一、基础环境
ip | hostname | 配置 | 操作系统 | 功能 |
---|---|---|---|---|
192.168.51.190 | Haproxy-1 | 1c2g | Ubuntu 20.04.3 LTS | VIP192.168.51.192 |
192.168.51.191 | Haproxy-1 | 1c2g | Ubuntu 20.04.3 LTS | |
192.168.51.201 | master-1 | 2c4g | Ubuntu 20.04.3 LTS | kube-apiserver kube-controller-manager kube-scheduler kubectl etcd docker |
192.168.51.202 | master-2 | 2c4g | Ubuntu 20.04.3 LTS | |
192.168.51.203 | master-3 | 2c4g | Ubuntu 20.04.3 LTS | |
192.168.51.204 | node-1 | 2c4g | Ubuntu 20.04.3 LTS | kubelet kube-proxy docker |
192.168.51.205 | node-2 | 2c4g | Ubuntu 20.04.3 LTS |
二、系统设置
2.1主机名
主机名必须合法,并且每个节点都不一样(建议命名规范:数字+字母+中划线组合,不要包含其他特殊字符)。
# 查看主机名
hostname
# 修改主机名
hostnamectl set-hostname <your_hostname>
# 配置host,使主节点之间可以通过hostname互相访问
vim /etc/hosts
192.168.51.201 master1.czerospace.org master-1
192.168.51.202 master2.czerospace.org master-2
192.168.51.203 master3.czerospace.org master-3
192.168.51.204 node1.czerospace.org node-1
192.168.51.205 node2.czerospace.org node-2
2.2配置免密登录
# 在一台master节点上生成密钥
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
# 使用脚本批量做免密登录
#!/bin/bash
for i in {201..205}
do
/usr/bin/expect -c "
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.51.$i
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"ipanel\r\"; exp_continue}
\"*password*\" {send \"ipanel\r\";}
} "
done
2.3关闭系统swap
# 临时关闭
swapoff -a && free –h
# 重启生效关闭
vim /etc/fstab
注释掉swap那行
# 内核禁用swap参数
vm.swappiness = 0
# 修改grub文件
vim /etc/default/grub
在GRUB_CMDLINE_LINUX追加
cgroup_enable=memory swapaccount=1
# 更新grub
update-grub
# 重启服务器
reboot
2.4配置k8s内核参数
# 编辑独立配置文件
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
vm.overcommit_memory = 1
EOF
# 加载内核模块
modprobe br_netfilter
modprobe overlay
# 使配置文件生效
sysctl -p /etc/sysctl.d/kubernetes.conf
三、安装docker
#!/bin/bash
#安装依赖环境
apt-get update
apt-get install apt-transport-https ca-certificates curl gnupg lsb-release software-properties-common -y
#配置阿里云源
# step 1: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 2: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 3: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io
#定制docker启动方式 配置加速器 添加私有harbor仓库
echo '{"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors":["https://hub-mirror.c.163.com/"],"insecure-registries":["http://harbor.homed.tv"]}' > /etc/docker/daemon.json
#定制docker启动方式
#重启服务
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
四、安装keepalived和haproxy高可用配置
4.1软件安装
apt install keepalived haproxy -y
4.2配置keepalived
# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
# 编辑配置文件/etc/keepalived/keepalived.conf
## 主:
global_defs {
router_id ha-1
}
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 191
priority 100
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.51.193 dev ens32 label ens32:1
}
}
## 从
global_defs {
router_id ha-2
}
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 191
priority 90
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.51.193 dev ens32 label ens32:1
}
}
4.3编辑检查haproxy状态脚本
keepalived master节点检测脚本
#!/bin/bash
haproxy_status=$(ps -C haproxy --no-header | wc -l)
if [ $haproxy_status -eq 0 ];then
systemctl start haproxy
fi
keepalived backup节点检测脚本
#!/bin/bash
haproxy_status=$(ps -C haproxy --no-header | wc -l)
vip_status=$(ip a|grep 192.168.51.193)
if [ $haproxy_status -eq 0 ] && [ -n vip_status ];then
systemctl start haproxy
fi
4.4配置haproxy
# 修改配置文件
vim /etc/haproxy/haproxy.cfg
中间配置省略,对vip监听如下
listen status
bind 192.168.51.193:9999
mode http
log global
stats enable
stats uri /haproxy-stats
stats auth haadmin:123456
listen k8s-api-6443
bind 192.168.51.193:6443
mode tcp
server master1 192.168.51.201:6443 check inter 3s fall 3 rise 5
server master2 192.168.51.202:6443 check inter 3s fall 3 rise 5
server master3 192.168.51.203:6443 check inter 3s fall 3 rise 5
#注意事项
上面的haproxy.cfg是最终部署完三个节点后的状态,负载到master1 master2 master3
在部署过程中,不要一次写三个server,部署完一个master节点,添加一个server