您好,登錄后才能下訂單哦!
開篇介紹
? ? kubernetes已經(jīng)在我們生產(chǎn)環(huán)境運(yùn)行近一年時間,目前穩(wěn)定運(yùn)行。從系統(tǒng)的搭建到項目的遷移,中間遇到過不少問題。生產(chǎn)環(huán)境采用多master節(jié)點實現(xiàn)kubernetes的高可用,用haproxy+keepalived負(fù)載均衡master。現(xiàn)抽空總結(jié)下系統(tǒng)的搭建過程,幫助大家快速搭建自己的k8s系統(tǒng)。
以下是我生產(chǎn)環(huán)境的運(yùn)行截圖
? ? ? ? ?
? ? kubernente版本更新迭代非??欤耶?dāng)時搭建生產(chǎn)環(huán)境kubernetes時官方的最新版本是v1.11,現(xiàn)在官方已經(jīng)更新到了v1.15,本文就以最新版本進(jìn)行概述。
2. kubernetes簡介
? ? kubernetes是google基于borg開源的容器編排調(diào)度引擎,一個用于容器集群的自動化部署、擴(kuò)容以及運(yùn)維的開源平臺。?kubernetes 具備完善的集群管理能力,包括多層次的安全防護(hù)和準(zhǔn)入機(jī)制、多租戶應(yīng)用支撐能力、透明的服務(wù)注冊和服務(wù)發(fā)現(xiàn)機(jī)制、內(nèi)建負(fù)載均衡器、故障發(fā)現(xiàn)和自我修復(fù)能力、服務(wù)滾動升級和在線擴(kuò)容、可擴(kuò)展的資源自動調(diào)度機(jī)制、多粒度的資源配額管理能力。 kubernetes 還提供完善的管理工具,涵蓋開發(fā)、部署測試、運(yùn)維監(jiān)控等各個環(huán)節(jié)。kubernetes作為CNCF(Cloud Native Computing Foundation)最重要的成員之一,它的目標(biāo)不僅僅是一個編排系統(tǒng),而是提供一個規(guī)范,可以讓你來描述集群的架構(gòu),定義服務(wù)的最終狀態(tài),kubernetes可以幫你將系統(tǒng)自動地達(dá)到和維持在這個狀態(tài)。
3. kubernetes架構(gòu)?
? ??在這張系統(tǒng)架構(gòu)圖中,可以把服務(wù)分為運(yùn)行在工作節(jié)點上的服務(wù)和組成集群級別控制節(jié)點的服務(wù)。kubernetes 節(jié)點有運(yùn)行應(yīng)用容器必備的服務(wù),而這些都是受master的控制。每次個節(jié)點上都要運(yùn)行docker,docker來負(fù)責(zé)所有具體的映像下載和容器運(yùn)行。
? ? kubernetes主要由以下幾個核心組件組成:
etcd保存了整個集群的狀態(tài);
apiserver提供了資源操作的唯一入口,并提供認(rèn)證、授權(quán)、訪問控制、API注冊和發(fā)現(xiàn)等機(jī)制;
controller manager負(fù)責(zé)維護(hù)集群的狀態(tài),比如故障檢測、自動擴(kuò)展、滾動更新等;
scheduler負(fù)責(zé)資源的調(diào)度,按照預(yù)定的調(diào)度策略將Pod調(diào)度到相應(yīng)的機(jī)器上;
kubelet負(fù)責(zé)維護(hù)容器的生命周期,同時也負(fù)責(zé)Volume(CVI)和網(wǎng)絡(luò)(CNI)的管理;
Container runtime負(fù)責(zé)鏡像管理以及Pod和容器的真正運(yùn)行(CRI);
kube-proxy負(fù)責(zé)為Service提供cluster內(nèi)部的服務(wù)發(fā)現(xiàn)和負(fù)載均衡;
? ? 除了核心組件,還有一些推薦的組件:
kube-dns負(fù)責(zé)為整個集群提供DNS服務(wù)
Ingress Controller為服務(wù)提供外網(wǎng)入口
Heapster提供資源監(jiān)控
Dashboard提供GUI
Federation提供跨可用區(qū)的集群
Fluentd-elasticsearch提供集群日志采集、存儲與查詢
4. 搭建過程
? ? 下面開始咱們今天的干貨,集群的搭建過程。
4.1 環(huán)境準(zhǔn)備
機(jī)器名稱 | 機(jī)器配置 | 機(jī)器系統(tǒng) | IP地址 | 角色 |
haproxy1 | 8C16G | ubuntu16.04 | 192.168.10.1 | haproxy+keepalived VIP:192.168.10.10 |
haproxy1 | 8C16G | ubuntu16.04 | 192.168.10.2 | haproxy+keepalived VIP:192.168.10.10 |
master1 | 8C16G | ubuntu16.04 | 192.168.10.3 | 主節(jié)點1 |
master2 | 8C16G | ubuntu16.04 | 192.168.10.4 | 主節(jié)點2 |
master3 | 8C16G | ubuntu16.04 | 192.168.10.5 | 主節(jié)點3 |
node1 | 8C16G | ubuntu16.04 | 192.168.10.6 | 工作節(jié)點1 |
node2 | 8C16G | ubuntu16.04 | 192.168.10.7 | 工作節(jié)點2 |
node3 | 8C16G | ubuntu16.04 | 192.168.10.8 | 工作節(jié)點3 |
4.2 環(huán)境說明
? ? 本文采用三臺master和三臺node搭建kubernetes集群,采用兩臺機(jī)器搭建haproxy+keepalived負(fù)載均衡master,保證master高可用,從而保證整個kubernetes高可用。官方要求機(jī)器配置必須>=2C2G,操作系統(tǒng)>=16.04。
4.3 搭建過程
4.3.1 基本設(shè)置
? ? 修改hosts文件,8臺機(jī)器全部修改
root@haproxy1:~# cat /etc/hosts
192.168.10.1? ? ?haproxy1
192.168.10.2? ? ?haproxy2
192.168.10.3? ? ?master1
192.168.10.4? ? ?master2
192.168.10.5? ? ?master3
192.168.10.6? ? ?node1
192.168.10.7? ? ?node2
192.168.10.8? ? ?node3
192.168.10.10? ? kubernetes.haproxy.com
4.3.2 haproxy+keepalived搭建
? ? 安裝haproxy
root@haproxy1:/data# wget https://github.com/haproxy/haproxy/archive/v2.0.0.tar.gz
root@haproxy1:/data# tar -xf v2.0.0.tar.gz
root@haproxy1:/data# cd haproxy-2.0.0/
root@haproxy1:/data/haproxy-2.0.0# make TARGET=linux-glibc
root@haproxy1:/data/haproxy-2.0.0# make install PREFIX=/data/haproxy
root@haproxy1:/data/haproxy# mkdir conf
root@haproxy1:/data/haproxy# vim? conf/haproxy.cfg
global
? log 127.0.0.1 local0 err
? maxconn 50000
? user haproxy
? group haproxy
? daemon
? nbproc 1
? pidfile haproxy.pid
defaults
? mode tcp
? log 127.0.0.1 local0 err
? maxconn 50000
? retries 3
? timeout connect 5s
? timeout client 30s
? timeout server 30s
? timeout check 2s
listen admin_stats
? mode http
? bind 0.0.0.0:1080
? log 127.0.0.1 local0 err
? stats refresh 30s
? stats uri? ? ?/haproxy-status
? stats realm? ?Haproxy\ Statistics
? stats auth? ? will:will
? stats hide-version
? stats admin if TRUE
frontend k8s
? bind 0.0.0.0:8443
? mode tcp
? default_backend k8s
backend k8s
? mode tcp
? balance roundrobin
? server master1 192.168.10.3:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3
? server master2 192.168.10.4:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3
? server master3 192.168.10.5:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3
??
root@haproxy1:/data/haproxy# id -u haproxy &> /dev/null || useradd -s /usr/sbin/nologin -r haproxy
root@haproxy1:/data/haproxy# mkdir /usr/share/doc/haproxy
root@haproxy1:/data/haproxy# wget -qO - https://github.com/haproxy/haproxy/blob/master/doc/configuration.txt | gzip -c > /usr/share/doc/haproxy/configuration.txt.gz
root@haproxy1:/data/haproxy# vim /etc/default/haproxy?
# Defaults file for HAProxy
#
# This is sourced by both, the initscript and the systemd unit file, so do not
# treat it as a shell script fragment.
# Change the config file location if needed
#CONFIG="/etc/haproxy/haproxy.cfg"
# Add extra flags here, see haproxy(1) for a few options
#EXTRAOPTS="-de -m 16"
root@haproxy1:/data# vim /lib/systemd/system/haproxy.service?
[Unit]
Description=HAProxy Load Balancer
Documentation=man:haproxy(1)
Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
After=network.target syslog.service
Wants=syslog.service
[Service]
Environment=CONFIG=/data/haproxy/conf/haproxy.cfg
EnvironmentFile=-/etc/default/haproxy
ExecStartPre=/data/haproxy/sbin/haproxy -f ${CONFIG} -c -q
ExecStart=/data/haproxy/sbin/haproxy -W? -f ${CONFIG} -p /data/haproxy/conf/haproxy.pid $EXTRAOPTS
ExecReload=/data/haproxy/sbin/haproxy -c -f ${CONFIG}
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
Type=forking
[Install]
WantedBy=multi-user.target
root@haproxy2:/data/haproxy# systemctl daemon-reload?
root@haproxy2:/data/haproxy# systemctl start haproxy
root@haproxy2:/data/haproxy# systemctl status haproxy
? ? 安裝keepalived
root@haproxy1:/data# wget https://www.keepalived.org/software/keepalived-2.0.16.tar.gz
root@haproxy1:/data# tar -xf keepalived-2.0.16.tar.gz
root@haproxy1:/data# cd keepalived-2.0.16/
root@haproxy1:/data/keepalived-2.0.16# ./configure --prefix=/data/keepalived
root@haproxy1:/data/keepalived-2.0.16# ./configure --prefix=/data/keepalived
root@haproxy1:/data/keepalived-2.0.16# make && make install
root@haproxy1:/data/keepalived# mkdir conf
root@haproxy1:/data/keepalived# vim conf/keepalived.conf
! Configuration File for keepalived
global_defs {
? notification_email {
? ? root@localhost
? }
?
? notification_email_from keepalived@localhost
? smtp_server 127.0.0.1
? smtp_connect_timeout 30
? router_id haproxy1
}
?
vrrp_script chk_haproxy {? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?#HAproxy 服務(wù)監(jiān)控腳本? ? ? ? ? ? ? ? ? ??
? script "/data/keepalived/check_haproxy.sh"
? interval 2
? weight 2
}
?
vrrp_instance VI_1 {
? state MASTER
? interface ens160
? virtual_router_id 1
? priority 100
? advert_int 1
? authentication {
? ? auth_type PASS
? ? auth_pass 1111
? }
? track_script {
? ? chk_haproxy
? }
? virtual_ipaddress {
? ? 192.168.10.10/24
? }
}
root@haproxy1:/data/keepalived# vim /etc/default/keepalived
# Options to pass to keepalived
# DAEMON_ARGS are appended to the keepalived command-line
DAEMON_ARGS=""
root@haproxy1:/data/keepalived# vim /lib/systemd/system/keepalived.service
[Unit]
Description=Keepalive Daemon (LVS and VRRP)
After=network-online.target
Wants=network-online.target
# Only start if there is a configuration file
ConditionFileNotEmpty=/data/keepalived/conf/keepalived.conf
[Service]
Type=forking
KillMode=process
Environment=CONFIG=/data/keepalived/conf/keepalived.conf
# Read configuration variable file if it is present
EnvironmentFile=-/etc/default/keepalived
ExecStart=/data/keepalived/sbin/keepalived -f ${CONFIG} -p /data/keepalived/conf/keepalived.pid $DAEMON_ARGS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
root@haproxy1:/data/keepalived# systemctl daemon-reload
root@haproxy1:/data/keepalived# systemctl start keepalived.service
root@haproxy1:/data/keepalived# vim /data/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header | wc -l`
if [ $A -eq 0 ];then
systemctl start haproxy.service
sleep 3
if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ];then
systemctl stop keepalived.service
fi
fi
? ? 同理haproxy2機(jī)器上安裝haproxy和keepalived
4.3.3 kubernetes集群搭建
? ? 基本設(shè)置
? ? 關(guān)閉交換分區(qū),kubernetes集群的6臺機(jī)器必須全部關(guān)閉
root@master1:~# free -m
? ? ? ? ? ? ? total? ? ? ? used? ? ? ? free? ? ? shared? buff/cache? ?available
Mem:? ? ? ? ? 16046? ? ? ? ?128? ? ? ?15727? ? ? ? ? ?8? ? ? ? ?190? ? ? ?15638
Swap:? ? ? ? ? ?979? ? ? ? ? ?0? ? ? ? ?979
root@master1:~# swapoff -a
root@master1:~# free -m
? ? ? ? ? ? ? total? ? ? ? used? ? ? ? free? ? ? shared? buff/cache? ?available
Mem:? ? ? ? ? 16046? ? ? ? ?128? ? ? ?15726? ? ? ? ? ?8? ? ? ? ?191? ? ? ?15638
Swap:? ? ? ? ? ? ?0? ? ? ? ? ?0? ? ? ? ? ?0
? ? 安裝docker
? ? 6臺機(jī)器均需安裝
# 使apt能夠使用https訪問
root@master1:~# apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
root@master1:~# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
OK
root@master1:~# apt-key fingerprint 0EBFCD88
pub? ?4096R/0EBFCD88 2017-02-22
? ? ? Key fingerprint = 9DC8 5822 9FC7 DD38 854A? E2D8 8D81 803C 0EBF CD88
uid? ? ? ? ? ? ? ? ? Docker Release (CE deb) <docker@docker.com>
sub? ?4096R/F273FCD8 2017-02-22
# 增加docker apt源
root@master1:~# add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# 安裝docker
root@master1:~# apt-get update
root@master1:~# apt-get install -y docker-ce docker-ce-cli containerd.io
root@master1:~# docker --version?
Docker version 18.09.6, build 481bc77
? ? 安裝kubernetes組件
# 安裝kubeadm,kubelet,kubectl 6臺機(jī)器均需安裝
root@master1:~# apt-get update
root@master1:~# apt-get install -y apt-transport-https curl
root@master1:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
OK
root@master1:~# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
> deb https://apt.kubernetes.io/ kubernetes-xenial main
> EOF
root@master1:~# apt-get update
root@master1:~# apt-get install -y kubelet kubeadm kubectl
root@master1:~# apt-mark hold kubelet kubeadm kubectl
kubelet set on hold.
kubeadm set on hold.
kubectl set on hold.
? ??
? ? 創(chuàng)建集群
? ? 控制節(jié)點1
root@master1:~# vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfigurationkubernetes
Version: stable
controlPlaneEndpoint: "kubernetes.haproxy.com:8443"
networking:? ? podSubnet: "10.244.0.0/16"? ??
root@master1:~# kubeadm init --config=kubeadm-config.yaml --upload-certs
? ? 完成后截圖如下
root@master1:~# mkdir -p $HOME/.kube
root@master1:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master1:~# chown $(id -u):$(id -g) $HOME/.kube/config
# 安裝網(wǎng)絡(luò)組件,這里采用fannel
root@master1:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/62e44c867a2846fefb68bd5f178daf4da3095ccb/Documentation/kube-flannel.yml
? ??
? ? 查看安裝結(jié)果
root@master1:~# kubectl get pod -n kube-system -w
? ? 集群加入另外控制節(jié)點
? ? 當(dāng)時我們生產(chǎn)環(huán)境v1.11版需每個控制節(jié)點寫主配置文件,分別在每個節(jié)點上執(zhí)行一系列操作加入集群,現(xiàn)在v1.15版支持kubeadm join直接加入,步驟簡單了很多。
? ? 控制節(jié)點2
root@master2:~# kubeadm join kubernetes.haproxy.com:8443 --token a3g3x0.zc6qxcdqu60jgtz1? ? ?--discovery-token-ca-cert-hash sha256:d48d8e4e7f8bc2c66a815a34b7e6a23809ad53bdae4a600e368a3ff28ad7a7d5? ? ?--experimental-control-plane --certificate-key a2a84ebc181ba34a943e5003a702b71e2a1e7e236f8d1d687d9a19d2bf803a77
root@master2:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master2:~# chown $(id -u):$(id -g) $HOME/.kube/config
? ? 查看安裝結(jié)果
root@master2:~# kubectl get nodes
? ??
? ? 控制節(jié)點3
root@master3:~# kubeadm join kubernetes.haproxy.com:8443 --token a3g3x0.zc6qxcdqu60jgtz1? ? ?--discovery-token-ca-cert-hash sha256:d48d8e4e7f8bc2c66a815a34b7e6a23809ad53bdae4a600e368a3ff28ad7a7d5? ? ?--experimental-control-plane --certificate-key a2a84ebc181ba34a943e5003a702b71e2a1e7e236f8d1d687d9a19d2bf803a77
root@master3:~# mkdir -p $HOME/.kube
root@master3:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master3:~# chown $(id -u):$(id -g) $HOME/.kube/config
? ? 查看安裝結(jié)果
root@master3:~# kubectl get nodes
? ??
? ? 添加工作節(jié)點
root@node1:~# kubeadm join kubernetes.haproxy.com:8443 --token a3g3x0.zc6qxcdqu60jgtz1? ? ?--discovery-token-ca-cert-hash sha256:d48d8e4e7f8bc2c66a815a34b7e6a23809ad53bdae4a600e368a3ff28ad7a7d5
root@node2:~# kubeadm join kubernetes.haproxy.com:8443 --token a3g3x0.zc6qxcdqu60jgtz1? ? ?--discovery-token-ca-cert-hash sha256:d48d8e4e7f8bc2c66a815a34b7e6a23809ad53bdae4a600e368a3ff28ad7a7d5
root@node3:~# kubeadm join kubernetes.haproxy.com:8443 --token a3g3x0.zc6qxcdqu60jgtz1? ? ?--discovery-token-ca-cert-hash sha256:d48d8e4e7f8bc2c66a815a34b7e6a23809ad53bdae4a600e368a3ff28ad7a7d5
? ? 整個集群搭建完成查看結(jié)果
? ? 任一master上執(zhí)行
root@master1:~# kubectl get pods --all-namespaces
root@master1:~# kubectl get nodes
? ? 至此,整個高可用集群搭建完畢
5. 參考文檔
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin
https://www.kubernetes.org.cn/docs
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。