前言
在以前我们在私有环境下创建 Kubernetes 集群时,我们需要准备一个硬件/软件的 负载均衡器 来创建多控制平面集群,更多的情况下我们会选择使用 HAProxy + Keepalived 来实现这个功能。一般情况下我们创建2个负载均衡器的虚拟机,然后分配一个 VIP,然后使用 VIP 为负载均衡器提供服务,通过 VIP 将流量重定向到后端的某个 Kubernetes 控制器平面节点上。
如下图所示:
接下来我们再来看看如果使用 kube-vip 的话会怎样呢?
可以看到,这样实现后使得架构变得更为的优雅,少了之前架构中 负载均衡 服务器的使用。
环境说明
- 节点说明
| IP地址 | 操作系统 | 内核版本 |
|---|---|---|
| 192.168.28.31 (k8s-master-01) | CentOS Linux release 7.9.2009 (Core) | 3.10.0-1160.el7.x86_64 |
| 192.168.28.32 (k8s-master-02) | CentOS Linux release 7.9.2009 (Core) | 3.10.0-1160.el7.x86_64 |
| 192.168.28.33 (k8s-master-03) | CentOS Linux release 7.9.2009 (Core) | 3.10.0-1160.el7.x86_64 |
| 192.168.28.51 (k8s-node-01) | CentOS Linux release 7.9.2009 (Core) | 3.10.0-1160.el7.x86_64 |
| 192.168.28.30 (kube-vip) |
- 软件说明
| 名称 | 版本 |
|---|---|
| kubernetes | 1.22.3 |
安装部署
1. 所有节点都要执行
- 更改hostname
hostnamectl set-hostname k8s-master-01
- 添加hosts记录
cat <<EOF >> /etc/hosts
192.168.28.31 k8s-master-01
192.168.28.32 k8s-master-02
192.168.28.33 k8s-master-03
192.168.28.51 k8s-node-01
EOF
- 脚本安装k8s环境
#!/bin/bash
# kubeadm安装k8s
# ***需要设置所有主机的主机名***
# 安装所需的基本环境
# cat <<EOF >> /etc/hosts
# 10.100.5.100 k8s-master-01
# 10.100.5.101 k8s-master-02
# 10.100.5.102 k8s-master-03
# 10.100.5.35 k8s-node-01
# 10.100.5.36 k8s-node-02
# 10.100.5.37 k8s-node-03
# 10.100.5.38 k8s-node-04
# 10.100.5.39 k8s-node-05
# 10.100.3.158 k8s-node-06
# EOF
K8S_VERSION=1.22.3
CRICTL_VERSION=1.22.0
# https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz
CRICTL_ADDR=http://nas.hardhtml.com:8800/linux/crictl-v${CRICTL_VERSION}-linux-amd64.tar.gz
# 关闭swap
sed -i 's/^[^#].*swap*/#&/g' /etc/fstab
swapoff -a
# 关闭防火墙和selinux
systemctl disable firewalld && systemctl stop firewalld
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
setenforce 0
# 清空规则
iptables -F
# 安装nfs-utils
yum install -y nfs-utils
# 安装ntp服务
yum install -y ntp
systemctl start ntpd && systemctl enable ntpd
# 调整系统时区
systemctl restart rsyslog
systemctl restart crond
# 安装containerd
# yum remove -y docker*
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io-1.4.11
containerd config default > /etc/containerd/config.toml
# 设置参数优化
sed -i "s#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
sed -i '/containerd.runtimes.runc.options/a\ \ \ \ \ \ \ \ \ \ \ \ SystemdCgroup = true' /etc/containerd/config.toml
sed -i "s#https://registry-1.docker.io#https://registry.cn-hangzhou.aliyuncs.com#g" /etc/containerd/config.toml
cat <<EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
systemctl enable containerd && systemctl restart containerd
# 安装crictl
if [ -e '/usr/bin/crictl' ];then
mv /usr/bin/crictl /tmp/
fi
wget $CRICTL_ADDR -P /opt/
tar -zxvf /opt/crictl-v${CRICTL_VERSION}-linux-amd64.tar.gz -C /usr/bin/
cat << EOF > /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
crictl --version
# 设置k8s内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 加载内核参数
modprobe br_netfilter
sysctl --system
sysctl -p /etc/sysctl.d/k8s.conf
# kube-proxy开启ipvs的前置条件
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
# 脚本创建了的/etc/sysconfig/modules/ipvs.modules文件,保证在节点重启后能自动加载所需模块。 使用lsmod | grep -e ip_vs -e nf_conntrack_ipv4命令查看是否已经正确加载所需的内核模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
yum install ipvsadm ipset -y
# 添加阿里云kubernetes的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装kubelet,kubeadm,kubectl
yum install -y kubelet-${K8S_VERSION} kubeadm-${K8S_VERSION} kubectl-${K8S_VERSION} && systemctl enable kubelet
参考文献
https://www.treesir.pub/post/kube-vip-deploy-ha-k8s-cluster/
https://kubernetes.io/docs/setup/production-environment/container-runtimes/