; O) l/ U/ WapiVersion: kubeproxy.config.k8s.io/v1alpha1# R, T8 v" p0 B6 Y `: a( m
kind: KubeProxyConfiguration
7 ~( q j' u$ \) k7 z j- N* X+ NfeatureGates:" ]% D6 ^1 J, L3 |
SupportIPVSProxyMode: true f, L- t! f2 t. ^( b' a$ S) M
mode: ipvs
! j& U7 }3 q; C( ?7 m5 l5 p5 ]) \' v
1" d9 T" B/ O" j* i
2# T& O6 o* \$ q/ s
3
5 j# m1 H" M; j" z4( D% ~; ^0 u% u( S) ~) n. s+ I+ r5 [
5
7 N. ?2 y8 J; A0 w: Z. W! y2 ~6' d* q2 c# S) u1 o- N' g
7
7 P7 Z5 ^0 I9 D8/ U' ]: B, ^9 D! K8 H: d
9& H/ ~9 I- I. E3 _
10
9 C4 ^* t" Q- p4 J11- O% H3 H" G) V
12! x6 E# E+ G$ ]" Q
13( f, L- a% _) Y; W
14: C0 Y8 K# [/ q1 O( a& p+ W
156 J7 v \" C: K# {9 _ P
16! C* H: q' m! z U5 s3 n
17
$ _2 }2 R0 h$ [8 J18
: ?3 }6 r$ }% Q n+ {0 D# C19
) ~. G; ^% D8 a! U* \8 M) }4 R# e203 h; A, F/ |( P. X" X
218 l" M( V8 y: ^" U$ l$ |0 U
22
+ Z1 Q8 d1 D" v- s& c1 E23
1 r1 L3 p4 `. u; H24
. Y: I6 K( p3 m/ b& X6 B- Y( V250 h4 F& d$ U/ v* m% i+ ^7 D9 V7 W
26
8 m: G3 _/ ?6 x( T0 p$ \) z27
" }: D4 a; g0 V$ k7 b" x) T28. h3 p: C5 I z+ w
29! j0 E( ?3 X; ^. f# ~& \: L
30
2 W7 ^6 {8 s/ q5 S" \' `31
) f: N p- W( X' p, @32# f+ A k! [* M2 f2 U
33
) M/ r8 @! U3 `, _- L' d, z34
H% C; ?6 w6 k$ k; C6 q35! c1 h" B7 g4 b+ ~# @- f5 m
36- r( l2 g1 M5 E* ^4 _" D4 G# |
37
0 \) T) b9 X' p; {& i! v385 e4 Q& H$ A0 w |+ t S( V
39& e6 D! G8 p# S: o
40$ {1 }; }( J& g9 F3 l+ i9 G
41
1 f5 s$ t5 B- l' y42% r2 N F2 z5 l" @& z
43
8 g7 F5 f3 ~/ R; d6 t44
$ r* u' K" P' y2 L& Q( z) G2 ?' z; r45
4 ]4 u. ^* x/ m5 ~1 l46
' Q/ {& m' G" }3 I- _5 M47
9 s5 j& m/ A- w, S: i2 f& g" z. n$ `483 y: ?/ c0 {* I7 j
kubeadm 初始化master
/ z' G1 s( H% c* S4 a# K4 Q$ V" N" A6 ]8 [, C
kubeadm 初始化/ d: ^, A! u3 F+ ]
+ | `3 {0 D! k0 x( H/ Q$ _* f
root@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log
% [' S7 `" y! |5 z: W" d n......4 \. g) C! P) H2 z; L4 [6 {5 X
Your Kubernetes control-plane has initialized successfully!
8 S5 _7 }1 F$ T: @, `3 d: H; N$ K0 N8 J
To start using your cluster, you need to run the following as a regular user:1 P* i! ]- Z* i3 a2 l g
8 x6 F3 g* }$ A9 j( B2 Q! @ mkdir -p $HOME/.kube Y" _- }# e U: B9 P6 }1 ~9 I
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config* E. n+ C8 ?+ ~" _$ b# w
sudo chown $(id -u):$(id -g) $HOME/.kube/config
% C9 R) i& L) B0 e- U' h
7 @8 g" |! ~/ V: z& [5 J# F+ @$ PYou should now deploy a pod network to the cluster.3 U$ ^! Z+ ^" H5 h! v5 c% I, y: m
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:+ w# n5 X7 ~& q
https://kubernetes.io/docs/conce ... inistration/addons/
. l& M7 j5 Z% w# O+ }( o- r9 @2 x( u4 n: S: ?& x
You can now join any number of the control-plane node running the following command on each as root:
$ ^! h' ^" o3 {# `. N2 o% H
0 b; t5 z8 G s ~ kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
6 P5 {0 c( G& t! J: q u8 a, H, e/ j --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \/ T4 P- l& g$ c, c
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
1 g8 B+ @$ B9 v; t$ A6 Q
; e4 s- H% R0 @! PPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!. _! B8 U% h" i
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use$ ?8 Z9 l4 p- r' p
"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward. I2 c4 \9 r! d
S* q9 ]" k! k! A4 x% x5 f
Then you can join any number of worker nodes by running the following on each as root:/ @: Y4 S* f& g+ b
0 u5 p# g: ]0 B$ r, e
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
$ g# C: p' A7 ?* f7 }/ \ --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e7 h8 I, \+ r% q) M7 W; c8 G8 ^' A
( ^0 l: g" [! x" c# o& t" i) O1
& P' R' P# F& u2 e* V2! L& y/ v. k4 ~: D
3
# c0 W5 c% l& C4 x7 T5 o4/ y( g( |4 v [: c
5
+ _. m. O4 m' M; D6
, M4 L$ {1 V; N5 o, B% [7/ \% G9 s' e) |2 Y2 V# N5 C" v
85 u( j: o) x* V- ^5 }! I
9/ o ^! I( J0 f
10& Q( F! O+ ~; Q% ]
11: u( R# z; Z+ J
12; N5 w+ Y3 B/ v( p# s
13
! G* O% b4 t% s/ m) G9 i R) J% p14
: y; p' W9 V8 l2 K154 q* `" ` H7 S5 I# X1 s
16
! m: C. H/ X$ _ X0 S17* h5 D2 L/ P9 \/ f/ J
18
7 K6 H( ~2 ]9 {19
# U) ]7 [$ e* H202 O/ |/ D: ~. Q8 `9 B8 i
218 ?# j9 g: V4 ^
22& _: o0 V; s5 W5 p# E$ K1 H
23. K! Y8 ?5 x4 h- |) T! `
24; U' Y% J( }0 ]& E9 J
25
" Q& \& w. `' n+ t) Q26
/ M7 {" \# H9 X8 {# E5 H( j27
# [6 w! ]! i9 V' E# D28
! `0 e, E9 x i# q0 B% z: Y根据日志输出,切换到普通用户eric执行以下命令
4 o$ ^# S, I/ w/ ]' r# C9 S( Z( B% ]: v0 W: W
root@server3:/usr/local/kubernetes/cluster# su eric( Q( }! W0 y! B/ s1 ]/ N- j
eric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube
$ F5 g0 s0 J5 h3 F" Geric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config2 }- J0 W9 g' t& @# g' z
eric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
) L( j, z1 s3 a1( O3 E& U, _+ j# e* v9 _2 K
2
; ~: _- R9 w) X5 X6 K, @3
4 X3 Y4 Z1 t/ G4 G) A" d40 ~+ u: @8 F' B x& ]
验证是否成功3 x7 w+ _* g. L. o" e: x, a
eric@server3:/usr/local/kubernetes/cluster$ kubectl get node1 J3 C4 C, s& @& H
NAME STATUS ROLES AGE VERSION
2 A5 H: O2 A1 h! ^; _8 Eserver3 NotReady master 4m11s v1.14.108 _ Z9 y: J; l2 u" k; [
1
( G% f% J' T; i/ B: f! n0 q+ l- w/ e2
" ^+ V3 ?& b4 p3
" g$ n. E8 V0 e/ V1 F9 D安装网络插件
: ^/ t u- \' h$ w( W/ M3 P+ @6 F* V( Q8 ~- {0 v
eric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml
1 I. M0 H( ?9 s7 P+ T. Iconfigmap/calico-config created
7 ?, Y U2 f4 m) U# h4 y......7 G! G Q5 t4 N
serviceaccount/calico-node created% E( p& \9 D g6 i9 ] S+ T4 K7 M
deployment.extensions/calico-kube-controllers created# Q. ~5 m8 w- {3 C/ U5 p" P4 }
serviceaccount/calico-kube-controllers created
* {# n; k# y! }% L9 C" m( H0 } v1
' m4 V0 k+ ^: ?4 T4 G- t7 l6 z2
1 e. l- A P3 m& [38 F- L$ W' ]7 E" a' y: x( Y
4
. j6 Z* x/ f/ @* M5: i/ C* B2 Y g2 l% u
6
# i3 V! ^) g1 D) _8 d/ o* I3 C, W# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态
9 K) q- |- F) @- p! \) }5 Fwatch kubectl get pods --all-namespaces% U5 a2 g6 Y/ M$ D% D
kube-system kube-scheduler-server3 1/1 Running 0 34m
8 |, U7 j% v2 e8 C# fEvery 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 2021
0 y' U) o0 l! mNAMESPACE NAME READY STATUS RESTARTS AGE* W6 ^: g" A( |" y
kube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m* ]% K9 B1 P) l1 ]& {" B
kube-system calico-node-sb2kb 1/1 Running 0 64m! N( X6 w% [* O; O' C! k' @" A
kube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m; {2 o; P1 o! c+ g
kube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m
2 c/ J* H4 ~) M7 p: y8 Q: i6 s( Rkube-system etcd-server3 1/1 Running 0 65m+ H7 A- E$ J/ Y, {" F/ \$ M1 P3 A7 N
kube-system kube-apiserver-server3 1/1 Running 0 65m
1 ]' W% \6 i1 }kube-system kube-controller-manager-server3 1/1 Running 0 65m1 \7 i2 o) h2 B
kube-system kube-proxy-q42pg 1/1 Running 0 66m }' B' a, a O1 A# ?( }/ K" R1 O( h
kube-system kube-scheduler-server3 1/1 Running 0 65m
# S- g3 e3 e/ C8 A# I N& w+ N1
- Y, O* U9 o% Y+ y2
7 d: B5 B& L9 K, |* I; @% A3. a+ o Y8 I6 s+ O* L: J* U" B# O9 C
4
2 `1 v( D. k+ q c5 q; U8 c, `5
& @* E% G9 B' J. [& W6: p$ |7 G0 K: W5 Y/ b* Y
73 M$ o3 Z: s1 B5 W7 _
8; ~7 A9 C7 ]% r( E) d
9
- n/ Y9 m/ v- c$ r10' D. v0 d! ]8 A. ~
11. v* F* _. H4 o t; N
124 Z: |. [, T% F2 X7 H0 R( F4 L
13
( a- G. L w3 y1 [1 A14
. \' x. U& B# U+ q" s' ^加入mater节点# M5 I3 y. h2 i2 W4 n
31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。# g( g8 a9 f# x& U, `+ Q0 T- Y) q
注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数3 M; v0 t3 k, R, ]
1 z+ A2 l* W5 y" z- C, N kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
4 c8 D& ?/ b$ |9 V; S* j! x6 v# ` --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \5 z5 P0 q( \; e" Y4 t! |$ u
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf/ c, V$ j+ g5 N6 G: f
n: b$ h" @. \3 a0 b% T! k
.....
3 W$ K% g- g) m4 P& P+ j7 u[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"8 b. m2 F8 J! B0 W5 B& ^& e
[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]" P7 n& z5 G6 M7 ~, w- f- i3 @2 S
1 @. @; v9 d2 k/ HThis node has joined the cluster and a new control plane instance was created:6 Q8 R" T! d# |" b! m4 D
; ^8 F4 y* j) v+ q: u3 }: p* Certificate signing request was sent to apiserver and approval was received.$ _4 J% ^6 o6 ?0 E1 P
* The Kubelet was informed of the new secure connection details.
5 z+ E0 j3 a; O+ W5 a: P* Control plane (master) label and taint were applied to the new node.
# p& n) ~/ J! X3 z* The Kubernetes control plane instances scaled up.
W \# i% S* R5 R- J* A new etcd member was added to the local/stacked etcd cluster.' M. Y) I1 h& g X# @- Z
. \) e8 v/ ~9 Y1 X5 B0 R
To start administering your cluster from this node, you need to run the following as a regular user:
V3 c" ^7 h$ K- ] S) W6 B# g4 l, d7 ^( R( Y* p G& w
mkdir -p $HOME/.kube
9 Y8 @; v+ }$ h2 e sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
' i: Y- L1 I7 R5 S7 ` sudo chown $(id -u):$(id -g) $HOME/.kube/config
. `8 u2 [ l* q2 w- }9 N2 j( K/ l7 @( b! V
Run 'kubectl get nodes' to see this node join the cluster.
, r% Q U8 {& ?0 V7 D4 D* i5 f2 v: |, y+ b" \: o# c1 _% g. g! t
1
7 O f4 s9 ~- m2 D( B: J& z2 f
3( J/ Y+ K6 R2 K5 M
4' j" b" K* V' P3 ~3 n
5
8 g K8 g# t& c& |* ]& B' R. B+ {4 A6
* B. A0 l6 o* R+ ^# m F78 ?; c b- A9 W- @. `
8
. _2 w4 ^3 T4 f; E* {. _9( i0 @% _: c+ c! Y+ H
10
# S2 }' T, `- w4 [5 w( C( Y" w9 O% e11' [' X% t4 S! r. \4 T) k$ k
12
; d7 j3 F1 ~9 f+ Z% U) M2 E' F13( s, Q3 B/ \# L- F N$ A
14
; W1 _0 x& ~' Y8 b% h15
( z+ h0 D: _5 S7 e4 v/ @6 Z16
, Y5 F& j" C% D: A8 e17& v A- M- y3 Q$ {& r' T* |
18
+ t8 h* n3 U3 D9 R2 O1 U19
8 e |. D/ r3 ^. o/ @9 d20& y6 ?0 I% z: B) ^+ _: q3 \
21
2 K' e2 c% j- z. _/ i: G220 n0 z+ {5 x: I4 J/ `
23
1 [% ]% r& ]5 C& B- [8 U按照上述日志,执行配置命令:5 g3 ~! ]$ t2 W6 ^0 ]$ a5 \& ~8 \
* a4 k Y; }! B
root@server1:/home/eric# su eric ?1 K7 I" B2 ^1 A( h
eric@server1:~$ mkdir -p $HOME/.kube
& L9 C$ q9 c( [1 V; L; Feric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
4 K5 ]8 z# n* L[sudo] password for eric:. l" L/ g1 [: P- e4 K6 a, Z
eric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config" S, t3 y! t" \4 A7 U
17 G" x* O2 Y( E/ P+ b
25 @+ f1 ]( U& l8 H8 M% T# ]0 ?
33 b! t3 v) p; b' p* @
43 f j" L! Q! q* F
55 G9 c4 h$ z, w3 F: Z- c7 f+ A1 r9 m
加入node节点
& ^% C8 F% v, l# y三个从节点分别执行以下命令,加入集群
2 e) v) U# K3 ^9 n+ o5 n$ k初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。
# L2 i$ X' w5 U& l( g4 E' O$ `# _0 K6 X x1 U3 S
root@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \& ~! Z8 g3 w- H! T$ O- ~
> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d051
" a5 L4 A. {1 A( I7 s, A[preflight] Running pre-flight checks" R" T) m# X- A) ^5 \
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
! N+ z8 H* o0 y% m [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09
8 C5 W9 q+ E6 J* r[preflight] Reading configuration from the cluster...
2 N- @0 h% b+ k% N[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
2 _: n: e% z4 ?9 z" B9 M[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
- \; ]1 U# y( C- | g8 \[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"; q' j) t' {4 @) K% ?+ @! M! ?
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
8 \/ E$ n5 S# N[kubelet-start] Activating the kubelet service$ g* g& m0 w2 R% Q
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
9 m# g; U- l+ ^$ O. B( T- t, W9 y# P/ M
This node has joined the cluster:+ I; [) o' p. @8 j
* Certificate signing request was sent to apiserver and a response was received.- e# y. t+ R4 E
* The Kubelet was informed of the new secure connection details.
: @3 Y, ^. D7 b* K( ~
3 V, x! o& P6 }2 d4 ?* eRun 'kubectl get nodes' on the control-plane to see this node join the cluster." M6 t Y" ^2 n: Y' z
) {1 p0 M! b6 u! A. O# e/ s1
) j$ t6 \, Y; v2' I9 V' o$ z' T8 ~! J, |6 T+ }
31 m) k# k6 A/ L( b7 ?$ C' E$ P
44 j- n( x( M8 N8 A* U M
5) s5 i: p4 ~' f% h( [3 X4 ?
6
4 j, y4 J% E; C: P# x0 l; ^6 z- ?7) _4 m9 p3 I) ?; Q8 m9 M" j
8* x8 p# I0 C: D& o" M z* o
9
, o5 ~, b1 v& D0 ?# o10' |' s0 F; B8 l) V3 N
11' a4 z& a V6 s( g
12
0 A: m. j7 `' A4 a' {# J131 f+ V( d5 Q1 C1 R
14 l+ J. P5 p. Z, G
15- }$ C' w8 n' b& L
16
: g0 T: U7 ~5 k8 L; f; `: h17
9 `2 a- J) H, Q* O" Z18
' C2 o w3 _$ m5 s* |$ L6 P& O验证集群状态. x P9 N c2 t$ g) Q7 v2 _- c
master节点执行如下命令验证集群状态6 \& i' l8 K1 |7 o
) @! u0 [# o$ h! @0 A; I
eric@server1:~$ kubectl get nodes --查看节点1 ~2 |# X1 N# P8 a
NAME STATUS ROLES AGE VERSION. U1 r2 C; _, }: W
server1 Ready master 7m35s v1.14.102 c& W$ u& I( E' u4 G
server2 Ready master 7m22s v1.14.10+ l# I3 x6 S% y- V, o5 f+ _8 l
server3 Ready master 85m v1.14.10
8 s i0 G( ]$ ]' X6 v: U: {/ \server4 NotReady <none> 43s v1.14.10. p) z( _7 U/ F* j5 M5 X8 m+ t
server5 NotReady <none> 42s v1.14.10
% G, P& Y, [! O+ ~server6 NotReady <none> 41s v1.14.10) E) B; P% _. F) H8 J
eric@server1:~$ kubectl get nodes -o wide --查看节点
* Z) ^ w( V2 ?& [% }4 B4 qNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME" ?+ q# G3 Z" C$ | r$ q6 X
server1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8! j; E9 J7 T& K1 E0 e3 ?
server2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8% m* a0 G0 S! @$ J# w0 A) _
server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8) Z" Y$ ^' Q: j. g R' |6 |* S
server4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.86 l" W% J9 _4 {6 y8 @0 G
server5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
; f. _ _; Y, a# Xserver6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
# ~4 }3 y3 [% @4 I7 h7 y) t2 G: ?eric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod
$ x9 N% e/ Q9 [) A! ?! DNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
6 y7 D, S) @# i1 G, y# Tcalico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>
7 ?- \7 d7 t: a1 N1 l! w$ l- J% ?calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>7 f2 _5 w a3 V1 s" `" P
calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>* x+ R) w- u* {9 U( ?0 x
calico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>) S: @' L- K+ s) A6 f7 F A# i! C3 ]
calico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>
/ O7 c) j* v6 l9 K* f$ Ccalico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>: P2 H0 v5 S3 E# E' F! ?+ B
calico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>; f- p4 p ~7 K/ n
coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>3 T# p2 f) V/ t" U" `
coredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>$ L4 `$ T4 ~/ `2 k3 u* P
etcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
/ J" F& [6 l! _etcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>& X* W# g2 t9 I3 C; x8 N! R% l2 ~
etcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none># k, y1 U1 }) C4 G4 I" M& P
kube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
6 R$ i# Z) T# r$ Rkube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>0 H4 }) t, s6 e
kube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>+ t! W: P: b# w
kube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>; q4 R4 Z% |9 u% K) l! G8 _' s
kube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>9 I; c0 L* Y+ u% o7 ~
kube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>7 t9 e; C1 x9 a3 x& z3 z; }
kube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>, F* n3 E" F! g3 c U# i1 G" S
kube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>
+ F! n3 |* g( v' |: Z6 ekube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>
2 d6 i q" n8 J6 a7 z& k6 {; ^( }' _kube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
4 r) n9 M r9 i& O! Kkube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
7 w( F* N* T+ m% |kube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>2 G. e0 s4 y; v' ?! [) c% i T
kube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>+ m, z( g$ S8 s5 X9 _% N) ^
kube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>% _8 k2 ]- d7 A9 k& \0 O
kube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none> p$ ]. {0 X; Q8 F1 Q4 d; y+ z
eric@server1:~$ kubectl -n kube-system get svc --查看服务$ T9 f3 O9 D+ P; N5 p% G
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE2 e; l- S, N: m8 c2 K" t
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m. ^9 Q' o5 K; P$ B; L* C5 s
3 E% `$ x8 L Y2 neric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态; r; }$ L* d/ s2 p4 n) p+ |
> --endpoints=https://192.168.141.150:2379 \% P9 V) A3 i( H- _; e
> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \
4 y" e! x# T' g0 N! |! H5 u3 J> --cert-file=/etc/kubernetes/pki/etcd/server.crt \8 D$ ?# x7 {* k: X! I' `; \ Q
> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health6 m/ M& j3 t, w- p6 _" Y
Error from server (NotFound): pods "etcd-kubernetes-master-01" not found
7 w! f- I k, L) f; J8 zeric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
! o" o) a) G: j* O+ xmember 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:2379
8 ]& j+ h4 ~# E1 k* R0 O0 N) umember 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:2379* C9 E- r' ~9 u; D/ J
member 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:23795 J! y; k! Y! l- l" O$ l
cluster is healthy3 e. z5 A( U+ f9 E
2 Q2 M! T1 J$ `4 L! W1
; [7 M! e9 m# W2- I; W- A- c- q1 G r
37 y s) l$ ]5 ~2 {( ?
4
( A: q4 U! u# o" h5 i8 @5
. y4 d; S! U$ u: r" P63 T+ S1 p5 _2 }7 K0 K- T
7; r6 y" L6 E: q" r* @
8
9 H* Y+ C/ F _' L91 w# ]% ^) P+ d9 H7 V/ B
10
$ r1 v& S# E) r) `5 P% ~11
8 y ]" n' y: J+ q7 ~12/ e1 W: r# F3 S0 L6 m
13 ^4 ~, \3 ?7 [2 ~
14
3 B0 p) o2 M, s% ]# W15. Y$ b6 j; J9 I
16: C+ O5 o: V( H* Y( v
17
" c2 M$ m' |8 I6 X# k& o( K F+ ]18! G" B; d" t. N9 p6 J: B' }
19
' E% z! u! }0 ]; i3 e20
- \/ |8 L; b( R) j21
, f7 d% U* w, i; _1 Y% T" }% }22
3 e: v% T8 s* c+ V( b23
. C0 b6 s. X l$ X6 T6 F/ s+ u24
7 D! N% p/ i) k @25! k4 m2 c9 D4 E9 g' ^- d7 a$ @
26
7 v9 z. o; m0 v* }+ T1 k278 S3 k- N( X8 c% g( }$ W
28
. A, r6 Q' j! a29
4 v1 ^% M5 z9 p* [, f7 r- {2 z0 z) [( w30
. f N& c6 t/ |% g M- ^8 ~31$ k! D1 t* L* P1 h6 f8 A5 l6 k
32
. c1 i' H9 j4 c8 E" l33% e% O4 w+ j) f" G, T M: S
348 y, X: r" |4 E' J* g5 v& [
35( i+ {- K6 g; ?; [8 ]
36
# V8 [: j$ ^. Y+ X0 w) Q$ ~" E- D37
4 l, w% o( l" y5 Z( H38
! L, `7 s5 S. T4 ]) V3 C. E* ` g+ z+ j39 }3 t/ Z5 p3 z+ g
40
$ I2 Y: A: ?! s1 I% @& |41
* K. d' q/ B- i421 o6 \ h$ @8 M4 X8 J- S
43
p" y2 {' n0 o/ P, n; r& X i! n44
" N) O. z( V6 ~45
6 G Q$ p/ ?9 S8 I |. O46
7 p! c5 P0 I& ^$ k N. D47, h+ v) G u8 ~' Y. D
48
/ o" w4 r8 T5 x. k' q49
3 j( z0 Q7 E3 ~7 w. i( C. R$ Y50# J7 {1 n0 g1 x- q7 u* b
51
& {9 E1 n9 D8 { V8 f4 r52
: }& Q8 ~6 A" e1 {# q53
! T- T1 t; `/ |5 I; h! g( i0 s1 N, e54
, [# [& i" y7 h A% v) H55. X, ?! {1 Y. J' [
56
) v$ r' Z1 [) P& [. `% H& y571 K1 G9 a, J4 Y" o8 M
587 k: g* Z! w% q9 t4 o
59
- ~# J2 M4 {- l( V7 K2 w6 H60/ |, G1 D2 d, d) g( Z
验证高可用
4 `8 ?7 B6 }) K iKeepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题! c( Z' ?. e9 L9 Y9 w5 J4 ^
开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机,7 U9 x( J, @& |2 [
8 `& i; L& F+ o% Hshutdown -h now --关机
3 T' v; d6 W2 ]6 \1, c! s1 l5 m" ?
通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点
- {8 ]8 v6 E5 u& u- R: U4 Q; Q
$ U' N. f: f3 F0 o# T0 t# r& ]eric@server2:~$ ip a|grep ens
( h. Q+ I9 [/ _% g4 Z2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
7 J+ _6 Z7 E- M3 K1 N+ ~. Y inet 192.168.90.32/24 brd 192.168.90.255 scope global ens33
9 n6 K8 [( Q. F' N7 L# E$ e3 r inet 192.168.90.100/24 scope global secondary ens33
; i8 i: X6 m% Q0 a$ l5 x1. G/ V6 W! f8 T. B& ^. L3 V e) J
2
" R, E+ i4 |. W: B35 I! O* C4 O, p6 F9 p( m
4
6 E4 z9 g+ G. L' n- q1 G这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:
, P1 \8 ^# X8 f2 F2 ^+ }& `. Z9 a9 [; o' k+ R% E
eric@server1:~$ kubectl get nodes -o wide
/ [) B6 b4 G! ]# ^' q: G! @, M* oNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME- U& h/ E7 n* E4 S& o" i
server1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.89 \- B9 q7 ]! v, f
server2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
2 U, e' E% y# V3 p8 K: Qserver3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
# ] A+ E# I% v4 q( R" B/ W; Gserver4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8$ m( Y2 J0 x4 c
server5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
+ u( R2 @6 J% E* l" m) jserver6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.85 p5 { _$ x8 I# U
1% F8 y5 y) O: z" e0 W
2. t1 |; z& Z+ r- J( ^4 c5 K
3
. H$ ^! }4 w4 n$ P* ]7 M; Q; V. ^4. i! B0 ~5 t7 }
5
( r. S, d: b; k6
7 L3 n( a4 y, S) }9 B7
% J1 d" N$ {' t89 j& Z0 ?4 U/ K5 E- ?
配置运行nginx容器
; _% P3 u: e4 _0 Z5 `; @1 k部署deployment
1 [4 G5 @+ c# A8 G创建 配置文件nginx-deployment.yaml如下:
' S# U( i6 n$ ?; S& j4 \ L( O8 y+ O( W4 j, Q
eric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml" O0 C6 m* K7 ~) g$ C3 Z
# API 版本号3 O6 r- p# e/ K
apiVersion: extensions/v1beta1
9 N C N+ q6 [: Z+ w# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress2 F& V# |% k6 G$ S" U% f
kind: Deployment
% i# N1 n! ]# C& P# 元数据
* }2 R2 ]) n7 W( u- w3 M. E* ?metadata:
& H- x: M J- Q2 A # Kind 的名称0 c& b6 F. ]: `% b) W
name: nginx-app/ k7 [7 m: x5 @! Y
spec:
* j$ q+ T' e5 Q D # 部署的实例数量3 b6 ~5 F: n. n t1 ]! [3 I
replicas: 2
6 Y* T! c7 d$ V: _ template:) ~" R3 {& Z: m. t
metadata:6 N% I$ i. ^0 V% q
labels:
% h/ z9 C+ r0 X5 _9 u& ] # 容器标签的名字,发布 Service 时,selector 需要和这里对应* W# q9 w# p" [# N) H7 `8 h8 t
name: nginx) D$ T! C6 g, I
spec:
, y/ g6 T$ V+ ^3 D' n # 配置容器,数组类型,说明可以配置多个容器
# d8 U) G) d3 ~! h% S: V! U containers:
8 J4 o. Y; r' O g- f7 h # 容器名称
( A, N' f9 W" s( l7 J7 X - name: nginx( y& g4 W' e. }7 |
# 容器镜像
* o5 e( s/ ?' @9 f' Z image: nginx
+ e+ C/ p. e4 ]; T2 O% ^ # 暴露端口
8 _3 e5 l" _* E$ z, s ports:
. q8 H9 ]7 W2 D, I4 \% R # Pod 端口
, a, u5 c1 e5 @! o% Z% ?# h - containerPort: 80
; P1 T0 t9 ]7 i' d3 C
7 B! X0 m1 G3 \18 e& L7 I3 q1 J! u2 g3 a
2
& ~) I- p/ ]) j" B( e3( I- x8 }% \8 u* o
44 {9 _4 v* W* S- U2 C# d$ b$ h
5- S, y. a' d! D5 o
6
$ N1 T7 Y! O2 ~' C7
3 ~7 M9 `3 G. o( _ v86 C( a4 _# c5 x+ J
94 M8 L: w) B, u8 v+ [- d3 `
10
. a2 t4 T9 d! S1 z2 t11' E4 L& u4 Y. Q2 W: X- \
12% H- I" O2 m S, {4 K- V
137 f% g6 m; K; ^; g; i
14
1 z R0 i0 _' W15
: P, Q# z) R* p16' c8 W, O7 ^6 ` y
17$ b5 b. o4 _3 A/ B* s
18: g: D, O x: J# V4 G1 i* k
190 k# Z8 K7 T# D' o
20' j% @8 H" f4 L: \+ h9 h1 L4 n% A) E: e
212 J) ^0 Z' R: k$ U
22
3 Q/ N: {6 @: U" @4 P; j7 l23
" V' j" s$ y _1 T* D24
% d7 u4 ]8 f: J v9 s25
3 G, m; F5 Q# W& X4 e26
+ \$ e, G- |# R5 Y27
: Q q$ P: l% c' N6 b9 ~: L* }283 C \' C8 y3 `! Z6 E L7 o
添加部署
7 s! v2 O: L9 V2 g. g+ @8 ]2 S% O- _5 o% C" x7 [( c. y% `
eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml ) j2 r# s2 k) U
deployment.extensions/nginx-app created3 d- t$ ]0 Y$ y. a/ U: u
16 U+ ?; B+ h- {$ a4 M; O- ]
24 o8 S5 y* N0 J% S: v
删除部署命令. b5 R! R7 i5 t, G M; K' V
/ [0 I9 ]5 Q' z" G$ [
kubectl delete -f nginx-deployment.yml: |4 w+ @/ `! ^6 K
1
, M" {4 ^- O! g; b3 E3 f+ a发布service
: [: D" Q) L: @& [2 t) J$ Y B6 C( Cnginx-service.yml配置文件如下:' q8 T7 D! e6 b* t! D, W
% f6 H. [, l- _, |" m/ o/ a6 M# API 版本号
! X% h" u: ?4 o3 vapiVersion: v1 C# E e! b3 g) W- G' x6 z2 M! D
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
: \- o- r" J6 I& m; P. {! Hkind: Service6 h7 u, f+ m, W* }. M& d+ Q
# 元数据0 w- a' W1 W b: l# L6 B5 \
metadata:
2 B5 ?# e! ~7 _ # Kind 的名称' E. O, p5 ?; s- _
name: nginx-http
' L4 w4 l; l- _7 `spec:
4 ?, R( f% A; m9 I( J2 a7 B # 暴露端口; O5 M3 a0 \+ ? _# R5 ]4 ]1 e1 F+ e j
ports:7 b E5 o- C7 \; s# m) l$ x
## Service 暴露的端口
Y1 ?7 \2 U% a2 G2 s - port: 80) x. j* F( B8 I7 L( S. B: f# O
## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上% E) a! x: G' l; W( @
targetPort: 809 ^) \9 J1 j/ x; Q/ I: W& q) j
# 类型
1 G) v Z! w: \5 b type: LoadBalancer
9 D6 i# a4 k3 N0 i( x4 ?7 R9 r5 h # 标签选择器
* r0 v& c% I( z9 {- E: \) _ selector:8 P3 m* d+ q: C
# 需要和上面部署的 Deployment 标签名对应
0 F% C3 [7 r6 ]# Y name: nginx
' R0 \2 b2 r8 h" A' [& z7 ]! O
4 R: ^4 Z3 [/ z2 @9 Z: o15 D1 p% s, g5 w( j6 L* u `8 w
2
P- l6 S" y: e# `/ G( D32 C# ^- R. |; w' k2 _
41 ^1 ]7 U/ e# g- p- b& o- e+ e
5
, t4 s. ~7 c4 v. Q+ @3 ~6
* \" |, q- T- q* o, r5 k; N( Q7
0 Y6 @4 B5 F$ ?) ?81 [1 J9 C8 s$ J9 m# Q
9# E9 i/ a, W3 T
10
5 n# y% M6 u4 i0 O11
; z4 ?+ k# O& n: d1 G12
: U/ p6 ]( [3 i2 Z% ~13- p9 b& o$ X b/ x
14
: A r7 n1 } e( d: _. a9 T15
7 T: c/ D U7 a% d4 E: D. L i) Q6 M4 R162 w, y- L9 H f* o, x4 e
177 M- F$ A8 P4 m/ @- u
18( o2 } |$ v5 ~" r6 X' O& W
19
: a& W7 f" T6 w8 z6 Z' g& Z4 \203 \) s, f% m' s# b3 e' z
218 x$ S5 w2 a9 x5 Q* V% u) E9 Q) [
eric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml, T/ }! @& d0 w) A& `* |; |
16 Q( n! s0 g& E% u) Z( Y
也可以deployment 和service一起部署
2 W8 c5 T" {! I6 m* \/ f" b) N配置文件合并在一起 内容使用 — 分割即可" \, m- o. T6 ^0 b, H5 L7 `- u
9 l$ X/ |, S6 ]9 L% I9 J& B
查看验证
2 P. E% k; c2 @) @& Z# |: K3 q5 e
eric@server3:/usr/local/kubernetes/cluster$ kubectl get pods
O3 f3 Q, P0 M( U" fNAME READY STATUS RESTARTS AGE
. u4 q+ j# C1 _* B# {, i# U" dnginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s
: L% H( I$ E4 Tnginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s5 c$ o! X8 u3 U9 P5 b* j. [! E4 _
eric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment
) L. i- E, V" V; v" ~NAME READY UP-TO-DATE AVAILABLE AGE
8 B8 @: Q& {, ?" Enginx-app 2/2 2 2 4m27s( }7 |; p J8 A7 `; n
eric@server3:/usr/local/kubernetes/cluster$ kubectl get service3 ]6 o4 [8 d. T5 p7 T- t" z
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE+ I2 T/ u+ X1 X; A1 i- Y/ O. d
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h. I9 g; h9 Y1 T( E L
nginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s( e/ q1 @& Z4 p8 J
eric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
; U' f3 p4 z; r1 G: ^' n- k3 @* G1 oName: nginx-http* o/ E% R3 y. A' G \2 r
Namespace: default
0 I: u/ Q" ^& M9 _! R% |Labels: <none>9 s1 N; e. z+ e* A
Annotations: <none>* b: ?3 S, c* N% u7 X
Selector: name=nginx8 z; q/ a- A# v+ P1 B/ J! f# d
Type: LoadBalancer% J% ?9 {/ g' i; z( T- E
IP: 10.99.153.51. I* T A9 `7 {
Port: <unset> 80/TCP
1 ~1 \. A* g/ U9 `+ ]! }+ CTargetPort: 80/TCP
5 r. F2 {1 g8 c% |! L1 UNodePort: <unset> 31467/TCP: Z: C; c3 y& D$ ]: E! ]
Endpoints: 192.168.205.67:80,192.168.22.3:80
; N/ n% l2 e1 Y- i+ E! w' gSession Affinity: None
, b7 J/ {; {' e. X& MExternal Traffic Policy: Cluster% ]7 H' B$ G. E* M! S
Events: <none>, k; k- D& Z1 t( ]
17 r; Q! x! J0 S# @7 f
2
! ^$ n, ]9 o: w2 w30 A7 @$ A" r3 ~" R
4
2 y; o2 I# b* B( Y# v _5' J9 A( m: D* V" R1 r4 ]
6
# e' Q. A* a9 x8 W( J7
& T: C+ w5 O$ E# b! [8
6 c/ J9 X$ b+ f7 f3 e3 F91 D4 V: U3 w i7 L
10
3 w7 c9 o: X6 z114 |/ z5 a) `0 j$ p& Q' x
12* ]" m7 M2 J9 ?% S6 X5 v2 {
139 `8 d8 J! v$ ?) ?$ O, E2 n! [" @
146 d9 `) @' M/ J5 I* u
15
& |+ P* h2 h7 |) E4 c! h0 _- g, F16
' S" ?% ~7 @' L; p% \17
( l2 d G% C$ W# \+ i% Y# y" v0 N187 v- }* r$ w$ ?! c- C4 Q& s7 i
19
R8 G8 b; j) J3 ~% N207 O% u* \, R1 E1 M0 j
21% Y3 I- }. l7 d4 j, M
22
4 X5 G" W+ E' k0 d- g' o23
3 a) V2 s' c: P8 ?4 v24
5 S/ e; `8 b4 v0 ?4 R25& b' i3 |! U2 j" @
26
# g0 y* d. f7 m+ L4 g* q访问192.168.90.31/32/33:31467 可以访问到nginx页面
$ \) W& L9 L6 y |
|
发表于 2024-9-19 15:07:15