一、理论

1.K8S多Master架构

2.配置master02

3.master02 节点部署

4.负载均衡部署

二、实验

1.环境

2.配置master02

3.master02 节点部署

4.负载均衡部署

三、总结

一、理论

1.K8S多Master架构

(1) 架构

2.配置master02

（1）环境

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
 
关闭selinux
setenforce 0           #临时关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config   #永久关闭
 
关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
 
设置主机名
hostnamectl set-hostname master02
 
在各节点添加hosts
cat >> /etc/hosts << EOF
192.168.204.176 master02
192.168.204.171 master01
192.168.204.173 node01
192.168.204.175 node02
EOF
 
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables =1
EOF
 
sysctl --system      #重新载入一下
 
时间同步
yum install ntpdate -y
ntpdate time.windows.com

3.master02 节点部署

（1）从 master01 节点上拷贝证书文件、各master组件的配置文件和服务管理文件到 master02 节点

scp -r /opt/etcd/ root@192.168.204.176:/opt/
scp -r /opt/kubernetes/ root@192.168.204.176:/opt
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.204.176:/usr/lib/systemd/system/

（2）修改配置文件kube-apiserver中的IP

vim /opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=https://192.168.204.171:2379,https://192.168.204.173:2379,https://192.168.204.175:2379 \
--bind-address=192.168.204.176 \				#修改
--secure-port=6443 \
--advertise-address=192.168.204.176 \			#修改
......

（3）在 master02 节点上启动各服务并设置开机自启

systemctl start kube-apiserver.service
systemctl enable kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service

（4）查看node节点状态

ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
kubectl get nodes -o wide

4.负载均衡部署

配置load balancer集群双机热备负载均衡（nginx实现负载均衡，keepalived实现双机热备）

（1）在lb01、lb02节点上操作

配置nginx的官方在线yum源，配置本地nginx的yum源

cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
EOF

yum install nginx -y

修改nginx配置文件，配置四层反向代理负载均衡，指定k8s群集2台master的节点ip和6443端口

vim /etc/nginx/nginx.conf
events {
    worker_connections  1024;
}
 
#添加
stream {
    log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
    
	access_log  /var/log/nginx/k8s-access.log  main;
 
    upstream k8s-apiserver {
        server 192.168.111.171:6443;
        server 192.168.111.176:6443;
    }
    server {
        listen 6443;
        proxy_pass k8s-apiserver;
    }
}
 
http {
......

检查配置文件语法

nginx -t

启动nginx服务，查看已监听6443端口

systemctl start nginx
systemctl enable nginx
netstat -natp | grep nginx

部署keepalived服务

yum install keepalived -y

修改keepalived配置文件

vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
 
global_defs {
   # 接收邮件地址
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   # 邮件发送地址
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER	#lb01节点的为 NGINX_MASTER，lb02节点的为 NGINX_BACKUP
}
 
#添加一个周期性执行的脚本
vrrp_script check_nginx {
    script "/etc/nginx/check_nginx.sh"	#指定检查nginx存活的脚本路径
}
 
vrrp_instance VI_1 {
    state MASTER			#lb01节点的为 MASTER，lb02节点的为 BACKUP
    interface ens33			#指定网卡名称 ens33
    virtual_router_id 51	#指定vrid，两个节点要一致
    priority 100			#lb01节点的为 100，lb02节点的为 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.204.100/24	#指定 VIP
    }
    track_script {
        check_nginx			#指定vrrp_script配置的脚本
    }
}

创建nginx状态检查脚本

vim /etc/nginx/check_nginx.sh
#!/bin/bash
#egrep -cv "grep|$$" 用于过滤掉包含grep 或者 $$ 表示的当前Shell进程ID
count=$(ps -ef | grep nginx | egrep -cv "grep|$$")
 
if [ "$count" -eq 0 ];then
    systemctl stop keepalived
fi
 
 
chmod +x /etc/nginx/check_nginx.sh

启动keepalived服务（一定要先启动了nginx服务，再启动keepalived服务）

systemctl start keepalived
systemctl enable keepalived
ip a				#查看VIP是否生成

修改node节点上的bootstrap.kubeconfig,kubelet.kubeconfig配置文件为VIP

cd /opt/kubernetes/cfg/
vim bootstrap.kubeconfig 
server: https://192.168.204.100:6443
                      
vim kubelet.kubeconfig
server: https://192.168.204.100:6443
                        
vim kube-proxy.kubeconfig
server: https://192.168.204.100:6443

node节点重启kubelet和kube-proxy服务

systemctl restart kubelet.service 
systemctl restart kube-proxy.service

在 lb01 上查看 nginx 和 node 、 master 节点的连接状态

netstat -natp | grep nginx

（2）在 master01 节点上操作

测试创建pod

kubectl run nginx --image=nginx

查看Pod的状态信息

kubectl get pods

在对应网段的node节点上操作，可以直接使用浏览器或者curl命令访问

curl 172.17.14.2

这时在master01节点上查看nginx日志，发现没有权限查看

 kubectl logs nginx-dbddb74b8-n2zbw

在master01节点上，将cluster-admin角色授予用户system:anonymous

kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous

这时在master01节点上查看nginx日志

 kubectl logs nginx-dbddb74b8-n2zbw

二、实验

由实验：二进制部署K8S单Master架构（二）继续进行

1.环境

表1 K8S环境

主机	IP	软件	硬件
k8s集群master01	192.168.204.171	kube-apiserver kube-controller-manager kube-scheduler etcd	4核4G
k8s集群node1	192.168.204.173	kubelet kube-proxy docker flannel	4核4G
k8s集群node2	192.168.204.175	kubelet kube-proxy docker flannel	4核4G
k8s集群master02	192.168.204.176	kube-apiserver kube-controller-manager kube-scheduler etcd	4核4G
负载均衡器1（lb01）	192.168.204.177	nginx，keepalived	2核2G
负载均衡器2（lb02）	192.168.204.178	nginx，keepalived	2核2G