13Kubernetes高可用集群-高可用配置

Kubernetes高可用集群-高可用配置目录01任务高可用配置软件包准备02任务学习目标【知识目标】●了解kubeadm工具的使用方法；●

掌握Kubernetes集群的高可用配置。【技能目标】●

能够利用keepalived+nginx实现k8sapiserver节点高可用；●

能够基于搭建过程中出现的问题进行基础排错。1软件包准备1安装软件包三节点安装初始化Kubernetes需要的软件包，并启动kubelet服务，设置开机自启，以master节点为例，代码如下：[root@master1~]#yuminstall-ykubelet-1.20.6kubeadm-1.20.6kubectl-1.20.6[root@master1~]#systemctlenablekubelet[root@master1~]#systemctlstartkubelet软件包准备1安装软件包查看kubelet服务状态：[root@master1~]#systemctlstatuskubelet输出结果如下：软件包准备2高可用配置通过keepalived+nginx实现apiserver节点高可用把epel.repo上传到master1的/etc/yum.repos.d目录下，#并拷贝到远程主机master2和node1上[root@master1~]#scp/etc/yum.repos.d/epel.repomaster2:/etc/yum.repos.d/[root@master1~]#scp/etc/yum.repos.d/epel.reponode1:/etc/yum.repos.d/2配置epel源通过keepalived+nginx实现apiserver节点高可用在master1和master2上做nginx主备安装[root@master1~]#yuminstallnginxkeepalived-y[root@master2~]#yuminstallnginxkeepalived-y2安装nginx和keepalived通过keepalived+nginx实现apiserver节点高可用[root@master1~]#vim/etc/nginx/nginx.confusernginx;worker_processesauto;error_log/var/log/nginx/error.log;pid/run/nginx.pid;include/usr/share/nginx/modules/*.conf;events{worker_connections1024;}2修改nginx配置文件#四层负载均衡，为两台Masterapiserver组件提供负载均衡stream{log_formatmain'$remote_addr$upstream_addr-[$time_local]$status$upstream_bytes_sent';access_log/var/log/nginx/k8s-access.logmain;upstreamk8s-apiserver{server0:6443;#Master1APISERVERIP:PORTserver0:6443;#Master2APISERVERIP:PORT}

server{listen16443;#由于nginx与master节点复用，这个监听端口不能是6443，否则会冲突proxy_passk8s-apiserver;}}通过keepalived+nginx实现apiserver节点高可用http{log_formatmain'$remote_addr-$remote_user[$time_local]"$request"''$status$body_bytes_sent"$http_referer"''"$http_user_agent""$http_x_forwarded_for"';access_log/var/log/nginx/access.logmain;sendfile

on;tcp_nopush

on;tcp_nodelay

on;keepalive_timeout

65;types_hash_max_size

2048;2修改nginx配置文件include/etc/nginx/mime.types;default_typeapplication/octet-stream;server{listen80default_server;server_name_;location/{}}}通过keepalived+nginx实现apiserver节点高可用在master2节点[root@master2keepalived]#yuminstallnginx-mod-stream-y2nginx增加stream模块通过keepalived+nginx实现apiserver节点高可用[root@master2~]#vim/etc/nginx/nginx.confusernginx;worker_processesauto;error_log/var/log/nginx/error.log;pid/run/nginx.pid;include/usr/share/nginx/modules/*.conf;events{worker_connections1024;}2修改nginx配置文件#四层负载均衡，为两台Masterapiserver组件提供负载均衡stream{log_formatmain'$remote_addr$upstream_addr-[$time_local]$status$upstream_bytes_sent';access_log/var/log/nginx/k8s-access.logmain;upstreamk8s-apiserver{server0:6443;#Master1APISERVERIP:PORTserver0:6443;#Master2APISERVERIP:PORT}

server{listen16443;#由于nginx与master节点复用，这个监听端口不能是6443，否则会冲突proxy_passk8s-apiserver;}}通过keepalived+nginx实现apiserver节点高可用http{log_formatmain'$remote_addr-$remote_user[$time_local]"$request"''$status$body_bytes_sent"$http_referer"''"$http_user_agent""$http_x_forwarded_for"';access_log/var/log/nginx/access.logmain;sendfile

on;tcp_nopush

on;tcp_nodelay

on;keepalive_timeout

65;types_hash_max_size

2048;2修改nginx配置文件include/etc/nginx/mime.types;default_typeapplication/octet-stream;server{listen80default_server;server_name_;location/{}}}通过keepalived+nginx实现apiserver节点高可用[root@master1~]#vim/etc/keepalived/keepalived.confglobal_defs{notification_email{acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_fromAlexandre.Cassen@firewall.locsmtp_serversmtp_connect_timeout30router_idNGINX_MASTER}vrrp_scriptcheck_nginx{script"/etc/keepalived/check_nginx.sh"}2主keepalived配置vrrp_instanceVI_1{stateMASTERinterfaceens33#修改为实际网卡名virtual_router_id51#VRRP路由ID实例，每个实例是唯一的priority100#优先级，备服务器设置90advert_int1#指定VRRP心跳包通告间隔时间，默认1秒authentication{auth_typePASSauth_pass1111}virtual_ipaddress{99/24

#虚拟IP}track_script{check_nginx}}通过keepalived+nginx实现apiserver节点高可用2主keepalived配置准备上述配置文件中检查Nginx运行状态的脚本[root@master1~]#vim/etc/keepalived/check_nginx.sh#!/bin/bashcount=$(ps-ef|grepnginx|grepsbin|egrep-cv"grep|$$")if["$count"-eq0];thensystemctlstopkeepalivedfi[root@master1~]#chmod+x/etc/keepalived/check_nginx.sh通过keepalived+nginx实现apiserver节点高可用[root@master2~]#vim/etc/keepalived/keepalived.confglobal_defs{notification_email{acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_fromAlexandre.Cassen@firewall.locsmtp_serversmtp_connect_timeout30router_idNGINX_MASTER}vrrp_scriptcheck_nginx{script"/etc/keepalived/check_nginx.sh"}2备keepalived配置vrrp_instanceVI_1{stateBACKUPinterfaceens33virtual_router_id51#VRRP路由ID实例，每个实例是唯一的priority90advert_int1authentication{auth_typePASSauth_pass1111}virtual_ipaddress{99/24}track_script{check_nginx}}通过keepalived+nginx实现apiserver节点高可用2备keepalived配置准备上述配置文件中检查Nginx运行状态的脚本[root@master2~]#vim/etc/keepalived/check_nginx.sh#!/bin/bashcount=$(ps-ef|grepnginx|grepsbin|egrep-cv"grep|$$")if["$count"-eq0];thensystemctlstopkeepalivedfi[root@master2~]#chmod+x/etc/keepalived/check_nginx.sh通过keepalived+nginx实现apiserver节点高可用2启动服务master1和master2操作相同，以master1为例[root@master1~]#systemctldaemon-reload[root@master1~]#systemctlstartnginx[root@master1~]#systemctlstartkeepalived[root@master1~]#systemctlenablenginxkeepalived[root@master1

~]#systemctlstatuskeepalived通过keepalived+nginx实现apiserver节点高可用2测试vip是否绑定成功通过ipaddr查看master1节点vip[root@master1~]#ipaddr1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestate。。。2:ens33:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether00:0c:29:91:f9:12brdff:ff:ff:ff:ff:ffinet192.168.116.10/24brd55scopeglobalnoprefixrouteens33valid_lftforeverpreferred_lftforeverinet99/24scopeglobalsecondaryens33valid_lftforeverpreferred_lftforeverinet6fe80::5dc1:f326:2132:7365/64scopelinknoprefixroutevalid_lftforeverpreferred_lftforever通过keepalived+nginx实现apiserver节点高可用2测试keepalived停掉master1上的nginx。Vip会漂移到master2[root@master1