|
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备% z5 T: J9 t( w+ Z% A9 e3 M% B
服务器规划
! G1 P x: U! A; r, d服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04
6 L' o4 D. `9 S h" C0 x) A192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主
2 D9 \2 z3 h5 m% d7 {! q' P192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备
) u" n9 p* [7 j8 N' i, \7 ~5 v9 N192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备! C( d3 k9 P# D1 w4 f. J3 G
192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave2 L7 M9 Q' x' q
192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave
$ j3 Q4 h5 T2 v0 r* `) y192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave
: r2 ?/ M1 P& i0 O4 | G. J$ K' a! t" v
三台master节点通过 vip 192.168.90.100 代理访问
+ m5 h! E0 \1 T) e# h- k$ f. n7 B' g7 x$ C- k
环境准备
( y- ?" D- X) o3 {# |% _3 Y按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:$ H4 m, {# X( b8 I# n
同步时间0 [8 z' D. o; b# M5 L
设置时区选择亚洲上海$ y1 s! D. _& f
( F5 N% H: H) m; F: j
eric@server1:~$ sudo dpkg-reconfigure tzdata+ s; I4 `, r; d+ L5 c! f
[sudo] password for eric:+ }3 T+ F T# V3 F8 ^
9 K! a6 ?% x( s" ~# m+ ?
Current default time zone: 'Asia/Shanghai'
0 m, |' R& U, s- i& p) d4 VLocal time is now: Mon Aug 9 23:05:09 CST 2021.
9 U$ C) K, u h/ ?5 b, h- f* e+ fUniversal Time is now: Mon Aug 9 15:05:09 UTC 2021.8 V2 ]! w8 ~6 w
1
) b; {8 a6 V. V( Q( j( e# j& I25 r% l, P \* ~- M" o
39 y$ G2 B0 F: ]7 @, H8 B8 b( n
41 G' t% T4 [1 i' U
5+ _/ H4 c: o! `; L. D) p7 W
6( g7 B' X( l& F1 Y( m4 {7 e2 s+ p
eric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate9 `+ ?4 d! W7 U9 e8 u: { W
Reading package lists... Done
7 s: J$ S" `! U+ z( F/ U$ f A......: h$ h- j( x, n
eric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器)
4 n! V$ e4 |0 z3 v! c 9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec6 x# W5 n( r N1 T ?5 @6 u' ?6 }
eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间
0 c' B! ~) Y9 m" g" E# w. \7 qeric@server1:~$ date --查看确认时间$ ^4 n2 [! H. p. o C' J
Mon Aug 9 23:06:49 CST 2021% C- Y5 z: }& A1 W
1. X" o4 F6 w/ g$ `# H/ Z
22 Z# n( g5 Y6 f( n3 o
3- b9 _+ I% | H
40 w. S7 G: ?; y0 T% {/ g5 B- y4 N
53 h; x- s& i: e/ i" `, P+ z8 _
6
7 \8 i ~) y6 y$ _0 u+ s# x3 V7
! _7 @! u/ z" d, b! O$ L8
6 A" E) C- ?5 q: c) M配置IPVS
; f B' C. H; `+ G8 Y0 @2 Q& o" O' y; ?2 ]9 z& r' Y
eric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具
1 {/ Y2 Z. ^* I* s0 m+ n* pReading package lists... Done G0 t/ R$ z" p% C# @0 I
......
) w+ @+ V7 n1 J U b6 Peric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块
0 e/ y7 b1 S- }- @6 v2 deric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存
$ i& ^4 Y) n! j5 tmodprobe -- ip_vs
6 f9 e9 X/ q2 dmodprobe -- ip_vs_rr7 w% V r( q& R: v
modprobe -- ip_vs_wrr
, \9 ?* H4 } R# F* T( g4 q4 `modprobe -- ip_vs_sh
* N$ V7 Q3 Y$ p0 V3 I) C) Vmodprobe -- nf_conntrack_ipv4
0 s, I( [7 K3 |0 g6 X& V0 F- n( ?; S. W9 `$ c1 g
---切换root用户执行脚本否则报错
; R& j; u0 o1 [- o' N/ n4 ~( X/ sroot@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
! Q" v `2 x# o$ L' j+ Z8 Qip_vs_sh 16384 0& T7 _7 ^. W; ?3 j/ @
ip_vs_wrr 16384 0+ } k7 k6 M/ ~1 c F
ip_vs_rr 16384 0# t/ x; Y; E/ `: l! X `: ]
ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr6 e' T6 @4 U, r4 C+ k, Q! e
nf_defrag_ipv6 20480 1 ip_vs4 }4 W4 Y' }$ D) W; b! ~
nf_conntrack_ipv4 16384 40 I2 D$ h- I% i) g! q4 J
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4$ l- B( e8 m# x0 A# K
nf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs& q% Z: Q! w( p* @
libcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs47 K4 _2 p6 v# \4 T
1 s4 A0 ~* ^* \, |
" j) O* w& |7 {* P18 T; |; P' F' h7 b
2
! t. H( [+ U$ V) T3
+ S. [8 m5 I* G7 w! j$ G1 T4( ? F3 p+ Q4 j- y) l3 y
5
0 P9 a: O; y! @0 q( g* T3 R5 |6# P( G9 Y- E' Y+ [( {
7
* x9 T5 `9 c( @& L0 y, R+ s84 ~2 g6 _ c! s9 F5 ~" u
9# V' p' ~- G/ U9 R) Y b9 X6 U
10
, k( D$ ^% B% y6 w) `- u6 f1 S11
. A( \# T/ r2 _7 \) g/ w( ?% c12
9 p$ e% I' ~; D4 N13* l8 p \ u6 C# \
14- r7 e6 w- A/ W$ _) @$ E2 y' S
15
& {6 M/ D7 C3 M16
% I& C# {7 Z$ m! Z/ J0 G8 \17/ ~. |6 q, ^+ R1 ?; [% k( j0 m2 }
183 Z+ }& }# E. M" |. [3 {* i
196 M0 o$ d4 J& w! L [. \
20% |8 R x9 z6 S0 A7 n: Q
21$ s$ h9 b9 |7 y% M' Y1 n
22
) a' r) G2 U, d' A23
0 j7 N' d5 H9 x配置内核参数6 K. b; Y3 ]1 P" O
6 A4 p2 ^8 _* [$ d7 A/ W# h% X
root@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数' Q' ]9 m+ l) ]9 I( B, I
net.bridge.bridge-nf-call-ip6tables = 1
# E3 e2 [! Q/ |0 v7 s% Jnet.bridge.bridge-nf-call-iptables = 1: {& s( U1 ?1 }9 c' V3 O
net.ipv4.ip_nonlocal_bind = 1* y3 m3 M8 i9 n. V. s8 j1 s; m1 o L; L
net.ipv4.ip_forward = 1
# H! f( B: A) X* A6 t4 yvm.swappiness=0
- F& q/ l0 D9 T; k& S7 Aroot@server1:/home/eric# sysctl --system ---应用参数2 ^. ~1 i' T5 \
* Applying /etc/sysctl.d/10-console-messages.conf ...
" f! e2 X8 C: u4 d* z3 H* ?kernel.printk = 4 4 1 7
$ U6 O# o4 z& i. @! A; u8 k' a* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
4 m C: t! v0 t8 ynet.ipv6.conf.all.use_tempaddr = 2! B) i: G, C8 Q! S6 ^
net.ipv6.conf.default.use_tempaddr = 2
4 g! c* _( |2 l5 ~5 [* Applying /etc/sysctl.d/10-kernel-hardening.conf ...4 _5 l5 ]% ?( [ L9 {
......1 V9 B T& @+ M+ a! r5 w
* Applying /etc/sysctl.d/k8s.conf ... --生效' l4 \/ I7 g( r2 l6 }
net.bridge.bridge-nf-call-ip6tables = 1
$ \2 Z# k3 `6 Mnet.bridge.bridge-nf-call-iptables = 1% s& U9 z; }" T; f5 q
net.ipv4.ip_nonlocal_bind = 1
/ Y1 T4 t) y0 x, s- K% pnet.ipv4.ip_forward = 1( G/ l$ G7 ^" g
vm.swappiness = 0) e7 n8 c' r- X! {; i3 K
. {6 y6 x! T) \! K! Q5 L) U% a/ q D1
4 i9 y( N1 \2 J+ u+ A" x2
5 J0 R6 b6 B" F3
) i; ] I; O- U* a5 R- g4 B2 U4
$ z. {5 I- t1 }% w5
0 E# s8 M9 n7 d7 K; i G) X) v2 ]6
; R6 u8 S" a3 V/ U @3 C7
2 ~$ s: h) ~5 W% `8: ]% ]% n& ^( K2 R, @5 k- y
9
; x0 ]1 }9 e; n8 H ?+ m4 u102 j+ }1 c3 p- I4 d1 `9 A K
11' j {0 j$ F, ]$ y; k
12
: i; X) L' M( L. |, g' m13" z; l$ \2 q% F+ L5 c" m2 y
14! g( ~' V9 `( p m* [
15
1 V% Z. ~9 n9 T. E0 Q: E16# {. t. R2 H% P% ~( V
17& ~+ l0 A/ ]7 ^9 U6 @6 J7 C2 V& ~1 Q
18; _! {" h- j1 D
19* s" u/ O" V" i& s S) W1 q
20 J% `: ?/ v1 E" N. t4 x# [
修改 cloud.cfg' T- v/ @/ V- T( A/ G* L: Q) t1 l
6 E$ n. M8 T( v# L, C+ ^) _) |9 o+ m" ]vi /etc/cloud/cloud.cfg
0 X$ h) U# m4 k+ R5 K9 P( o# 该配置默认为 false,修改为 true 即可
' C9 @% x. d. o% y: p" jpreserve_hostname: true) ^+ I- n1 p( _# P( K
1
% d1 z0 }4 D4 s, y$ L, g6 ?2
( E4 D0 ]/ c g, m# r4 g3
7 n. [0 A# s f; M ^4 Y. W i& C克隆虚拟机并分别配置ip和主机名7 r! v8 l! ^1 X
4 E* w: J8 `. T% A3 O+ f2 r% r
hostnamectl set-hostname server1 --配置主机名命令# r! r8 n3 E/ z3 j4 \. f. H
1; ~' f) _6 n' i' Q
ip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效6 y. q1 Y) F9 }& d. y) i& R; {5 x- g
2 z7 x9 G0 S! J1 `5 \0 r" f" d: U" k: f
eric@server1:~$ cat /etc/netplan/00-installer-config.yaml
7 {, P6 L+ P9 o2 G' {; P, t# This is the network config written by 'subiquity'
# i* j6 w2 L; G6 Y7 D- Pnetwork:1 S" K! g$ Q: _' L
ethernets:/ ?) B) V! o! ~
ens33:" Q, V: _* s ]7 j( N
dhcp4: false
* r, n1 w8 N) T3 f; v addresses: [192.168.90.32/24]+ E# X! `- j! S& M' j& i
gateway4: 192.168.90.1
* v" j9 R! S7 S nameservers:
9 I9 \% Q" n: H9 V addresses: [8.8.8.8]
; o2 k8 d( ^# \ d7 k) G; } version: 2. w1 e: J- n+ o2 }' t
1
. O$ `! ~" [$ Y% A24 B a) t7 w y/ Y8 o9 }) f
36 A3 A' V0 d& i/ g; o: s% n
4
+ U0 L2 s8 B4 ?5
5 l D# j# L* R7 t: p6
4 n) b7 R4 b5 D/ w( f0 c# l$ q7+ E1 H, L* b4 Y- U6 G( M
8; P- x f- X0 Z% B
9
& _* ~: g2 O4 I/ r1 X10
( s0 g6 R7 \( @11
+ Y( f( g8 T- _9 |2 ~1 t% V. M/ {高可用原理
8 I1 V5 }; u5 i5 Q% l7 D8 O- HKubernetes Master 节点运行组件如下:9 w6 f; r y; \, ]+ W) X$ O. A
kube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制
) q/ L) K! L Kkube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上
) b; n# j9 @; Jkube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等
0 K, Z' T2 ~) u2 t& N5 B; ^+ W( getcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)! L( y2 g- x- o! O6 c
9 B- ^1 |8 _: h, [! P+ b q
kube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。7 R; {# V- L7 q- ]
kube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件. l7 f% O; W. u6 k* M* D
配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:
" ^7 w0 k4 i2 e4 Z% \0 k% [; P# yKeepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)7 o4 J, Q" r0 F: y! ^
HAProxy 监听 Keepalived VIP
1 f- I4 y- k6 _( ~/ K' r运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点/ K3 X2 f5 \+ M. M
Keepalived 是一主多备运行模式,故至少需要两个 LB 节点
8 |6 |; `5 S* [2 V- |* HKeepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用
4 h0 y7 ^8 d' }所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver). U; t' S* e' G# s: N
" w/ c. i% H; h
9 ~/ y8 V1 E7 C9 q! |( R9 B: Q0 L) ~5 v$ b
安装HAProxy和Keepalived8 i! k6 `+ J8 L3 b
HAproxy启动脚本
. g% V( B: @" ~' Tmaster1节点创建HAproxy启动脚本,并设置执行权限
8 I# }6 L8 B+ p0 k( l6 w R3 t5 F
: l" m( I% B. [1 [, v# Z* c- qsudo mkdir -p /usr/local/kubernetes/lb
# d- i) d" E8 B3 d' v) vsudo vi /usr/local/kubernetes/lb/start-haproxy.sh
z1 W. t* V N. D/ e7 r( X/ W/ V' b: ]2 W. S
# 输入内容如下9 w* T5 R5 I1 |" O: y
#!/bin/bash
# L: s* x: P' w! i6 N f# 修改为你自己的 Master 地址5 R4 @' }3 v }2 f0 ~. b
MasterIP1=192.168.90.31 l0 {9 Y5 W/ P& t3 v
MasterIP2=192.168.90.32
' R- t/ \- y, ~+ [* F, vMasterIP3=192.168.90.33
' {5 M6 f' F1 C% n# 这是 kube-apiserver 默认端口,不用修改
' W) p2 Y0 X' @5 cMasterPort=6443
* j! y& f; C! O: L/ ~8 D) Z$ g% @8 x5 z6 m
# 容器将 HAProxy 的 6444 端口暴露出去 e% q' }* D: e
docker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \
$ F- D% U1 d7 F+ `" N -e MasterIP1=$MasterIP1 \: J0 k/ s9 l7 X- `
-e MasterIP2=$MasterIP2 \2 A( ]( l% A( y4 L: D4 {8 _% t; s
-e MasterIP3=$MasterIP3 \/ m+ U S& j; U& x7 t) @
-e MasterPort=$MasterPort \
; N: O- W8 W9 A wise2c/haproxy-k8s' j* v1 R# k" U, f. T4 [$ `6 ^$ _! J* s
( T6 i5 U* t6 z, i! \! h
# 设置权限& j" c1 Q1 h0 X! ~* I
sudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh: O& ^$ j) k! [; ~. ?
, s# x$ w5 g1 i! u8 y1 I
1$ { }7 v: l8 q! F
27 H* C, z9 ?$ |3 i; j
3$ T8 R3 l9 A5 Q# k! g& N
4
/ y: y l# V, \+ @3 M6 m" }5* v) l4 L& v& h% j" q) l6 v5 w
6
1 a2 N2 r* S+ F8 t4 _$ i7
/ O! E3 a0 [& e1 ^; M/ E; {! k8
5 r/ x) ?+ h3 E4 D+ k9 }; F9
' g% I8 {) p9 d: I: Y x103 `" i. |, U, \: R9 h0 M: I2 O2 J
11+ u, h9 i( S6 V5 E
12 m4 p6 h# B/ q
133 j- D% |8 j1 M+ o! w0 O
14
% p. ]4 e+ W. ^15' P9 Z! R3 q( L+ U2 }" ]
16* g: g1 a" q, }3 j. n) \
172 C$ h* u' ^3 u+ w: ?: _# E1 X
182 U9 z# }2 i! g u
19/ e/ I2 n y9 S
20
- P' Q. h8 `2 s" @* V1 z2 R21
0 V( [5 ^- O; T$ b22
8 Y* h, {, b; e: D. q" j' Q1 hKeepalived启动脚本
# F, }+ O y* H0 E/ e/ zmaster01节点增加 keepalived启动脚本,并添加执行权限如下:# @" `5 p; H' o! G0 U
2 a/ D7 l% n6 Q" F; Ssudo mkdir -p /usr/local/kubernetes/lb
) C; j7 E- N; g2 }. Xsudo vi /usr/local/kubernetes/lb/start-keepalived.sh/ }8 t5 j) V. q# ~' Y( U
# 输入内容如下
& t9 n9 p. d% |2 D( b#!/bin/bash$ q' A. X( D4 s) M
# 修改为你自己的虚拟 IP 地址$ f+ f: X& b7 i8 R# f
VIRTUAL_IP=192.168.90.1005 w/ a: U! f4 y* `/ i+ W
# 虚拟网卡设备名
/ w6 x' R! D5 oINTERFACE=ens33
5 R: B& _+ t7 O3 H0 { U G# 虚拟网卡的子网掩码
/ h8 y: X2 K5 g) V. [& X& PNETMASK_BIT=24
- K& [) x3 u2 S- g+ A# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口8 @' e* J0 k% g" m0 L7 ~% }
CHECK_PORT=6444
J0 A% @( c, d0 N4 _7 v- z; K7 E# 路由标识符
2 o+ F, n$ [0 JRID=10( I: k C6 r% _6 V( O! w4 P0 b
# 虚拟路由标识符
+ E* Y" V! a4 \' k* [2 ] pVRID=160/ Y) _5 t- p9 V; |' W. b/ \ {
# IPV4 多播地址,默认 224.0.0.18
+ [0 N& j' ^) \MCAST_GROUP=224.0.0.18
! s% {6 I! j) p$ Y5 B9 r) ndocker run -itd --restart=always --name=Keepalived-K8S \" G4 z6 E U; d# c. o T) h! x
--net=host --cap-add=NET_ADMIN \
6 v" ]: Z4 N2 t -e VIRTUAL_IP=$VIRTUAL_IP \
3 L( f2 I! V5 T1 y( L; l -e INTERFACE=$INTERFACE \- T5 k1 k( P- s% ]
-e CHECK_PORT=$CHECK_PORT \
* k# u0 x( M% L" ? -e RID=$RID \
3 D- w( Y' G. D" m) f/ ` -e VRID=$VRID \
, ]. R3 y( C- h0 x5 ^4 M( K3 P -e NETMASK_BIT=$NETMASK_BIT \/ T8 }, l0 b8 U) z6 R3 i1 J2 }
-e MCAST_GROUP=$MCAST_GROUP \- r3 p. v" E. }( P" {
wise2c/keepalived-k8s
# p; s7 h$ k( o# 设置权限
' Z2 F9 ?, y, |% S% ?. Z2 [sudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh# K$ b. i* ]8 k' j) \. x9 ]' }
5 V9 ~" h- q$ o7 ^* v/ Y
1 N! d6 c- ?/ S+ @3 W6 e1 J
2* _( Z# E0 O* s4 f' V, g: C1 O
3/ V1 z* a3 d: k/ q: |
4
+ ^1 _' |, ^% _* u M1 K5
' j5 m q) u8 m- n' V4 k6
/ [& } |" c) ?- a" ?/ f; b6 f7
" {0 W1 o. u# _3 M! z: A% L8
( O& d* K% }: g9# T' k0 h- k- L- f8 c
109 g% Z c4 t2 d# R
11
8 V, R0 |3 \/ h& ?& a6 Q12
/ B1 E0 R O( v" B, Q5 n7 G13, |% N7 U6 _& ]9 X/ |. n. n& Z
14
. V: R) @4 _+ @. b15: i L8 o+ d4 S# I# w
165 a+ z% M2 J4 q f+ `3 _: l% N
179 ^1 W+ R1 c' V! i0 r2 Z' e ]& ^' D
189 F Y) j q4 T0 O* h1 m% d
199 k3 D) q; P) Z7 k4 k) q4 z/ E
20
/ R# Z B9 d9 _- h21
1 Y2 {6 D+ j$ G4 c22
1 A; f' c: A3 x" `6 b! ~23
|% z; Y" u9 [2 X9 X9 a- q; Y247 M. J* G: B& v3 |: a/ b0 {
25; l5 Z. d! x- f- W% w! s
26
% B ~2 b% B" }. n7 k27 f, w) G+ U0 l7 W6 f
28% c) y% b2 b! m' \' M$ ]! q& {
29( I2 ~! [* d7 S5 `! x) r9 [
304 A$ o' B4 I+ Q, z5 @ N2 `3 G- t
复制脚本到其他两台master
F( l1 Q o- [, S- Z' ~/ B9 m32 和 33 创建 目录 ,并复制脚本文件命令如下; R4 ^ `- K( B2 O
: f! z7 s$ Y3 csudo mkdir -p /usr/local/kubernetes/lb
- G6 p4 ?/ U2 Groot@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录, G; t" e% I! i- l; k' m
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric
7 ]* ^ M H* m1 E4 c1 ^& F" xeric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb
- M: s7 D. C1 \" U, i& U# K1
2 {: m R6 d5 @1 G( g20 z E7 U; H, u* h9 y% \( E. O
3 C# S8 m+ k1 t/ R
47 q; w, D8 B8 z! W) J
启动容器
! i7 J; r0 ~2 A, }6 K( Q0 |三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像3 B k! e2 Y l$ {+ F
* w( C$ @2 W' _( [7 ysudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh$ C$ i% @) a$ o4 t9 `, c
1; e7 J- X5 ~( S3 L! n- `( D
检验容器
+ A, \9 E, H5 V/ b7 [% [* M三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:. B; a8 |( Q& L u. l
I: g5 \, k5 n# o( s" Q) X: ?! @root@server1:/home/eric# docker ps
8 P% y5 p7 @7 U J: ~0 U8 E8 }) qCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
" `" z6 c8 \$ t2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S8 {1 w/ Y0 X: V& Y. ~' q
97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S
o: \+ X6 b& ?# v8 O. D5 E1. o$ h& S3 v9 b K1 R9 _
2
; V; ~7 @1 n4 {1 n- ]# a; @: b3" y, S" O* V; r4 I Y
4# H& N7 T0 R$ O$ C% B6 P) D
虚拟IP验证* C/ R0 q3 h5 s% b
31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:! p" W- q% U& w% @6 ?4 L1 T
; v z9 o9 Z8 a+ I8 N z
eric@server3:~$ ip a | grep ens33
# m) v( \) N' w6 ~" ?% X2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 10009 g7 Z7 I( A, H1 H# m6 g/ Y3 m: Q
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens334 Q- e/ H! `5 [- a: s, k/ j1 O
inet 192.168.90.100/24 scope global secondary ens33
- ]& o% P/ u0 C' [( ~10 D4 x$ ?0 e4 U, U0 h- G6 w7 `
2
; E0 e; |. D' n' p) @1 @1 [3. q1 f* i7 N: P& ^$ ], M* v! m
48 V6 W5 k' R$ {5 B. V7 J; y
部署K8S集群$ L' g/ q2 g3 h
创建工作目录并导出配置文件
V& V4 ?( y$ B2 i+ j
! k9 f4 r% O$ f( o% m/ X# 创建工作目录7 w8 ?/ ^3 C2 f- N0 d7 I
sudo mkdir -p /usr/local/kubernetes/cluster
+ |, G$ t, ` q# 导出配置文件到工作目录
. N" I, m' g3 E8 n$ `6 ]# r9 ^& j$ gsu root
P' M; `3 a9 _, ? kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml
9 N2 T! C6 B- I+ q% U& w3 g- a( a9 p5 T1; R6 p% ^) O) n! h, w" O
2
% K' L. ~3 N: U% P3$ }4 o- T: ^3 j f$ I X8 ?
4
) V# V+ i/ u7 v( D7 p5 w( |7 w2 ]52 R5 V! C, c" y6 d( \
修改配置文件
; J/ D3 m+ q) ?9 j2 v- W+ v33节点修改kubeadm.yml 内容如下8 x- @; Y- M3 p: G
4 f& _# C4 Y3 U; i: l' N$ qroot@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml9 `2 i) @9 A( {. m* R/ H$ J
apiVersion: kubeadm.k8s.io/v1beta1
9 Q1 b$ {/ ], ?# O- y vbootstrapTokens:7 C( h# }7 j' p" c: a/ I8 i6 B1 u% Y
- groups:: ~9 J/ z6 i% d8 a P W
- system:bootstrappers:kubeadm:default-node-token
4 N- n" U- s: I1 J token: abcdef.0123456789abcdef2 w( I# l" E- [, e1 Z2 S" N/ l
ttl: 24h0m0s Z: P' d2 n2 t2 ]: x
usages:
- ~* P2 y' S/ x1 Z - signing7 P: C3 u1 n' y ?& x
- authentication
/ y7 W, m: F* V2 ^" \# G' ~" qkind: InitConfiguration
t. r- N- a# {; F% u3 SlocalAPIEndpoint:& O* e5 i8 w) w$ F. H3 d% h
advertiseAddress: 192.168.90.33 #节点ip$ u6 H9 K, {9 e+ Z# T5 Y
bindPort: 6443
7 E: E; g8 l* x7 G4 g6 p% ^( f/ XnodeRegistration:
* h ^5 f# o& @9 @+ b O. P4 [8 j criSocket: /var/run/dockershim.sock
1 k3 ^7 N7 O( ?5 @( Z) C name: server1
! {/ W Q3 D; e& ^( e taints:5 _! ~; C) y- s( I: t& j
- effect: NoSchedule
0 k6 I% v, b% p! h- |/ c: P key: node-role.kubernetes.io/master& z9 `) t( r0 q( S
---
: e' r" G$ m( t: F HapiServer:; b$ F- w8 e3 p2 M$ q
timeoutForControlPlane: 4m0s7 i* e+ q+ b' m" u
apiVersion: kubeadm.k8s.io/v1beta17 E) J9 P) C4 Q1 r
certificatesDir: /etc/kubernetes/pki
9 d" V' h/ ]! I& y' G$ U: `; M GclusterName: kubernetes3 m" {9 X% J r* D% Z! ?$ {/ ^8 j
controlPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口
% {' c8 w6 p4 L, d- T1 gcontrollerManager: {}
+ t2 F# ~$ T. U5 m) k: K* Kdns:
0 |7 \/ u8 A! O! J type: CoreDNS: `8 [- g! Z/ B
etcd:
7 i; s. a, _* n- L4 Z2 Q local:
9 X9 |) Y7 g( i5 V dataDir: /var/lib/etcd$ {9 E+ O9 G7 u7 G
imageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库$ e% Z' j7 d, _# S X
kind: ClusterConfiguration+ I$ p' a# g) |) ^
kubernetesVersion: v1.14.10 # 版本号( n, i; e. U; d' c/ b/ G \
networking:
/ i t! @0 A) D# |% g, ]( D dnsDomain: cluster.local
8 ^# V! ?- I( k. @( n1 A( e. k( F podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16 ( I7 Z" l% N/ z/ O
serviceSubnet: 10.96.0.0/12
: a$ Z( I( Z$ v* [' G2 ischeduler: {}
. z- f. Y3 U. u---, B5 W! X# e3 q& I% A( |
# 开启 IPVS 模式
5 U; x9 [) T: r& V j0 G& BapiVersion: kubeproxy.config.k8s.io/v1alpha1
% g; V0 v' X( akind: KubeProxyConfiguration, \3 b# ]% r( \* u! |5 A
featureGates:& i% r6 i) B+ `8 \- I* o9 V9 {8 u: e" X& A
SupportIPVSProxyMode: true
1 M7 g. j& W" Q V/ e9 smode: ipvs
& W) @' L, T. l1 i! A. H( b6 {# ?3 f. B. R4 ~
1
. u. V: w% t7 A# d$ w8 M2
* A% h2 J$ g" }* P @: k5 ^3
% k7 L% o W4 k9 E0 d4
; k, b9 q0 g, R! X5
! e) o+ d% s! J6 g2 Z6
2 a0 P$ ^$ `. h7
4 \( y e$ c. ^0 l8 V& L8% {/ a/ N+ M- E @4 e/ g
9
. v4 [! \& q; l4 W3 c2 L10
" C1 ]% Q8 w9 T8 ]5 i11
5 F, u, g0 Q0 T0 ] K12
+ k9 o [" {# M5 Z13
: t4 @3 k0 M* U, T14
1 O; j1 g" L# `1 o151 S/ R. V; `7 p5 C+ `6 i5 i
16+ x0 F% b' Y2 `4 `8 C. r
17
+ \2 O) z7 {+ o' Y: r! a18
: {' y+ [1 H- l! C4 V. Y19
9 M3 f2 G2 T: X/ {! q* H4 k20
5 b3 h/ ^7 I- s, N! k21
, p: U9 n9 k1 C5 m22/ b8 A9 r2 E* z+ k6 }" z% w
23. d$ H; s' S5 \! I+ \" e
240 i+ M! }' K7 Y7 G7 K
251 p, I! z# `% k" ]
269 k2 T ~4 M* j4 G# O
27# b) n) \9 @+ s. d
28 q8 Q2 X1 h( }- n7 d) M
29
- I3 c/ F) }! x30
9 M' j* n3 _" m2 e3 \* Y- T31$ F( f8 h* E' X- _$ f/ E
32
) E* S! V6 g2 D: f: W8 l2 W33
. k1 x7 l$ `3 l! v& J/ H34
1 h/ X0 N5 G% ^8 W3 o1 Z352 t, V9 W C. w9 E2 P6 k
36* l `2 C- z" u- o
37
4 c6 [* e* q4 M; F5 e" L% o0 p38
r2 y! p( s+ i2 a; G39: c" B1 N( n8 n4 l/ A1 W5 Y5 M: Z; I
40: W! X5 c* ~" G5 O# J8 i8 ^
41
, ~5 q A2 N6 D9 `42
, ]8 ^) y. I$ l9 ] e43
; |2 X7 {8 ]+ y3 Q44, k7 o! f8 g3 X$ B' a8 S0 N# X
45" F, h q5 h" N# o! z' f( O
46
) Q- W" I8 k1 ?" [' q3 Q47
0 ]' {9 \0 o. A4 v48
9 A3 r1 K1 Z9 c, @8 ~kubeadm 初始化master+ y! a& J2 I( C
e) k5 j: j* L# @6 z
kubeadm 初始化2 z/ |% |2 d; ^0 r2 R8 J
, f" t$ @+ {+ u7 x m7 i$ `0 x3 croot@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log1 f* U2 V, N- K' @* n+ s4 a' I
......$ H& M0 y, m+ f$ T: }' ?0 k
Your Kubernetes control-plane has initialized successfully!# u0 u. r0 A0 c+ |" o0 y8 ?* o
3 b' X2 L% d( `To start using your cluster, you need to run the following as a regular user:
6 } D; F) H3 e. N1 _7 r+ O$ ~' ~+ t9 u( x/ H/ k
mkdir -p $HOME/.kube" q8 y4 R8 D2 X( ?% L- {8 h
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config! G: o& i' N/ s# ~( T
sudo chown $(id -u):$(id -g) $HOME/.kube/config# e$ i' Z" L; A5 O* T: G3 _
' n) L3 N( {- q7 YYou should now deploy a pod network to the cluster.4 y! Q/ L6 @2 u( B8 n5 m
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
8 m" w% @( ?; R7 y https://kubernetes.io/docs/conce ... inistration/addons/& C! m* V0 W+ E# A
3 \) s E/ }' o* P" p8 D6 i4 jYou can now join any number of the control-plane node running the following command on each as root:
" K: V$ i# H& {! B
7 K3 l) G& N1 V% X6 G kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \* g; t* Q8 T! x( x1 g, `
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \9 _5 k9 [: q1 D6 c0 q
--experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf; l/ l, j1 x6 `+ F
, ~6 D; g* k& x3 F) N) C: P7 {
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
3 U& U: o5 E( h$ H5 bAs a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use' l: z1 G# a3 Q r
"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward.
% H* L) [1 P% U: U8 e& e9 k; w6 N; h8 @0 n/ L& B- J
Then you can join any number of worker nodes by running the following on each as root: z' _$ `% J) B$ C' H0 c
/ G7 T/ M/ ]. `, M# N! z' Z
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \. N! B: H$ A2 Q
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e
9 a: M) h; f0 B( u& h
e: \6 [5 @. G( q2 q g1; }$ [6 i' i5 N) a O5 U
2
2 Y% j- C: B- w& l3
! @5 W! J" D5 p0 u' u/ y) {6 J9 R4
! S" [- s* l- S1 L5$ q% e: d7 |% |" g/ r) P
65 N: O$ I* s/ J/ q9 X9 O
7% r6 O2 w# e! F+ X% T* F B7 ~( A4 v
8
9 `; @) Z, o$ ]9 _ z9' E. `7 n4 T, `5 l# T; Y5 Y! E
10
4 u3 T% R5 A! z# {% X9 H115 n# B" r* |" ]8 C- X
12$ \& |& \8 r8 t- Y' q
13
; p& X% U( Q0 |, z" v9 [* J14
5 u h4 W- W7 ~" L153 d; }: y& Z( ]" A" q% _
161 a+ w- R. K0 @ F; m) d
17! _, ]" E; \5 ~, G9 @5 f- d
18/ W* E" }* X p& Q4 e
19- {% K/ h" T h- ]3 v* U
20$ D6 q- h+ J% ?, C( h3 F$ ]
21
( C4 I7 @# X( i% U22
9 a5 P2 }; h: t& H5 S* c234 I" D" m: v$ U& U2 Z
24& W( R6 [& q1 B: c
258 }. [% o% d0 f
26$ ~" e M, J+ q
27# y' k0 Z6 I% P. F6 S8 m/ a
28( `9 z6 g4 n' | ^& o6 x/ g. i
根据日志输出,切换到普通用户eric执行以下命令8 i; c/ y1 Y( j& B5 u6 Q
( r$ R: V: ~% {! Vroot@server3:/usr/local/kubernetes/cluster# su eric
6 K1 F3 [& B' }% _$ X Ceric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube
' f; Z# h0 Q7 N6 {' v/ x8 H, ]eric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
7 W3 J% ^! L! `9 u& }: Ueric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
2 Z# r* ?* \8 ]2 R& p! x1 S1' P+ i) ^5 c: M5 D
2% j+ l/ Y# C) ?6 {% D# |1 t
3
6 x; ~6 S7 B8 R. j% _4
) W$ T+ x3 m# D3 L4 R/ s, A验证是否成功/ Q+ E; j7 z$ d% n& ^; V' o$ |/ B
eric@server3:/usr/local/kubernetes/cluster$ kubectl get node
0 T2 X, m% O) nNAME STATUS ROLES AGE VERSION
9 ^9 V! {+ \- e C% rserver3 NotReady master 4m11s v1.14.10
/ q! f! ^0 x8 A* I8 a1
R6 u% g2 p! C9 E! r2
3 A @9 }( S0 D! v* {3
2 m2 H0 d3 i5 m; q# Z) B安装网络插件2 v1 E9 g: W. K9 S5 J
& h N* [, C( y7 a3 [" J
eric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml7 P% f [" e' y; k% S h4 T( W3 X
configmap/calico-config created
, k. P4 Y: N" g( @( _! E5 Y......
$ d7 M [& A+ m5 Q" d( J6 Z: j) Lserviceaccount/calico-node created/ v* o" F: S/ Q
deployment.extensions/calico-kube-controllers created4 q/ Z: P6 H6 e. v& [' j
serviceaccount/calico-kube-controllers created% ^# N3 n C3 K g5 N: L. a
1' H( {/ b" _/ _: J
2
6 C2 `7 C- K: k S3
- s5 y. @: l% L, d% ` S6 N% I, g4! e* h3 e9 h/ S: _* w) D+ n2 Z. @
5! w. T+ ?2 g g
6. _. o" s' G* Y: r
# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态
* s( g. t. W& E9 w+ d) c: u V7 Y: Wwatch kubectl get pods --all-namespaces5 s# e& h! c" @! q
kube-system kube-scheduler-server3 1/1 Running 0 34m3 s! z. O$ U b% H2 |9 h( l0 K
Every 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 2021
8 `0 N; @' V; `9 rNAMESPACE NAME READY STATUS RESTARTS AGE J6 ^$ p* w. Z% G, K: g& m
kube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m' u: O, s' \5 i6 u, _2 |, D
kube-system calico-node-sb2kb 1/1 Running 0 64m
0 ~( J% A) V9 D+ o& H Tkube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m
9 D" k/ J5 E3 O6 @: P! Nkube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m
9 I( I( b- @9 o' f! ykube-system etcd-server3 1/1 Running 0 65m
& m; E, Y; y) K1 K: okube-system kube-apiserver-server3 1/1 Running 0 65m
6 r0 T9 y& B& H0 H8 j; Mkube-system kube-controller-manager-server3 1/1 Running 0 65m) B; C# B8 ^! }# @
kube-system kube-proxy-q42pg 1/1 Running 0 66m b8 L+ X" e6 u1 I+ H9 G( b
kube-system kube-scheduler-server3 1/1 Running 0 65m' H+ S- s8 T) i ^ Y% ?2 o
1
% ~" H! B8 \' T6 @: a+ K& ?4 _2! V7 q! k& k0 u; N8 M7 u- r7 ^7 a
3* k3 R) E3 q8 b! K7 r. d$ T
4
* W$ ^: T& _! ^! G0 I5/ O% Q8 {% ^6 f
6
# H3 }: @0 ^4 c8 J7' U. _& g# Y) |6 _9 _% a" j( V0 V6 @
8
2 I+ _1 G3 h3 V8 N9
) `3 ~( Z( q& T107 N) u3 ~# T8 }* S- d; \
116 Y! h+ X( Y+ k
128 F) B( g4 n' ^, ^/ d4 ]
13
: n0 L5 N R: X; h+ {. m14! \& k/ T4 W# R2 X2 _
加入mater节点
5 L* |9 l0 P' b2 l a. o31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。
, B4 J! b% x( E- v8 g9 [注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数6 O# t8 G" i* B6 j. w: [' c' j- I
9 Z9 c/ Q7 m( [5 P! h+ u kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \% V1 Y& s3 _9 I' T( S# p8 Y
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
( x% w0 q. l6 H4 s8 G- P5 O6 S/ E2 E --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
5 E. ~/ r2 ?4 `, Q, ~, e: X, `" B) o0 b* k/ j) ], X! T b: ~
.....
7 O2 B: r# a5 t" J+ m y% h[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
; a( V0 U0 R7 Q- z7 a. ]+ ], j[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]9 x& A1 B4 A; V7 c! p D
# M4 F9 ?$ R4 y' S- L! |( D0 V
This node has joined the cluster and a new control plane instance was created:: v. Z: a5 D) d' W( |) C) y; o
" ]" Q* z- ?7 [* L) M. U* Certificate signing request was sent to apiserver and approval was received.
- ]4 |' c7 l' R" W1 F4 b* s- d" D* The Kubelet was informed of the new secure connection details.
+ z( Y+ q6 G0 _/ Z* `% y4 Z% a( j* Control plane (master) label and taint were applied to the new node.) u! j4 S+ x5 v. p/ ^/ r
* The Kubernetes control plane instances scaled up./ J+ |9 {, @: Q1 _
* A new etcd member was added to the local/stacked etcd cluster.$ f$ ~. v1 \; L
. G$ i. G' |( I/ \% f4 qTo start administering your cluster from this node, you need to run the following as a regular user:
9 \( c' Z8 u+ K% p( ~8 r& J2 D4 l& b; y- \& u! I
mkdir -p $HOME/.kube$ m- ^! P$ @4 ^# w
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
C) x" c7 S2 Z- j3 Q7 Z+ ? sudo chown $(id -u):$(id -g) $HOME/.kube/config! r- W7 a1 q& H* ^2 ?9 {
+ _! ~+ ~4 I- x( F1 [; ^! HRun 'kubectl get nodes' to see this node join the cluster.
) X1 M1 r9 t' S+ |( l! l0 j8 d/ ~% P0 q" {9 t- l2 S
1
4 A. H( |! t2 ?1 b1 E r2
# E: Z2 i2 W& Z- ^7 ^, K# ~3
* u# N" G+ Q+ N; q: l% _49 x2 O2 d8 d. \% o+ t
5
4 B( l2 X5 l6 X, U+ f- D2 l62 R8 ]8 M1 [8 K7 |" l( I% D
7. D& L; ?+ L1 l5 B! f6 P
8$ q8 P# ]- |% t# u% v- V. M
9
3 H* t! @# b. W: s9 w6 `1 m) X109 [6 N8 ?3 t1 D) X) M ]
11
# i$ z. C. d9 k2 t: [# z5 Z122 i. E8 d3 E( q8 N
13
4 R' d) d3 S6 M }% Z0 A. G14
7 ?+ W- U+ z2 ]) ?. N15' A5 _ x% C! R+ P
16( C4 j( h) o( f0 _: m
177 e# T _* W# g; S( q) O- J
189 J; H" @- @" U" q/ {$ V' m
19
9 w$ d# G9 s6 _; T$ ]206 s6 `) J- h( h
21+ p& }" d2 Q4 L6 Z
22
. `0 P4 O! J; J: t3 b6 b23
& P. N6 b& m) m- G$ V* E按照上述日志,执行配置命令: f0 N9 i4 y; W6 q$ h4 Q) f1 {
1 [/ K4 O% E# q- d5 M1 Droot@server1:/home/eric# su eric4 [# z2 B: Z( _; F+ s; g" h
eric@server1:~$ mkdir -p $HOME/.kube
% {! @& B% y+ Ieric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
( z5 k3 E( l' j: _( p j* P[sudo] password for eric:
/ w$ ?% r: }2 V! [eric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
8 P; \/ F7 {/ J1 G# q3 B+ o2 H1
. \; N) L9 _) ^( B' W! I" w2 X f/ p2$ _* Q+ w) a- M8 O
3
9 q- G" }0 r, Q* A8 P* D& q$ Y4
m5 [! a6 s; R5 w5, i; X0 G. S1 L6 j
加入node节点2 D/ _9 P2 ^, t: | ` Q% ?
三个从节点分别执行以下命令,加入集群: ]7 G# f& Y0 X: D
初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。( i$ H% f# T. Q- F1 k
- E3 O$ h( c! {* U
root@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \1 u9 E5 [& _' k/ h3 k
> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d051( y: a3 k8 a' Y. A
[preflight] Running pre-flight checks
$ o8 b* t7 v) T) x [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri// L v& b- G+ c+ ~
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09 G+ L- @0 o1 V8 o' j2 l
[preflight] Reading configuration from the cluster...: x3 [ T4 O) Z1 u! v
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml': N/ O- z+ W( ]# f; J5 q6 U& G- S
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
6 w8 i6 \# n: ?[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"; o1 u( }. {; Y0 g, i1 ~
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
7 f4 ]! o. E |' `+ Q[kubelet-start] Activating the kubelet service+ D' j5 c" D9 D
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...7 a, F1 U3 X, x2 C
' v4 p: M) j& fThis node has joined the cluster:. r, X2 |& F+ h5 T* q h; `( e
* Certificate signing request was sent to apiserver and a response was received.! {- W; `7 `) e0 |, N
* The Kubelet was informed of the new secure connection details.
% Z9 ?6 m) V3 h* u' e) I- s) z5 ^- ?; [. e+ g0 `9 f
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
* F1 N; F) x+ m- V7 \( G" h( _1 O n$ D6 D7 {% x6 p) M1 }- M
1
; j: l# O) G# i+ \2 ~: b24 `; P) F1 P/ `$ Q% T
3. ?4 L. S' C6 J1 q
4
p: g4 J9 e: j' b; d: n$ c5
, T& j' Z5 p5 T2 ?6( F9 O3 E% r4 U" Y$ Z7 {
7/ T1 q7 Q+ J3 X# t* _
8
, k( w1 f# y! J& C9+ A7 l8 Y5 P; k$ ^6 j9 M4 d
10
0 }' p$ d) E$ |8 e11
9 i) o. [4 z/ u A5 [12
A R+ p2 p, J p9 b, c13
! h* U. B$ l/ b7 h! H2 i1 |: \14
" @0 J; a; M) d. S! u7 R& `15
1 D$ E7 T* O2 _7 G- T |/ B1 t/ N163 {+ D" Q. ~8 ] q- J
17& R5 M Z* A, Z. S' Y9 ]/ K
18
$ Y5 @; ^8 Z$ K5 A( E. c4 B验证集群状态
- L8 W* a& y; ]7 Cmaster节点执行如下命令验证集群状态# l! x! p5 M; F& y0 Z- O3 H
) z) b; V5 Q* x# ?/ H' b6 o4 V. ]eric@server1:~$ kubectl get nodes --查看节点& I& J" E7 z7 w Y3 O
NAME STATUS ROLES AGE VERSION
8 u& r7 O/ M& D- a9 b/ D! H6 rserver1 Ready master 7m35s v1.14.10) l' \* w, x8 h/ _% \: H
server2 Ready master 7m22s v1.14.10
2 t5 k. P! z) {4 n: t9 Tserver3 Ready master 85m v1.14.101 x0 f4 {3 n L4 _% i! @' x1 q
server4 NotReady <none> 43s v1.14.10/ ?$ ~" H: D4 L, {- x9 v1 L6 I" k
server5 NotReady <none> 42s v1.14.10
: q/ c, b* w a( u" V( Y" {server6 NotReady <none> 41s v1.14.103 Y5 d9 v0 s# \: {
eric@server1:~$ kubectl get nodes -o wide --查看节点9 R4 `3 p# s3 w$ ~
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME: n: f2 P, y6 T. @( s3 V8 e
server1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
; r! b+ i, y2 _9 Oserver2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8: ^/ I9 @- L2 ]5 \) F2 n* T
server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
+ t5 @% p: ?( m; w7 K- c0 vserver4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
9 @( M3 b1 a# Zserver5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
$ M: Q x4 @0 ^& }! W3 dserver6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
# o: a0 c" g( Z6 ^% b: Y: P. weric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod( p+ x9 V& t+ Q2 i) e( Z# m) g
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
; B* P: F$ v( t' x! X$ D$ S- v) Bcalico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>4 y( S J7 F6 R& {, G$ K
calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>$ x0 b. r/ b5 ^2 P j0 |' S, z
calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>) u8 x9 l; t0 w) D6 ~
calico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>7 U& l. r" s3 K& L8 d; Y, v" |
calico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>: A; X/ Y5 ^# [4 r2 Z, u! `9 \
calico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>; j" z" a* P3 _" a( i5 S' g' J
calico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>* k* X. _% U! E! T0 n
coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>+ I% r) v9 \% j2 A! S2 R# i
coredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>$ ]' X) |) U1 b# E8 M- ~
etcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
( _) U6 |, D2 @) X" L0 hetcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>: i' v/ ]1 T' k W& F
etcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
. J* Q- @: q' E( @# W2 ^kube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>/ M3 F, l2 {3 ?% U
kube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>$ c" |# \" _1 E/ W% x1 x6 ]
kube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
; q/ n' u$ ~5 \9 z3 ?kube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
4 i; {! n+ ~6 V" Ikube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none> K7 g5 _5 C* R2 H' W) L: |
kube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>' n$ ]" e6 X4 h% X7 d; h
kube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
5 x+ [: i+ u5 E0 j) Gkube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>
- T3 ~* b* u. z2 S+ F C1 l) C& Bkube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>. f# Q( G7 Z) H% |
kube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
, C* v8 v/ z" _6 Y5 p. hkube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
7 A" H9 d( K8 N7 s' S$ \kube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>! b% |0 v$ d" b6 i9 g/ N ~
kube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>& m9 f0 a- p. X& e3 |
kube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
! M% R1 _) |5 B: Z% Mkube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
% |1 j' W7 ^- beric@server1:~$ kubectl -n kube-system get svc --查看服务 F5 B$ F. w; {/ e6 b: Y" a
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
' h0 K! Q8 B, c! Ukube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m7 i5 w9 b5 x0 a' M) P! @) Q
( X/ o# T) I. {" Q H
eric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态
j% [: [& x% L; r- p> --endpoints=https://192.168.141.150:2379 \: A- `. I6 ~' _( G0 F b" G3 U' I
> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \; _: y( @5 p' X' w& ~4 D; T
> --cert-file=/etc/kubernetes/pki/etcd/server.crt \
6 j7 L( r& N1 l% K+ E> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health
" o6 T6 ]9 {5 t$ p; U7 A0 cError from server (NotFound): pods "etcd-kubernetes-master-01" not found
1 I: y6 C8 N5 leric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health6 D8 U+ L" \6 n' n {
member 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:2379; }1 D& I3 d. b8 l y2 K5 k0 w
member 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:2379
* ]5 a: s+ |' f# M; z# N3 Omember 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:2379
( b) k6 u# r# v: o/ ]0 G% Ucluster is healthy6 n+ u0 `3 U9 x( k8 j' S: t
( R' E3 }8 r$ x& J8 f3 O5 m- s! K1
% q. T0 B8 {" N/ K' i8 }* u2
- e; E7 b6 L2 |3 B# y! }: f4 c3 b3
9 \- ]" B) p1 H; R( f- y) Z' D4 s+ S( [- K+ R2 k
5) @' a, k# P& t9 {7 J
6+ L4 U+ T7 G! A( ?6 C# ^
7/ t7 w% U/ | X. m/ q: _
8
9 A& D3 p3 v* N/ b# P9 g9
1 c& ~& z0 K; g% M W10" K% W: B; l% J- Z1 c7 f1 d6 ~
11& j/ Y( s; s: I, ^, f
12
" M2 U6 l, u, L5 j13
: i0 P# W/ |5 ?' e4 `" o14: m: A) \( f z! I" x( \. G7 h
15
' i/ g3 ?2 ?) Z+ W& _' N. P/ \16
7 v# s. j0 f. R# W0 P17% V+ X1 r ?; ^2 T6 A: O" H# Y6 h4 G
18; U3 N/ h/ o: w" L* I; N
19( g% c4 e4 w( v. b1 T
20$ r9 k( _7 \: `6 m
21: z( V( |# }7 ^" C; m* \
22
) }- F: ~0 n, ~: I. `0 n7 H23
" o" |/ T$ T( Z) A, a24
- V$ _; b! n* S! j% O, n4 \! q' W- f" V9 ~25- A; R, O& D! o/ X5 N2 d
26$ Z5 ? i# c1 F7 x/ s" Z1 I
27
1 P3 n4 ^4 V) r28' ~. V T) [: m6 W
29
9 x9 l$ H+ T9 b5 o( c308 B# z, Z+ N/ L( e
31
" q7 x7 F) `" T+ C32
% u1 y, r) ?) ]# Q) N9 g( n33
8 K, S' V+ c* {; p$ c; f8 \7 U34, a$ D$ x+ y% o7 f0 E5 a3 K8 N
35
- J& _( s$ q+ w" B" F* r3 X36+ B$ z" K+ M; {1 M/ {* J
372 ]' j7 ^0 `8 m: o/ J* W: Y* h8 l
38( f. L9 W( |+ A: ^' Q% J
395 y2 h8 N" c7 J9 g% G
40
- h' H/ _% x5 R y5 T* w41
+ s! y( |( a- `& `% _( v. e( \0 I# z42
, w5 t& {! h* h% u2 B5 n7 b: t3 o43
8 J8 T/ {8 Z6 v& s44
: C8 V% \+ B. w7 p+ }- N1 u6 Z45
/ O% X# x$ C5 j$ r' k46
9 i! e; v$ }7 M4 B" a47
/ C/ O: N7 t/ F& y48
% D, [+ ]0 d3 U1 g% q! G+ Y493 n3 f$ V, C4 ~( L, P% r& p# l' r
50
% g- r9 a9 T* K9 _- C8 B51, c; v# j- S, y6 D9 {; O
52
* y/ _9 Y3 F! w/ s. D% X53
- l. v) a+ H8 ]4 a2 F. f# z' p545 p8 a* c+ J) A5 ^
55$ ?4 N, t# ]& g6 c+ W* X, q
56
" J D1 `+ T3 i! n+ H57
! t5 _& @, r* u9 n. T9 p$ f, q! ]587 l( W0 Q; Q3 H) y, h
59& O8 s" u$ }2 U4 P
60! p7 Y$ }* ]- d5 f* X* E
验证高可用
9 L/ ]5 g4 q& AKeepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题
! n8 j F( a/ @3 \1 \, _开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机, [8 E+ c X4 U4 N0 f9 s5 x# j
7 K( O0 U; i9 Xshutdown -h now --关机' T3 \* u# u& }" x, q/ n. X+ D7 j
1
' B% y# M7 Y8 o; U5 o/ G6 U通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点
1 H6 B- q/ G, K3 F$ o) ?; y
$ }; V7 q0 V8 D+ V( u& I! Zeric@server2:~$ ip a|grep ens
- ~0 F$ I2 {7 T2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
" B5 k5 K% ~' q& P1 g$ |. L inet 192.168.90.32/24 brd 192.168.90.255 scope global ens335 ?0 Y+ b0 G* W" j+ d0 U
inet 192.168.90.100/24 scope global secondary ens332 O0 w: b. _$ N- E
18 ]/ k8 o6 u3 I
2
5 @# ~, N7 O8 ~9 r# N. y3. I7 Q. V+ n# D3 ^
4" O0 l. J0 N3 p. P0 @6 @4 ]
这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:
2 o' w: u" C7 b' ^% Q
& I2 {$ N3 A6 q5 U- N, J9 L Seric@server1:~$ kubectl get nodes -o wide
& E! o* K- _* yNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME! ^" t" N; h7 r! P1 @
server1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.88 _4 o1 J; g7 a& A" p
server2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.88 [6 P7 r( n9 @! Z
server3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
/ Q. l- ^3 N8 N5 e! Kserver4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.87 p) J* ^4 ]0 w0 Y f$ K; t
server5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.84 u8 T8 b* r7 x- S
server6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.85 D: w% l* C" C& J
1
% O* e: Y1 B- `5 K2* d. c5 r% u; A5 t, Z) c# [1 h
3! X1 B+ `; _$ e
40 w' q! D; ~" s% Y( J% y" o/ Z& D3 d B- l
53 j0 a' M, l! |, E" O; F8 H
6/ x4 i* B- `: B+ f% {' Q
79 w- h3 o$ y4 W# d9 L
8/ ?4 R8 |0 h, {$ ]
配置运行nginx容器+ k" c' o1 {. Q7 e `
部署deployment2 W+ n0 p7 n6 r {2 f, n: g
创建 配置文件nginx-deployment.yaml如下:/ U" g1 m. ^4 G
& W% h- c7 ~; O7 f U. L% Yeric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml' |+ W0 Z% \7 v+ n
# API 版本号
, z( d8 m& d, a% k: [; vapiVersion: extensions/v1beta1: h5 I1 P2 C G3 t5 ]4 A% R+ J/ B
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
, D( L0 \$ L2 i3 a$ V( t& ], Rkind: Deployment+ P, ]0 M* ^/ `9 ~, }! l w/ c
# 元数据
5 n: d7 b- Z: \metadata:
4 M' i/ ]; e: D! D M' n, Z+ n( O # Kind 的名称
$ m% N! @8 j) E p& V; w name: nginx-app$ d9 m& T9 x" L5 f1 d( ]
spec:
0 f: ^: ?4 \+ m% d( A # 部署的实例数量3 B/ y/ |( W, d. `% g+ W
replicas: 2" n$ m0 H: v w2 K! l
template: U0 R$ C" _5 N5 j
metadata:8 C. i* F' O( W4 l9 [1 r
labels:2 m/ F2 a" V0 i) e8 G- }" I
# 容器标签的名字,发布 Service 时,selector 需要和这里对应
; K$ ]& u# D$ Q" k' ^% M/ N name: nginx
0 ^6 x0 P/ X/ n, i; {7 ? spec:
/ K* N, h$ g) ^9 c # 配置容器,数组类型,说明可以配置多个容器
; g( Z+ Z3 Y! o containers:
$ n; B, U3 _7 P! H6 {6 A/ T' H6 m# x # 容器名称
8 d0 A( m/ t( ]9 h& T0 J1 O' v - name: nginx7 t" ]. t, t2 Y1 w
# 容器镜像) h+ g9 E8 K% S% k2 z
image: nginx
3 j- I. j1 | d' l # 暴露端口( ]+ {0 Y: p$ W! O8 w
ports:
/ K. E% C/ c1 l0 m # Pod 端口3 b' Y; m; Q1 b# `: f3 X
- containerPort: 80
" K8 ?9 U- W5 e
$ `5 f. o! g2 k$ S. K2 i. ~17 ^7 W$ @$ n6 b' y
2
8 u" T5 | X, H2 G& v8 L- v l3, ~8 F* s( s, r2 \! C) }, _% q
4! S2 [6 ]+ [' _ ~: T
5
$ r R' z; [ }0 C4 ~, y$ X68 E; q- T. ~& v# {& }% ]1 b
7
6 b7 I$ O9 {1 w' Q% Q0 o$ i' n i81 ^$ C, n) E6 v! s3 G; y! N
9% O( b7 J' i9 d3 X0 ~
10
2 ?( T! j1 E2 K+ \11
" a; I, a* S2 v( `4 o, Y1 O. u120 r3 D5 x% i( I) \
13( I. |7 u4 j/ o0 R/ D
14" T5 h `) g' K! j5 Y* s) q
15
& R0 B) e( e) f p6 u16
! c/ |/ V. F9 C# a& J0 R; J171 J/ @% l/ v4 a3 W7 e; C1 f4 M
18
. K2 h) j) }- S! s/ b3 H' r" V19( Y' A' e/ M& h. E: T
208 I7 P1 k+ r9 h' s( ^
21- a& C4 _: N0 Q7 E
22
" Z1 ]5 X3 `/ L& j8 Y) {# ^2 @23
) t- l2 d0 L8 _& @$ R9 l24
6 H5 X* D7 A4 j: L$ m* K25
! r q& Y& x: L9 ? a* E26
* f9 _. X/ H' l5 K8 T$ p# Q279 k; d5 l& a5 K6 ~+ ]1 a( s
28! c7 H+ q% Y3 l
添加部署
1 W u( v7 ~8 q, K `
5 ^. e; }3 A* W& y5 i; Geric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml
4 F1 H/ b3 \" t p/ V% Edeployment.extensions/nginx-app created
2 ]9 `0 {, L( b# \7 G. f) ^' |1/ @, `. L/ ]2 n! ~$ T8 d: X
2' c" K$ o- ?4 a- {
删除部署命令: l L9 D2 }# F1 |- q
* U1 P) g9 M, \' [8 p0 @: [kubectl delete -f nginx-deployment.yml4 A; y+ ?5 t' a, F8 e
1
- B9 K. P! Z8 x发布service& Z4 W( ]# W k* Y# H Q0 {
nginx-service.yml配置文件如下:. u: q/ X e5 Q! x! |) }
0 Q9 y) s7 S$ k' |6 ?
# API 版本号" z# J) ^8 U0 d9 k4 G$ i7 c
apiVersion: v1+ \) i$ j7 y9 ^' ?" u6 L6 e, L
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
0 E4 A' R2 j, H) b( j& Hkind: Service
1 W5 _$ K2 `+ F/ a' ?& v: K# 元数据
0 D& e! a% ^ S2 c" {metadata:7 [- G+ |3 ]/ l c0 e2 m3 O2 ^
# Kind 的名称
# P5 w1 I, [: D S" C; _# j name: nginx-http
0 m: `7 N3 r. [: y) {' bspec:6 G& y3 f. T2 h* y, j* y5 w+ I2 h7 R! g0 d
# 暴露端口
: Q, n+ G* f1 z5 H. | ports:
4 |+ B. [' X5 u8 |0 r4 K ## Service 暴露的端口
6 N6 t# g7 x; ~ - port: 80
[1 z4 Z" R& g v6 _7 U' z ## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上0 B f- n8 G2 O N/ K) Y3 L2 [
targetPort: 80
2 ~3 ]; a R6 m7 c; f8 _ # 类型
4 S- h8 K; x* N type: LoadBalancer9 q7 R! r/ {9 b4 z
# 标签选择器; e3 _- w$ L! q& n
selector: p1 L4 y/ a/ X, j; w5 `4 [
# 需要和上面部署的 Deployment 标签名对应
- B K ?3 x, a/ K; s5 a- P. e name: nginx: G+ b1 P2 P( X# U0 c
: d% o" m& Z0 n4 g: k5 k1
+ U( L& ]) D a6 D9 s: b1 I2
. w6 g2 I- D! W3- i# u# t( q0 {
4
; A# S6 Z2 k t& n: ^5 s5
* U" g! z# B+ |) W8 C64 a9 Z, {2 _/ ]5 P$ a* f6 l1 f& W
7
- {( x/ e8 f W l8
: G' o1 U; ?, C9, _( o9 [$ C& ~: t# y. ]
10
) L& A4 A' j" y11
5 d: m( e* _- g. e; K125 E2 z# U4 x+ W2 P3 S! V A# S( a o
13, |% s$ b e" ?. |' G. ]8 ~* X
14
6 ^$ |! Q& B3 Z `6 q15
$ v) H, `/ ~# d; ~5 N16/ `7 X% C, t8 ]( X
17! H, T# f3 R7 a+ e
18
0 G9 C$ a2 A9 I4 T Q: b0 e# N19
8 A F0 T6 V. G! ^; q20
; G0 W8 \% F2 ?$ }4 t2 m' D( g21
5 [8 b8 g2 p- y& jeric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml! b `: @( e: M' e1 {+ o" I* p
1. r& e1 l f7 A
也可以deployment 和service一起部署) e0 S* H6 @$ ?2 W; s( D
配置文件合并在一起 内容使用 — 分割即可( k' |' x9 @% [, R% l; c
9 E- B% |1 p0 O5 a查看验证4 e f. o: X- L$ @
4 ^1 q5 C4 J- j! f5 D& Meric@server3:/usr/local/kubernetes/cluster$ kubectl get pods
: U) ~) G- y i; H$ |NAME READY STATUS RESTARTS AGE8 p/ t/ C6 s# G
nginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s
! c! t; I& T, y& S. }nginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s
/ y2 k$ u2 j1 [! b: Z# b8 meric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment
0 i8 _* P `7 ^) kNAME READY UP-TO-DATE AVAILABLE AGE! r2 P4 z, I0 k
nginx-app 2/2 2 2 4m27s: t6 b: f6 n( b( y) {1 t, z
eric@server3:/usr/local/kubernetes/cluster$ kubectl get service" {+ _2 m6 d" z) H( j5 }* P0 c& }
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
, d- w5 M# E, u) y; G% s* C8 Rkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h+ N" \' t) J( x0 T$ j! Z+ L9 u
nginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s5 b0 b- Z. r6 ?3 t: i
eric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
( k+ c# u. a# `$ [% g0 o1 Z$ l% v6 `Name: nginx-http
( T9 n3 I A# B& iNamespace: default$ @1 }+ E- L; ]/ R- t8 |
Labels: <none>
1 \& m. }/ {9 k. K" mAnnotations: <none>
# Y, D2 Q' W) \% g3 X" \Selector: name=nginx
* z X; ~5 W, R0 |/ h% ]Type: LoadBalancer
: L' n0 y! j3 H7 A& fIP: 10.99.153.51
9 B5 J( [! q- ~7 u! `0 E hPort: <unset> 80/TCP( m, H+ _2 \3 w' C% g F( \& R
TargetPort: 80/TCP: N5 X5 U3 [' V+ w/ ?
NodePort: <unset> 31467/TCP
# Z- X' N8 a CEndpoints: 192.168.205.67:80,192.168.22.3:80
- c6 X2 K% x2 }. v4 qSession Affinity: None1 q$ h/ E1 P% i( u0 m. D3 B" ]) u
External Traffic Policy: Cluster8 Z, a, s; Z- N8 R2 F
Events: <none>& \$ ^2 c0 w5 V3 Q0 u% f/ H6 u
1
4 n3 _) g, B( v7 K- p/ K2* q* _8 b K& K/ M$ ^
36 T# G4 B" K: }5 a l" _! G: b
4
1 q* Q$ C$ }& Q9 x/ l7 p! f3 o' w5' J/ {+ p" V4 G. @) e, O
62 C2 g8 z) |, X; ^+ Z7 ?! o2 ~+ m
74 p ~ |! o, Y/ _0 M8 i
8
9 i! q6 j' d& P$ x( u9# k% Z K" d' `% r
10
! w+ z4 h7 u8 {, v6 \) @- M117 M0 E, C6 P q
12
( z. M/ m# f1 }13
3 g e* f/ Q2 M14; `5 | y, ~( J& {7 M7 ]. J
15* M! Y: S! X. Z/ x# j
16, I5 Y/ a' ]( J
17( K# ?7 J" C5 `- Q
18% U3 S9 n' j+ b7 W9 A) X/ |
19
) Z L- Z2 Q6 k7 R1 j20( d e" f" i3 t6 h. g. l; m
21, w7 ]: z! S# J7 c% f' P2 e5 ]- b+ t* G
22
+ w- C8 x1 a2 `4 h% ^23) v3 U" i) `5 R x
24
& k% d+ l9 a# ~4 D/ G, A/ N9 y- x25! n1 c4 g% u1 W; u
26
, _! x# w7 e A访问192.168.90.31/32/33:31467 可以访问到nginx页面
. w4 W: K% m5 e9 ~ |
|
发表于 2024-9-19 15:07:15