Kubernetes部署（多master、负载均衡和Dashboard）

Kubernetes部署&＃xff08;多master、负载均衡和Dashboard &＃xff09;

单master节点部署

单节点部署请看上一篇文章

多master节点部署

部署CNI网络

master02操作

从 master01 节点上拷贝证书文件、各master组件的配置文件和服务管理文件到 master02 节点
scp -r /opt/etcd/ root&＃64;192.168.80.20:/opt/
scp -r /opt/kubernetes/ root&＃64;192.168.80.20:/opt

cd /usr/lib/systemd/system/
scp /usr/lib/systemd/system/{kube-apiserver,kube-scheduler,kube-controller-manager}.service root&＃64;192.168.80.20:&＃96;pwd&＃96;


cd /opt/kubernetes/cfg/[root&＃64;master01 cfg]# vim kube-controller-manager.kubeconfig
[root&＃64;master01 cfg]# vim kube-scheduler.kubeconfig#修改下方两个文件ip改为本机


#在master02节点上设置环境并修改配置文件kube-apiserver中的IP
vim /opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS&＃61;"--logtostderr&＃61;true \
--v&＃61;4 \
--etcd-servers&＃61;https://192.168.80.10:2379,https://192.168.80.11:2379,https://192.168.80.12:2379 \
--bind-address&＃61;192.168.80.20 \ #修改
--secure-port&＃61;6443 \
--advertise-address&＃61;192.168.80.20 \ #修改#复制.kube到master02
cd /rootscp -r .kube/ root&＃64;192.168.80.20:/root
......启动各服务并设置开机自启
systemctl daemon-reload
systemctl enable --now kube-apiserver.service
systemctl enable --now kube-controller-manager.service
systemctl enable --now kube-scheduler.service查看node节点状态&＃xff0c;但无法进行操作&＃xff0c;需要关联node节点
ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
kubectl get nodes -o wide #-o&＃61;wide∶输出额外信息;对于Pod&＃xff0c;将输出Pod所在的Node名
此时在master02节点查到的node节点状态仅是从etcd查询到的信息&＃xff0c;而此时node节点实际上并未与master02节点建立通信连接&＃xff0c;因此需要使用一个VIP把node节点与master节点都关联起来


负载均衡部署

安装nginx

//配置load balancer集群双机热备负载均衡&＃xff08;nginx实现负载均衡&＃xff0c;keepalived实现双机热备&＃xff09;
##### 在lb01、lb02节点上操作 #####
//配置nginx的官方在线yum源&＃xff0c;配置本地nginx的yum源
cat > /etc/yum.repos.d/nginx.repo << &＃39;EOF&＃39;
[nginx]
name&＃61;nginx repo
baseurl&＃61;http://nginx.org/packages/centos/7/$basearch/
gpgcheck&＃61;0
EOFyum install nginx -y


修改nginx配置文件

//修改nginx配置文件&＃xff0c;配置四层反向代理负载均衡&＃xff0c;指定k8s群集2台master的节点ip和6443端口
vim /etc/nginx/nginx.conf
events {worker_connections 1024;
}#添加
stream {log_format main &＃39;$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent&＃39;;access_log /var/log/nginx/k8s-access.log main;upstream k8s-apiserver {server 192.168.80.10:6443;server 192.168.80.20:6443;}server {listen 6443;proxy_pass k8s-apiserver;}
}http {
......

启动nginx

//启动nginx服务&＃xff0c;查看已监听6443端口
systemctl start nginx
systemctl enable nginx
netstat -natp | grep nginx


部署keepalived服务

安装keepalived

//部署keepalived服务
yum install keepalived -y


修改keepalived文件

//修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {# 接收邮件地址notification_email {acassen&＃64;firewall.locfailover&＃64;firewall.locsysadmin&＃64;firewall.loc}# 邮件发送地址notification_email_from Alexandre.Cassen&＃64;firewall.locsmtp_server 127.0.0.1smtp_connect_timeout 30router_id NGINX_MASTER #lb01节点的为 NGINX_MASTER&＃xff0c;lb02节点的为 NGINX_BACKUP
}#添加一个周期性执行的脚本
vrrp_script check_nginx {script "/etc/nginx/check_nginx.sh" #指定检查nginx存活的脚本路径
}vrrp_instance VI_1 {state MASTER #lb01节点的为 MASTER&＃xff0c;lb02节点的为 BACKUPinterface ens33 #指定网卡名称 ens33virtual_router_id 51 #指定vrid&＃xff0c;两个节点要一致priority 100 #lb01节点的为 100&＃xff0c;lb02节点的为 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.80.100/24 #指定 VIP}track_script {check_nginx #指定vrrp_script配置的脚本}
}

创建状态检测脚本

//创建nginx状态检查脚本
vim /etc/nginx/check_nginx.sh
#!/bin/bash
#egrep -cv "grep|$$" 用于过滤掉包含grep 或者 $$ 表示的当前Shell进程ID
count&＃61;$(ps -ef | grep nginx | egrep -cv "grep|$$")if [ "$count" -eq 0 ];thensystemctl stop keepalived
fichmod &＃43;x /etc/nginx/check_nginx.sh

传给另一台主机

scp check_nginx.sh keepalived.conf root&＃64;192.168.80.14:&＃96;pwd&＃96;

修改配置文件

//启动keepalived服务&＃xff08;一定要先启动了nginx服务&＃xff0c;再启动keepalived服务&＃xff09;
systemctl start keepalived
systemctl enable keepalived
ip a #查看VIP是否生成


对接vip地址

在node节点上修改配置文件&＃xff08;两台同样操作&＃xff09;

//修改node节点上的bootstrap.kubeconfig,kubelet.kubeconfig配置文件为VIP
cd /opt/kubernetes/cfg/
vim bootstrap.kubeconfig
server: https://192.168.80.100:6443vim kubelet.kubeconfig
server: https://192.168.80.100:6443vim kube-proxy.kubeconfig
server: https://192.168.80.100:6443


[root&＃64;node01 cfg]# systemctl restart kubelet.service
[root&＃64;node01 cfg]# systemctl restart kube-proxy.service#重启服务


netstat -natp |grep nginx
#查看端口对接


kubectl run nginx --image&＃61;nginx
#创建pod测试kubectl get pods
#查看


部署Dashboard

Dashboard介绍

仪表板是基于web的Kubernetes用户界面。您可以使用仪表板将容器化应用程序部署到Ktbernetes集群&＃xff0c;对容器化应用程序进行故障排除&＃xff0c;并管理集群本身及其伴随资源。您可以使用仪表板来概述群集上运行的应用程序&＃xff0c;以及创建或修改单个Kubernetes资源&＃xff08;例如部署&＃xff0c;作业&＃xff0c;守护进程等&＃xff09;。例如&＃xff0c;您可以使用部署向导扩展部署&＃xff0c;启动滚动更新&＃xff0c;重新启动Pod或部署新应用程序。仪表板还提供有关群集中Knubernetes资源状态以及可能发生的任何错误的信息。

master01操作

#在 master01 节点上操作
//在k8s工作目录中创建dashborad工作目录
mkdir /opt/k8s/dashboard
cd /opt/k8s/dashboard

#上传recommended.yaml文件到/opt/k8s 目录中cd /opt/k8s
vim recommended.yaml
#默认Dashboard只能集群内部访问&＃xff0c;修改service为NodePort类型&＃xff0c;暴露到外部:kind: service
apiversion : vlmetadata :
labels:
k8s-app: kubernetes-dashboardname : kubernetes-dashboard
namespace: kubernetes-dashboardspec:
ports:
- port : 443
targetPort: 8443
nodePort: 30001#添加type: NodePort
#添加
selector:
k8s-app: kubernetes-dashboard
kubectl apply -f recommended.yaml

#创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole&＃61;cluster-admin --serviceaccount&＃61;kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret / awk &＃39;/dashboard-aimin/ print $1)&＃39;)
#使用输出的token登录Dashboard
https://192.168.80.12:30001