目录
一、部署 CoreDNS
1.1.在所有 node 节点上操作
1.2.在 master01 节点上操作
1.3.DNS 解析测试
二、master02 节点部署
2.1.从 master01 节点上拷贝证书文件、各master组件的配置文件和服务管理文件到 master02 节点
2.2.修改配置文件kube-apiserver中的IP
2.3.在 master02 节点上启动各服务并设置开机自启
2.4./查看node节点状态
三、负载均衡部署
3.1.配置nginx的官方在线yum源,配置本地nginx的yum源
3.2.修改nginx配置文件,配置四层反向代理负载均衡,指定k8s群集2台master的节点ip和6443端口
3.3.检查配置文件语法
3.4.部署keepalived服务
3.5.创建nginx状态检查脚本
3.6.启动keepalived服务(一定要先启动了nginx服务,再启动keepalived服务)
3.7.修改node节点上的bootstrap.kubeconfig,kubelet.kubeconfig配置文件为VIP
3.8.在 lb01 上查看 nginx 和 node 、 master 节点的连接状态
3.9.在 master01 节点上操作
一、部署 CoreDNS
CoreDNS:可以为集群中的 service 资源创建一个域名 与 IP 的对应关系解析
1.1.在所有 node 节点上操作
上传 coredns.tar 到 /opt 目录中
cd /opt
docker load -i coredns.tar
1.2.在 master01 节点上操作
上传 coredns.yaml 文件到 /opt/k8s 目录中,部署 CoreDNS
cd /opt/k8s
kubectl apply -f coredns.yaml
kubectl get pods -n kube-system
1.3.DNS 解析测试
kubectl run -it --rm dns-test --image=busybox:1.28.4 sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server: 10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
注:
如果出现以下报错
[root@master01 k8s]# kubectl run -it --image=busybox:1.28.4 sh
If you don't see a command prompt, try pressing enter.
Error attaching, falling back to logs: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log sh)
需要添加 rbac的权限 直接使用kubectl绑定 clusteradmin 管理员集群角色 授权操作权限
[root@master01 k8s]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/cluster-system-anonymous created
二、master02 节点部署
2.1.从 master01 节点上拷贝证书文件、各master组件的配置文件和服务管理文件到 master02 节点
scp -r /opt/etcd/ root@192.168.190.104:/opt/
scp -r /opt/kubernetes/ root@192.168.190.104:/opt
scp -r /root/.kube root@192.168.190.104:/root
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.190.104:/usr/lib/systemd/system/
2.2.修改配置文件kube-apiserver中的IP
vim /opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--etcd-servers=https://192.168.190.101:2379,https://192.168.190.102:2379,https://192.168.190.103:2379 \
--bind-address=192.168.190.104 \ 修改
--secure-port=6443 \
--advertise-address=192.168.190.104 \ 修改
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
..................
2.3.在 master02 节点上启动各服务并设置开机自启
systemctl start kube-apiserver.service
systemctl enable kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service
2.4./查看node节点状态
ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
kubectl get nodes -o wide #-o=wide:输出额外信息;对于Pod,将输出Pod所在的Node名
//此时在master02节点查到的node节点状态仅是从etcd查询到的信息,而此时node节点实际上并未与master02节点建立通信连接,因此需要使用一个VIP把node节点与master节点都关联起来
三、负载均衡部署
配置load balancer集群双机热备负载均衡(nginx实现负载均衡,keepalived实现双机热备)
在lb01、lb02节点上操作
3.1.配置nginx的官方在线yum源,配置本地nginx的yum源
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
EOF
yum install nginx -y
3.2.修改nginx配置文件,配置四层反向代理负载均衡,指定k8s群集2台master的节点ip和6443端口
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.190.101:6443;
server 192.168.190.104:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
3.3.检查配置文件语法
nginx -t
//启动nginx服务,查看已监听6443端口
systemctl start nginx
systemctl enable nginx
netstat -natp | grep nginx
3.4.部署keepalived服务
部署keepalived服务
yum install keepalived -y
//修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER #lb01节点的为 NGINX_MASTER,lb02节点的为 NGINX_BACKUP
}
#添加一个周期性执行的脚本
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh" #指定检查nginx存活的脚本路径
}
vrrp_instance VI_1 {
state MASTER #lb01节点的为 MASTER,lb02节点的为 BACKUP
interface ens33 #指定网卡名称 ens33
virtual_router_id 51 #指定vrid,两个节点要一致
priority 100 #lb01节点的为 100,lb02节点的为 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.190.100/24 #指定 VIP
}
track_script {
check_nginx #指定vrrp_script配置的脚本
}
}
3.5.创建nginx状态检查脚本
vim /etc/nginx/check_nginx.sh
#!/bin/bash
#egrep -cv "grep|$$" 用于过滤掉包含grep 或者 $$ 表示的当前Shell进程ID,即脚本运行的当前进程ID号
count=$(ps -ef | grep nginx | egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
chmod +x /etc/nginx/check_nginx.sh
3.6.启动keepalived服务(一定要先启动了nginx服务,再启动keepalived服务)
systemctl start keepalived
systemctl enable keepalived
ip a #查看VIP是否生成
3.7.修改node节点上的bootstrap.kubeconfig,kubelet.kubeconfig配置文件为VIP
cd /opt/kubernetes/cfg/
vim bootstrap.kubeconfig
server: https://192.168.10.100:6443
vim kubelet.kubeconfig
server: https://192.168.10.100:6443
vim kube-proxy.kubeconfig
server: https://192.168.10.100:6443
//重启kubelet和kube-proxy服务
systemctl restart kubelet.service
systemctl restart kube-proxy.service
3.8.在 lb01 上查看 nginx 和 node 、 master 节点的连接状态
netstat -natp | grep nginx
tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN 84739/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 84739/nginx: master
tcp 0 0 192.168.190.105:60382 192.168.190.104:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.102:41650 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:49726 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.104:35234 192.168.190.101:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.102:41648 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:49728 ESTABLISHED 84742/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.102:41646 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.105:32786 192.168.190.104:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.102:41656 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.105:60378 192.168.190.104:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.105:32794 192.168.190.104:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:49724 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.105:35886 192.168.190.101:6443 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:51372 ESTABLISHED 84742/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:49722 ESTABLISHED 84741/nginx: worker
tcp 0 0 192.168.190.100:6443 192.168.190.103:49702 ESTABLISHED 84741/nginx: worker
3.9.在 master01 节点上操作
测试创建pod
kubectl run nginx --image=nginx
//查看Pod的状态信息
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-nf9sk 0/1 ContainerCreating 0 33s #正在创建中
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-nf9sk 1/1 Running 0 80s #创建完成,运行中
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-26r9l 1/1 Running 0 10m 172.17.36.2 192.168.80.15 <none>
//READY为1/1,表示这个Pod中有1个容器
//在对应网段的node节点上操作,可以直接使用浏览器或者curl命令访问
curl 172.17.36.2
//这时在master01节点上查看nginx日志
kubectl logs nginx-dbddb74b8-nf9sk