71 views

多master高可用集群情况下 kubeadm安装kubernetes 1.13.2

By | 2019年2月26日

今天早上来上班,负责高防CDN安全技术的阿强问了我一个问题,如何在多master高可用集群情况下 kubeadm安装kubernetes 1.13.2?

那么今天笔者花出一早上的时间给大家带来多master高可用集群下的kubernetes 1.13.2安装,话不多说,请看下面分享:

第一步:部署前准备

1.关闭防火墙和selinux
sed -ri ‘s#(SELINUX=).*#\1disabled#’ /etc/selinux/config
setenforce 0
systemctl disable firewalld
systemctl stop firewalld

2.关闭swap swapoff -a

3.为服务器添加host解析记录

cat >>/etc/hosts<<EOF
10.31.90.201 node-01
10.31.90.202 node-02
10.31.90.203 node-03
10.31.90.204 node-04
10.31.90.205 node-05
10.31.90.206 node-06
EOF

4.新建密匙和分发密匙

1)密匙新建
[root@node-01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:26z6DcUarn7wP70dqOZA28td+K/erv7NlaJPLVE1BTA root@node-01
The key’s randomart image is:
+—[RSA 2048]—-+
| E..o+|
| . o|
| . |
| . . |
| S o . |
| .o X oo .|
| oB +.o+oo.|
| .o*o+++o+o|
| .++o+Bo+=B*B|
+—-[SHA256]—–+

2)密匙分发
for n in `seq -w 01 06`;do ssh-copy-id node-$n;done

5.内核参数配置
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
sysctl –system

6.ipvs模块加载
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe — ip_vs
modprobe — ip_vs_rr
modprobe — ip_vs_wrr
modprobe — ip_vs_sh
modprobe — nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

7.yum源的添加
cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

wget http://mirrors.aliyun.com/repo/Centos-7.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://mirrors.aliyun.com/repo/epel-7.repo -O /etc/yum.repos.d/epel.repo
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

8.keepalived和haproxy的安装与部署

首先安装keepalived和haproxy:
yum install -y keepalived haproxy

然后修改配置:

keepalived配置:
[root@node-01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
feng110498@163.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}

vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 88
advert_int 1
priority 100
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.31.90.200/24
}
}

haproxy配置:
global
chroot /var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local0 warning
pidfile /var/lib/haproxy.pid
maxconn 20000
spread-checks 3
nbproc 8

defaults
log global
mode tcp
retries 3
option redispatch

listen https-apiserver
bind 10.31.90.200:8443
mode tcp
balance roundrobin
timeout server 15s
timeout connect 15s

server apiserver01 10.31.90.201:6443 check port 6443 inter 5000 fall 5
server apiserver02 10.31.90.202:6443 check port 6443 inter 5000 fall 5
server apiserver03 10.31.90.203:6443 check port 6443 inter 5000 fall 5

最后启动服务:

systemctl enable keepalived && systemctl start keepalived
systemctl enable haproxy && systemctl start haproxy

这期分享就到这啦,希望大家能够学到东西,祝大家工作顺利!

本文转载于:http://win-man.com
本文关键词:网站加速    视频加速     BGP服务器     高防服务器
作者:网站高防专家

发表评论

电子邮件地址不会被公开。 必填项已用*标注