一.master2 節點部署
承接上篇文章
//從 master01 節點上拷貝證書檔案、各master元件的配置檔案和服務管理檔案到 master02 節點
scp -r /opt/etcd/ [email protected]:/opt/
scp -r /opt/kubernetes/ [email protected]:/opt
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service [email protected]:/usr/lib/systemd/system/
//修改配置檔案kube-apiserver中的IP
vim /opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=https://192.168.19.18:2379,https://192.168.19.11:2379,https://192.168.19.17:2379 \
--bind-address=192.168.19.18 \ #修改
--secure-port=6443 \
--advertise-address=192.168.19.18 \ #修改
......
//在 master02 節點上啟動各服務并設定開機自啟
systemctl start kube-apiserver.service
systemctl enable kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service
//檢視node節點狀态
ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
kubectl get nodes -o wide #-o=wide:輸出額外資訊;對于Pod,将輸出Pod所在的Node名
//此時在master02節點查到的node節點狀态僅是從etcd查詢到的資訊,而此時node節點實際上并未與master02節點建立通信連接配接,是以需要使用一個VIP把node節點與master節點都關聯起來
首先按照master1的配置來做master2的服務
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiI9s2RkBnVHFmb1clWvB3MaVnRtp1XlBXe0xCMy81dvRWYoNHLwEzX5xCMx8FesU2cfdGLwMzX0xiRGZkRGZ0Xy9GbvNGLpZTY1EmMZVDUSFTU4VFRR9Fd4VGdsQTMfVmepNHLrJXYtJXZ0F2dvwVZnFWbp1zczV2YvJHctM3cv1Ce-cmbw5iM0gzM3kDMwIjN5ADO0YTMvwFNyMDMyIDMy8CXzV2Zh1WavwVbvNmLvR3YxUjLyM3Lc9CX6MHc0RHaiojIsJye.png)
==接下來master配置檔案==
二.負載均衡部署
//配置load balancer叢集雙機熱備負載均衡(nginx實作負載均衡,keepalived實作雙機熱備)
##### 在lb01、lb02節點上操作 #####
//配置nginx的官方線上yum源,配置本地nginx的yum源
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
EOF
yum install nginx -y
//修改nginx配置檔案,配置四層反向代理負載均衡,指定k8s群集2台master的節點ip和6443端口
vim /etc/nginx/nginx.conf
events {
worker_connections 1024;
}
#添加
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.19.10:6443;
server 192.168.19.18:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
http {
......
//檢查配置檔案文法
nginx -t
//啟動nginx服務,檢視已監聽6443端口
systemctl start nginx
systemctl enable nginx
netstat -natp | grep nginx
//部署keepalived服務
yum install keepalived -y
//修改keepalived配置檔案
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 接收郵件位址
notification_email {
[email protected]
[email protected]
[email protected]
}
# 郵件發送位址
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER #lb01節點的為 NGINX_MASTER,lb02節點的為 NGINX_BACKUP
}
#添加一個周期性執行的腳本
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh" #指定檢查nginx存活的腳本路徑
}
vrrp_instance VI_1 {
state MASTER #lb01節點的為 MASTER,lb02節點的為 BACKUP
interface ens33 #指定網卡名稱 ens33
virtual_router_id 51 #指定vrid,兩個節點要一緻
priority 100 #lb01節點的為 100,lb02節點的為 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.19.100/24 #指定 VIP
}
track_script {
check_nginx #指定vrrp_script配置的腳本
}
}
//建立nginx狀态檢查腳本
vim /etc/nginx/check_nginx.sh
#!/bin/bash
#egrep -cv "grep|$$" 用于過濾掉包含grep 或者 $$ 表示的目前Shell程序ID
count=$(ps -ef | grep nginx | egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
chmod +x /etc/nginx/check_nginx.sh
//啟動keepalived服務(一定要先啟動了nginx服務,再啟動keepalived服務)
systemctl start keepalived
systemctl enable keepalived
ip a #檢視VIP是否生成
//修改node節點上的bootstrap.kubeconfig,kubelet.kubeconfig配置檔案為VIP
cd /opt/kubernetes/cfg/
vim bootstrap.kubeconfig
server: https://192.168.80.100:6443
vim kubelet.kubeconfig
server: https://192.168.80.100:6443
vim kube-proxy.kubeconfig
server: https://192.168.80.100:6443
//重新開機kubelet和kube-proxy服務
systemctl restart kubelet.service
systemctl restart kube-proxy.service
//在lb01上檢視nginx的k8s日志
tail /var/log/nginx/k8s-access.log
----------------在lb1 和 lb2 同時操作-------------------------------
三.在 master01 節點上操作
//測試建立pod
kubectl run nginx --image=nginx
//檢視Pod的狀态資訊
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-nf9sk 0/1 ContainerCreating 0 33s #正在建立中
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-nf9sk 1/1 Running 0 80s #建立完成,運作中
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-26r9l 1/1 Running 0 10m 172.17.36.2 192.168.80.15 <none>
//READY為1/1,表示這個Pod中有1個容器
//在對應網段的node節點上操作,可以直接使用浏覽器或者curl指令通路
curl 172.17.36.2
//這時在master01節點上檢視nginx日志
kubectl logs nginx
------------------------------ 部署 Dashboard UI ------------------------------
====== 在 master1 節點上操作 ======
//在k8s工作目錄中放入yaml檔案
cd/opt/k8s
拖入 recommended.yaml這個檔案
//核心檔案官方下載下傳資源位址:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml dashboard-cert.sh
------------------------------------------------------------------------------------------
1、dashboard-rbac.yaml:用于通路控制設定,配置各種角色的通路控制權限及角色綁定(綁定角色和服務賬戶),内容中包含對應各種角色所配置的規則(rules)
2、dashboard-secret.yaml:提供令牌,通路API伺服器所用(個人了解為一種安全認證機制)
3、dashboard-configmap.yaml:配置模闆檔案,負責設定Dashboard的檔案,ConfigMap提供了将配置資料注入容器的方式,保證容器中的應用程式配置從 Image 内容中解耦
4、dashboard-controller.yaml:負責控制器及服務賬戶的建立,來管理pod副本
5、dashboard-service.yaml:負責将容器中的服務提供出去,供外部通路
------------------------------------------------------------------------------------------
在node01上 傳入兩個包
cd /opt/
metrics-scraper.tar
dashboard.tar
docker load -i dashboard.tar
docker load -i metrics-scraper.tar
scp dashboard.tar metrics-scraper.tar [email protected]:`pwd`
在node02上
cd /opt/
docker load -i dashboard.tar
docker load -i metrics-scraper.tar
在master上
cd /opt/k8s/
vim recommended.yaml
修改servers 子產品下的
nodePort: 30001
type: NodePort
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard 檢視兩個pod節點是否啟動
#建立service account 并綁定預設cluster- admin管理者叢集角色
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl get pods -n kubernetes-dashboard -o wide
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
#使用輸出的token登入Dashboard
https://NodeIP:30001