「Kubernetes」- 搭建高可用集群(集群、搭建、高可用、1.17、keepalived)

  CREATED BY JENKINSBOT

问题描述

该笔记将记录:如何搭建 Kubernetes Cluster(内部 etcd 服务),以及相关问题处理方法。

注意事项

本文内容参考官方「Creating Highly Available clusters with kubeadm v1.17」文档整理。

由于“内部etcd服务”式集群,占用主机数量少、管理相对简单、并且具有高可用性,所以选择该类型集群。

环境概述

操作系统:CentOS Linux release 7.4.1708 (Core)
软件版本:Kubernetes 1.16.2, Docker

前提条件

满足“kubeadm’s minimum requirements”的三台主机,用于主节点;
满足“kubeadm’s minimum requirements”的三台主机,用于工作节点;
所有主机之间网络互通(公网、私网);
具有这些主机的ROOT权限(sudo);
能够通过SSH命令访问这些主机;
在所有节点中已经安装kubeadm及kubelet命令;(命令kubectl可选)

第一步、节点初始化

本文不再展开,参考「使用kubeadm部署测试集群(实验性质)/在所有节点上执行」部分。

修改HOSTS配置(如果你调整过主机名):

cat >> /etc/hosts <<EOF
10.10.50.101 k8s-master-01
10.10.50.102 k8s-master-02
10.10.50.103 k8s-master-03
EOF

第二步、创建负载均衡器

负载均衡器有很多种创建方法,我们这里只介绍我们使用的。

我们使用Keepalived作为负载均衡器,但实际上它并不能进行负载均衡,只能进行高可用:

yum install -y keepalived.x86_64
systemctl start keepalived.service
systemctl enable keepalived.service

(配置文件内容参考「keepalived.conf」页面)

第三步、初始化主节点

#1 初始化首个主节点

kubeadm init --control-plane-endpoint "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" --upload-certs

关键内容:

...
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join 10.10.50.100:6443 --token 60k8ec.p9z48jzua0xek4sx \
    --discovery-token-ca-cert-hash sha256:d74dc9f59b2caa888afd312f4e216e33b89ba1d4bb1212a394561c963c4c6391 \
    --control-plane --certificate-key afa132db8efc9c2cebea7f53f3b52ec94c6adbbeb8add4fb8a1d25404e5c883f

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.10.50.100:6443 --token 60k8ec.p9z48jzua0xek4sx \
    --discovery-token-ca-cert-hash sha256:d74dc9f59b2caa888afd312f4e216e33b89ba1d4bb1212a394561c963c4c6391

#2 安装网络插件

kubectl apply -f “https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ‘\n’)”

kubectl get pod -n kube-system -w

#3 添加剩余主节点

根据kubeadm init命令的输出,可以使用命令直接添加主节点:

kubeadm join 10.10.50.100:6443 --token 60k8ec.p9z48jzua0xek4sx \
    --discovery-token-ca-cert-hash sha256:d74dc9f59b2caa888afd312f4e216e33b89ba1d4bb1212a394561c963c4c6391 \
    --control-plane --certificate-key afa132db8efc9c2cebea7f53f3b52ec94c6adbbeb8add4fb8a1d25404e5c883f

第四步、添加工作节点

修改HOSTS配置:

#!/bin/sh

cat >> /etc/hosts <<EOF

10.10.50.104 k8s-node-01
10.10.50.105 k8s-node-02
10.10.50.106 k8s-node-03
EOF

不再展开赘述,只需要执行命令(在主机节点初始化时输出):

#!/bin/sh

kubeadm join 10.10.50.100:6443 --token 60k8ec.p9z48jzua0xek4sx \
    --discovery-token-ca-cert-hash sha256:d74dc9f59b2caa888afd312f4e216e33b89ba1d4bb1212a394561c963c4c6391

附加说明

如果你的主机名不是在系统安装时设置的,那需要修改/etc/hosts文件,将当前主机名解析到127.0.0.1地址。否则执行kubeadm initkubeadm join命令将会失败。

参考文献

Creating Highly Available clusters with kubeadm