ubuntu部署多master节点高可用集群

基础环境

1、配置主机间免密登录

# 生成密钥对；demo-master-97机器上执行，一直回车即可，不输入密码

ssh-keygen

# 把本地（97）生成的密钥文件和私钥文件拷贝到远程主机（98、99）

ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.0.98

ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.0.99

2、服务器配置调优

# 关闭内核更新

sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades

# 关闭防火墙

ufw disable

# 关闭swap分区

swapoff -a

sed -i 's|\/swap|#\/swap|g' /etc/fstab

# 安装常用命令

apt install -y net-tools iputils-ping vim curl wget tar zip ntpdate cron apt-transport-https ca-certificates software-properties-common gnupg2 ipset ipvsadm bash-completion

# 时区、时间调整

sudo timedatectl set-timezone Asia/Shanghai

echo "* */1 * * * ntpdate cn.pool.ntp.org" >> /var/spool/cron/crontabs/root

# 内核参数调优

cat << EOF > /etc/sysctl.d/inotify.conf

fs.file-max = 65536

fs.inotify.max_queued_events = 65536

fs.inotify.max_user_instances=65536

fs.inotify.max_user_watches=65536

EOF

sysctl -p /etc/sysctl.d/inotify.conf

cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

user.max_user_namespaces=28633

EOF

# IPVS模块参数配置

cat > /etc/modules-load.d/ipvs.conf <<EOF

ip_vs

ip_vs_rr

ip_vs_wrr

ip_vs_sh

nf_conntrack

EOF

# IPVS模块加载

modprobe ip_vs

modprobe ip_vs_rr

modprobe ip_vs_wrr

modprobe ip_vs_sh

modprobe nf_conntrack

sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf

3、安装docker

# 导入源

curl -fsSL https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

echo -ne '\n' |sudo add-apt-repository "deb [arch=amd64] https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

# 更新源

apt-get update

# 安装指定版本的docker

apt-get install docker-ce=5:24.0.7-1~ubuntu.22.04~jammy -y

# docker启动并加入开机自启

systemctl enable docker --now

# 查看docker信息

docker info

4、安装kubeadm以及kubernetes组件

# 导入源

cp /etc/apt/sources.list.d/kubernetes.list /etc/apt/sources.list.d/kubernetes.list.bak

cat <<EOF > /etc/apt/sources.list.d/kubernetes.list

deb https://mirrors.huaweicloud.com/kubernetes/apt/ kubernetes-xenial main

EOF

curl -s https://mirrors.huaweicloud.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

# 更新源

apt-get update

# 安装指定版本的kubeadm、kubelet、kubectl

apt install -y kubeadm=1.21.2-00 kubelet=1.21.2-00 kubectl=1.21.2-00

# 实现kubectl命令自动补全功能

kubectl completion bash > /etc/profile.d/kubectl_completion.sh

高可用配置

1、nginx安装

# 1.添加Nginx官方存储库：首先，你需要添加Nginx的官方存储库。打开终端并运行以下命令

echo "deb http://nginx.org/packages/mainline/ubuntu $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

# 2.导入Nginx官方存储库的密钥：运行以下命令

wget https://nginx.org/keys/nginx_signing.key

sudo apt-key add nginx_signing.key

# 3.更新存储库信息：运行以下命令以确保你的系统已更新

sudo apt-get update

# 4.安装Nginx。运行以下命令

sudo apt-get install nginx -y

# 5.验证安装：安装完成后，你可以验证Nginx的版本

nginx -v

# 6.启动Nginx：如果安装完成后Nginx未自动启动，你可以运行以下命令手动启动它：

sudo systemctl enable nginx --now

# 7.可选：锁定版本：如果你希望防止系统自动更新到其他版本，你可以锁定Nginx的版本：

sudo apt-mark hold nginx

2、nginx配置修改

注意：如果keepalived两个节点不在期初的单master节点上，nginx配置需要将其他两台机器的代理注释掉，只暂时保留期初master节点的代理配置，否则kubernetes接口无法访问

cat <<EOF > /etc/nginx/nginx.conf

error_log stderr notice;

worker_processes auto;

worker_rlimit_nofile 130048;

worker_shutdown_timeout 10s;

events {

multi_accept on;

use epoll;

worker_connections 16384;

}

stream {

upstream kube_apiserver {

server 172.16.0.97:6443 weight=7 max_fails=1 fail_timeout=60s;

server 172.16.0.98:6443 weight=7 max_fails=1 fail_timeout=60s;

server 172.16.0.99:6443 weight=7 max_fails=1 fail_timeout=60s backup;

}

server {

listen 8443;

proxy_pass kube_apiserver;

proxy_timeout 10m;

proxy_connect_timeout 1s;

}

http {

aio threads;

aio_write on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 5m;

keepalive_requests 100;

reset_timedout_connection on;

server_tokens off;

autoindex off;

server {

listen 80;

location /stub_status {

stub_status on;

access_log off;

}

EOF

# 重启nginx

nginx -t

nginx -s reload

3、安装keepalived

# 安装keepalived服务

apt install -y keepalived

# keepalived 的配置文件中，局域网内的其它的keepalive master的virtual_router_id不能有冲突

# MASTER配置

cat <<EOF >/etc/keepalived/keepalived.conf

global_defs {

router_id KUB_LVS

}

vrrp_script CheckMaster {

script "/opt/chk_nginx.sh"

interval 3

weight -10

user root

}

vrrp_instance VI_1 {

state MASTER

interface ens34 # 一定要确认所在机器的网卡设备名称

virtual_router_id 21

priority 100

advert_int 1

nopreempt

authentication {

auth_type PASS

auth_pass 111111

}

virtual_ipaddress {

172.16.0.251/24 dev ens34 #定义的VIP地址，确认所在机器的网卡设备名称

}

track_script {

CheckMaster

}

EOF

# SLAVE配置

cat <<EOF >/etc/keepalived/keepalived.conf

global_defs {

router_id KUB_LVS

}

vrrp_script CheckMaster {

script "/opt/chk_nginx.sh"

interval 3

weight -10

user root

}

vrrp_instance VI_1 {

state BACKUP

interface ens34 # 一定要确认所在机器的网卡设备名称

virtual_router_id 21

priority 60

advert_int 1

nopreempt

authentication {

auth_type PASS

auth_pass 111111

}

virtual_ipaddress {

172.16.0.251/24 dev ens34 #定义的VIP地址，确认所在机器的网卡设备名称

}

track_script {

CheckMaster

}

EOF

# 配置检查脚本，两台安装keepalive的机器上都需要配置

cat <<EOF >/opt/chk_nginx.sh

#!/bin/bash

counter=`ps -C nginx --no-header | wc -l`

if [ $counter -eq 0 ]; then

systemctl start nginx

sleep 2

counter=`ps -C nginx --no-header | wc -l`

if [ $counter -eq 0 ]; then

systemctl stop keepalived

EOF

# 添加执行权限

chmod +x /opt/chk_nginx.sh

# 重启keepalive

systemctl enable keepalived --now

k8s 多master节点部署

1、添加hosts解析

# 集群中所有机器都要添加注：172.16.0.251是keepalive VIP地址

echo "172.16.0.251 k8s-apiserver" >> /etc/hosts

echo "172.16.0.97 demo-master-97" >> /etc/hosts

echo "172.16.0.98 demo-master-98" >> /etc/hosts

echo "172.16.0.99 demo-master-99" >> /etc/hosts

cat /etc/hosts

172.16.0.251 k8s-apiserver

172.16.0.97 demo-master-97

172.16.0.98 demo-master-98

172.16.0.99 demo-master-99

2、kubeadm初始化k8s集群

# 打印kubeadm配置文件，并输出到文件中

kubeadm config pring init-defaults > kubeadm-config.yaml

# 编辑配置文件(这是修改后的配置，和新打印的配置对比一下，缺的补上)

vim kubeadm-config.yaml

apiServer:

certSANs:

- 172.16.0.251

- 172.16.0.97

- 172.16.0.98

- 172.16.0.99

timeoutForControlPlane: 4m0s

apiVersion: kubeadm.k8s.io/v1beta2

certificatesDir: /etc/kubernetes/pki

clusterName: kubernetes

dns:

type: CoreDNS

etcd:

local:

dataDir: /var/lib/etcd

imageRepository: k8s.gcr.io

kind: ClusterConfiguration

kubernetesVersion: 1.21.0

controlPlaneEndpoint: k8s-apiserver:8443

imageRepository: registry.aliyuncs.com/google_containers

networking:

dnsDomain: cluster.local

podSubnet: 10.244.0.0/16

serviceSubnet: 10.96.0.0/12

---

apiVersion: kubeproxy.config.k8s.io/v1alpha1

kind: KubeProxyConfiguration

mode: ipvs

# 执行初始换命令（出现如下如内容，即为成功）

kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=SystemVerification

# 查看k8s资源

kubectl get nodes

3、扩容master节点

# 扩容节点创建目录

cd /root && mkdir -p /etc/kubernetes/pki/etcd && mkdir -p ~/.kube/

# 拷贝证书到扩容的master节点上

scp /etc/kubernetes/pki/ca.* demo-master-99:/etc/kubernetes/pki/

scp /etc/kubernetes/pki/sa.* demo-master-99:/etc/kubernetes/pki/

scp /etc/kubernetes/pki/front-proxy-ca.* demo-master-99:/etc/kubernetes/pki/

scp /etc/kubernetes/pki/etcd/ca.* demo-master-99:/etc/kubernetes/pki/etcd/

# 扩容节点执行加入集群操作

kubeadm join k8s-apiserver:8443 --token owe03c.fbed0qyleaxlc315 \

--discovery-token-ca-cert-hash sha256:24bb314f3ee819f19e2eaf255306dc37a58fe2a584ca56873a355be89b640dcf \

--control-plane \

--v=5

4、部署网络插件

# 进入脚本目录中

cd /home/dx/install/ubuntu-k8s-install/conf

# 部署网络插件flannel

kubectl apply -f kube-flannel.yml

# 查看资源部署情况

kubec get pod -n kube-sytem

5、部署dashboard控制台

# 进入脚本目录中

cd /home/dx/install/ubuntu-k8s-install/conf

# 部署控制台dashboard

kubectl apply -f dashboard.yaml

# 查看资源创建情况

kubectl get pod -n kubernetes-dashboard

# 获取登录token

kubectl get secret admin-user-token-6l84f -o jsonpath={.data.token} -n kubernetes-dashboard |base64 -d