kubernetes/k8s多节点部署以及负载均衡和nginx反向代理部署

一、k8s多节点部署

多节点部署需要单节点的基础之上
——————master02部署——————————

【1】在master01上复制kubernetes目录到master02
[root@master ~]# scp -r /opt/kubernetes/ root@192.168.60.20:/opt/
【2】在master01上复制kube-apiserver,kube-controller-manager,kube-scheduler管理服务
[root@master ~]# scp -r /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.60.20:/usr/lib/systemd/system/
【3】在master01上复制etcd证书
[root@master ~]# scp -r /opt/etcd/ root@192.168.60.20:/opt/
【4】在master02上面修改配置文件kube-apiserver中的IP地址
[root@master2 ~]# cd /opt/kubernetes/cfg/
[root@master2 cfg]# vim kube-apiserver
--bind-address=192.168.60.20 \
--advertise-address=192.168.60.20 \
【5】在master02上面启动master三个组件
[root@master2 cfg]# systemctl start kube-apiserver
[root@master2 cfg]# systemctl start kube-controller-manager
[root@master2 cfg]# systemctl start kube-scheduler
【6】添加kubectl的环境变量
[root@master2 cfg]# vim /etc/profile
export PATH=$PATH:/opt/kubernetes/bin/
[root@master2 cfg]# source /etc/profile
【7】在master02上面查看节点信息
[root@master2 cfg]# kubectl get nodes
NAME             STATUS   ROLES    AGE     VERSION
192.168.60.100   Ready    <none>   7d23h   v1.12.3
192.168.60.60    Ready    <none>   8d      v1.12.3

二、kubernetes负载均衡部署

【1】重新增加服务器作为nginx代理

192.168.60.40和192.168.60.50是nginx代理服务器分别是nginx01和nginx02

【2】下载nginx服务
[root@nginx01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
[root@nginx01 ~]# yum install -y nginx
【3】添加nginx反向代理服务功能
[root@nginx01 ~]# vim /etc/nginx/nginx.conf 
events {
    worker_connections  1024;
}
——————————————————————————
stream {
  log_format main '$remote_addr $upstream_addr - [$time_local] $upstream_bytes_sent';
  access_log /var/log/nginx/k8s-access.log main;

  upstream k8s-apiserver {
    server 192.168.60.10:6443;
    server 192.168.60.20:6443;
}
  server {
    listen 6443;
    proxy_pass k8s-apiserver;
}
}
———————————————————————————
http {
【4】启动nginx服务
[root@nginx01 ~]# systemctl start nginx
【5】下载安装keepalived双机热备
[root@nginx01 ~]# yum install keepalived -y
【6】添加双机热备功能【nginx01和nginx02是不同的】

//nginx01双机热备安装

[root@nginx01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}

vrrp_script check_nginx {
    script "/etc/nginx/check_nginx.sh"
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.60.201/24
    }
    track_script {
        check_nginx
    }
}

//nginx02双机热备安装

[root@nginx02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}

vrrp_script check_nginx {
    script "/etc/nginx/check_nginx.sh"
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.60.201/24
    }
    track_script {
        check_nginx
    }
}
【7】添加nginx自检功能
[root@nginx01 ~]# vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
    systemctl stop keepalived
fi
[root@nginx01 ~]# chmod +x /etc/nginx/check_nginx.sh
【8】启动双机热备功能并验证【注意启动之前必须nginx服务启动】
[root@nginx01 ~]# systemctl start keepalived
[root@nginx01 ~]# ip add    //应该可以看到漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:40:57:ae brd ff:ff:ff:ff:ff:ff
    inet 192.168.60.40/24 brd 192.168.60.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.60.201/24 scope global secondary ens33
【9】验证在nginx01上面关闭nginx服务和恢复nginx服务漂移地址的变化
[root@nginx01 ~]# pkill -9 nginx
[root@nginx02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff
    inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.60.201/24 scope global secondary ens33
[root@nginx01 ~]# systemctl start nginx
[root@nginx01 ~]# systemctl restart keepalived
[root@nginx02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff
    inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::ede1:e07b:68c4:a8e7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@nginx02 ~]# 
【10】统一node节点上面bootstrap.kubeconfig,kubelet.kubeconfig,kube-proxy.kubeconfig配置文件的IP地址
//IP地址修改为漂移地址192.168.60.201/24
server: https://192.168.60.201:6443

【11】重新启动kubelet和kube-proxy服务

[root@node1 cfg]# systemctl restart kubelet.service 
[root@node1 cfg]# systemctl restart kube-proxy.service 
【12】修改自检
[root@node1 cfg]# grep 201 *
bootstrap.kubeconfig:    server: https://192.168.60.201:6443
kubelet.kubeconfig:    server: https://192.168.60.201:6443
kube-proxy.kubeconfig:    server: https://192.168.60.201:6443
【13】在nginx01上查看nginx的k8s日志
[root@nginx01 ~]# tail /var/log/nginx/k8s-access.log 
192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:14:06:27 +0800] 1566
192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1119
192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1120
192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:19:09:34 +0800] 1566
【14】在master01上面测试创建pod
[root@master ~]# kubectl run nginx --image=nginx
[root@master ~]# kubectl get pods
NAME                    READY   STATUS              RESTARTS   AGE
nginx-dbddb74b8-bb9tc   0/1     ContainerCreating   0          16s
【15】因为查看日志是不能使用匿名访问的所以要创建用户
[root@master ~]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
[root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
【16】查看pod网络并在相应节点访问
[root@master ~]# kubectl get pods -o wide
NAME                    READY   STATUS    RESTARTS   AGE    IP            NODE             NOMINATED NODE
nginx-dbddb74b8-bb9tc   1/1     Running   0          118s   172.17.85.2   192.168.60.100   <none>
[root@node2 ~]# curl 172.17.85.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@node2 ~]# 
【17】在master01上查看日志产生
[root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc
172.17.85.1 - - [07/Oct/2020:06:11:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
[root@master ~]# 
Logo

开源、云原生的融合云平台

更多推荐