Kubernetes二进制部署多节点部署--陈奇网络工作室

云计算

在开始本实验之前，您需要部署单部分主k8s群集

单节点部署博客地址：

3359 blog.51cto.com/14449528/2469980

主群集体系结构图：

大师2的导入

1、优先关闭主控2的防火墙服务

[ root @ master2~~] # systemctlstopfirewalld.service

[root@master2 ~]# setenforce 0

2、在主机1上操作，将kubernetes目录、server组件复制到主机2

[ root @ master1k8s ] # scp-r/opt/kubernetes/root @ 192.168.18.140:/opt

[ root @ master1k8s ] # scp/usr/lib/systemd/system/{ kube-apiserver，kube-controller-manager，kube-scheduler

3、修改master02的配置文件

[ root @ master2~~] # CD/opt/kubernetes/CFG /

[ root @ master2CFG ] # vim kube-apiserver

5-- bind-address=192.168.18.140\\

7-- advertise-address=192.168.18.140\\

第#5行和第7行的IP地址必须变更为主2的地址

4、将主机1上现有的etcd证书复制到主机2上使用

(注意：主2必须具有etcd证书。否则，apiserver服务无法启动)

[ root @ master1k8s ] # scp-r/opt/etcd/root @ 192.168.18.132:/opt /

root@192.168.18.132\\\&amp； quot； spassword :

etcd 100% 516 535.5KB/s 00:00

etcd 100% 18MB 90.6MB/s 00:00

etcdctl 100% 15MB 80.5MB/s 00:00

ca-key.pem 100% 1675 1.4MB/s 00:00

ca.pem 100% 1265 411.6KB/s 00:00

server-key.PEM 100 792.0 MB/s00:00

server.PEM10038429.6kb/s00:00

5、启动主控2三个组件服务

[ root @ master2CFG ] # systemctlstartkube-apiserver.service # #启动服务

[ root @ master2CFG ] # systemctlenablekube-apiserver.service # #服务的电源将打开

[ root @ master2CFG ] # systemctlstartkube-controller-manager.service

[ root @ master2CFG ] # systemctlenablekube-controller-manager.service

[ root @ master2CFG ] # systemctlstartkube-scheduler.service

[ root @ master2CFG ] # systemctlenablekube-scheduler.service

6、修正环境变量

[ root @ master2CFG ] # vim/etc/profile

export path=$ path:/opt/kubernetes/bin/# #添加环境变量

[ root @ master2CFG ] #更新source/etc/profile # #配置文件

[ root @ master2CFG ] # kubectlgetnode # #显示群集节点信息

name status roles age版本

192.168.18.129就绪non e21 HV1. 12.3

192.168.18.130就绪none 22hv1. 12.3

#此时，可以知道node1和node2的加入情况

3354此时主机2的部署完成3354

部署Nginx负载平衡

lb01和lb02进行相同的操作

安装nginx服务，并将nginx.sh和keepalived.conf脚本复制到家庭目录中

[root@localhost ~]# ls

anaconda-ks.cfg？ keepalived.conf？公共？视频？文档？音乐

initial-setup-ks.cfg？ nginx.sh？模板？照片？下载？桌面

[ root @ lb1~] # systemctlstopfirewalld.service

[root@lb1 ~]# setenforce 0

[ root @ lb1~] # vim/etc/yum.repos.d/nginx.repo

[nginx]

name=nginx repo

base URL=http://nginx.org/packages/centos/7/$ basearch /

gpgcheck=0

重新装入yum仓库

[root@lb1 ~]# yum list

安装nginx服务

[root@lb1 ~]# yum install nginx -y

[ root @ lb1~] # vim/etc/nginx/nginx.conf

在第#12行插入流模块

流{

log_formatmain\\\&amp； quot； $ remote _ addr $ upstream _ addr-[ $ time _ local ] $ status $ upstream _ bytes _ sent _ sent

access _ log/var/log/nginx/k8s-access.log main；

upstream k8s-apiserver {

server 192.168.18.128:6443； #这里是主1的ip地址

server 192.168.18.140:6443 #这里是主2的ip地址

}

服务器{

listen 6443；

proxy_pass k8s-apiserver；

}

##检测语法

[root@lb1 ~]# nginx -t

nginx:theconfigurationfile/etc/nginx/nginx.confsyntaxisok

nginx:configuration file/etc/nginx/nginx.conftestissuccessful

#修改主页进行区分

[ root @ lb1~] # CD/usr/share/nginx/html /

[root@lb1 html]# ls

50x.html index.html

[root@lb1 html]# vim index.html

14 h2Welcome to mater nginx！在/h2 #14行中添加master进行区分

[ root @ lb2~] # CD/usr/share/nginx/html /

[root@lb2 html]# ls

50x.html index.html

[root@lb1 html]# vim index.html

14 h2Welcome to backup nginx！在/h2 #14行中添加backup进行区分

#开始服务

[ root @ lb1~] # systemctlstartnginx

[ root @ lb2~] # systemctlstartnginx

浏览器验证访问并输入192.168.18.150即可访问master的nginx主页

在浏览器中验证访问并输入192.168.18.151可以访问backup的nginx主页

keepalived安装的导入

lb01和lb02的操作相同

1、安装keeplived

[ root @ lb1 html ] # yuminstallkeepalived-y

2、修改个人资料

[root@lb1~]# ls

anaconda-ks.cfg？ keepalived.conf？公共？视频？文档？音乐

initial-setup-ks.cfg？ nginx.sh？模板？照片？下载？桌面

[ root @ lb1~] # CP keepalived.conf/etc/keepalived/keepalived.conf

是否涵盖CP:/etc/keepalived/keepalived.conf？是

[ root @ lb1~] # vim/etc/keepalived/keepalived.conf？

#lb01的主机结构如下。

！配置文件for keepalived

global_defs {

？ #接收电子邮件地址

？ notification_email {

？ acassen@firewall.loc

？ failover@firewall.loc

？ sysadmin@firewall.loc

？ }

？ #邮件收件人

？ notification _ email _ from Alexandre.cassen @ firewall.loc

？ smtp_server 127.0.0.1

？ smtp_connect_timeout 30

？ router_id NGINX_MASTER

}

vrrp_script check_nginx {

？ script/etc/nginx/check _ nginx.sh

}

vrrp_instance VI_1 {

？ state MASTER？

？界面ens 33

？ virtual_router_ID 51 # VRRP根id实例，每个实例是唯一的

？优先级100？ #优先级，备用服务器设置90？

？ advert_int 1？指定VRRP心跳通知间隔，默认为1秒

？身份验证{？

？ auth_type PASS

？ auth_pass 1111

？ }

？ virtual_ipaddress {

？ 192.168.18.100/24

？ }

？ track_script {

？ check_nginx

？ }

}

#lb02的备份结构如下。配置文件for keepalived

global_defs {

？ #接收电子邮件地址

？ notification_email {

？ acassen@firewall.loc

？ failover@firewall.loc

？ sysadmin@firewall.loc

？ }

？ #邮件收件人

？ notification _ email _ from Alexandre.cassen @ firewall.loc

？ smtp_server 127.0.0.1

？ smtp_connect_timeout 30

？ router_id NGINX_MASTER

}

vrrp_script check_nginx {

？ script/etc/nginx/check _ nginx.sh

}

vrrp_instance VI_1 {

？斯塔特？备份？

？界面ens 33

？ virtual_router_ID 51 # VRRP根id实例，每个实例是唯一的

？优先级90？ #优先级，备用服务器设置90？

？ advert_int 1？指定VRRP心跳通知间隔，默认为1秒

？身份验证{？

？ auth_type PASS

？ auth_pass 1111

？ }

？ virtual_ipaddress {

？ 192.168.18.100/24

？ }

？ track_script {

？ check_nginx

？ }

}

3、编写管理脚本

[ root @ lb1~] # vim/etc/nginx/check _ nginx.sh

count=$ ( PS-ef|grep nginx|egrep-cv grep|$ $ )

if [ $count -eq 0 ]； then

？系统停止保持

4、赋予执行权限，启动服务

[ root @ lb1~] # chmodx/etc/nginx/check _ nginx.sh

[ root @ lb1~] # systemctlstartkeepalived

5、查看地址信息

lb01地址信息

[root@lb1 ~]# ip a

1: lo: LOOPBACK，UP，lower _ up MTU 65536 qdiscnoqueuestateunknownqlen 1

？ link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00

？ inet 127.0.0.1/8 scope host lo

？ valid _ lftforeverpreferred _ lft forever

？ inet6 :1/128 scope host？

？ valid _ lftforeverpreferred _ lft forever

2: ens33: BROADCAST，MULTICAST，UP，lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000

？ link/ether 00:0c:29:ba:E6:18br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.18.150/24 brd 192.168.35.255 scopeglobalens 33

？ valid _ lftforeverpreferred _ lft forever

？ inet 192.168.18.100/24 scopeglobalsecondaryens 33？ #漂移地址在lb01上吗？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: 6ec5:6D7:1b 18:466 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80:2a3:b621:ca01:463 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: d4e2: ef9e:6820:145 a/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

3: virbr0: NO-CARRIER、BROADCAST、MULTICAST、up MTU 1500 qdiscnoqueuestatedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.122.1/24 brd 192.168.122.255 scopeglobalvirbr 0

？ valid _ lftforeverpreferred _ lft forever

4: virbr0-nic: BROADCAST，multicast MTU 1500 qdisc pfifo _ fastmastervirbr0statedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

lb02地址信息

[root@lb2 ~]# ip a

1: lo: LOOPBACK，UP，lower _ up MTU 65536 qdiscnoqueuestateunknownqlen 1

？ link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00

？ inet 127.0.0.1/8 scope host lo

？ valid _ lftforeverpreferred _ lft forever

？ inet6 :1/128 scope host？

？ valid _ lftforeverpreferred _ lft forever

2: ens33: BROADCAST，MULTICAST，UP，lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000

？ link/ether 00:0c:29:1d:EC:b0br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.18.151/24 brd 192.168.35.255 scopeglobalens 33

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: 6ec5:6D7:1b 18:466 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80:2a3:b621:ca01:463 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: d4e2: ef9e:6820:145 a/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

3: virbr0: NO-CARRIER、BROADCAST、MULTICAST、up MTU 1500 qdiscnoqueuestatedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.122.1/24 brd 192.168.122.255 scopeglobalvirbr 0

？ valid _ lftforeverpreferred _ lft forever

4: virbr0-nic: BROADCAST，multicast MTU 1500 qdisc pfifo _ fastmastervirbr0statedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

6、测试故障时转移切换

使Ib01故障，确认地址的漂移

[root@lb1 ~]# pkill nginx

[ root @ lb1~] # systemctlstatusnginx

nginx.service-nginx-highperformanceweb服务器

？ loaded:loaded (/usr/lib/systemd/system/nginx.service；被禁用； vendor preset: disabled )

？活动：故障( result:exit-code ) since六2020-02-08 16:54:45 CST； 11s ago

？ Docs: http://nginx.org/en/docs/

？进程： 13156 exec stop=/bin/kill-sterm $ main PID ( code=exited，status=1/FAILURE ) )。

？ mainPID:6930(code=exited，status=0/SUCCESS ) ) )。

[ root @ localhost~] # systemctlstatuskeepalived.service？ #keepalived服务也将关闭，表示启用了nginx的check_nginx.sh

keepalived.service-lvsandvrrphighavailabilitymonitor

？ loaded:loaded (/usr/lib/systemd/system/keepalived.service；被禁用； vendor preset: disabled )

？活动：不活动( dead )。

查看Ib01地址：

[root@lb1 ~]# ip a

1: lo: LOOPBACK，UP，lower _ up MTU 65536 qdiscnoqueuestateunknownqlen 1

？ link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00

？ inet 127.0.0.1/8 scope host lo

？ valid _ lftforeverpreferred _ lft forever

？ inet6 :1/128 scope host？

？ valid _ lftforeverpreferred _ lft forever

2: ens33: BROADCAST，MULTICAST，UP，lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000

？ link/ether 00:0c:29:ba:E6:18br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.18.150/24 brd 192.168.35.255 scopeglobalens 33

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: 6ec5:6D7:1b 18:466 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80:2a3:b621:ca01:463 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: d4e2: ef9e:6820:145 a/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

3: virbr0: NO-CARRIER、BROADCAST、MULTICAST、up MTU 1500 qdiscnoqueuestatedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.122.1/24 brd 192.168.122.255 scopeglobalvirbr 0

？ valid _ lftforeverpreferred _ lft forever

4: virbr0-nic: BROADCAST，multicast MTU 1500 qdisc pfifo _ fastmastervirbr0statedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

查看Ib02地址：

[root@Ib2 ~]# ip a

1: lo: LOOPBACK，UP，lower _ up MTU 65536 qdiscnoqueuestateunknownqlen 1

？ link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00

？ inet 127.0.0.1/8 scope host lo

？ valid _ lftforeverpreferred _ lft forever

？ inet6 :1/128 scope host？

？ valid _ lftforeverpreferred _ lft forever

2: ens33: BROADCAST，MULTICAST，UP，lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000

？ link/ether 00:0c:29:1d:EC:b0br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.18.151/24 brd 192.168.35.255 scopeglobalens 33

？ valid _ lftforeverpreferred _ lft forever

？ inet 192.168.18.100/24 scopeglobalsecondaryens 33？ #漂移地址转移到lb02

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: 6ec5:6D7:1b 18:466 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80:2a3:b621:ca01:463 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: d4e2: ef9e:6820:145 a/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

3: virbr0: NO-CARRIER、BROADCAST、MULTICAST、up MTU 1500 qdiscnoqueuestatedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.122.1/24 brd 192.168.122.255 scopeglobalvirbr 0

？ valid _ lftforeverpreferred _ lft forever

4: virbr0-nic: BROADCAST，multicast MTU 1500 qdisc pfifo _ fastmastervirbr0statedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

恢复操作，在Ib01上启动nginx和keepalived服务

[ root @ localhost~] # systemctlstartnginx

[ root @ localhost~] # systemctlstartkeepalived.service？

[root@localhost ~]# ip a

1: lo: LOOPBACK，UP，lower _ up MTU 65536 qdiscnoqueuestateunknownqlen 1

？ link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00

？ inet 127.0.0.1/8 scope host lo

？ valid _ lftforeverpreferred _ lft forever

？ inet6 :1/128 scope host？

？ valid _ lftforeverpreferred _ lft forever

2: ens33: BROADCAST，MULTICAST，UP，lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000

？ link/ether 00:0c:29:ba:E6:18br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.35.104/24 brd 192.168.35.255 scopeglobalens 33

？ valid _ lftforeverpreferred _ lft forever

？ inet 192.168.35.200/24 scopeglobalsecondaryens 33？ #漂移地址又转移到lb01

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: 6ec5:6D7:1b 18:466 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80:2a3:b621:ca01:463 e/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

？ inet 6fe 80: d4e2: ef9e:6820:145 a/64 scopelinktentativedadfailed？

？ valid _ lftforeverpreferred _ lft forever

3: virbr0: NO-CARRIER、BROADCAST、MULTICAST、up MTU 1500 qdiscnoqueuestatedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

？ inet 192.168.122.1/24 brd 192.168.122.255 scopeglobalvirbr 0

？ valid _ lftforeverpreferred _ lft forever

4: virbr0-nic: BROADCAST，multicast MTU 1500 qdisc pfifo _ fastmastervirbr0statedownqlen 1000

？ link/ether 52:54:00:14:39:99br dff:ff:ff:ff:ff:ff:ff

因为漂移地址位于lb01中，所以访问漂移地址时的现实nginx首页应该包含master

节点绑定VIP地址

1、修改节点配置文件的统一VIP

[ root @ localhost~] # vim/opt/kubernetes/CFG/bootstrap.kube config

[ root @ localhost~] # vim/opt/kubernetes/CFG/kube let.kube config

[ root @ localhost~] # vim/opt/kubernetes/CFG/kube-proxy.kube config

#全部变更为VIP地址

服务器： https://192.168.18.100:6443

2、更换后直接完成自检，重新启动服务

[ root @ node1~ ] # CD/opt/kubernetes/CFG /

[root@node1 cfg]# grep 100 *

bootstrap.kube config:server:https://192.168.18.100:6443

kube let.kube config:server:https://192.168.18.100:6443

kube-proxy.kube config:server:https://192.168.18.100:6443

[ root @ node1CFG ] # systemctlrestartkubelet.service

[ root @ node1CFG ] # systemctlrestartkube-proxy.service

3、在lb01上查看nginx的k8s日志

[ root @ lb1~] # tail/var/log/nginx/k8s-access.log

192.168.18.130192.168.18.128:6443-[ 07/feb/2020:14:18:540800 ] 2001 119

192.168.18.130192.168.18.140:6443-[ 07/feb/2020:14:18:540800 ] 2001 119

192.168.18.129192.168.18.128:6443-[ 07/feb/2020:14:18:570800 ] 2001 120

192.168.18.129192.168.18.140:6443-[ 07/feb/2020:14:18:570800 ] 2001 120

4、靠模1操作

#测试创建pod

[ root @ master1~~] # kubectlrunnginx-- image=nginx

ubectlrun---- generator=deployment/apps.v1 beta1isdeprecatedandwillberemovedinafutureversion.usekubectlcreateinsteated

deployment.apps/nginx created

#查看状态

[root@master1 ~]# kubectl get pods

name就绪状态restarts age

nginx-dbddb 74 b8-7 hdf j0/1 container creating 032 s

#当前，ContainerCreating正在创建状态

[root@master1 ~]# kubectl get pods

name就绪状态restarts age

nginx-dbddb 74 b8-7 hdfj1/1running 073 s

#此时的状态为Running，表示创建完成并正在执行

#注意：日志问题

[ root @ master1~ ] # kubectllogsnginx-dbddb 74 b8-7 hdfj

errorfromserver(forbidden ):forbidden ) user=system:anonymous，verb=get，resource=nodes，subresource=proxy

#此时无法查看日志。必须打开权限

#绑定群集中的匿名用户提供管理员权限

[ root @ master1~~] # kubectlcreateclusterrolebindingcluster-system-anonymous-- cluster role=cluster-admin-user

clusterrolebinding.RBAC.authorization.k8s.io/cluster-system-anonymous created

[ root @ master1~ ] # kubectllogsnginx-dbddb 74 b8-7 hdfj #此时不报告错误

浏览pod网络#

[ root @ master1~ ] # kubectlgetpods-o wide

namereadystatusrestartsageipnodenominatednode

nginx-dbddb 74 b8-7 hdfj1/1running 020 m 172.17.32.2192.168.18.129 none

5、在相应网段的node1节点上操作可以直接访问

[root@node1 ~]# curl 172.17.32.2

！ DOCTYPE html

html

头儿

titleWelcome to nginx！ /title

斯泰尔斯

body {

width: 35em；

边距： 0自动；

font-family: Tahoma，Verdana，Arial，sans-serif；

}

/style

/head

身体

H2欢迎使用！ /h2

pIf you see this page，thenginxwebserverissuccessfullyinstalledand

working.furtherconfigurationisrequired./p

poronlinedocumentationandsupportpleasereferto

a href=http://nginx.org/nginx.org/a.br /

Commercial support is available at

a href=http://nginx.com/nginx.com/a./p

pemThank you for using nginx./em/p

/body

/html

#此时看到的是容器中的nginx的信息

访问将生成日志，您可以返回主机1查看日志

[ root @ master1~ ] # kubectllogsnginx-dbddb 74 b8-7 hdfj

172.17.32.1---[ 07/feb/2020:06:52:530000 ] get/http/1.1200612-curl/7.29.0 -

#此时，可以看到节点1使用网关( 172.17.32.1 )访问的记录

详情请访问云服务器、域名注册、虚拟主机的问题，请访问西部数码代理商官方网站： www.chenqinet.cn

相关推荐