(八)二进制安装k8s-1.11版本之master高可用
2019-05-03 15:16
696 查看
环境规划
master01:192.168.213.131 master02:192.168.213.132 VIP : 192.168.213.199
在跳板机上更新master证书和把证书发送到master上
重新生成证书请求
#cd /server/ssl
# cat k8s-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.213.131",
"192.168.213.132",
"192.168.213.199",
"10.254.0.1",
"kubernetes",
"kuber
4000
netes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Hangzhou",
"L": "Hangzhou",
"O": "k8s",
"OU": "System"
}
]
}
重新生成master证书和私钥文件
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes
把证书发送到master01
scp kubernetes*.pem master01:/opt/kubernetes/ssl/
master相关配置和组件
在master01上把kube-apiserver, kube-scheduler, kube-controller-manager相关组件发到master02上
cd /opt/kubernetes/bin/ scp kube* master02:/opt/kubernetes/bin/
在master01上把相关证书发送master02上
scp /opt/kubernetes/ssl/* master02:/opt/kubernetes/ssl/
修改master01上kube-apiserver的启动脚本
vi /usr/lib/systemd/system/kube-apiserver.service --advertise-address=0.0.0.0 --bind-address=0.0.0.0 修改监听地址为0.0.0.0
在master01上把kube-apiserver, kube-scheduler, kube-controller-manager的服务启动脚本发到master02上
cd /usr/lib/systemd/system scp kube-* master02:/usr/lib/systemd/system/
master01上重启kube-apiserver
systemctl daemon-reload systemctl restart kube-apiserver systemctl status kube-apiserver
在master02启动服务
systemctl enable kube-apiserver systemctl enable kube-controller-manager systemctl enable kube-scheduler systemctl start kube-apiserver systemctl start kube-controller-manager systemctl start kube-scheduler systemctl status kube-apiserver systemctl status kube-controller-manager systemctl status kube-scheduler
安装nginx作为kube-apiserver代理
master01和master02安装nginx
yum install nginx -y systemctl start nginxsystemctl enable nginx
master01和master02修改nginx配置文件
stream {
upstream k8s_proxy {
server 192.168.213.131:6443 max_fails=2 fail_timeout=20s; #健康状态检测
server 192.168.213.132:6443 max_fails=2 fail_timeout=20s;
}
server {
listen 8443;
proxy_connect_timeout 10s; #连接后端服务器的超时时间
proxy_timeout 60s; #连接超时时间,如果不配置,永远不超时
proxy_pass k8s_proxy;
}
}
安装和配置keepalived
master01和master02安装keepalived
yum install keepalived systemctl start keepalived systemctl enable keepalived
master01的keepalived配置文件如下
global_defs {
router_id MASTER
}
vrrp_script check_nginx {
script "systemctl status nginx"
interval 3
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.213.199
}
track_script {
check_nginx
}
}
master02的keepalived配置文件如下:
global_defs {
router_id BACKUP
}
vrrp_script check_nginx {
script "systemctl status nginx"
interval 3
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.213.199
}
track_script {
check_nginx
}
}
修改客户端node节点配置
查看配置
grep server /opt/kubernetes/cfg/kubelet.kubeconfig grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig grep server /opt/kubernetes/cfg/bootstrap.kubeconfig
修改ip为vip和对外的暴露的端口
sed -ri 's/192.168.213.131:6443/192.168.213.199:8443/g' /opt/kubernetes/cfg/*.kubeconfig
node节点验证是否修改成功
grep server /opt/kubernetes/cfg/kubelet.kubeconfig grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig grep server /opt/kubernetes/cfg/bootstrap.kubeconfig
node节点重启kube-proxy和kubelet
systemctl daemon-reload systemctl restart kube-proxy systemctl restart kubelet systemctl status kube-proxy systemctl status kubelet
修改kubectl客户端的配置文件
sed -ri 's/192.168.213.131:6443/192.168.213.199:8443/g' /root/.kube/config
验证
下载vip在master01上
kubectl客户端能正常连接apiserver
分别停止master01上kube-apiserver服务和master02上的kube-apiserver服务
systemctl stop kube-apiserver
kubectl客户端还是能够正常连接apiserver
停止master01上的nginx服务
systemctl stop nginx
vip漂移到master01上
kubectl客户端还是能够正常连接apiserver
再次启动master01上nginx的服务
systemctl start nginx
vip漂移到master01上
kubectl客户端还是能够正常连接apiserver
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- (九)二进制安装k8s-1.11版本之traefix
- centos7使用kubeadm安装kubernetes 1.11版本多主高可用
- Kubernetes高可用Master节点安装
- [k8s]prometheus+alertmanager二进制安装实现简单邮件告警
- 在centos7的普通用户下二进制安装mysql5.5版本
- mysql二进制版本安装以及主从服务的搭建
- ubuntu 16.04 安装 opencv master版本
- mysql-proxy二进制版本安装测试
- mysql 5.7版本的二进制安装方法
- Ubuntu 15.04 Gogs(git 版本库) 二进制安装
- K8S 集群二进制安装(未完,代理功能与前端UI未验证通过)
- centos 下mysql5.1.45 二进制版本安装及多apache php版本安装
- K8S集群Master高可用实践
- mysql 5.7.14 二进制版本详细安装过程
- (亲测可用2019.1版本)IDEA 2019.1版本安装及破解
- Eclipse4.X版本安装fatjar插件(luna mars 版本均可用)
- K8S集群Master高可用实践
- CentOS6.5安装二进制mysql-5.5版本