(三)Kubernetes/K8s 高可用架构
高可用架构 采用多master+多lb+keepalive的方案实现(注意其中lb的ip 地址的证书)
1,多master安装
将原master 1 部署文件拷贝到新master,修改bind 地址 启动 注意 由于需要连接etcd 需要拷贝etcd 的证书
scp –r /opt/kubernetes :/opt scp –r /opt/etcd/ssl :/opt/etcd scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service :/usr/lib/systemd/system ##修改apiserver配置文件为本地IP vim /opt/kubernetes/cfg/kube-apiserver.conf --bind-address=192.168.0.102 --secure-port=6443 --advertise-address=192.168.0.102 #启动 for i in $(ls /opt/kubernetes/bin/);do systemctl start $i;systemctl enable $i; done
lb部署
lb--nginx-mater
#安装Nginx+Keepalived rpm -ivh http://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-1.16.0-1.el7.ngx.x86_64.rpm vim /etc/nginx/nginx.conf ##注意添加的配置文件的位置 特别是需要inclued 插入放于events 和http 之间 stream { log_format main ‘$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent‘; access_log /var/log/nginx/k8s-access.log main; ## 安装好 之后不需要 可以关闭 日志量比较大 upstream k8s-apiserver { server 192.168.0.101:6443; ## 后端安装master 地址 server 192.168.0.102:6443; } server { listen 6443; proxy_pass k8s-apiserver; } }
keepalived 高可用
yum install keepalived vi /etc/keepalived/keepalived.conf global_defs { notification_email { } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface ens33 ## 自己机器网卡的名称 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 100 # 优先级,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.105/24 ## 虚拟vip地址 } track_script { check_nginx } }
判断nginx 进程脚本
#!/bin/bash count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then exit 1 else exit 0 fi systemctl start keepalived systemctl enable keepalived
lb-nginx-backup
nginx 安装同上
yum install keepalived vi /etc/keepalived/keepalived.conf global_defs { notification_email { } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_BACKUP } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP ##标注角色 interface ens33 ##自己网卡的名称 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 90 # 优先级,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.105/24 } track_script { check_nginx } } # cat /etc/keepalived/check_nginx.sh #!/bin/bash count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then exit 1 else exit 0 fi # systemctl start keepalived # systemctl enable keepalived
测试
##在lb master节点 ip addr show ## 查看vip 是否绑定到了网卡上面 关闭nginx 查看vip 是否能漂移到backup 上面
修改所有node apiserver地址填写为vip
cd /opt/kubernetes/cfg grep 192 * bootstrap.kubeconfig: server: https://192.168.31.63:6443 kubelet.kubeconfig: server: https://192.168.31.636443 kube-proxy.kubeconfig: server: https://192.168.31.63:6443 #批量修改: sed -i ‘s#192.168.0.63#192.168.0.105 * curl -k --header "Authorization: Bearer c47ffb939f5ca36231d9e3121a252940" https://192.168.31.60:6443/version ##此teken 是bootstarp 的token
相关推荐
kunyus 2020-10-28
hubanbei00的家园 2020-10-25
btqszl 2020-10-21
shurenyun 2020-08-19
CurrentJ 2020-08-18
xingyuzhe 2020-09-21
godwot 2020-09-11
朱培知浅ZLH 2020-11-16
cdbdqn00 2020-11-12
达观数据 2020-11-11
JustinChia 2020-11-11
远远的山 2020-11-09
jingtao 2020-11-08
大叔比较胖 2020-10-30
gracecxj 2020-10-30
onepiecedn 2020-10-29
JustHaveTry 2020-10-27
锋锋 2020-10-26
谢恩铭 2020-10-23