- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2025-1-14 16:42:47
|
显示全部楼层
环境准备
% t9 R3 p" `: q9 t, g3 G/ t5 a服务器规划; E/ Q4 r2 C% V
服务器配置即角色规划如下,操作系统仍然选择 Ubuntu Server X64 18.04 W, f Y, |; }7 C
192.168.90.31 4核2G 40G硬盘 Kubernetes server1 Master 主& g% s0 f: ~% l* ^9 R
192.168.90.32 4核2G 40G硬盘 Kubernetes server2 Master 备
3 ]) @5 K( e8 y( s192.168.90.33 4核2G 40G硬盘 Kubernetes server3 Master 备 u% T& G1 Z: G
192.168.90.34 4核2G 40G硬盘 Kubernetes server4 Slave
) H2 @- j& @7 ~- o6 V% T192.168.90.35 4核2G 40G硬盘 Kubernetes server5 Slave
6 H4 H3 C' v- z8 V192.168.90.36 4核2G 40G硬盘 Kubernetes server6 Slave4 d' e( A0 O( H, M9 l- W
+ O2 r" J& b2 P! x" i T- [
三台master节点通过 vip 192.168.90.100 代理访问6 _' W% e- \5 V$ t: k6 F
9 ]. B6 L# x& }! `- |- z% }环境准备9 i4 P" I: e3 \+ g0 h
按照kubeadm安装K8s集群 中的步骤,安装一台虚拟机并完成初步配置工作,之后再做如下配置:# U$ A! o! M$ ^4 s* k- e8 A
同步时间
3 j% [ D4 W% s; `设置时区选择亚洲上海3 H8 R5 B$ l, w5 ^4 K+ J( q
7 a( Y5 `' W, C# y; N
eric@server1:~$ sudo dpkg-reconfigure tzdata
0 D7 C7 H' W: b- Y[sudo] password for eric:/ R2 b8 J& [& H/ H6 g# t2 h
7 @7 M0 w# O$ s1 H2 `$ w
Current default time zone: 'Asia/Shanghai'
; G4 e- ^5 g" a: j8 cLocal time is now: Mon Aug 9 23:05:09 CST 2021.
" w% i5 N Q" g, A! v- n' W" x8 ~Universal Time is now: Mon Aug 9 15:05:09 UTC 2021.0 K% `& a# r8 f+ g
14 \' H4 F9 B9 ^9 E/ W, G+ }7 j
2 k, q0 u3 I. r0 g3 e4 O0 K o* e( N* O
3
0 y( v" k, R, {/ _+ V o4
1 r3 E! z: Y4 T# S5 s' K51 y. |9 ]& m" n8 p4 k( F
6
$ \3 |% T6 Y: R3 peric@server1:~$ sudo apt-get install ntpdate --安装 ntpdate2 P% |+ L# @1 L- R/ C
Reading package lists... Done4 m& k: Y, B' |* z6 I4 a! T
....... h) t2 c" z3 F/ i6 y* O" `
eric@server1:~$ sudo ntpdate cn.pool.ntp.org --设置系统时间与网络时间同步(cn.pool.ntp.org 位于中国的公共 NTP 服务器) b& O4 a0 }7 i6 [/ Y9 s, F
9 Aug 23:06:30 ntpdate[33117]: adjust time server 202.118.1.130 offset 0.007500 sec$ y& T: M% m: s
eric@server1:~$ sudo hwclock --systohc --将系统时间写入硬件时间* V( r/ M* e9 G1 A
eric@server1:~$ date --查看确认时间
3 m, A2 {# C8 _; }; [Mon Aug 9 23:06:49 CST 2021
, }2 G1 Q* e2 K& D9 D3 x2 J% f1
- x/ m8 n6 F1 k7 ^4 |2
3 H: L# }6 m/ d" `; c: B3
2 ^2 o9 C% w- [' z+ ]4
: ]6 w! x. D. v: `7 _5
" W$ k& A& x: p# |# s7 w' [5 I- M6! Z) e- e% W; g4 r( |; C) \9 V3 s
7; K" K1 `0 {7 Z- x7 ~( H+ A0 K
82 m+ P# I$ z% m" s
配置IPVS! G) [- s4 C. }. ?- B l1 g
: L: F2 u/ C }, w; P0 C+ `
eric@server1:~$ sudo apt-get install -y ipset ipvsadm --安装系统工具7 c2 k, x# l. U$ T. z
Reading package lists... Done9 Z0 |4 l8 b5 j) v) p' b
......% ~% w( r+ T/ h% X8 C* b
eric@server1:~$ sudo mkdir -p /etc/sysconfig/modules/ --创建目录 配置并加载ipvs模块; @+ C% N2 w$ f2 X# j! p
eric@server1:~$ sudo vi /etc/sysconfig/modules/ipvs.modules --编辑文件并保存
: g6 }# H' C9 N, _& ]2 Nmodprobe -- ip_vs
7 f) r. Y, s6 [. pmodprobe -- ip_vs_rr. K5 S$ p+ d" Q2 w
modprobe -- ip_vs_wrr
) d% n$ R, h+ |2 {( S6 umodprobe -- ip_vs_sh( J! Z. o( f3 e5 |' s% V
modprobe -- nf_conntrack_ipv4
4 j* @* l0 H2 Q, k+ [3 \! g
3 u4 v$ e5 k; y0 c/ o: C# S---切换root用户执行脚本否则报错
2 U+ j9 S4 f7 x7 H8 ~& Kroot@server1:/home/eric# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4! p$ t* c& T! a F
ip_vs_sh 16384 00 X6 G) H7 ?/ `
ip_vs_wrr 16384 0+ q0 _0 d- `0 C3 P6 U/ k+ a3 z3 y
ip_vs_rr 16384 00 j! Q0 [5 z4 j( G' Z# p" ]
ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
4 N+ o& M9 F4 z. b' \nf_defrag_ipv6 20480 1 ip_vs
% F. t* C9 z& Znf_conntrack_ipv4 16384 48 R/ ^ B, ~1 A; O+ |
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
; v5 S! g: ^7 N* w$ inf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs( r6 X$ K, T4 d+ V8 R) p
libcrc32c 16384 4 nf_conntrack,nf_nat,raid456,ip_vs4: Z( g# o4 h. v1 T- i2 D
F6 G6 n$ C: {
9 |- W9 G$ Y9 e1- K* c% Y* h" b, h' k5 V8 c
22 X4 D7 M v P$ t- d4 \: a
3) Y$ h0 v5 h2 p) j, H; V
4
2 I. {5 T' O! N8 j5 l5 e2 W0 c% k
6% l- ]1 U# e4 R' l4 T; ~* P
7
- d, z1 G9 n) \& o) C1 U4 ?- W8
7 [: t- d0 ~2 v% w8 w9) L* A# L0 o0 O+ ^& F
10+ p$ @( A% ?+ V
11
# Y; @" i! V3 i12
0 d( j1 G# I2 y8 J$ a, J5 C- F13
! E* p2 J0 R2 B6 g# S; G/ {14
& _# s1 U0 J' D% D4 K* h15
4 {: W. Z$ s4 Q9 N4 s* s) ^16; q: F- O8 a% I) \
17/ B7 ^3 ~" y3 P+ N
182 |0 ~, T, t' l' q' ~
19, e; ~2 O: R* a7 R1 c! R) C
20
X- x0 K) F' {; f. V8 e) L21
% M' n- L3 X; [5 E0 k22. p4 [5 J5 \+ s+ O; R
231 @3 ?+ \+ s9 R; g) ?" C
配置内核参数; g9 g L# \- t' O
6 U$ I1 p, P( y. c V" W: B. h
root@server1:/home/eric# vi /etc/sysctl.d/k8s.conf --编辑配置参数
% Y) @, _6 P" v. s1 K4 m) i, Wnet.bridge.bridge-nf-call-ip6tables = 1) [( c% {! @5 z# t6 z4 c7 R3 C
net.bridge.bridge-nf-call-iptables = 1. U2 e+ M9 X: w6 y) k0 e4 {
net.ipv4.ip_nonlocal_bind = 1
9 J6 Z9 b' z- R/ L8 tnet.ipv4.ip_forward = 1. y; P4 C! G9 e& k8 k' U
vm.swappiness=0
1 R# S u: b' |. Hroot@server1:/home/eric# sysctl --system ---应用参数+ X4 Q1 q, o) w) g s$ K$ z
* Applying /etc/sysctl.d/10-console-messages.conf ...
2 w P$ m! j. @, p- z! d1 Ckernel.printk = 4 4 1 72 G+ \8 C) I5 T' \" u. @
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
6 \" e; y p$ Z+ Snet.ipv6.conf.all.use_tempaddr = 20 k/ q& X4 }4 f, d. H5 f! `; e
net.ipv6.conf.default.use_tempaddr = 28 y2 A: Q* h/ n6 T9 q
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...! c- g1 p" `2 g" z+ b1 \
....... O; C. c _" J* p# U( Q9 N! _
* Applying /etc/sysctl.d/k8s.conf ... --生效0 A. L* d! x- t- m4 h) f1 `
net.bridge.bridge-nf-call-ip6tables = 11 x8 F8 k0 t% @
net.bridge.bridge-nf-call-iptables = 10 a( d( a* [3 S
net.ipv4.ip_nonlocal_bind = 1( W" j/ g7 f* }# g( q/ l3 N
net.ipv4.ip_forward = 1) T7 A; p- m' A0 |( Y
vm.swappiness = 07 |/ l- @( w$ F0 m/ X9 D& E
& u4 R L: W$ c4 q1 Z; S+ T, U
1
6 [* [5 g* _5 E9 b24 C; f! i0 v5 y. M
3% y: G% j4 T9 y! i2 c$ c `0 p. P% @
4
0 m' ?/ q5 y" G: ]' m5
' t) D' C3 n+ I" G8 j) H& U3 L" |2 ^" ^6
& G# q8 e" J' b2 e7% g! r3 I; v4 _+ S, u1 d1 L: ^
8
: Y1 A( n+ R4 s1 L$ W6 A3 ^9 C91 m4 J' N7 I+ U$ d
109 D+ g: S6 \1 C, Y& W* c/ I3 i& o
11# a/ u9 f) u8 R: p, c& T7 O/ @
12( j3 @8 l1 v! l
133 m1 U) R$ [8 m, U
14
8 p+ x) W- x4 w3 g3 O) ~6 h5 \$ I7 f15
4 D$ _9 }9 A2 h" O! {$ P) F16- J8 M) A) `- S, L( V8 {
17/ ^3 H# e, t( @4 i
184 a1 x+ R Z# A; ?
19
5 V. S' c, H4 e$ B9 ^' a20, g* P( X+ c1 i) @/ b2 K
修改 cloud.cfg% o" A, U7 v2 R9 A9 j) }* X
! a& `, I# E) ?& n
vi /etc/cloud/cloud.cfg
' `+ R/ O9 u; q# 该配置默认为 false,修改为 true 即可* \ ~4 w. f, v0 S3 K8 e
preserve_hostname: true
( N- S3 a' z. A; Q1( u+ f5 \/ H2 G0 A
2, g7 J0 ~1 U9 ]7 G" {0 z
3
4 |: h% i8 Y2 O9 s" F克隆虚拟机并分别配置ip和主机名) u5 T% P# I& S5 f) m
/ p) r" c" g# d1 T O1 ohostnamectl set-hostname server1 --配置主机名命令
' p2 H. j7 Z; D& ~, W8 k$ }1
8 i: y9 V/ \& ~: F4 jip配置:找到并修改如下文件,修改保存后 执行 sudo netplan apply 使生效 W* C4 m% T" C j" k4 H. }/ C
# D6 H/ Q7 P8 o$ |1 G4 I0 [) L3 B1 _
eric@server1:~$ cat /etc/netplan/00-installer-config.yaml
) v! s9 ^ N" H M; U% X7 Q% ^# This is the network config written by 'subiquity'* P5 H& M# O9 ^9 C, G
network:
4 C! h" k; h. ~1 |% \$ h ethernets:6 J$ W- w# s* y9 Z8 o4 L, q, y* w
ens33:; R. u/ G/ R* \! I/ p. M
dhcp4: false+ h% ?8 t. s0 Z4 r0 a9 @
addresses: [192.168.90.32/24]
9 f. Q4 }. L1 l. K8 x1 g# m/ ], h gateway4: 192.168.90.1
& D( J# C9 n; N6 A: Y nameservers:# y6 o" L' f& Z
addresses: [8.8.8.8]
' ^" ]( v1 a( \ version: 2: x, P7 L: i" R
18 | m m$ a& j& I5 H5 d; k& B/ l/ I
29 `" O, I* v' Y- q( v' H. R
3
1 H; V2 v$ \/ f. a* ]/ i% k. ^2 Q4# ~; o) x3 @4 P# \7 r1 `
50 ?; q" r X c9 ]
6# g8 g) R& M+ }, e6 M: |8 Y
7
3 }: k! y0 d2 U" n, R) r* z- D9 e& d82 Z& z4 i) P l4 ], o
9" H/ m$ y+ G& R; S' e4 @
10
; ~4 P! P$ a+ {; w111 I7 J5 E2 c- @$ s0 w q5 t
高可用原理) e% {" x' }6 t$ \
Kubernetes Master 节点运行组件如下:) q+ B( _6 r; q, p
kube-apiserver: 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制
) t) H4 f) z7 P+ Z8 A) ikube-scheduler: 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上# ^0 u( M$ E" }: f
kube-controller-manager: 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等
5 q3 V7 {' l W D( K* V5 Ietcd: CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)
. B" G5 H5 ?! K: {; ?+ d/ [! M8 J8 j0 T% z/ ?! ]
kube-scheduler 和 kube-controller-manager 可以以集群模式运行,通过 leader 选举产生一个工作进程,其它进程处于阻塞模式。
( n8 b* R' I$ y1 H0 x2 Pkube-apiserver 可以运行多个实例,但对其它组件需要提供统一的访问地址,本章节部署 Kubernetes 高可用集群实际就是利用 HAProxy + Keepalived 配置该组件
3 Y$ f' g) v3 b% q1 h' @* N9 n- b配置的思路就是利用 HAProxy + Keepalived 实现 kube-apiserver 虚拟 IP 访问从而实现高可用和负载均衡,拆解如下:
. k m$ @$ J9 n6 C6 a3 AKeepalived 提供 kube-apiserver 对外服务的虚拟 IP(VIP)( M" t5 o- V7 p3 q) a2 @, d* y" D
HAProxy 监听 Keepalived VIP" Y7 k4 @" ]6 L
运行 Keepalived 和 HAProxy 的节点称为 LB(负载均衡) 节点, e. m8 S6 p7 i' I4 e$ W- S& a- S
Keepalived 是一主多备运行模式,故至少需要两个 LB 节点; n' g) @5 |2 i" X
Keepalived 在运行过程中周期检查本机的 HAProxy 进程状态,如果检测到 HAProxy 进程异常,则触发重新选主的过程,VIP 将飘移到新选出来的主节点,从而实现 VIP 的高可用8 z1 H- |5 i s& r
所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP +HAProxy 监听的 6444 端口访问 kube-apiserver 服务(注意:kube-apiserver 默认端口为 6443,为了避免冲突我们将 HAProxy 端口设置为 6444,其它组件都是通过该端口统一请求 apiserver)
0 S# R! ^. ]( |, E, w/ x, E& |5 b0 j" e+ f
' B$ I/ h# r, Z7 D
: U f- U: ]1 }6 k- Q安装HAProxy和Keepalived
7 k' y, j( W$ \2 I3 v7 f. tHAproxy启动脚本
/ S$ `0 O; k! Z1 Pmaster1节点创建HAproxy启动脚本,并设置执行权限
% x p- i9 r2 l! ^7 d- b1 ?4 p! F; u5 m9 ]
sudo mkdir -p /usr/local/kubernetes/lb+ k3 H! a8 \( @8 a5 _$ h
sudo vi /usr/local/kubernetes/lb/start-haproxy.sh
& g% W5 F7 q6 u& k+ l% R9 g8 @4 y. A2 O4 w5 f0 l
# 输入内容如下4 C& W! Q% d1 k3 }
#!/bin/bash
; [4 z" i0 _" Z# 修改为你自己的 Master 地址( Q5 E6 l. r$ G( y$ b
MasterIP1=192.168.90.31
/ D0 I+ _4 ^, \# ]3 J6 ~MasterIP2=192.168.90.32# p8 l4 e, v. b! R4 A
MasterIP3=192.168.90.33& N2 \5 |+ P3 z2 \1 t* x; i" F8 R1 x
# 这是 kube-apiserver 默认端口,不用修改; l/ M; @7 n* T4 N: j4 R7 W/ L8 U( o
MasterPort=6443$ x% m0 e3 {5 b1 Q- W
! P5 U: T7 b% L, ?2 `+ u# 容器将 HAProxy 的 6444 端口暴露出去( L& U1 i0 z; L" f7 Q8 r/ o( H+ _4 }
docker run -d --restart=always --name HAProxy-K8S -p 6444:6444 \2 \) L. A0 ^1 q
-e MasterIP1=$MasterIP1 \4 |/ X2 A) y) E
-e MasterIP2=$MasterIP2 \( J, ~' V8 g8 O1 s
-e MasterIP3=$MasterIP3 \, w8 z2 I. d. e0 Y' k: f& E/ @
-e MasterPort=$MasterPort \
& y% j6 K" K) M5 O+ p wise2c/haproxy-k8s0 {2 B' l# e/ d% F+ f# N
0 X+ x, F" m+ d- I1 {# \; S
# 设置权限
" ^5 z( {; i4 K! Q$ C, R2 p1 usudo chmod +x /usr/local/kubernetes/lb/start-haproxy.sh" ]1 L; F3 Y) N* s' E; L
1 |" C0 a8 ~2 J& V8 q; I% N1
1 z1 c5 k" U) u. b2
+ ]7 |/ G' T6 S1 Y3! ]! u. y. N7 k7 N
4
$ G4 t8 P) l' x, X/ W5
p: ^ I$ H: \# f: P9 ~- R( A6
! v4 [' A3 _* k$ F! u7
& D3 X- @9 f( B9 `8+ l% k3 H6 M# a
9, D/ F6 {3 u" A9 k0 ^7 Y
10
9 K+ @; L: h* Q0 ~! _* [11
+ A; F% \* E9 V' n. M! Z% q12) W% B' u/ a& N4 d* r0 @ k7 j9 g
13- d- ~# g" z, M5 j4 C8 O4 p
14
$ k8 W' k+ z4 Q, c8 J& o15! U+ @/ [. h8 I8 N4 d- V% l: W
16$ M# m2 L9 m& |' q' S7 F8 G$ [( U
172 S# U! Y4 U# E- ]* W
18# u) r1 K J Z6 z$ H1 y1 y
19! I, l8 n; C p2 p$ c% f
20
( T, P8 u6 h( C21
$ F4 J$ c) x( T2 {22
$ R7 ~% }( [6 |# z* a# x, i% |9 b) DKeepalived启动脚本
( T* t' D; k5 U. c/ d! _9 T& r5 qmaster01节点增加 keepalived启动脚本,并添加执行权限如下:- P/ Q. o, P [0 w7 e
2 [" Z9 j( p; ~, p1 p
sudo mkdir -p /usr/local/kubernetes/lb$ y0 u8 K" Z. S7 C: {5 p. s
sudo vi /usr/local/kubernetes/lb/start-keepalived.sh5 L% Y! U. @% r
# 输入内容如下
4 i. y5 Y3 Y. P [! u+ C#!/bin/bash( F9 t: d7 q% Z: }3 Z
# 修改为你自己的虚拟 IP 地址
4 _, n; ?( K( V& JVIRTUAL_IP=192.168.90.100
" ?2 g% _( b3 L Y& P' @- G* Z9 R# 虚拟网卡设备名
$ F3 Z- o# n% B' U- C- rINTERFACE=ens33
) ~4 w& q% Q( q$ y# 虚拟网卡的子网掩码
7 f# @& m% V, r- q( R: h- U! ~NETMASK_BIT=24
3 c9 J, y8 l, x: q+ F+ W# HAProxy 暴露端口,内部指向 kube-apiserver 的 6443 端口
! C. [; O' q+ h8 f: ] i dCHECK_PORT=6444
+ H$ k$ x8 d( e7 S' V' @# 路由标识符
# J/ t! _) f9 S* j/ N! ^4 L8 g) yRID=10# k5 W' v }% E$ T/ M7 v
# 虚拟路由标识符* ]' T& _, |3 H. q( z8 B' S1 O, D
VRID=160
+ F/ s9 q% |4 T8 s0 @' `& k# IPV4 多播地址,默认 224.0.0.18
2 O! E* j( `/ _) P( }( U% j+ R% SMCAST_GROUP=224.0.0.18
' W8 O5 D: Z+ J/ I/ h- Tdocker run -itd --restart=always --name=Keepalived-K8S \ v, ?1 b* _/ t- e
--net=host --cap-add=NET_ADMIN \: b1 {4 Z5 m; |9 f, H
-e VIRTUAL_IP=$VIRTUAL_IP \' H5 H& Q) D' B" c+ |1 y" K
-e INTERFACE=$INTERFACE \3 |- ]& q2 }( a1 K# w: x
-e CHECK_PORT=$CHECK_PORT \7 e0 Y% U( \$ e& @9 |. t
-e RID=$RID \) |+ F' K' ?1 h4 X
-e VRID=$VRID \/ d( w2 V, J, C% h
-e NETMASK_BIT=$NETMASK_BIT \
; K$ q: d/ B. e+ ^. B/ l -e MCAST_GROUP=$MCAST_GROUP \
2 X% L% C8 P% D6 q wise2c/keepalived-k8s+ v: A. a( p3 Z9 F3 J/ h
# 设置权限/ G% N Q+ C' |/ P9 X# g- a
sudo chmod +x /usr/local/kubernetes/lb/start-keepalived.sh
" K0 H" m( A; O8 @: j/ x- a% @$ _, |1 J- W) ?5 L
19 V" i$ ]8 S: r6 _' K5 c
24 W' E4 U* {# N/ |$ j2 d8 K
3
9 k6 z" ?1 q# p41 S# o" H6 T, |0 r9 P3 O4 t
57 D: W9 y, X* A
6* i' s5 z/ w7 m1 M, g
7
$ O! R C) d- l8
' a$ N* C; t0 @2 R" N2 n1 Z97 t: V2 ~8 T' f; k& [, E
10
3 m$ a7 ]4 V7 b" Q' _/ y11
8 \$ `3 ~: o* C/ Z$ O3 f( e12
5 e, R, r8 {) J M13
) F# Z/ X, `3 F7 _3 N# G, l14
- @& Y% t/ h1 c7 `* @0 s15' L9 V8 V4 ]* G5 R/ J) l
16
`: S1 i- L: B8 D, k$ u17( R) N) X5 j0 r& F
18
3 \6 q. i9 [; ]! j' r19# ]8 _" I; e8 I& g2 Z
20* t9 P5 `" P8 _
21
1 \! `" z& D6 z4 g3 d, B22
% l/ z. b' C) ~23
2 n: \% d4 D" D3 K! | I( X* `" l240 M7 {2 [8 P8 M& ? H
25. V! o, ^7 P5 f9 Q4 Q8 @
26( a8 ]0 l8 _9 k$ {# j% p% p
27
( r _% m; S. j28
, B8 K/ K% Z# I2 o( Y9 H) [29
7 p* b- D; w1 l) |30# g& g3 y( h" A1 Q
复制脚本到其他两台master! z% G4 e7 d# q0 i' r$ X$ `9 _+ k
32 和 33 创建 目录 ,并复制脚本文件命令如下
6 t, a ?9 G' D. g& u& k" R/ T! H- m% r- e3 U9 o
sudo mkdir -p /usr/local/kubernetes/lb
( J2 Z: t0 C( E nroot@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.32:/home/eric --先复制到服务器 再到服务器上复制到指定目录* f& a# R4 d% {) v* F; f
root@server1:/home/eric# scp /usr/local/kubernetes/lb/start-haproxy.sh /usr/local/kubernetes/lb/start-keepalived.sh eric@192.168.90.33:/home/eric
5 D$ h/ q# B- O7 K% Z* A$ {eric@server3:~$ sudo mv *.sh /usr/local/kubernetes/lb4 b# R( m: I$ q0 d3 _3 S" i& ?
1* M9 u% a& v0 i7 n, V# |0 s
2
$ z# ?0 ^( C; e3 Q3
& E7 p+ H' H0 H1 O' f43 @ [; J) |' l. u; h( {
启动容器; H: R- ]8 k. a) r! E3 e3 o" b
三个节点分别执行如下命令,docker 会下载、启动 haproxy和keepalived 镜像
8 `" l9 h/ U5 i+ Q$ A* K: u* d0 d" U8 k4 n3 ^/ ?4 w
sudo sh /usr/local/kubernetes/lb/start-haproxy.sh && sudo sh /usr/local/kubernetes/lb/start-keepalived.sh
9 m& t: h' Y0 I+ k: @" t; Q1
5 E: m6 K, s5 s4 i检验容器
4 `( m( B( D/ V( s三个主节点分别执行 docker ps 可以看到 haproxy和keepalived 正在运行如下:! R D0 V# V7 i% y0 w0 c
6 R9 X2 V$ W8 j! e3 _, p1 R9 I) H) O5 Qroot@server1:/home/eric# docker ps
5 H3 J7 l9 K; qCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- S" {% ~% j. y( @ m8 o2ee95ae52da6 wise2c/keepalived-k8s "/usr/bin/keepalived…" 52 seconds ago Up 51 seconds Keepalived-K8S
' ?; t: u, x9 K- N97db17bc81c7 wise2c/haproxy-k8s "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:6444->6444/tcp, :::6444->6444/tcp HAProxy-K8S
n! ]7 h% ]2 v- J$ t1
% @! |0 N/ P! r9 G9 [2 X/ F2 J2' |, ^( T |; ^4 K
3
p3 A; r6 a8 j* t4
. Q' q+ m2 U9 `0 V! h虚拟IP验证
- J! M4 c1 @* C1 F. w8 d0 l31、32、33 三台服务器 执行如下命令,只有一台可以看到 ip与虚拟ip绑定。如果 被绑定的一台宕机,绑定关系就会漂移到另外两台机器中的一台上,默认在 31 服务器上,关闭 31服务器上会出现在33服务器上如下:. p8 |$ w+ A& |! h
/ V) ~( T6 j% V* {eric@server3:~$ ip a | grep ens33
3 E( q3 @* k& @3 B5 ~ [2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000# K3 |6 N1 i7 b' }8 ]% Z9 }* b8 s
inet 192.168.90.33/24 brd 192.168.90.255 scope global ens33; E ~& q6 G+ d/ n- p* F& `3 E" h# B
inet 192.168.90.100/24 scope global secondary ens33( P e+ n- d( Z6 `$ q; |: u7 }' m
1. Z- t( F9 p' [5 O6 i1 N
2
0 L$ a* G: I7 u5 Q3
4 t" p6 s; ?* H X4 d. }4
5 O* h& H6 x" m& E2 N2 ~/ ?部署K8S集群
0 @2 E# H$ B7 F7 l8 X; O! O创建工作目录并导出配置文件
( q- h4 Z0 g# d, F8 R n2 G) F/ z0 G5 V
# 创建工作目录( k, E( m n! r7 ~) r
sudo mkdir -p /usr/local/kubernetes/cluster4 E" x# d8 b7 _" U( ]3 B
# 导出配置文件到工作目录
/ n n+ C, v) {* v) \7 @1 f( ~su root
/ C( z" w @# H# y, i kubeadm config print init-defaults --kubeconfig ClusterConfiguration > /usr/local/kubernetes/cluster/kubeadm.yml
$ S1 i) T6 e8 e. m+ f) A A! I1
' Q' R6 Y6 S1 U/ x6 t' D0 y2; U& S& N" P7 e E6 ~& }: f& [
3' T( O: S4 z+ ~; J- G4 D
4! {4 q6 h6 y' B/ j. t( |
5
6 _* R* S. l7 j- U3 n1 U修改配置文件
% [% h5 \4 l0 T33节点修改kubeadm.yml 内容如下+ P+ S2 b& O: X0 W5 R/ V8 \* t9 ~
, y) |# X, E' Q$ z: ?2 a* o
root@server1:/usr/local/kubernetes/cluster# cat kubeadm.yml1 v7 c9 y9 E7 W6 K1 K* Y
apiVersion: kubeadm.k8s.io/v1beta17 u6 }- a, T9 ~5 |
bootstrapTokens:
, y1 w9 m. J& X5 ?" s" n- groups:( E. i2 m# |; Q! P/ E; @
- system:bootstrappers:kubeadm:default-node-token2 I) n. L# l/ @9 `3 b) x/ ~; j% U0 h9 X
token: abcdef.0123456789abcdef
: D/ P" @0 s" P: ~- B6 W% j ttl: 24h0m0s9 ^3 T F, I0 G i
usages:! O& i5 V" ~; z7 w
- signing
9 J0 P" c; \& Z+ e9 ]" c$ i - authentication Z8 P# t, s: K9 q% }& F0 U; ~" l
kind: InitConfiguration
$ k, ?- v/ z- F" {3 slocalAPIEndpoint:
5 W h* l3 y7 T& O advertiseAddress: 192.168.90.33 #节点ip
! K, Y! k! o/ p% F) v: Z bindPort: 6443
8 z$ G7 o( N7 R9 l. ?" KnodeRegistration:! d( [* Z2 d0 R/ H/ p8 M7 ]1 r
criSocket: /var/run/dockershim.sock* _+ ~. T+ L3 K( x
name: server1, i. O5 J, p% ~. s/ P' W9 B8 ]
taints:9 O5 l$ F9 F3 s; h( u
- effect: NoSchedule# z5 M$ e8 U! b, o7 T' G
key: node-role.kubernetes.io/master
( X$ Q' d5 J$ Z9 j4 o/ l2 l---# w! M* y3 G7 d
apiServer:
% k2 c1 s0 t7 G( A% B; E; K2 t7 [ timeoutForControlPlane: 4m0s& Q( r* u; M8 Z
apiVersion: kubeadm.k8s.io/v1beta1& b0 a) |9 n' o2 a
certificatesDir: /etc/kubernetes/pki
+ `, ?7 a s% p2 Z o: G$ MclusterName: kubernetes0 Q- Y3 r& D r; @' S9 ~
controlPlaneEndpoint: "192.168.90.100:6444" # vip 和 端口5 r% T! g$ @7 I0 n, y6 a, N
controllerManager: {}
( H) @ T. M: a% f) x5 \* [dns:/ l$ f$ x2 _- c, G1 ?
type: CoreDNS; f' P0 u2 p9 [. s: T# B
etcd:! {8 E' n: ~$ V* V( [+ |8 F g
local:
) ^( q1 |" T* ~2 K9 h, d! S4 I# q dataDir: /var/lib/etcd- g) t2 p8 Y! j5 t4 I, P# T* R6 B% N
imageRepository: registry.aliyuncs.com/google_containers # 阿里镜像库" V, u$ u: I# R2 V1 G
kind: ClusterConfiguration
# e& ~% K( ~% @2 e2 @: wkubernetesVersion: v1.14.10 # 版本号
% @! K. C1 @8 ]1 h! \5 vnetworking:. ~5 {6 ~. U' |' `
dnsDomain: cluster.local
* J4 W+ U: U+ P) X8 H podSubnet: "10.244.0.0/16" # IP段 不能和 主节点所在ip段冲突 如:主节点ip 为 192.168.90.33 那么这里不能谢 192.168.0.0/16 ( |$ ?% ~/ ~+ ?7 @2 I1 A
serviceSubnet: 10.96.0.0/12
9 M8 k( `8 N' q* w& S Qscheduler: {}
# M5 _# y7 v/ E$ ]3 K---# T5 h! x% u& C9 N2 @
# 开启 IPVS 模式
1 J& q' u3 w ]# j3 napiVersion: kubeproxy.config.k8s.io/v1alpha1
0 _7 t3 M; Y4 P) z6 bkind: KubeProxyConfiguration# b! l5 E* Q* p3 C/ C
featureGates:
( n G( u0 o( O' `6 o# a5 ]' y SupportIPVSProxyMode: true/ e+ b8 k( Y7 @: w8 K8 H9 L
mode: ipvs
3 j+ B% ~+ g+ v$ H. K. V' c
) Q9 i0 v& p# x! ^7 u1$ i; c6 n. F4 e) k" ]* |7 f7 k* C2 V
23 {, p1 N: a* _: d5 K
3- z7 @! P" H. T, b- G- j! D! Y3 h
4
# r0 \7 F1 c" r2 p5+ H( z0 M' B8 s( [. b6 ]* k
6
- ], Y$ X* {3 o7
) o& w' d2 S- C9 C+ U' {+ q8' g+ u) v3 H8 e; k, I: ~
93 \5 X, F) G. z$ o
10( d4 a: e8 a/ _, V) I- n& M
11
. Z- {$ l1 S( H/ ^0 o- [127 D( W1 ~0 v$ U4 M! d4 E1 V8 f
13
# Y2 J3 H$ f4 M% ~2 q1 n0 x7 y14
4 s1 d+ G6 O& g* v% k1 e- @, U15
6 W" v2 j( E7 G2 @; j16/ C( c0 k1 [7 ^& N, q5 t
17, Y# l8 a" N2 {2 I6 G% Y0 m
18
' Z) a! X/ M9 M5 e4 L& @19% d3 E9 |7 x6 O9 f: H& B5 a
20+ y) }! B8 v& y" K) j! F8 E
21
M1 a2 z) Y0 \* y22 F, g+ E( ~4 x' H9 `/ ?& c, |% Z, p
23
) l- [7 M2 I- n2 T. ?( o24 S0 ~' I( G) Y3 Y1 B3 e
25
4 t7 M9 a1 w: h: W5 s; s2 E6 [26
, G& t/ j3 S4 T& |; K- p27
/ ]& d' J( D* O2 D0 W$ d28
! f/ y; A X$ g+ A29' L7 H8 b n% z9 [3 [8 G5 H
30
% l- V6 F; w3 j/ ] h# {3 Q% z31
3 F* p+ a7 k# o, v1 c! U8 g4 g2 H32
' D( F! | C- ?( q' B( A33
0 J9 Q; g' _1 }' \34) \8 B4 C5 N& p# r
35
+ Y3 { C% \! D& @& t36
# M) ]8 O! |& L* Y; Z: x6 @; z373 |' X" K0 n7 p9 U# ^
386 a* [) A0 A; J
39
+ A& Z" q; m5 \. o+ P G: O$ S" H400 q7 H# m3 n& `# d
41" ~: Z% ^0 L6 d" `
421 Y' L' c9 O4 r% }4 \/ ]5 |% K0 L
43$ ^/ {2 c/ _3 T
44
+ G& ]# t. a) ]% U451 l! ?' \7 R3 K8 Q+ r' J
46& V9 g/ B5 D. f$ g
47
& t; j& _2 |: Q- O1 g487 b5 `& a& c6 Z/ m- J
kubeadm 初始化master! s- m2 H6 }9 R1 f
* u0 O2 f7 w' q7 N! K$ w( |kubeadm 初始化
3 z; O) g8 h, p- {& U: N# H' S$ q! h9 D H7 A) ^# C
root@server1:/usr/local/kubernetes/cluster# kubeadm init --config=kubeadm.yml --experimental-upload-certs | tee kubeadm-init.log
) z) {: e5 w3 w7 [- ` }......; H2 L+ H) X' \0 ?. D9 ~
Your Kubernetes control-plane has initialized successfully!
, `0 a% J5 v+ |3 o" y5 c% q. u. S# R7 I+ b
To start using your cluster, you need to run the following as a regular user:9 V8 Q7 _: [2 [0 z
% X8 g: [3 j ]8 {2 C# [% ^ j- v
mkdir -p $HOME/.kube2 y# f( { c( s4 ~. B' u/ l
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config$ o& S5 W( w3 u- y* [* U, m
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Q7 C1 P9 ^' v* E4 Y6 T
2 b% D% @/ x0 |0 \$ yYou should now deploy a pod network to the cluster.3 g5 D* K. Z+ I% S" L
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
. Z; p9 \; N, `) z. \8 }0 H8 ^ https://kubernetes.io/docs/conce ... inistration/addons/( K' M: O; v$ u' M/ P
0 w; p2 l: {% QYou can now join any number of the control-plane node running the following command on each as root:
2 b/ X( d ?3 n6 m9 ^+ n, s7 ^# k0 d
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
; N9 B- N6 q! d* o7 X o( | --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
$ Y, u# `1 {2 e) A3 h --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
# A# ^: o# X2 ]2 Z U) G3 h, } w
7 l% j2 z) z" z1 {3 T7 \" HPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!: K1 o" ~7 C0 F* Q% F
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
; t7 L% s: D" a) Q"kubeadm init phase upload-certs --experimental-upload-certs" to reload certs afterward.
) I. {" w3 [- Q( P) C& B' b( }3 n) P* |4 |' {5 H' _: P' [
Then you can join any number of worker nodes by running the following on each as root:
5 x" \# [( v$ |; ^# A: C4 p) D& `/ p& z! @
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \% j/ K' ^7 N+ U! x/ G) c. I' o
--discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e, c, m2 P7 e: n4 @' F
$ G# K# e# T& D# @1
5 E2 t2 l6 D4 B/ e2# T/ _7 L4 z) d, J* I, \6 ?
3
9 v+ B" Q4 `- g46 g$ h2 @; G( Z2 A: H3 ^0 N
5: x L, _0 G7 T% z* O
6; M% d" T' v8 w( U- p2 Y# P
7! S/ u, |/ T8 r `# @5 F* ~
8" d4 ?( g) b: N" W* T' t" V
9* A3 W7 ?; y7 N, O
10
6 e4 s$ q7 H' {& e116 X7 J0 v; j r
12
& q' v& j: V; c. ]3 g% l133 z" N* X0 L/ ~* t
149 ~2 d9 r+ [6 D1 q/ z
15
5 \+ U( V1 t* r. d; V2 H16
4 b' Q3 ?9 f3 [2 V17
' h. w+ G- Z8 O& p1 S. P6 @18
% x* D6 T; C: z: C( j192 D `$ B/ m8 }+ f
20* @& F% @9 X( Y& `, K, Q$ c* I
21! p- c' T9 j* i
22
+ w% f4 W1 z: p23
9 |' d7 d; B R! ]- y- U) x244 G+ S) K4 M N) l( L2 l( ]
25
& @4 Q& t, ~2 }) F0 V2 Y26
; E0 U1 k( d: _, Q. [27
, Q1 u8 y- `1 I- L1 p2 J X4 m$ b; r) d28
4 r, |6 L$ z4 {' p; C" l- U- k根据日志输出,切换到普通用户eric执行以下命令
9 e, R) \) D& F! `! U" g, Q) h* A: G( r, s( p3 X$ ]
root@server3:/usr/local/kubernetes/cluster# su eric( }1 r6 M6 s$ ^. K( w
eric@server3:/usr/local/kubernetes/cluster$ mkdir -p $HOME/.kube4 D* P2 `4 U* a( h: P
eric@server3:/usr/local/kubernetes/cluster$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+ t! A6 d5 R7 S' l {: z+ V- Heric@server3:/usr/local/kubernetes/cluster$ sudo chown $(id -u):$(id -g) $HOME/.kube/config5 \! g8 m ~& L! @* J
1
+ M% X' M. @' E+ X9 H1 u# b27 i% U4 T8 q! `
3
+ ^& T% K1 @3 R4
' P% m2 T/ l( B/ F6 D验证是否成功
% X2 y% M# y# b# `" L. K0 Teric@server3:/usr/local/kubernetes/cluster$ kubectl get node
; p/ P4 X _4 k* d# ?: t% }NAME STATUS ROLES AGE VERSION
W! C' N8 m* m4 C6 ?2 Pserver3 NotReady master 4m11s v1.14.10
1 I7 g' ~& `. [1
3 N( P( n& u. f! h' S+ H1 q2
4 C& l$ ?0 K% j" a4 r+ u e* k# j2 k3 R35 f6 b; q) Y. X; H: f5 Y, x% ` l
安装网络插件
+ Y. g" b& O+ f. ]
* ~ ]8 T6 i) {. a9 i5 N- e% deric@server3:/usr/local/kubernetes/cluster$ kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml) Z9 u# V6 x! [0 I
configmap/calico-config created, i( l0 m/ H3 K5 j" n$ r( c
......4 @- [$ q3 q+ o; v; H8 p6 }$ ?
serviceaccount/calico-node created7 |4 U3 S5 o+ l7 E0 |- _, t7 @: O* o
deployment.extensions/calico-kube-controllers created0 u( W& k' b. _3 m+ f
serviceaccount/calico-kube-controllers created
+ e/ ?4 c0 Q0 z9 F: p; E1" A; w2 S% q% t) ]
2
J' W6 X$ p# d! J38 q, |+ D& M' q
43 l0 G5 _+ l N- y. L
5
. M" b- E7 g6 S6
f+ N( X3 ]7 |" c$ d& [$ g# 验证安装是否成功 我这里足足等了 64分钟 各个插件才正常运行 running 状态1 h, ?/ v( P! K9 T; @/ L7 Q" r
watch kubectl get pods --all-namespaces
1 W, C; n s6 U3 Hkube-system kube-scheduler-server3 1/1 Running 0 34m% V9 y. X' V! x' P8 Z
Every 2.0s: kubectl get pods --all-namespaces server3: Sun Aug 15 00:59:23 2021
8 _5 B+ V, h4 J7 F- c& JNAMESPACE NAME READY STATUS RESTARTS AGE1 @. c3 n( Y; \
kube-system calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 64m
; h/ z1 l7 @4 d& a A1 ]kube-system calico-node-sb2kb 1/1 Running 0 64m/ H9 u4 M% |9 @
kube-system coredns-7b7df549dd-vmpww 1/1 Running 0 66m
0 x# K* W4 _- C' h9 ekube-system coredns-7b7df549dd-zzjf8 1/1 Running 0 66m
% \2 I9 ?, J2 \+ C" l/ Lkube-system etcd-server3 1/1 Running 0 65m
% T. g8 {1 L! q8 [) E- ?5 [kube-system kube-apiserver-server3 1/1 Running 0 65m1 t/ Q& @) d3 h% \. n
kube-system kube-controller-manager-server3 1/1 Running 0 65m( `7 d8 S4 E( N! S# a; j) Q" d
kube-system kube-proxy-q42pg 1/1 Running 0 66m. ^; P& T4 v9 r, j
kube-system kube-scheduler-server3 1/1 Running 0 65m; z9 U( n+ j i! u
1& p O! c% g2 D+ q
2
# l @; H4 Q6 J- ~- k3
$ r9 ~2 s+ f& |7 v- O41 ?5 V4 B2 p+ F
5
) ^% s5 t) g. M6
) E% ~" i% w# X% P! {7 v- y% I6 }73 n8 f; V) x* N# ]
8. C3 h8 i6 a- k
9- }7 P( r" ]& a3 T8 X3 W
10
! a V2 u# a+ o3 O& R" W* C4 O11/ h D V7 f7 T- X
124 R9 x) t+ w/ J' t- ^- c
13) |5 M: r2 O1 [1 Z) x" p
14) b+ h! y" p/ e' Y
加入mater节点# n1 q/ @& y* D* T; O, \
31 和32节点分别执行初始化日志中的 主节点加入命令,将 31 和 32 节点初始化成 master节点。
0 k- q2 w- J' L9 G O0 y4 l注意:如果初始化完成很久之后才执行 加入master节点操作,那么token 可能会失效,参考上一篇文章,重新获取token 等参数
! y; L ^( h3 \5 D8 l/ f- w4 G3 L% @4 p( l
kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \
' f( [, V+ q% o" ]& d) x0 J i --discovery-token-ca-cert-hash sha256:d5890a0d44846cb7b18ae919a04031c5290d002769a93892a79bb427f657fe9e \
7 E/ {! N1 o( g. Y n2 ` --experimental-control-plane --certificate-key cf231517325f3c8756e057c8851d2065363a875cccea31c5629871a44c394dbf
! B+ j, c/ A" R F& N: a9 J# r: N% v5 |# Z1 V) r
.....; w8 s5 l. K# x& T& s. m
[mark-control-plane] Marking the node server1 as control-plane by adding the label "node-role.kubernetes.io/master=''"1 K2 r2 c2 I8 g
[mark-control-plane] Marking the node server1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]3 ~! L& M9 a! W9 A' h7 t; l
9 O: Y! E( j, E; Q
This node has joined the cluster and a new control plane instance was created:+ \1 p- z, m$ u
+ Y6 C& V4 S/ e# p1 f3 n& C4 @
* Certificate signing request was sent to apiserver and approval was received./ x7 B0 }1 \3 q
* The Kubelet was informed of the new secure connection details.
9 I; G/ M+ t6 |* i3 P( b* L) t" X+ ~* Control plane (master) label and taint were applied to the new node.3 k! e: B& n2 z, i3 w( X7 c- {& N
* The Kubernetes control plane instances scaled up.
. a4 m" o7 W# g6 F+ J* A new etcd member was added to the local/stacked etcd cluster.9 X, p4 L$ p! s) Y4 I8 E0 U( y" j( n0 r
; s* D" o0 R, D9 g
To start administering your cluster from this node, you need to run the following as a regular user:# k, W8 y4 y+ q, m) [
9 A0 F C" k* F& G2 j( l
mkdir -p $HOME/.kube
1 S8 T6 ^" c% w" S, j sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config! B/ Q2 |! ^- T" e% A# Z1 H; X
sudo chown $(id -u):$(id -g) $HOME/.kube/config
+ w4 g- W1 v- [: X4 h6 a$ h6 \, y- d( z: X W$ A4 @7 N
Run 'kubectl get nodes' to see this node join the cluster.
. x5 n* y' W: ]9 J. [4 ?2 f2 m% i3 ]3 L
1( u5 Y0 {# C. `4 K' G; e, }
2" e8 E9 M5 ~# D- W
3
% O, @9 ]/ K# ?* T4
$ @1 s& Q+ G4 \( u2 V5
1 d+ m. o/ t$ ^& T& n! a) ^6
8 ^9 @9 w3 v" f2 ~7
3 D, m6 S3 s: ^3 l) E8# _' K/ e/ x$ S# Q
9) R+ m3 Y, X$ ?4 ~* }
10* ?5 a9 ^$ M( y' _/ l2 V; Y1 g
11
. E" ]: Z M; V; v9 N6 V12" s. ]# A/ Z# R- f# O
136 x1 i1 N* Q) B" o
14+ X6 P- V# F Z& N
158 e' N/ q! x; D0 ?9 S
16
2 }5 n P4 X+ x' D! q9 O* d17
8 c7 u' G% Q6 @' }/ F18
r* f# n5 T' L* e1 V19
( ]3 X) L; y: W* u+ o20
/ M) L% p: P6 S3 n. C7 ^21
- m6 h. ?) m+ o j22
/ A/ O6 n: A) G23
- e; v6 Z; ? r% M, K按照上述日志,执行配置命令:
6 R# `" J7 J0 a1 Y. u+ z. V6 q s+ s; ^& J( p8 ]; C" h# ?
root@server1:/home/eric# su eric
# D8 s# b# ?" }3 m+ I' T! Feric@server1:~$ mkdir -p $HOME/.kube9 g+ B' w& ?; X5 U5 @5 t
eric@server1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config5 P$ p L- l& t* a
[sudo] password for eric:
5 Z! r, e# _% Veric@server1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
2 y1 V) o3 Y/ }" F' o1, g0 ~2 q/ {5 b
2
$ s. @9 D6 I* P8 ], S* T0 x3
+ ~. C. [+ c3 r/ a5 B4. O. I0 s6 J9 m' l
5
: X4 @% m, S8 U) D! J7 Q加入node节点
$ G3 t" ^/ s8 F [4 `: u. d' j三个从节点分别执行以下命令,加入集群
: a( V+ r4 D; Y4 {+ m8 A4 C) j初始化日志中会打印加入命令,直接复制执行即可,如果参数不正确,参考上一篇,重新生成参数。5 A9 n* T+ l% ?$ R6 i ]* V
+ F4 I" v7 y5 r5 B* B) q# }
root@server4:/home/eric# kubeadm join 192.168.90.100:6444 --token abcdef.0123456789abcdef \; H( n) f! j7 b6 P# U
> --discovery-token-ca-cert-hash sha256:19c012298212324b7851d89d71af9ff0d50c4fb130cb774b8a80c3a32d51d051
) e8 q8 ]; J! m# W- W9 p[preflight] Running pre-flight checks
h; O% M. [3 ?# h5 ^, } g [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/0 q: |+ D* \& b- Y9 P6 _
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09' A# u5 K/ _0 }# g
[preflight] Reading configuration from the cluster...+ q& ^- `" s9 i9 r. T
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'( q6 R0 Y; n0 [6 }' F
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
. g: F/ _& P8 x+ d) x0 i8 k9 B[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"2 V c5 b9 H2 u& F
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
! ?' R( q! r7 ]2 ^. ]" _0 \[kubelet-start] Activating the kubelet service3 D% X7 v/ V# J+ s* u$ |7 E" H
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
; U* g7 D. t h" N* {: }5 v# s S q, R R! n+ N
This node has joined the cluster:
1 z" {1 J, F5 ]# c1 n* Certificate signing request was sent to apiserver and a response was received.' P- q; ]5 U0 s& s4 M; J
* The Kubelet was informed of the new secure connection details.
6 {: v' B. k6 a4 [" H7 X" O# t: Z# p2 G S' a9 E
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.$ u7 J# `; c/ F
* y; `8 Y) G" s1
" ~- J7 i/ ~2 A2
3 R9 ]) A# r q: ?3
! M4 K; ]/ i8 |* k& }9 l4
3 U; }) m* C3 L2 l4 Z- }8 a" g5% P d0 z, z; A0 w0 F
6
- S& H$ l; k7 `9 G8 f _7" N9 E5 U" X4 g- [7 s
8
# r0 r3 D9 o8 ^# S9
* u) F* M/ \( ^5 t10( u/ V/ ^& ~+ v
11
7 V9 u9 P# v4 t; _: E- k o12
' {- d! q3 f( d13 G. v7 D; Z' c1 B4 M4 {4 z) _* n
14 z4 j5 K( p! Y+ d% s. A% z$ x
15; ~% N/ Q. ?% f: F+ x
16
, Z& F( \0 c! `2 W171 j5 W0 o: p+ |( p6 G
180 v' f' B3 f3 O9 D
验证集群状态
a x ]4 c/ lmaster节点执行如下命令验证集群状态
( k t U, o2 a+ w; e( a# n# w* `
1 k6 V8 w' @6 _) q0 I4 keric@server1:~$ kubectl get nodes --查看节点
$ p3 l' A6 U3 K: ?+ z; |$ b5 g' X0 BNAME STATUS ROLES AGE VERSION H9 y4 s! v. R- x& \7 n* l; q/ x
server1 Ready master 7m35s v1.14.10
" q+ M. p3 u+ g( m3 R/ s4 oserver2 Ready master 7m22s v1.14.103 G0 U# G- R6 Q0 ?% X- \* t3 |
server3 Ready master 85m v1.14.10
. G# i B3 g& `. D9 B" tserver4 NotReady <none> 43s v1.14.10
6 [/ U( ]: o, _, b9 t# K& u! Tserver5 NotReady <none> 42s v1.14.10
$ [2 A2 \9 ^8 b3 {5 O( Dserver6 NotReady <none> 41s v1.14.106 L! G% p2 {' h; I; Y% w
eric@server1:~$ kubectl get nodes -o wide --查看节点
0 z7 |" N( n) H- n" n9 S- uNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME' N. \9 L* a$ i* F* y
server1 Ready master 9m43s v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.85 a0 r2 R: O6 c1 M- Y Q( U
server2 Ready master 9m30s v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8) J2 v3 f) {7 Y D5 L' h! @
server3 Ready master 87m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8 j" b5 V- }# |5 T1 W
server4 NotReady <none> 2m51s v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
: p/ ^1 e$ c2 t+ T6 f- O$ _server5 NotReady <none> 2m50s v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8: J/ c1 K, ?" I5 e9 O7 G+ K
server6 NotReady <none> 2m49s v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8% ^' N- _0 u$ T5 y$ |+ ~# k0 z$ |
eric@server1:~$ kubectl -n kube-system get pod -o wide --查看pod* [ M9 U5 O5 i& _& H {8 i
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES( G3 d( J. W( j4 G- f
calico-kube-controllers-f6ff9cbbb-6dcjs 1/1 Running 0 86m 192.168.141.193 server3 <none> <none>% \- X( C! b8 i* O) I8 v
calico-node-49lqn 0/1 PodInitializing 0 10m 192.168.90.31 server1 <none> <none>
1 T# A! u8 e0 K6 m8 {calico-node-jmp28 0/1 Init:ImagePullBackOff 0 3m17s 192.168.90.36 server6 <none> <none>" O6 a7 Y u3 f
calico-node-kszl7 0/1 Init:0/2 0 3m18s 192.168.90.35 server5 <none> <none>* F0 W8 O5 ?. L0 H
calico-node-njz8v 0/1 PodInitializing 0 9m58s 192.168.90.32 server2 <none> <none>9 R# W7 }. H6 ^ J- K Z
calico-node-sb2kb 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>! o9 x8 W( s% ^ k2 m
calico-node-sn874 0/1 Init:0/2 0 3m19s 192.168.90.34 server4 <none> <none>
" h9 ~' u0 Z. A/ k4 u: Q" ~coredns-7b7df549dd-vmpww 1/1 Running 0 87m 192.168.141.194 server3 <none> <none>1 A6 p* Y; B" I0 l
coredns-7b7df549dd-zzjf8 1/1 Running 0 87m 192.168.141.195 server3 <none> <none>
4 J. W' ^$ }# \) v% ^0 x6 ]% ketcd-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>9 p# q, a$ y3 _" Q; G
etcd-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>
0 Z) V( t8 {7 w9 {etcd-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>' q! U' }, O8 I
kube-apiserver-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
/ N( C% ?0 q& wkube-apiserver-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>$ | M' g4 @* `/ [9 s, \
kube-apiserver-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
* L3 k. y/ g# B" Ckube-controller-manager-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>! Z: N# H' E: Y6 h. t) J6 U- U. }
kube-controller-manager-server2 1/1 Running 0 9m57s 192.168.90.32 server2 <none> <none>
! P5 Z% R ]6 k+ I' F! Gkube-controller-manager-server3 1/1 Running 0 86m 192.168.90.33 server3 <none> <none>
% D" ]1 |# ~- h9 {$ vkube-proxy-5hl76 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
" \$ @9 b2 r- gkube-proxy-gt6bj 1/1 Running 0 3m19s 192.168.90.34 server4 <none> <none>
; ?' r D6 l# ~& Lkube-proxy-nxx9l 1/1 Running 0 3m17s 192.168.90.36 server6 <none> <none>
4 G! E" Y- z# @: _+ _! ykube-proxy-q42pg 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>
0 C% M0 ^3 ^ fkube-proxy-qfkth 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>
' S. N* o. N' I3 J, ?) V4 Q4 ^kube-proxy-zc5c2 1/1 Running 0 3m18s 192.168.90.35 server5 <none> <none>3 \1 U J: V; p' _
kube-scheduler-server1 1/1 Running 0 10m 192.168.90.31 server1 <none> <none>
) |) W, `! { o$ ^kube-scheduler-server2 1/1 Running 0 9m58s 192.168.90.32 server2 <none> <none>. c' t- O9 ]0 O- n
kube-scheduler-server3 1/1 Running 0 87m 192.168.90.33 server3 <none> <none>+ w8 b3 U- ]7 p0 q( Z" E
eric@server1:~$ kubectl -n kube-system get svc --查看服务/ ^* W8 N% B$ }
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
: A# Q: ^. v2 Z' ukube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 88m
: t% o8 v% e. c8 J, ]4 V
; I6 r: k% F8 e2 B& ?eric@server1:~$ kubectl -n kube-system exec etcd-kubernetes-master-01 -- etcdctl \ --查看etcd集群状态
" S Z" x5 \& m: _5 {, N( ?# W: d> --endpoints=https://192.168.141.150:2379 \
' L# ]2 X4 B# B& p+ b> --ca-file=/etc/kubernetes/pki/etcd/ca.crt \! M* c0 F* t/ x: K/ N
> --cert-file=/etc/kubernetes/pki/etcd/server.crt \+ A) j+ Q8 T5 }* z
> --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health# J0 i" X: b [7 ]$ K5 _" o% T
Error from server (NotFound): pods "etcd-kubernetes-master-01" not found
* h J7 T% P( r) ]1 deric@server1:~$ kubectl -n kube-system exec etcd-server1 -- etcdctl --endpoints=https://192.168.90.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key cluster-health/ }8 Q8 g" q) I% e3 l9 E0 X
member 5054125c1f93982 is healthy: got healthy result from https://192.168.90.33:2379
5 Q$ ?& w6 `& t* f& r& I4 b2 Lmember 35577abe54c175af is healthy: got healthy result from https://192.168.90.32:23799 q/ h- }' R! {6 }
member 6f5d23fdfa6c99f4 is healthy: got healthy result from https://192.168.90.31:2379: V( R, S @& s3 [
cluster is healthy
) P6 W0 u; F9 g/ K2 H. }; D% b0 i) r
/ ?( u) ]4 Y* _ [5 E/ R1
! g$ t+ E5 \- t& P) ~7 S% z+ u2
8 K# g2 S( K6 h# Z2 K& w34 J- M+ g) h" g& B! _
4
- @% q' `, `- a ^5
1 v s8 V8 }! I7 V6: T$ ]% X8 u- i9 ~
7* r8 g% D. r! ]
8' N8 M/ F/ K! e& v
9
3 ?$ t: d2 O% r1 @7 z" Y+ f# c10$ M+ Y* @4 m7 Y8 Z* |
11+ u+ C. G, `$ \6 J# v
12
7 M9 ~% r1 n6 ^ T' Q" H13
! A# d+ \1 Q* j- [& P7 b14
& G+ f/ Z$ z7 }6 r15" d5 f7 q. H s5 Z* D
169 m/ e5 O2 h+ o# {
17
/ q3 I2 R" ~* j8 b0 `18
- @: S7 J3 y. L4 L4 l6 T19& u) ~+ n* @4 S/ h
202 k9 m; L/ v- K+ _; H% b$ e
21
3 C# M' i6 V: O& V220 m% e8 A+ _, `( w, l# n% Y
23$ a5 l c4 f0 J7 `+ F; `
24$ h5 p$ \1 D9 s5 i
25- e# v$ n" ~( w4 s
26
`9 A# j% v( p6 N( ~27
' z# i7 `: D5 ~- N0 j, ]" e28
( {- _1 V- E3 a. I/ N/ S29
4 t1 q, }; l( ~; e* u30
/ u3 O% e( ?! E3 z$ j; l, J( S31
5 q9 k, d+ P2 M. V! b! t325 g! q: M& [& w, u- D
33
: z# l6 f7 n7 d u34
- Q s3 d6 R. V- R. A; r; Z353 H# ~1 C7 [/ P1 w0 Y
365 s9 D' K' K: {) i$ {9 G- E4 ]7 X+ q
37
3 t- D1 G0 m: C, o38: }/ s+ N) J8 A# n" T! s \, b% p
39
9 X w% N9 s: y! w+ C6 D40! q. ?. i O: B* |! M
41/ F3 }$ o& f( a; L' w
42
4 L. s. B, q' c43
% O& P u4 G2 M$ W447 ~- {( Y" f& k0 M- e
455 _( D6 r5 v# B; E$ J3 v6 i5 d
46
0 B& n8 z# H3 q, r7 ]! A47
^, |" B' Q/ {( y; f48/ j( U# H- W; J( \% r
49, S/ I' A, `) b9 ?
50
; n3 c8 ~$ }& b# {) I% P51
7 I- B: n5 x9 Y5 k% Q% X; T52
, r3 j) a( K/ g u7 k+ f53
5 c* ?+ }9 _: P2 q1 g54
$ ~* g1 V3 I3 h3 Y$ V, v554 p0 i- B" `# P9 B( z
56
) |, e: u q2 o7 T/ w" s& \57
j6 n. ]4 z/ d3 m5 A6 U2 K* ^* H: t58
, H5 j# u0 Y5 q* a* `5 `0 x59; \5 O# t7 ^* a- q" l
60
& l. V, ~$ }6 Y0 S- _$ m3 |9 K) V验证高可用
1 W }- M- U' Y+ @$ x" ?+ D1 H; \/ BKeepalived 要求至少 2 个备用节点,故想测试高可用至少需要 1 主 2 从模式验证,否则可能出现意想不到的问题* o) Q* b6 n. V9 r2 S
开始 通过ip a |grep ens 命令可以看到 vip 在 33节点上,即 33节点作为master 对外提供服务,在 31 和 32 节点上 可以通过 kubectl get nodes -o wide 查询到节点信息 ,证明调用了主节点的apiserver服务。通过在33节点shutdown模拟现行主节点宕机,
& }8 I) m: O ^4 w
1 B4 E1 `$ a2 b* A0 lshutdown -h now --关机
/ R |! y! z! l l9 o1; `. O6 F5 @' {- O# I6 B: i w
通过ip a |grep ens 命令可以看到 vip 漂移到了 32 节点& a T: D+ Y5 a. c3 j1 @
( |1 j) r, M8 [
eric@server2:~$ ip a|grep ens
8 ~$ L7 G* n( N9 N7 Z2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
! n( B! j9 {6 w/ T' F$ q inet 192.168.90.32/24 brd 192.168.90.255 scope global ens33. E7 [5 A/ x' {# V$ }3 L/ Q n
inet 192.168.90.100/24 scope global secondary ens33
' v; p0 c/ {, }- E# p19 [& D5 e2 b+ K1 z0 V
28 s. [! z. x4 e
3" E7 V7 [0 |$ f. u$ k+ G2 n
4" e# g+ U# u% p, t
这时在 31节点仍然可以通过 kubectl get nodes -o wide 获取到节点信息如下,证明33节点宕机情况下,api server 服务仍然可用:
' f. R9 S8 ?- S* S' l& p; Q( ?; A! g$ v! ~2 f
eric@server1:~$ kubectl get nodes -o wide
6 m7 I7 c0 W; `/ h: S! ? \% H dNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME5 H4 f5 u, v* ~
server1 Ready master 42m v1.14.10 192.168.90.31 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
5 i8 v2 {, J& z0 a; iserver2 Ready master 42m v1.14.10 192.168.90.32 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
9 i& K1 i' A; ~- j0 g, b; T6 e& B. {server3 NotReady master 120m v1.14.10 192.168.90.33 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.85 j, ] S' c! I8 T# ^% B" s* S
server4 Ready <none> 35m v1.14.10 192.168.90.34 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.80 g9 X& _+ p$ L+ R2 c& Q
server5 Ready <none> 35m v1.14.10 192.168.90.35 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
) o8 I1 i- X4 }/ G* Sserver6 Ready <none> 35m v1.14.10 192.168.90.36 <none> Ubuntu 18.04.5 LTS 4.15.0-153-generic docker://20.10.8
$ L! s3 I& n! Y( R1# f# i. m) v, f( r8 ]
20 L9 |. a/ N! p5 ^, }& K
3
! m+ Z/ J& X7 T4
6 z* g! U: x. Q# L1 U5
, \ V$ X$ Y. m% p3 w) C6
0 b; n0 j2 U K7 V2 k7
! ?6 {$ u" L6 L1 ^: X8; d" n3 M% ]# @& H" _
配置运行nginx容器
T: i- p# Y1 \/ M* z% G9 o! e# D部署deployment! `$ n. e0 \, x4 O2 T/ [: U6 L! j7 _
创建 配置文件nginx-deployment.yaml如下:7 t0 V- o& Z0 N7 `9 O4 K; [
, t$ W" F8 a/ d
eric@server1:/usr/local/kubernetes/cluster$ cat nginx-deployment.yml
( I" ~, n) R8 w' I# API 版本号. V& i0 C% B" s5 ^
apiVersion: extensions/v1beta1) V% M* S7 Q; k9 R; f
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress+ u1 s, l5 J( |, ^9 _0 j
kind: Deployment; ^* c) G" t+ \9 Q* c: @
# 元数据0 T# ~- r x' O0 c' \7 N( o
metadata:' i1 k2 A1 q* z9 D r$ P
# Kind 的名称
+ o9 P" p8 W" G- T6 p name: nginx-app2 `; Y3 O) c- [! } k" M; s/ g( B
spec:
' X+ c. X% ?2 g: ]! z$ T' g( |' M% g # 部署的实例数量# q9 j. \5 F( q6 D8 V: A$ k- W2 |0 f
replicas: 2. ?5 u2 B" d N. E+ i6 E
template:8 j" f, p& C8 H, m) ]. t& G1 s
metadata:
$ t1 A: K$ s+ C3 X- S labels:# [4 t/ U0 h/ U4 h; R( Y! t
# 容器标签的名字,发布 Service 时,selector 需要和这里对应( V. S, O3 t& ^( I
name: nginx. Y& m( w0 b+ k& z; c* c* m
spec:4 {& @$ M3 N) t; T W* {
# 配置容器,数组类型,说明可以配置多个容器2 E( Z+ @1 x) w1 w& ~ w
containers:* f$ Z0 A# L" ^( ]: l7 B1 ?
# 容器名称
: S$ e5 A, e+ c |3 \ - name: nginx
~. W$ \. W$ Q1 S; @2 g& m. @ # 容器镜像# W2 I) O- N+ t/ i+ M
image: nginx
+ h6 [+ P/ v% l/ T; v1 B: d; i! X; \ # 暴露端口
. \! y1 T+ W- p# ?0 E ports:! t0 X$ N4 i; X$ N4 U, \
# Pod 端口2 E) e M- P5 A" W2 F
- containerPort: 801 [3 D2 y. f$ }1 [; M7 t
! A& j! t1 T6 L5 p, A5 q' B1
9 H% W' _( w9 x24 F9 m8 w# I+ g) y" k
3
{, l+ D/ |, L, M% E. B4$ D, h/ P* j5 S) n6 {/ S
5% R% S( y9 x8 c- W8 L
6" N) d% z, Q' _0 q8 y
7: D. e. e; ~ r
8
+ W! G B' h' J2 p3 W90 J. R2 M# O! g; p
103 d1 O+ x5 c7 ]7 w
11" ?1 W( v9 e8 G' D+ b$ r* l
120 h3 E( ^) W* {7 u t# p! I
13
. F2 m0 v2 e! \& L0 _' y14: n' C6 r- |) `3 {0 z1 F
15; \0 V& e/ {7 W: S5 g
16* }+ b7 M: Z9 G
175 c/ F# J1 }" X3 h; u( Y& }
18+ A0 ?3 s1 B& {2 w- R7 G" g
19
; ]! b# J+ W( S8 W' U8 m9 D9 i1 e5 ]20
* V- a, U; T3 j! C+ V21
; R2 a( \- T3 F22 n$ h7 c" j) L3 F
23
, I' w% [; ?1 H. W# C5 b6 p24
* F1 O8 X# c7 B3 ?8 t; k25
2 V9 \* Z; \, ~# A26- z, V* Z$ Y1 i/ G
27
. J1 ^# x7 g7 t: |7 M+ O( h! q: n28
1 |1 {, i* B2 e& d2 q# Q添加部署+ S- Z0 B+ n8 e- E k* [$ Y3 U
; a0 K% _' V {6 oeric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-deployment.yml
; C* ` l6 k9 k1 U1 X! L1 T1 `' ydeployment.extensions/nginx-app created3 v) S( R1 N" Q2 y& V
19 [+ P$ ]( a- Z/ F+ v
26 U3 ]3 N) I6 j% f6 e
删除部署命令
# O, v0 N2 n; p$ T# \) |6 t3 k# F6 D
kubectl delete -f nginx-deployment.yml
0 h" U( u2 d0 u4 x1& O) S0 Z# U1 y* @
发布service' F; y# \" J4 X& h6 ?( d" L/ i W
nginx-service.yml配置文件如下:
, ^ v0 O- p& d* M$ W
9 W" {9 C8 Y. J# R U/ |# API 版本号
( O5 u6 e: K z7 l$ oapiVersion: v19 [6 K$ e! y0 C* q0 p# C
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress3 R5 L4 S E# M
kind: Service
- o9 u: f$ ?9 U7 | A# 元数据1 Z/ J3 @) {0 |8 D* s5 x/ s, D( B& k
metadata:
$ h$ [! O; c x" L9 b # Kind 的名称2 |; [0 u& e8 {5 X, T0 V/ t
name: nginx-http6 L9 n3 I# P1 d/ y
spec:4 V" n0 D* p8 U S! ]8 P7 n
# 暴露端口
$ s4 Q/ J- G( ?+ ` ports:
+ ^2 T' {) }$ V' d+ U: A( U ## Service 暴露的端口
$ ]$ I& @6 J& I2 \) X6 m+ b# t - port: 80
- m; s6 N0 y: S ## Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上0 a) s& _& J N0 b7 I
targetPort: 803 d- b* {" G& H. a& Y% T1 n
# 类型& v7 t) z8 D! U
type: LoadBalancer' |) p6 o) l- u# ]! q* W
# 标签选择器% D J2 d* r1 F& n* B0 ^
selector:
2 V7 u/ `! A0 m: M; g) |0 R% R, f # 需要和上面部署的 Deployment 标签名对应
) I5 V" m0 e* @ name: nginx
( z2 m' `+ `$ F: { ?* u, Z5 W* N* X
1% _9 G- L; i" Y$ `7 U
25 o0 Y, B: d ]7 P' k1 D0 |
3& {) p$ i' V' A& m. d9 G3 u
4
- d. V' k+ B4 y: x5
1 i( K# R; \/ p# q& t6 x+ Z# A6
) J, K+ r' I; t8 R, g7* Q* N3 ^$ r5 W' F6 ]
8& r. s- l9 }. |. P; Z
9
0 S4 X8 `5 k6 E0 P# j10& k9 p: v7 L0 _# A% A7 W
11
$ I$ V% x. W8 ^) e# r. S, x12# e/ F* Y4 C$ U |* M& A
13* O7 Y1 V$ M r# M, o0 g+ K
14/ } ~4 a8 {8 ]/ _1 Q. H
154 Y; N8 }) Y) i( V9 t) H% \8 I, c$ B
16
' L; }+ `/ _. o0 k4 s! F7 [5 B1 \17
' u. W) z6 A# L& x6 b; o; C186 n7 k3 J( c! @& |% R8 w7 ~* M* ~" g( k
19! B# u' b5 `2 Z8 Q1 O% s
20
; S' u; E7 V6 N+ F21
. X0 D2 {4 I5 m7 a# p# X- B# ~6 e& Ieric@server3:/usr/local/kubernetes/cluster$ kubectl create -f nginx-service.yml
h( D& Z3 P1 ~5 U% b# O1
3 G8 d, N6 q* x, X也可以deployment 和service一起部署4 n* J5 E8 f4 c# Y: I6 l+ l! `
配置文件合并在一起 内容使用 — 分割即可
& U! }8 g" |! Z6 r' [4 F
2 H! A1 W' w4 r! E/ R查看验证
1 u, ?7 M7 {9 w5 n8 T3 b; w6 o$ D4 a" S, \2 `, Z& l
eric@server3:/usr/local/kubernetes/cluster$ kubectl get pods
# R8 n6 P% o' S/ I# PNAME READY STATUS RESTARTS AGE3 _# y# e* _# ?7 U; I3 @( P& U
nginx-app-64bb598779-kfqm2 1/1 Running 0 4m10s0 L$ s: C7 K' }' ^0 x" L
nginx-app-64bb598779-qzsjp 1/1 Running 0 4m10s
8 J/ t% x3 V. f# x: j" w9 beric@server3:/usr/local/kubernetes/cluster$ kubectl get deployment
5 ?. K( S$ W, c0 z4 C" YNAME READY UP-TO-DATE AVAILABLE AGE0 s: u. k6 @$ k4 V2 C
nginx-app 2/2 2 2 4m27s9 d% h2 W2 z: ?+ h$ Y, r" L
eric@server3:/usr/local/kubernetes/cluster$ kubectl get service S& U* _4 N) y
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
9 R x; l: G$ Z/ c8 N$ z( ]. r; Fkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11h
; t6 G- ^) Z1 {! G6 k' O0 S* Tnginx-http LoadBalancer 10.99.153.51 <pending> 80:31467/TCP 47s
! h( w8 A3 w" z) c3 Beric@server3:/usr/local/kubernetes/cluster$ kubectl describe service nginx-http
2 y: C5 F v# _: OName: nginx-http
2 k" _! `8 H$ Q/ A6 q/ oNamespace: default8 B# Y' R" Z/ R6 I. d
Labels: <none>) i- f0 u2 T& c2 Z) o0 w/ D- Z
Annotations: <none>: C1 }9 \/ I# o' B
Selector: name=nginx
- S$ E+ B; j1 vType: LoadBalancer
! H; y( i' r1 |3 r& hIP: 10.99.153.51& ?1 H4 ^ u( u7 c! T
Port: <unset> 80/TCP
% O4 X! b; A2 M" ITargetPort: 80/TCP. h( m0 @) e& g3 G
NodePort: <unset> 31467/TCP
' N9 t9 v% y" IEndpoints: 192.168.205.67:80,192.168.22.3:80
3 s$ h6 c& Q5 v) K: `+ iSession Affinity: None
: h5 W, M3 |( R' x- _* W bExternal Traffic Policy: Cluster O n. @5 Y5 M6 e0 Y
Events: <none>
8 V8 h0 s7 y8 g; T1
( y, G% j" o0 ] a; i f8 w$ ^22 _% r2 o h: d
3$ ]/ F& \0 }6 I9 e' p1 j
4' S% a. j7 ~+ Z" [! {3 C
5
A9 M% t ~& H: Y" t- d. Q6
* h5 x7 I; @# z8 ^74 h) a! B6 ^" S/ K# R: a3 U$ L6 n
8
* i8 c+ T* z) }! w- n* `9! D9 c5 \; m0 |7 ^/ X
10; C( t3 p' [0 e& m
11
5 z0 r. F+ `; e$ @; s( u$ s; C12, j: b" \9 V: `. w' Y @
131 F$ i* E0 M5 \! S' F v
14( _5 \ |( f. M
15$ [' ^3 C3 `3 J/ s0 u
16, Z& {' f) K# D8 |0 _
17: v, x9 j! k7 h7 h1 @
180 c) e5 f4 A, m
19
8 T, }6 R/ ~ E6 W" x3 ]206 |# m+ t( v0 m" z3 V, _4 B4 \
21* B; Y2 I; O) `. U1 T s2 j, B
22$ `7 [2 J) L [) o+ X- H; c: L
232 b3 S$ S, w6 U6 Y! v, Y9 O, E
24" f5 g @1 `$ ~* ?' H. |) }
25: V5 O" j/ e0 g, R" U3 k# K
26
8 F" t, k" q; S- @访问192.168.90.31/32/33:31467 可以访问到nginx页面
& k9 h: C, y; J! ]+ u& q, _! \ |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2024-9-19 15:07:15
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜