「Kubernetes」- 高可用集群(使用Kubeadm与Keepalived搭建)

  FROM JENKINS AUTOMATION

更新日期:2019年11月12日
@IGNORECHANGE

问题描述

“低配集群”,一个Master节点,一个Node节点,只能用于基础测试与简单演示,无法用于生产环境。在生产环境中,集群高可用,比如容灾、稳定性、故障恢复等等,是必须考虑的问题。

本文将介绍如何使用Kubeadm与Keepalived搭建K8s高可用集群。

环境概述

负载均衡

在每台主机上安装Keepalived服务,并启动。

部署集群

在所有节点上

安装必要的包:

#!/bin/sh

apt-get -y install kubeadm kubelet kubectl

停止Keepalived服务,但是保留一台:

#!/bin/sh

systemctl stop keepalived

在第一个节点上

#1、创建配置文件。在该节点上,生成kubeadm配置文件:

#!/bin/sh

CLUSTER_IP=10.9.8.10
NODES=(node1 node2 node3)
IPS=(10.9.8.11 10.9.8.12 10.9.8.13)
POD_SUBNET="192.168.0.0/16"

for i in "${!NODES[@]}"
do
  # 定义参数
  HOST=${IPS[$i]}
  NAME=${NODES[$i]}
  INITIAL_CLUSTER=$(
    for j in "${!NODES[@]}"; do
      echo "${NODES[$j]}=https://${IPS[$j]}:2380"
    done | xargs | tr ' ' ,
  )
  
  # 生成配置文件
cat > kubeadm-config-${NODES[$i]}.yaml <<EOT
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
apiServer:
  certSANs:
  - "${CLUSTER_IP}"
controlPlaneEndpoint: "${CLUSTER_IP}:6443"
etcd:
  local:
    extraArgs:
      initial-cluster: "${INITIAL_CLUSTER}"
      initial-cluster-state: new
      name: ${NODES[$i]}
      listen-peer-urls: "https://${IPS[$i]}:2380"
      listen-client-urls: "https://127.0.0.1:2379,https://${IPS[$i]}:2379"
      advertise-client-urls: "https://${IPS[$i]}:2379"
      initial-advertise-peer-urls: "https://${IPS[$i]}:2380"
    serverCertSANs:
      - "${NODES[$i]}"
      - "${IPS[$i]}"
    peerCertSANs:
      - "${NODES[$i]}"
      - "${IPS[$i]}"
networking:
    podSubnet: "${POD_SUBNET}"
EOT
done

#2、初始化然后etcd服务。使用配置文件初始化该节点的etcd服务,生成证书及管理配置:

#!/bin/sh

kubeadm="kubeadm --config=kubeadm-config-${HOSTNAME}.yaml"

$kubeadm init phase preflight
$kubeadm init phase certs all
$kubeadm init phase kubelet-start
$kubeadm init phase kubeconfig kubelet
$kubeadm init phase etcd local
$kubeadm init phase kubeconfig admin

systemctl start kubelet

#3、复制证书及配置。将生成的证书及配置文件复制到其他节点:

#!/bin/sh

NODES="node2 node3"
CERTS=$(find /etc/kubernetes/pki/ -maxdepth 1 -name '*ca.*' -o -name '*sa.*')
ETCD_CERTS=$(find /etc/kubernetes/pki/etcd/ -maxdepth 1 -name '*ca.*')

for NODE in $NODES
do
  ssh $NODE mkdir -p /etc/kubernetes/pki/etcd
  scp $CERTS $NODE:/etc/kubernetes/pki/
  scp $ETCD_CERTS $NODE:/etc/kubernetes/pki/etcd/
  scp /etc/kubernetes/admin.conf $NODE:/etc/kubernetes
  scp kubeadm-config-$NODE.yaml $NODE:
done

在第二个节点上

#1、初始化etcd服务:

#!/bin/sh

kubeadm="kubeadm --config=kubeadm-config-${HOSTNAME}.yaml"

$kubeadm init phase preflight
$kubeadm init phase certs all
$kubeadm init phase kubelet-start
$kubeadm init phase kubeconfig kubelet
$kubeadm init phase etcd local

systemctl start kubelet

在第三个节点上

#1、初始化主节点(及etcd服务):

#!/bin/sh

kubeadm init --config kubeadm-config-${HOSTNAME}.yaml

!!!注意,虚拟IP地址需要在该节点上。

在第一、第二个节点上

之前,我们只在第一、第二个节点上进行了etcd服务的初始化。接下来初始化集群:

#!/bin/sh

kubeadm="kubeadm --config=kubeadm-config-${HOSTNAME}.yaml"
$kubeadm init phase kubeconfig all
$kubeadm init phase control-plane all
$kubeadm init phase mark-control-plane

并启动Keepalived服务:

#!/bin/sh

systemctl start keepalived

参考文献



Backlinks:
Cloud-native Technologies:Kubernetes:7.Cluster and High availability:with Kubeadm and Keepalived:Cluster Repair


文章摘要:Cloud-native_Technologies:Kubernetes:7.Cluster_and_High_availability:with_Kubeadm_and_Keepalived

原文链接:「Kubernetes」- 高可用集群(使用Kubeadm与Keepalived搭建)