kubernetes1.9版本集群配置向导
说明
使用kubeadm创建kubernetes环境是单个节点,需要对kube-api做高可用,这里使用keepalived对3个master节点kubernetes api做高可用,etcd也部署到3台master节点。网络使用CoreDNS+kube-router
主机 IP
k8smaster01 192.168.0.230
k8smaster02 192.168.0.231
k8smaster03 192.168.0.232
k8snode01 192.168.0.233
k8s api VIP 192.168.0.238
版本号
docker: 17.03.2-ce
OS: CentOS Linux release 7.4.1708
kubernetes: 1.9.4
etcdctl: 3.2.15
Keepalived: v1.3.5
[root@k8smaster01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gcr.io/google_containers/kube-proxy-amd64 v1.9.4 119ae3dc765b 3 days ago 109 MB
gcr.io/google_containers/kube-scheduler-amd64 v1.9.4 897eabbc86ac 3 days ago 62.9 MB
gcr.io/google_containers/kube-apiserver-amd64 v1.9.4 3945a0b35e33 3 days ago 212 MB
gcr.io/google_containers/kube-controller-manager-amd64 v1.9.4 35c62345e5ac 3 days ago 139 MB
busybox latest f6e427c148a7 2 weeks ago 1.15 MB
cloudnativelabs/kube-router latest 03dcb0d528f0 4 weeks ago 88.1 MB
coredns/coredns 1.0.1 58d63427cdea 3 months ago 45.1 MB
gcr.io/google_containers/k8s-dns-sidecar-amd64 1.14.7 db76ee297b85 4 months ago 42 MB
gcr.io/google_containers/k8s-dns-kube-dns-amd64 1.14.7 5d049a8c4eec 4 months ago 50.3 MB
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64 1.14.7 5feec37454f4 4 months ago 40.9 MB
gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 22 months ago 747 kB
下载链接
度娘网盘:链接: https://pan.baidu.com/s/140HwRcJaA_3Q8S6MF2Ip0g 密码: akqa
docker download
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
# yum install keepalived
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
bbotte@163.com
}
router_id LVS_k8s
}
vrrp_script CheckK8sMaster {
script "curl -k https://192.168.0.238:6443" #VIP
interval 3
timeout 9
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER #MASTER/SLAVE
interface ens192 #网卡名称
virtual_router_id 51
priority 100 #权重,配置不同数值
advert_int 1
# local host ip
mcast_src_ip 192.168.0.230
authentication {
auth_type PASS
auth_pass bbotte_k8s
}
unicast_peer {
#对方的ip
192.168.0.231
192.168.0.232
}
virtual_ipaddress {
192.168.0.238/24
}
track_script {
CheckK8sMaster
}
}
# systemctl enable keepalived && systemctl restart keepalived
# yum install ipvsadm -y
# ipvsadm -Ln
# cat etcd-csr.json
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "Beijing",
"ST": "Beijing",
"C": "CN"
}
],
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.0.230",
"192.168.0.231",
"192.168.0.232",
"192.168.0.233",
"192.168.0.238"
]
}
# cat etcd-gencert.json
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}
# cat etcd-root-ca-csr.json
{
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "Beijing",
"ST": "Beijing",
"C": "CN"
}
],
"CN": "etcd-root-ca"
}
# cat /etc/kubernetes/config.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
endpoints:
- https://192.168.0.230:2379 #3个master节点
- https://192.168.0.231:2379
- https://192.168.0.232:2379
caFile: /etc/etcd/ssl/etcd-root-ca.pem #和etcd使用一样的证书
certFile: /etc/etcd/ssl/etcd.pem
keyFile: /etc/etcd/ssl/etcd-key.pem
dataDir: /var/lib/etcd
networking:
podSubnet: 10.244.0.0/16
kubernetesVersion: 1.9.4
api:
advertiseAddress: "192.168.0.238" #api的地址,即keepalived的VIP
token: "4bdbca.6e3531d0ec698d96"
tokenTTL: "0s"
apiServerCertSANs:
- etcd01
- etcd02
- etcd03
- 192.168.0.230
- 192.168.0.231
- 192.168.0.232
- 192.168.0.238
featureGates:
CoreDNS: true