一、基础环境

ip hostname 配置 操作系统 功能
192.168.51.190 Haproxy-1 1c2g Ubuntu 20.04.3 LTS

VIP192.168.51.192
192.168.51.191 Haproxy-1 1c2g Ubuntu 20.04.3 LTS
192.168.51.201 master-1 2c4g Ubuntu 20.04.3 LTS

kube-apiserver kube-controller-manager kube-scheduler kubectl etcd docker
192.168.51.202 master-2 2c4g Ubuntu 20.04.3 LTS
192.168.51.203 master-3 2c4g Ubuntu 20.04.3 LTS
192.168.51.204 node-1 2c4g Ubuntu 20.04.3 LTS

kubelet kube-proxy docker
192.168.51.205 node-2 2c4g Ubuntu 20.04.3 LTS

二、系统设置

2.1主机名

主机名必须合法,并且每个节点都不一样(建议命名规范:数字+字母+中划线组合,不要包含其他特殊字符)。

  1. # 查看主机名
  2. hostname
  3. # 修改主机名
  4. hostnamectl set-hostname <your_hostname>
  5. # 配置host,使主节点之间可以通过hostname互相访问
  6. vim /etc/hosts
  7. 192.168.51.201  master1.czerospace.org master-1
  8. 192.168.51.202  master2.czerospace.org master-2
  9. 192.168.51.203  master3.czerospace.org master-3
  10. 192.168.51.204  node1.czerospace.org node-1
  11. 192.168.51.205  node2.czerospace.org node-2

2.2配置免密登录

  1. # 在一台master节点上生成密钥
  2. ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
  3. # 使用脚本批量做免密登录
  1. #!/bin/bash
  2. for i in {201..205}
  3. do
  4. /usr/bin/expect -c "
  5. spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.51.$i
  6.         expect {
  7.                 \"*yes/no*\" {send \"yes\r\"; exp_continue}
  8.                 \"*password*\" {send \"ipanel\r\"; exp_continue}
  9.                 \"*password*\" {send \"ipanel\r\";}
  10.         } "
  11. done

2.3关闭系统swap

  1. # 临时关闭
  2. swapoff -a && free h
  3. # 重启生效关闭
  4. vim /etc/fstab
  5. 注释掉swap那行
  6. # 内核禁用swap参数
  7. vm.swappiness = 0
  8. # 修改grub文件
  9. vim /etc/default/grub
  10. GRUB_CMDLINE_LINUX追加
  11. cgroup_enable=memory swapaccount=1
  12. # 更新grub
  13. update-grub
  14. # 重启服务器
  15. reboot

2.4配置k8s内核参数

  1. # 编辑独立配置文件
  2. cat > /etc/sysctl.d/kubernetes.conf <<EOF
  3. net.bridge.bridge-nf-call-ip6tables = 1
  4. net.bridge.bridge-nf-call-iptables = 1
  5. net.ipv4.ip_nonlocal_bind = 1
  6. net.ipv4.ip_forward = 1
  7. vm.swappiness = 0
  8. vm.overcommit_memory = 1
  9. EOF
  10. # 加载内核模块
  11. modprobe br_netfilter
  12. modprobe overlay
  13. # 使配置文件生效
  14. sysctl -p /etc/sysctl.d/kubernetes.conf

三、安装docker

  1. #!/bin/bash
  2. #安装依赖环境
  3. apt-get update
  4. apt-get install apt-transport-https ca-certificates curl gnupg lsb-release software-properties-common -y
  6. #配置阿里云源
  7. # step 1: 安装GPG证书
  8. curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
  9. # Step 2: 写入软件源信息
  10. sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
  11. # Step 3: 更新并安装Docker-CE
  12. sudo apt-get -y update
  13. sudo apt-get -y install docker-ce docker-ce-cli containerd.io
  15. #定制docker启动方式 配置加速器 添加私有harbor仓库
  16. echo '{"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors":["https://hub-mirror.c.163.com/"],"insecure-registries":["http://harbor.homed.tv"]}' > /etc/docker/daemon.json
  18. #定制docker启动方式
  21. #重启服务
  22. systemctl daemon-reload
  23. systemctl restart docker
  24. systemctl enable docker

四、安装keepalived和haproxy高可用配置

4.1软件安装

  1. apt install keepalived haproxy -y

4.2配置keepalived

  1. # cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
  2. # 编辑配置文件/etc/keepalived/keepalived.conf
  3. ## 主:
  4. global_defs {
  5.    router_id ha-1
  6. }
  8. vrrp_script chk_haproxy {
  9.     script "/etc/keepalived/check_haproxy.sh"
  10.     interval 2
  11.     weight 2
  12. }
  14. vrrp_instance VI_1 {
  15.     state MASTER
  16.     interface ens32
  17.     virtual_router_id 191
  18.     priority 100
  19.     authentication {
  20.         auth_type PASS
  21.         auth_pass 1111
  22.     }
  23.     track_script {
  24.         chk_haproxy
  25.     }
  26.     virtual_ipaddress {
  27.         192.168.51.193 dev ens32 label ens32:1
  28.     }
  29. }
  31. ## 从
  32. global_defs {
  33.    router_id ha-2
  34. }
  36. vrrp_script chk_haproxy {
  37.     script "/etc/keepalived/check_haproxy.sh"
  38.     interval 2
  39.     weight 2
  40. }
  42. vrrp_instance VI_1 {
  43.     state BACKUP
  44.     interface ens32
  45.     virtual_router_id 191
  46.     priority 90
  47.     authentication {
  48.         auth_type PASS
  49.         auth_pass 1111
  50.     }
  51.     track_script {
  52.         chk_haproxy
  53.     }
  54.     virtual_ipaddress {
  55.         192.168.51.193 dev ens32 label ens32:1
  56.     }
  57. }

4.3编辑检查haproxy状态脚本

keepalived master节点检测脚本

  1. #!/bin/bash
  2. haproxy_status=$(ps -C haproxy --no-header | wc -l)
  3. if [ $haproxy_status -eq 0 ];then
  4.         systemctl start haproxy
  5. fi

keepalived backup节点检测脚本

  1. #!/bin/bash
  2. haproxy_status=$(ps -C haproxy --no-header | wc -l)
  3. vip_status=$(ip a|grep 192.168.51.193)
  4. if [ $haproxy_status -eq 0 ] && [ -n vip_status ];then
  5.         systemctl start haproxy
  6. fi

4.4配置haproxy

  1. # 修改配置文件
  2. vim /etc/haproxy/haproxy.cfg
  3. 中间配置省略,对vip监听如下
  4. listen  status
  5.         bind    192.168.51.193:9999
  6.         mode    http
  7.         log     global
  8.         stats   enable
  9.         stats   uri     /haproxy-stats
  10.         stats   auth    haadmin:123456
  12. listen  k8s-api-6443
  13.         bind    192.168.51.193:6443
  14.         mode    tcp
  15.         server  master1 192.168.51.201:6443 check inter 3s fall 3 rise 5
  16.         server  master2 192.168.51.202:6443 check inter 3s fall 3 rise 5
  17.         server  master3 192.168.51.203:6443 check inter 3s fall 3 rise 5
  1. #注意事项
  2. 上面的haproxy.cfg是最终部署完三个节点后的状态,负载到master1 master2 master3
  3. 在部署过程中,不要一次写三个server,部署完一个master节点,添加一个server