实验目的
一般情况下,k8s集群中只有一台master和多台node,当master故障时,引发的事故后果可想而知。
故本文目的在于体现集群的高可用,即当集群中的一台master宕机后,k8s集群通过vip的转移,又会有新的节点被选举为集群的master,并保持集群的正常运作。
因本文体现的是master节点的高可用,为了实现效果,同时因资源条件限制,故总共采用4台服务器完成本次实验,3台master,1台node。
看到这也需有人有疑惑,总共有4台机器的资源,为啥不能2台master呢?这是因为通过kubeadm部署的集群,当中的etcd集群默认部署在master节点上,3节点方式最多能容忍1台服务器宕机。如果是2台master,当中1台宕机了,直接导致etcd集群故障,以至于k8s集群异常,这些基础环境都over了,vip漂移等高可用也就在白瞎。
环境说明
基本信息
# 主机列表
10.2.2.137 master1
10.2.2.166 master2
10.2.2.96 master3
10.2.3.27 node0
# 软件版本
docker version:18.09.9
k8s version:v1.16.4
架构信息
本文采用kubeadm方式搭建集群,通过keepalived的vip策略实现高可用,架构图如下:
![Centos7部署k8s[v1.16]高可用[keepalived]集群](https://image.shishitao.com:8440/aHR0cDovL2Jic21heC5pa2FmYW4uY29tL3N0YXRpYy9MM0J5YjNoNUwyaDBkSEJ6TDJsdFp6SXdNakF1WTI1aWJHOW5jeTVqYjIwdllteHZaeTh4TURrNE16QTFMekl3TWpBd05DOHhNRGs0TXpBMUxUSXdNakF3TkRBeU1UUXpPREV6TkRjMExUUXpNRFF5TlRReU1DNXdibWM9LmpwZw%3D%3D.jpg?w=700&webp=1 "Centos7部署k8s[v1.16]高可用[keepalived]集群")
# 主备模式高可用架构说明
![Centos7部署k8s[v1.16]高可用[keepalived]集群](https://image.shishitao.com:8440/aHR0cDovL2Jic21heC5pa2FmYW4uY29tL3N0YXRpYy9MM0J5YjNoNUwyaDBkSEJ6TDJsdFp6SXdNakF1WTI1aWJHOW5jeTVqYjIwdllteHZaeTh4TURrNE16QTFMekl3TWpBd05DOHhNRGs0TXpBMUxUSXdNakF3TkRBeU1UUXpPVFF6T1RJd0xURXlPVEl5TWpJek16RXVjRzVuLmpwZw%3D%3D.jpg?w=700&webp=1 "Centos7部署k8s[v1.16]高可用[keepalived]集群")
a)apiserver通过keepalived实现高可用,当某个节点故障时触发vip转移;
b)controller-manager和scheduler在k8s内容通过选举方式产生领导者(由leader-elect选型控制,默认为true),同一时刻集群内只有一个scheduler组件运行;
c)etcd在kubeadm方式实现集群时,其在master节点会自动创建etcd集群,来实现高可用,部署的节点为奇数,3节点方式最多容忍一台机器宕机。
环境准备
说明
1、大多数文章都是一步步写命令写步骤,而对于有部署经验的人来说觉得繁琐化了,故本文大部分服务器shell命令操作都将集成到脚本;
2、本文相关shell脚本地址: https://gitee.com/kazihuo/k8s-install-shell
3、所有要加入到k8s集群的机器都执行本部分操作。
操作
a)将所有服务器修改成对应的主机名,master1示例如下;
# hostnamectl set-hostname master1 #重新登录后显示新设置的主机名
b)配置master1到master2、master3免密登录,本步骤只在master1上执行;
[root@master1 ~]# ssh-keygen -t rsa # 一路回车
[root@master1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.2.2.166
[root@master1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.2.2.96
c)脚本实现环境需求配置;
# sh set-prenv.sh
#!/bin/bash
#====================================================
# Author: LuoMuRui
# Blog: https://www.cnblogs.com/kazihuo
# Create Date: --
# Description: System environment configuration.
#==================================================== # Stop firewalld
firewall-cmd --state #查看防火墙状态
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动 # Close selinux
getenforce #查看selinux状态
setenforce #临时关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #永久关闭(需重启系统) # Set localhost's dns
cat >> /etc/hosts << EOF
10.2.2.137 master1
10.2.2.166 master2
10.2.2.96 master3
10.2.3.27 node0
EOF # Disable swap
swapoff -a #临时禁用
sed -i.bak '/swap/s/^/#/' /etc/fstab #永久禁用 # Kernel parameter modification
# k8s网络使用flannel,该网络需要设置内核参数bridge-nf-call-iptables=,修改这个参数需要系统有br_netfilter模块
lsmod |grep br_netfilter # 查看模块
modprobe br_netfilter # 临时新增
# 永久新增模块
cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf # Set the yum of k8s
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum -y makecache
set-prenv.sh
软件安装
docker安装
说明:所有节点都执行本部分操作!
# sh install-docker.sh
#!/bin/bash
#====================================================
# Author: LuoMuRui
# Blog: https://www.cnblogs.com/kazihuo
# Create Date: --
# Description: Install docker.
#==================================================== # Install dependency package
yum install -y yum-utils device-mapper-persistent-data lvm2 # Add repo
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo # Looking the version of docker
yum list docker-ce --showduplicates | sort -r # Install docker
yum install docker-ce-18.09. docker-ce-cli-18.09. containerd.io -y # Mirror acceleration & change Cgroup Driver
# 修改cgroupdriver是为了消除告警:[WARNING IsDockerSystemdCheck]: detected “cgroupfs” as the Docker cgroup driver. The recommended driver is “systemd”. Please follow the guide at https://kubernetes.io/docs/setup/cri/
cat > daemon.json <<EOF
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF # Start && enable
systemctl daemon-reload
systemctl start docker
systemctl enable docker
docker --version # Others
yum -y install bash-completion
source /etc/profile.d/bash_completion.sh
install-docker.sh
keepalived安装
说明:三台master节点执行本部分操作!
# 安装
# yum -y install keepalived
# 配置
# master1上keepalived配置
[root@master1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id
priority
advert_int
authentication {
auth_type PASS
auth_pass
}
virtual_ipaddress {
10.2.2.6
}
}
# master2上keepalived配置
[root@master2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id
priority
advert_int
authentication {
auth_type PASS
auth_pass
}
virtual_ipaddress {
10.2.2.6
}
}
# master3上keepalived配置
[root@master3 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id
priority
advert_int
authentication {
auth_type PASS
auth_pass
}
virtual_ipaddress {
10.2.2.6
}
}
# 启动
# service keepalived start
# systemctl enable keepalived
# vip查看
[root@master1 ~]# ip a
![Centos7部署k8s[v1.16]高可用[keepalived]集群](https://image.shishitao.com:8440/aHR0cDovL2Jic21heC5pa2FmYW4uY29tL3N0YXRpYy9MM0J5YjNoNUwyaDBkSEJ6TDJsdFp6SXdNakF1WTI1aWJHOW5jeTVqYjIwdllteHZaeTh4TURrNE16QTFMekl3TWpBd05DOHhNRGs0TXpBMUxUSXdNakF3TkRBeU1UUTBPVEV5TlRZMExUVTBOamcyT1RReUxuQnVadz09LmpwZw%3D%3D.jpg?w=700&webp=1 "Centos7部署k8s[v1.16]高可用[keepalived]集群")
# 功能功验
将master1上的keepalived服务器停止或者master1服务器关机后,master2上接管vip,同时master2也关机后,master3接管vip。
k8s安装
说明:所有节点都执行本部分操作!
组件:
kubelet
运行在集群所有节点上,用于启动Pod和容器等对象的工具
kubeadm
用于初始化集群,启动集群的命令工具
kubectl
用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
# sh install-k8s.sh
#!/bin/bash
#====================================================
# Author: LuoMuRui
# Blog: https://www.cnblogs.com/kazihuo
# Create Date: --
# Description: Install the soft of k8s.
#==================================================== # Looking the version
yum list kubelet --showduplicates | sort -r # Install
yum install -y kubelet-1.16. kubeadm-1.16. kubectl-1.16. # Start && enable
systemctl enable kubelet && systemctl start kubelet # Bash env
echo "source <(kubectl completion bash)" >> ~/.bash_profile
source /root/.bash_profile
install-k8s.sh
镜像下载
说明:所有节点都执行本部分操作!
因国内网络的限制,故从阿里云镜像仓库下载镜像后本地打回默认标签名的方式,让kubeadm在部署集群时能正常使用镜像。
# sh download-images.sh
#!/bin/bash
#====================================================
# Author: LuoMuRui
# Blog: https://www.cnblogs.com/kazihuo
# Create Date: --
# Description: Download images.
#==================================================== url=registry.cn-hangzhou.aliyuncs.com/loong576
version=v1.16.4
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
download-images.sh
master初始化
初始化操作
[root@master1 ~]# cat kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.16.4
apiServer:
certSANs:
- 10.2.2.6
controlPlaneEndpoint: "10.2.2.6:6443"
networking:
podSubnet: "10.244.0.0/16"
[root@master01 ~]# kubeadm init --config=kubeadm-config.yaml
# 初始化成功后末尾显示kubeadm join的信息,记录下来;
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root: kubeadm join 10.2.2.6: --token 2ccecd.v72vziyzdfnbr46u \
--discovery-token-ca-cert-hash sha256:eb92768acb748d722ef7d97bc60751a375b67b12a46c7a7232c54cdb378d2e61 \
--control-plane Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.2.2.6: --token 2ccecd.v72vziyzdfnbr46u \
--discovery-token-ca-cert-hash sha256:eb92768acb748d722ef7d97bc60751a375b67b12a46c7a7232c54cdb378d2e61
# 初始化失败后可重新初始化
# kubeadm reset
# rm -rf $HOME/.kube/config
添加环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
安装flannel插件
# wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
# kubectl apply -f kube-flannel.yml
control plane节点加入
证书分发
# master1将认证文件同步到其他master节点
[root@master1 ~]# sh cert-others-master.sh
USER=root
CONTROL_PLANE_IPS="master2 master3"
#CONTROL_PLANE_IPS="master2 master3"
for host in ${CONTROL_PLANE_IPS}; do
scp /etc/kubernetes/pki/ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.pub "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/etcd/ca.crt "${USER}"@$host:etcd-ca.crt
# Quote this line if you are using external etcd
scp /etc/kubernetes/pki/etcd/ca.key "${USER}"@$host:etcd-ca.key
done
# master2和master3节点配置证书
[root@master2 ~]# sh cert-set.sh
[root@master3 ~]# sh cert-set.sh
mv /${USER}/ca.crt /etc/kubernetes/pki/
mv /${USER}/ca.key /etc/kubernetes/pki/
mv /${USER}/sa.pub /etc/kubernetes/pki/
mv /${USER}/sa.key /etc/kubernetes/pki/
mv /${USER}/front-proxy-ca.crt /etc/kubernetes/pki/
mv /${USER}/front-proxy-ca.key /etc/kubernetes/pki/
mv /${USER}/etcd-ca.crt /etc/kubernetes/pki/etcd/ca.crt
# Quote this line if you are using external etcd
mv /${USER}/etcd-ca.key /etc/kubernetes/pki/etcd/ca.key
others master加入集群
# master2和master3加入集群,下文以master2为示例,master3按部就班即可;
[root@master2 ~]# kubeadm join 10.2.2.6:6443 --token 2ccecd.v72vziyzdfnbr46u \
--discovery-token-ca-cert-hash sha256:eb92768acb748d722ef7d97bc60751a375b67b12a46c7a7232c54cdb378d2e61 \
--control-plane
[root@master2 ~]# scp master1:/etc/kubernetes/admin.conf /etc/kubernetes/
[root@master2 ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile && source .bash_profile
集群节点查看
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 Ready master 20h v1.16.4
master2 Ready master 20h v1.16.4
master3 Ready master 19h v1.16.4
node节点加入
加入操作
[root@node0 ~]# kubeadm join 10.2.2.6:6443 --token 2ccecd.v72vziyzdfnbr46u \
--discovery-token-ca-cert-hash sha256:eb92768acb748d722ef7d97bc60751a375b67b12a46c7a7232c54cdb378d2e61
节点查看
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node0 Ready <none> 18h v1.16.4
master1 Ready master 20h v1.16.4
master2 Ready master 20h v1.16.4
master3 Ready master 19h v1.16.4
集群功能验证
操作
# 关机master1,模拟宕机
[root@master1 ~]# init 0
# vip飘到master2
[root@master2 ~]# ip a |grep '2.6'
inet 10.2.2.6/ scope global eth0
# 组件controller-manager和scheduler发生迁移
# kubectl get endpoints kube-controller-manager -n kube-system -o yaml |grep holderIdentity
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"master3_885468ec-f9ce-4cc6-93d6-235508b5a130","leaseDurationSeconds":15,"acquireTime":"2020-04-01T10:15:28Z","renewTime":"2020-04-02T06:02:46Z","leaderTransitions":8}'
# kubectl get endpoints kube-scheduler -n kube-system -o yaml |grep holderIdentity
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"master2_cf16fd61-0202-4610-9a27-3cd9d26b4141","leaseDurationSeconds":15,"acquireTime":"2020-04-01T10:15:25Z","renewTime":"2020-04-02T06:03:09Z","leaderTransitions":9}'
# 集群创建pod,依旧正常使用
# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
spec:
selector:
matchLabels:
app: nginx
replicas:
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
# kubectl apply -f nginx.yaml
# kubectl get pods
![Centos7部署k8s[v1.16]高可用[keepalived]集群](https://image.shishitao.com:8440/aHR0cDovL2Jic21heC5pa2FmYW4uY29tL3N0YXRpYy9MM0J5YjNoNUwyaDBkSEJ6TDJsdFp6SXdNakF1WTI1aWJHOW5jeTVqYjIwdllteHZaeTh4TURrNE16QTFMekl3TWpBd05DOHhNRGs0TXpBMUxUSXdNakF3TkRBeU1UUTFPVEEwTXpRMkxUWXhPRFUzTXpBME5DNXdibWM9LmpwZw%3D%3D.jpg?w=700&webp=1 "Centos7部署k8s[v1.16]高可用[keepalived]集群")
结论
1、集群中3个master节点,无论哪个节点宕机,都不影响集群的正常使用;
2、当集群中3个master节点有2个故障,则造成etcd集群故障,直接影响集群,导致异常!
Centos7部署k8s[v1.16]高可用[keepalived]集群的更多相关文章
-
使用Docker Compose部署基于Sentinel的高可用Redis集群
使用Docker Compose部署基于Sentinel的高可用Redis集群 https://yq.aliyun.com/articles/57953 Docker系列之(五):使用Docker C ...
-
03-创建高可用 etcd 集群
本文档记录自己的学习历程! 创建高可用 etcd 集群 kuberntes 系统使用 etcd 存储所有数据,本文档介绍部署一个三节点高可用 etcd 集群的步骤,这三个节点使用以下机器: 192.1 ...
-
lvs+keepalived部署k8s v1.16.4高可用集群
一.部署环境 1.1 主机列表 主机名 Centos版本 ip docker version flannel version Keepalived version 主机配置 备注 lvs-keepal ...
-
Centos7.6部署k8s v1.16.4高可用集群(主备模式)
一.部署环境 主机列表: 主机名 Centos版本 ip docker version flannel version Keepalived version 主机配置 备注 master01 7.6. ...
-
高可用Kubernetes集群-16. ansible快速部署
说明 本文档指导采用二进制包的方式快速部署高可用kubernetes集群. 脚本托管:k8s-ansible(持续更新) 参考:高可用kubernetes集群 组件版本 组件 版本 备注 centos ...
-
搭建高可用kubernetes集群(keepalived+haproxy)
序 由于单master节点的kubernetes集群,存在master节点异常之后无法继续使用的缺陷.本文参考网管流程搭建一套多master节点负载均衡的kubernetes集群.官网给出了两种拓扑结 ...
-
Dubbo+zookeeper构建高可用分布式集群(二)-集群部署
在Dubbo+zookeeper构建高可用分布式集群(一)-单机部署中我们讲了如何单机部署.但没有将如何配置微服务.下面分别介绍单机与集群微服务如何配置注册中心. Zookeeper单机配置:方式一. ...
-
Keepalived+Nginx+Tomcat 实现高可用Web集群
https://www.jianshu.com/p/bc34f9101c5e Keepalived+Nginx+Tomcat 实现高可用Web集群 0.3912018.01.08 20:28:59字数 ...
-
Keepalived之高可用LVS集群
前文我们聊了下keepalived的邮件通知相关配置,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/13645163.html:今天我们来说说keepalive ...
随机推荐
-
Codeforces Round #250 (Div. 2)
感觉不会再爱了,呜呜! A题原来HACK这么多!很多人跟我一样掉坑了! If there is some choice whose description at least twice shorter ...
-
POJ 2065 SETI(高斯消元)
题目链接:http://poj.org/problem?id=2065 题意:给出一个字符串S[1,n],字母a-z代表1到26,*代表0.我们用数组C[i]表示S[i]经过该变换得到的数字.给出一个 ...
-
自己动手写路由器之ioctl获取网络接口信息
最近打算写一个简单路由器,里面有用到ioctl获取网络接口信息,那就先把这部分单独拿出来说一说吧! ioctl这个函数,可以用来对特殊文件的基础设备参数进行操作,它们可以完成与打开文件描述符相关联的控 ...
-
Android:自己定义输入法(输入password时防止第三方窃取)
对于Android用户而言.一般都会使用第三方的输入法. 但是,在输入password时(尤其是支付相关的password),使用第三方输入法有极大的安全隐患. 眼下非常多网银类的APP和支付宝等软件 ...
-
php设计模式(二):结构模式
上一篇我们介绍了设计模式的特性并且详细讲解了4种创建型模式,创建型模式是负责如何产生对象实例的,现在我们继续来给大家介绍结构型模式. 一.什么是结构型模式? 结构型模式是解析类和对象的内部结构和外部组 ...
-
非vue-cli的花括号闪现问题
<div id="app" v-cloak></div>[v-cloak] { display: none;}这种方式可以解决网速较慢,vue.js文件还没 ...
-
linux配置jdk环境变量
首先在Linux解压后缀为.tar.gz的jdk压缩文件 解压到当前的文件夹 tar -zcvf /root/java/jdk版本编号 指令: cd 目录路径 -> 是进入该目录路径 c ...
-
Angular使用总结 --- 如何正确的操作DOM
无奈接手了一个旧项目,上一个老哥在Angular项目中大量使用了JQuery来操作DOM,真的是太不讲究了.那么如何优雅的使用Angular的方式来操作DOM呢? 获取元素 1.ElementRef ...
-
深入浅出Automation Anywhere
Automation Anywhere是基于CLIENT-SERVER架构(control room和客户端),客户端主要是Bot Creator 和 BotRunner 主要构成: 1.WEBCR: ...
-
【Java】Java初始化过程总结
概述 Java字节代码:byte[] Java类在JVM的表现形式:Class类的对象: Java源代码被编译成class字节码 : Java字节代码 --> Class类的对象: 加载:把Ja ...