k8s多master節點部署(實驗)
前言
上節,我們部署了k8s的單節點,主要的核心點就是證書的創建和頒發,flannel網絡組件也是相當重要的。本文主要是基於單master節點的部署(https://blog.csdn.net/double_happy111/article/details/105858003)來升級並部署的。
1. 多節點的部署
部署master02節點
複製kubernetes目錄下面的所有文件
[ root@localhost kubeconfig]
[ root@localhost kubeconfig]
[ root@master2 ~]
[ root@master2 cfg]
kube-apiserver kube-controller-manager kube-scheduler token.csv
[ root@master2 cfg]
--bind-address= 192.168.73.62
--advertise-address= 192.168.73.62
拷貝master01上已有的etcd證書給master2使用
[ root@master1 ~]
[email protected] 's password:
etcd 100% 523 326.2KB/s 00:00
etcd 100% 18MB 45.1MB/s 00:00
etcdctl 100% 15MB 33.0MB/s 00:00
ca-key.pem 100% 1679 160.2KB/s 00:00
ca.pem 100% 1265 592.6KB/s 00:00
server-key.pem 100% 1679 884.2KB/s 00:00
server.pem 100% 1338 768.5KB/s 00:00
//開啓 apiserver 組件
[ root@master2 cfg]
[ root@master2 cfg]
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
////開啓 controller-manager 組件
[ root@master2 cfg]
[ root@master2 cfg]
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
//開啓 scheduler 組件
[ root@master2 cfg]
[ root@master2 cfg]
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
[ root@master2 cfg]
在末尾添加:
export PATH= $PATH :/opt/kubernetes/bin/
[ root@master2 cfg]
[ root@localhost cfg]
NAME STATUS ROLES AGE VERSION
192.168.73.63 Ready < none> 50m v1.12.3
192.168.73.64 Ready < none> 22s v1.12.3
2. 搭建nginx負載均衡
[ root@localhost ~]
[ root@localhost ~]
//編寫repo文件
[ root@localhost ~]
[ nginx]
name= nginx repo
baseurl= http://nginx.org/packages/centos/7/$basearch /
gpgcheck= 0
enable= 1
[ root@localhost ~]
[ root@localhost ~]
在events模塊下添加以下內容:日誌格式、日誌存放位置、upstream模塊
stream {
log_format main '$remote_addr $upstream_addr - [$time_local ] $status $upstream_bytes_sent ' ;
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.73.61:6443;
server 192.168.73.62:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
//檢查配置文件是否有語法錯誤
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
3. 配置keepalived高可用服務
[ root@localhost ~]
[ root@nginx1 ~]
//刪除配置文件全部內容,添加以下內容:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.100/24
}
track_script {
check_nginx
}
}
[ root@nginx2 ~]
//刪除配置文件全部內容,添加以下內容:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_SLAVE
}
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.100/24
}
track_script {
check_nginx
}
}
[ root@localhost ~]
count= $( ps -ef | grep nginx | egrep -cv "grep|$$" )
if [ "$count " -eq 0 ] ; then
systemctl stop keepalived
fi
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
4. 修改兩個node節點
//修改內容:server: https://192.168.100.100:6443(都改成vip地址)
[ root@localhost cfg]
[ root@localhost cfg]
[ root@localhost cfg]
[ root@localhost cfg]
[ root@localhost cfg]
//確保必須在此路徑下 grep 檢查
[ root@localhost ~]
[ root@localhost cfg]
[ root@localhost ~]
5. 測試
[ root@localhost kubeconfig]
[ root@master1 ~]
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-vj4wk 1/1 Running 0 16s
此時已經創建完成,正在運行中。
[ root@master1 ~]
Error from server ( Forbidden) : Forbidden ( user= system:anonymous, verb= get, resource= nodes, subresource= proxy) ( pods/log nginx-dbddb74b8-vj4wk)
解決辦法(添加匿名用戶授予權限):
[ root@master1 ~]
clusterrolebinding.rbac.authorization.k8s.io/cluster-system-anonymous created
此時,再次查看日誌,就不會出現報錯,但是沒有信息產生,因爲沒有訪問容器。
[ root@localhost kubeconfig]