11Kubernetes高可用集群-基础环境

Kubernetes高可用集群-基础环境目录01任务项目实施节点环境准备02任务学习目标【知识目标】●

掌握集群基础环境配置要点

【技能目标】●

能够基于搭建过程中出现的问题进行基础排错。1节点环境准备初始化实验环境1角色IP地址主机名安装的组件控制节点192.168.116.10Master-1apiserver、controller-manager、scheduler、etcd、docker、keepalived、nginx控制节点192.168.116.20Master-2apiserver、controller-manager、scheduler、etcd、docker、keepalived、nginx工作节点192.168.116.30Node-1kubelet、kube-proxy、docker、calico、coredns节点规划初始化实验环境1环境准备和说明软件名称软件版本LinuxOSCentOSLinuxrelease7.7.1908(Core)Dockerdocker-ce-20.10.6Kubernetes1.20.6Kubeadmkubeadm-1.20.6-0.x86_64etcd3.3.10calicov3.18.0初始化实验环境1环境准备和说明推荐配置：4vcpu+4Gmemory+50Gdisk最低配置：2vcpu+2Gmemory+50Gdisk网络：NAT本次实验配置如下：初始化实验环境1环境准备和说明k8s本地环境规划：podSubnet（pod网段）10.244.0.0/16serviceSubnet（service网段）:10.10.0.0/162案例实施案例实施按照部署要求，修改三个节点的IP地址，以master1节点为例2配置静态IP[root@localhost~]#vim/etc/sysconfig/network-scripts/ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static。。。ONBOOT=yesIPADDR=192.168.116.10PREFIX=24GATEWAY=192.168.116.2DNS1=114.114.114.114修改配置文件之后需要重启网络服务才能使配置生效[root@localhost~]#systemctlrestartnetwork案例实施2配置机器主机名在192.168.116.10上执行如下：hostnamectlset-hostnamemaster1&&bash在192.168.116.20上执行如下：hostnamectlset-hostnamemaster2&&bash在192.168.116.30上执行如下：hostnamectlset-hostnamenode1&&bash案例实施2配置主机hosts文件3个节点相互之间通过主机名互相访问，修改每台机器的/etc/hosts，增加如下3行：192.168.116.10master1192.168.116.20master2192.168.116.30node1案例实施2配置主机之间无密码登录生成秘钥[root@master1~]#ssh-keygen把本地生成的密钥文件和私钥文件拷贝到远程主机[root@master1~]#ssh-copy-idmaster1[root@master1~]#ssh-copy-idmaster2[root@master1~]#ssh-copy-idnode1案例实施2配置主机之间无密码登录生成秘钥[root@master2~]#ssh-keygen把本地生成的密钥文件和私钥文件拷贝到远程主机[root@master2~]#ssh-copy-idmaster1[root@master2~]#ssh-copy-idmaster2[root@master2~]#ssh-copy-idnode1案例实施2配置主机之间无密码登录生成秘钥[root@node1~]#ssh-keygen把本地生成的密钥文件和私钥文件拷贝到远程主机[root@node1~]#ssh-copy-idmaster1[root@node1~]#ssh-copy-idmaster2[root@node1~]#ssh-copy-idnode1案例实施2关闭交换分区swap三节点相同配置，以master1为例（1）临时关闭[root@master1~]#swapoff-a案例实施2关闭交换分区swap（2）永久关闭[root@master1~]#vi/etc/fstab#/etc/fstab#CreatedbyanacondaonMonJul2411:15:142023#Accessiblefilesystems,byreference,aremaintainedunder'/dev/disk'#Seemanpagesfstab(5),findfs(8),mount(8)and/orblkid(8)formoreinfo#UUID=ab12c361-6848-4035-bc98-bf8a242efa2a/xfsdefaults00UUID=628bfe49-1b47-40c7-9182-45383cfe840b/bootxfsdefaults00#UUID=5bfdd074-35c2-40ac-a57f-b41de7d81dd5swapswapdefaults00

1修改机器内核参数三节点执行相同配置，以master1节点为例[root@master1~]#modprobebr_netfilter[root@master1~]#echo"modprobebr_netfilter">>/etc/profile[root@master1~]#cat>/etc/sysctl.d/Kubernetes.conf<<EOFnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1net.ipv4.ip_forward=1EOF[root@master1~]#sysctl-p/etc/sysctl.d/Kubernetes.confdocker安装环境准备案例实施2关闭firewalld防火墙[root@master1~]#systemctlstopfirewalld;systemctldisablefirewalld[root@master2~]#systemctlstopfirewalld;systemctldisablefirewalld[root@node1~]#systemctlstopfirewalld;systemctldisablefirewalld案例实施2关闭selinux三节点做同样配置，以master1节点为例[root@master1~]#sed-i's/SELINUX=enforcing/SELINUX=disabled/g'/etc/selinux/config修改selinux配置文件之后，重启机器，selinux配置才能永久生效。[root@master1~]#getenforceDisabled#显示Disabled说明selinux已经关案例实施2配置时钟同步所有节点安装chrony服务。[root@master1~]#yuminstall-ychrony

[root@master2~]#yuminstall-ychrony

[root@node1~]#yuminstall-ychrony

案例实施2配置时钟同步master1节点修改/etc/chrony.conf文件，注释默认NTP服务器，指定上游公共NTP服务器，并允许其他节点同步时间。[root@master1~]#sed-i's/^server/#&/'/etc/chrony.conf[root@master1~]#cat>>/etc/chrony.conf<<EOFlocalstratum10servermasteriburstallowallEOF案例实施2配置时钟同步master1节点重启chronyd服务并设为开机启动，开启网络时间同步功能。[root@master1~]#systemctlenablechronyd&&systemctlrestartchronyd[root@master1~]#timedatectlset-ntptrue案例实施2配置时钟同步master2和node1节点修改/etc/chrony.conf文件，指定内网master1节点为上游NTP服务器，重启服务并设为开机启动。以node1为例[root@node1~]#sed-i's/^server/#&/'/etc/chrony.conf[root@node1~]#echoserver192.168.116.10iburst>>/etc/chrony.conf[root@node~]#systemctlenablechronyd&&systemctlrestartchronyd案例实施2开启ipvs配置ipvs模块，三个节点均需配置cat>/etc/sysconfig/modules/ipvs.modules<<EOF#!/bin/bashmodprobe--br_netfiltermodprobe--ip_vsmodprobe--ip_vs_rrmodprobe--ip_vs_wrrmodprobe--ip_vs_shmodprobe--nf_conntrack_ipv4EOF案例实施2开启ipvschmod755/etc/sysconfig/modules/ipvs.modules&&\bash/etc/sysconfig/modules/ipvs.modules&&\lsmod|grep-E"ip_vs|nf_conntrack_ipv4"输出结果如下：案例实施2安装基础包三节点安装基础软件包，以master1为例[root@master1~]#yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2wgetnet-toolsnfs-utilslrzszgccgcc-c++makecmakelibxml2-developenssl-develcurlcurl-develunzipsudontplibaio-develwgetvimncurses-develautoconfautomakezlib-devel

python-develepel-releaseopenssh-serversocat

ipvsadmconntrackntpdatetelnet