容器相关
非root用户Docker与K8S
Containerd安装
Containerd常用命令
Docker
镜像创建
国内镜像仓库
容器创建(Dockerfile)
容器系统
docker配置
docker数据管理
docker网络管理
docker容器自启动
docker镜像加速
docker问题
搭建Portainer可视化界面
Docker Swarm
Swarm搭建Docker集群
Docker Compose
Docker Compose命令
Docker Compose模板
Docker Machine
Kubernetes常用命令
k8s部署(kubeadmin)
k8s高可用部署
MiniKube
k8s1.24部署(containerd)
k8s1.24部署(docker)
部署 Dashboard
Kuboard K8S管理台
k8s权限管理
k8s网络插件
私有仓密码镜像拉取
k8s集群管理
POD--基本单位
Pod模板
Pod生命周期
Pod健康检查
初始化容器(initContainer)
Deployment--Pod的管理
Deployment模板
Deployment升级与回滚
DaemonSet控制器
StatefulSet控制器(有状态)
JOB与CRONJOB
Service--发布服务
ingress-traefix
ingress-nginx
MetalLB
存储与配置
持久存储卷
配置存储卷
资源管理
标签、选择器与注解
资源预留
调度管理
自动扩容
Proxy API与API Server
Helm--K8S的包管理器
helm常用命令
自定义Chart
私有chart仓库
helm dashboard
K8S证书过期
K8S问题解决
Harbor安装
Harbor操作
Harbor问题
Harbor升级
Docker Registry安装
Docker Registry鉴权
Registry用Nginx代理SSL及鉴权
Docker Registry问题
Istio 服务网络
常用示例
Gateway【服务网关】
kiali 可视化页面
开启HTTPS
linkerd 服务网络
本文档使用MrDoc发布
返回首页
-
+
k8s高可用部署
2023年6月1日 13:09
admin
#keepalived安装 ###安装 yum -y install keepalived --- ###修改配置 --- ####节点一 vim /etc/keepalived/keepalived.conf #内容 ! Configuration File for keepalived global_defs { router_id pro-master01 #每个节点不同 } vrrp_instance VI_1 { state MASTER #设置角色 interface eth0 #设置网卡 virtual_router_id 200 #所有节点一致 priority 100 #优先级,越大越成为master advert_int 1 authentication { auth_type PASS auth_pass test9cloud@ #密码 } virtual_ipaddress { 192.168.8.70 #VIP } } --- ####节点二 vim /etc/keepalived/keepalived.conf #内容 ! Configuration File for keepalived global_defs { router_id pro-master02 #每个节点不同 } vrrp_instance VI_1 { state MASTER #设置角色 interface eth0 #设置网卡 virtual_router_id 200 #所有节点一致 priority 90 #优先级,越大越成为master advert_int 1 authentication { auth_type PASS auth_pass test9cloud@ #密码 } virtual_ipaddress { 192.168.8.70 #VIP } } --- ####节点三 vim /etc/keepalived/keepalived.conf #内容 ! Configuration File for keepalived global_defs { router_id pro-master03 #每个节点不同 } vrrp_instance VI_1 { state MASTER #设置角色 interface eth0 #设置网卡 virtual_router_id 200 #所有节点一致 priority 80 #优先级,越大越成为master advert_int 1 authentication { auth_type PASS auth_pass test9cloud@ #密码 } virtual_ipaddress { 192.168.8.70 #VIP } } --- ###启动与停止 systemctl start keepalived systemctl status keepalived systemctl stop keepalived --- #安装k8s ##节点一: ###关闭swap: swapoff -a ###关闭firewalld systemctl stop firewalld systemctl disable firewalld ###关闭selinux setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config --- ###添加阿里云YUM软件源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF #更新缓存 yum clean all yum -y makecache ###安装kubeadm,kubelet和kubectl yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3 systemctl enable kubelet --- ###编写kubeadm-config.yam apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.16.4 apiServer: certSANs: #填写所有kube-apiserver节点的hostname、IP、VIP - personal01 - personal02 - personal03 - personal04 - 192.168.8.60 - 192.168.8.61 - 192.168.8.62 - 192.168.8.63 controlPlaneEndpoint: "192.168.8.70:6443" #VIP networking: podSubnet: "10.244.0.0/16" --- ###替换kubeadm(100年、不替换默认1年) #备份 cp /usr/bin/kubeadm /usr/bin/kubeadm.bak #替换 cp -f /opt/cpaas_install_k8s/packages/k8s_package/k8s_certs/kubeadm /usr/bin/kubeadm --- ###初始化 kubeadm init --config=/opt/cpaas_install_k8s/packages/k8s_master_ha/kubeadm-config.yaml --- ###复制配置文件 rm -rf ~/.kube mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config --- ####分发密钥文件(master02、master03) /etc/kubernetes/pki/ca.crt /etc/kubernetes/pki/ca.key /etc/kubernetes/pki/sa.key /etc/kubernetes/pki/sa.pub /etc/kubernetes/pki/front-proxy-ca.crt /etc/kubernetes/pki/front-proxy-ca.key /etc/kubernetes/pki/etcd/ca.crt /etc/kubernetes/pki/etcd/ca.key --- ##节点二: ###关闭swap: swapoff -a ###关闭firewalld systemctl stop firewalld systemctl disable firewalld ###关闭selinux setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config --- ###添加阿里云YUM软件源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF #更新缓存 yum clean all yum -y makecache ###安装kubeadm,kubelet和kubectl yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3 systemctl enable kubelet --- ###替换kubeadm(100年、不替换默认1年) #备份 cp /usr/bin/kubeadm /usr/bin/kubeadm.bak #替换 cp -f /opt/cpaas_install_k8s/packages/k8s_package/k8s_certs/kubeadm /usr/bin/kubeadm --- ####加入集群(注意:要确保先把节点一的密钥文件分发完) kubeadm join 192.168.8.70:6443 --token 5mumc0.7cd3zsgo92bpqsui \ --discovery-token-ca-cert-hash sha256:319190473e8304ed63edb7f47f876cb384b32aecece1e4c2f10d6a72b2311c08 \ --control-plane --- ###复制配置文件 rm -rf ~/.kube mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config --- ##节点三:(同节点二) --- ##work节点 ###关闭swap: swapoff -a ###关闭firewalld systemctl stop firewalld systemctl disable firewalld ###关闭selinux setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config --- ###添加阿里云YUM软件源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF #更新缓存 yum clean all yum -y makecache ###安装kubeadm,kubelet和kubectl yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3 systemctl enable kubelet --- ####加入集群 kubeadm join 192.168.8.70:6443 --token 5mumc0.7cd3zsgo92bpqsui \ --discovery-token-ca-cert-hash sha256:319190473e8304ed63edb7f47f876cb384b32aecece1e4c2f10d6a72b2311c08 --- ##验证 kubectl get nodes -A -o wide kubeadm alpha certs check-expiration 
分享到: