(八)二进制安装k8s-1.11版本之master高可用
环境规划
master01:192.168.213.131 master02:192.168.213.132 VIP : 192.168.213.199
在跳板机上更新master证书和把证书发送到master上
重新生成证书请求
#cd /server/ssl # cat k8s-csr.json { "CN": "kubernetes", "hosts": [ "127.0.0.1", "192.168.213.131", "192.168.213.132", "192.168.213.199", "10.254.0.1", "kubernetes", "kuber 4000 netes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "Hangzhou", "L": "Hangzhou", "O": "k8s", "OU": "System" } ] }
重新生成master证书和私钥文件
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes
把证书发送到master01
scp kubernetes*.pem master01:/opt/kubernetes/ssl/
master相关配置和组件
在master01上把kube-apiserver, kube-scheduler, kube-controller-manager相关组件发到master02上
cd /opt/kubernetes/bin/ scp kube* master02:/opt/kubernetes/bin/
在master01上把相关证书发送master02上
scp /opt/kubernetes/ssl/* master02:/opt/kubernetes/ssl/
修改master01上kube-apiserver的启动脚本
vi /usr/lib/systemd/system/kube-apiserver.service --advertise-address=0.0.0.0 --bind-address=0.0.0.0 修改监听地址为0.0.0.0
在master01上把kube-apiserver, kube-scheduler, kube-controller-manager的服务启动脚本发到master02上
cd /usr/lib/systemd/system scp kube-* master02:/usr/lib/systemd/system/
master01上重启kube-apiserver
systemctl daemon-reload systemctl restart kube-apiserver systemctl status kube-apiserver
在master02启动服务
systemctl enable kube-apiserver systemctl enable kube-controller-manager systemctl enable kube-scheduler systemctl start kube-apiserver systemctl start kube-controller-manager systemctl start kube-scheduler systemctl status kube-apiserver systemctl status kube-controller-manager systemctl status kube-scheduler
安装nginx作为kube-apiserver代理
master01和master02安装nginx
yum install nginx -y systemctl start nginxsystemctl enable nginx
master01和master02修改nginx配置文件
stream { upstream k8s_proxy { server 192.168.213.131:6443 max_fails=2 fail_timeout=20s; #健康状态检测 server 192.168.213.132:6443 max_fails=2 fail_timeout=20s; } server { listen 8443; proxy_connect_timeout 10s; #连接后端服务器的超时时间 proxy_timeout 60s; #连接超时时间,如果不配置,永远不超时 proxy_pass k8s_proxy; } }
安装和配置keepalived
master01和master02安装keepalived
yum install keepalived systemctl start keepalived systemctl enable keepalived
master01的keepalived配置文件如下
global_defs { router_id MASTER } vrrp_script check_nginx { script "systemctl status nginx" interval 3 weight -20 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass redhat } virtual_ipaddress { 192.168.213.199 } track_script { check_nginx } }
master02的keepalived配置文件如下:
global_defs { router_id BACKUP } vrrp_script check_nginx { script "systemctl status nginx" interval 3 weight -20 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass redhat } virtual_ipaddress { 192.168.213.199 } track_script { check_nginx } }
修改客户端node节点配置
查看配置
grep server /opt/kubernetes/cfg/kubelet.kubeconfig grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig grep server /opt/kubernetes/cfg/bootstrap.kubeconfig
修改ip为vip和对外的暴露的端口
sed -ri 's/192.168.213.131:6443/192.168.213.199:8443/g' /opt/kubernetes/cfg/*.kubeconfig
node节点验证是否修改成功
grep server /opt/kubernetes/cfg/kubelet.kubeconfig grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig grep server /opt/kubernetes/cfg/bootstrap.kubeconfig
node节点重启kube-proxy和kubelet
systemctl daemon-reload systemctl restart kube-proxy systemctl restart kubelet systemctl status kube-proxy systemctl status kubelet
修改kubectl客户端的配置文件
sed -ri 's/192.168.213.131:6443/192.168.213.199:8443/g' /root/.kube/config
验证
下载vip在master01上
kubectl客户端能正常连接apiserver
分别停止master01上kube-apiserver服务和master02上的kube-apiserver服务
systemctl stop kube-apiserver
kubectl客户端还是能够正常连接apiserver
停止master01上的nginx服务
systemctl stop nginx
vip漂移到master01上
kubectl客户端还是能够正常连接apiserver
再次启动master01上nginx的服务
systemctl start nginx
vip漂移到master01上
kubectl客户端还是能够正常连接apiserver
- (九)二进制安装k8s-1.11版本之traefix
- centos7使用kubeadm安装kubernetes 1.11版本多主高可用
- Kubernetes高可用Master节点安装
- [k8s]prometheus+alertmanager二进制安装实现简单邮件告警
- 在centos7的普通用户下二进制安装mysql5.5版本
- mysql二进制版本安装以及主从服务的搭建
- ubuntu 16.04 安装 opencv master版本
- mysql-proxy二进制版本安装测试
- mysql 5.7版本的二进制安装方法
- Ubuntu 15.04 Gogs(git 版本库) 二进制安装
- K8S 集群二进制安装(未完,代理功能与前端UI未验证通过)
- centos 下mysql5.1.45 二进制版本安装及多apache php版本安装
- K8S集群Master高可用实践
- mysql 5.7.14 二进制版本详细安装过程
- (亲测可用2019.1版本)IDEA 2019.1版本安装及破解
- Eclipse4.X版本安装fatjar插件(luna mars 版本均可用)
- K8S集群Master高可用实践
- CentOS6.5安装二进制mysql-5.5版本