二、k8s1.12 master多節點(高可用)
架構圖
master 節點我們要避免單節點,防止故障
1、多節點部署
我們在192.168.1.9上面部署另外一臺master
首先我們將主節點檔案拷貝過去:
cd /opt
scp -r kubernetes 192.168.1.9:/opt/
scp -r etcd 192.168.1.9:/opt/
scp /usr/lib/systemd/system/kube-* 192.168.1.9:/usr/lib/systemd/system/
此時我們在master02上面修改配置檔案,
需要修改的地方就2個:
cd /opt/kubernetes/cfg vim kube-apiserver --bind-address=192.168.1.9 --advertise-address=192.168.1.9
其他的配置檔案都是指向本地不用修改,
直接啟動:
systemctl start kube-apiserver
systemctl start kube-controller-manager.service
systemctl start kube-scheduler.service
檢測:
將kubectl工具複製出來:
cp /opt/kubernetes/bin/kubectl /usr/local/bin/ [[email protected] cfg]# kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-1 Healthy {"health":"true"} etcd-0 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"}
此處可以看到多節點沒啥難度,搞定。
2、master負載均衡
我們用nginx的stream模組做負載均衡,因此,master將不直連kube-apiserver,而是連線nginx,再由nginx轉發,(做nginx高可用的就需要寫vip,因為ip需要漂移),此處我們nginx master為192.168.1.21,nginx backup為192.168.1.111,vip為192.168.1.10
如果是編譯安裝的,沒有加入此模組的,我們需要加入此模組:
加入方法:
./sbin/nginx -V 獲取到編譯的引數,
進入原始碼路徑編譯,並且加上–with-stream
cd nginx-1.12.1/ ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-pcre --with-stream make cp -rf ./objs/nginx /usr/local/nginx/sbin /etc/init.d/nginx restart
/usr/local/nginx/sbin/nginx -V
此時可以發現stream模組已經編譯進去
nginx.conf配置:
stream {
log_format main "$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent";
access_log /var/log/nginx/k8s.log main;
upstream k8s-apiserver {
server 192.168.1.39:6443;
server 192.168.1.9:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
注意:這個是4層TCP協議,不要寫到http{}模組裡面,不然會報錯
重新載入nginx:
./sbin/nginx -s reload
此時我們需要信任nginx高可用的機器,所以,如果我們之前沒有新增信任IP,我們現在需要新增上,master上,server證書需要重新配置:、
在我們Master節點生成證書處,
加上192.168.1.9和192.168.1.111和192.168.1.10
cat > server-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"192.168.1.39",
"192.168.1.40",
"192.168.1.41",
"192.168.1.42",
"192.168.1.9",
"192.168.1.21",
"192.168.1.10",
"192.168.1.111",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
將生成的server-key.pem和server.pem 將以前的覆蓋,並且傳送到另外一臺master
cp server-key.pem server.pem /opt/kubernetes/ssl
scp server-key.pem server.pem 192.168.1.9:/opt/kubernetes/ssl
重啟服務
systemctl restart kube-apiserver.service
如果我們我們證書上面已經信任了ip,上面就可以忽略,現在我們需要將node節點配置裡面的所有關於master節點的ip,全部換成nginxd代理機器的ip,(要做keepalived就得全部換成vip:192.168.1.10)
換後:
注意:這裡的操作要完成了keepalived的高可用,才能改成這個ip,不然會找不到這個ip而報錯,如果不需要keepalived高可用,直接填寫nginx ip即可
[[email protected] cfg]# grep 10 *
bootstrap.kubeconfig: server: https://192.168.1.10:6443
kubelet.kubeconfig: server: https://192.168.1.10:6443
kube-proxy.kubeconfig: server: https://192.168.1.10:6443
重啟節點的服務:
systemctl restart kubelet.service
systemctl restart kube-proxy.service
此時,我們可以看到nginx有日誌進來:
[[email protected] ~]# tail -f /var/log/nginx/k8s.log
192.168.1.42 192.168.1.9:6443 - [13/Nov/2018:15:59:21 +0800] 200 1119
192.168.1.42 192.168.1.39:6443 - [13/Nov/2018:15:59:21 +0800] 200 1118
192.168.1.40 192.168.1.39:6443 - [13/Nov/2018:15:59:21 +0800] 200 1566
192.168.1.42 192.168.1.9:6443 - [13/Nov/2018:15:59:21 +0800] 200 1566
在master上面檢查節點也正常:
[[email protected] k8s-cert]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.1.40 Ready <none> 23h v1.12.1
192.168.1.42 Ready <none> 23h v1.12.1
3、keepalived高可用:
上面Nginx對k8s進行了高可用,現在我們還需要對nginx進行高可用,
安裝
yum install -y keepalived
keepalived主節點配置:
[[email protected] ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" #檢測指令碼
interval 3
}
vrrp_instance VI_1 {
state MASTER #備需要設定為BACKUP
interface eth0 #網絡卡名稱
virtual_router_id 51 #路由唯一id
priority 100 #備需要設定為90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.1.10 #vip
}
track_script {
chk_nginx
}
}
nginx檢測指令碼:
[[email protected] ~]# cat /usr/local/sbin/check_ng.sh
#!/bin/bash
#時間變數,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx程序數量
n=`ps -C nginx --no-heading|wc -l`
#如果程序為0,則啟動nginx,並且再次檢測nginx程序數量,
#如果還為0,說明nginx無法啟動,此時需要關閉keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
# systemctl stop keepalived
/etc/init.d/keepalived stop
fi
fi
授權:
chmod+x /usr/local/sbin/check_ng.sh
通過這個指令碼,我們可以實現nginx掛掉自動拉取,拉取失敗就呼叫keepalived,進行準備切換 高可用。保證不宕機
啟動keepalived:
systemctl start keepalived
此時 我們可以使用:ip a觀察vip已經繫結上去
備用機:
我們將keepalived配置和nginx指令碼拷貝到備用機器上
scp /etc/keepalived/keepalived.conf 192.168.1.111:/etc/keepalived/
scp /usr/local/sbin/check_ng.sh 192.168.1.111:/usr/local/sbin/
然後呢更改下keepalived的設定就可以啟動了:
需要更改的地方:
vim /etc/keepalived/keepalived.conf
state BACKUP #備需要設定為BACKUP
interface eth0 #網絡卡名稱
virtual_router_id 51 #路由唯一id
priority 90 #備需要設定為90
啟動:
systemctl start keepalived
檢測keepalived:
我們在主節點關閉keepalived,看看vip會不會漂移到備用節點192.168.1.111上去。
我們在k8s主節點上面執行kubectl get node 將不會有任何感知,現在我們的機器宕機一臺master也穩穩的了