回复
#云原生征文# Kubeadm部署高可用k8S集群 原创 精华
键客李大白
发布于 2022-5-24 11:37
浏览
1收藏
👨🏻🎓博主介绍:大家好!我是李大白,一名运维容器运维工程师,热爱分享知识🌟
🌈擅长领域:云原生、数据库、自动化运维
🙏🏻如果本文章对小伙伴们有帮助的话,🍭关注+👍🏻点赞+🗣评论+📦收藏!
🤝如果在文章描述时如有错,恳请各位大佬指正,在此感谢!!!
🍂 落叶而知秋,博闻而强识!
📕 精品专栏:Harbor大白话(企业级)
一、部署说明
1.1 部署环境
为在vmware workstation16 Pro中开通的Linux虚拟机作为安装主机。
【操作系统】:CentOS7.5
1.2 主机清单
| IP地址 | 主机名 | 角色 | 备注 |
|---|---|---|---|
| 192.168.2.90 | 虚拟VIP地址 | 通过keepalived提供的虚拟VIP地址 | |
| 192.168.2.91 | master1 | master | |
| 192.168.2.92 | master2 | master | |
| 192.168.2.93 | master3 | master | |
| 192.168.2.94 | node1 | node |
**说明:**可根据自己的安装环境,使用
Ctrl + F快捷键将对应的IP和主机名全局修改为自己的IP和主机名!
1.3 版本说明
本处安装的是1.20.6版本的kubernetes集群,其它版本也可参考本篇文章。
二、主机初始化
2.1 配置yum仓库
配置阿里云镜像仓库
$ cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
$ yum clean all && yum makecache && yum repolist
$ yum install -y vim net-tools bash-completion wget lrzsz #下载常用的软件
bash-completion:命令table键
2.2 配置hosts
# cat >> /etc/hosts << EOF
192.168.2.91 master1
192.168.2.92 master2
192.168.2.93 master3
192.168.2.94 node01
EOF
🐖:未配置会hosts在集群检测会出现以下警告:
[WARNING Hostname]: hostname “master02” could not be reached
[WARNING Hostname]: hostname “master02”: lookup master02 on 8.8.8.8:53: no such host
2.3 关闭selinux、swap、firewalld
$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
$ swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
$ systemctl disable --now firewalld
$ yum remove -y firewalld*
$ systemctl stop NetworkManager
$ systemctl disable NetworkManager #关闭网络管理工具
2.4 配置时间同步(Chrony)
服务端(Master)
# yum install -y chrony
# vim /etc/chrony.conf
server 127.127.1.0 iburst #表示与本机IP同步时间,其他server注释或删除
allow 192.168.2.0/24 #指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器
local stratum 10 #不去同步任何人的时间。时间同步服务级别
# systemctl restart chronyd && systemctl enable chronyd
客户端(Node)
# yum install chrony -y
# vim /etc/chrony.conf
server 服务端IP iburst
# systemctl restart chronyd && systemctl enable chronyd
# chronyc sources -v #查看同步状态^*正常
chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.2.201 4 6 377 48 +1118us[+4139us] +/- 18ms
# date //同时在所有主机敲date命令查看时间是否一致
2.5 内核升级
必须操作,内核太低会出现很多问题,需要上传kernel内核包进行安装升级
# grub2-install /dev/sda
# rpm -ivh kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
# vim /etc/default/grub //修改内核启动顺序
GRUB_DEFAULT=0 //GRUB_DEFAULT=saved中,将saved修改为0
重新编译内核启动文件
# grub2-mkconfig -o /boot/grub2/grub.cfg
查看默认启动的内核
# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
0 : CentOS Linux (4.19.12-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-862.el7.x86_64) 7 (Core)
2 : CentOS Linux (0-rescue-35ac0fa1f7924eb18b1c0697c294d34d) 7 (Core)
重启主机后查看内核版本
# reboot
# uname -r
4.19.12-1.el7.elrepo.x86_64
注:
内核升级完成后需要重启主机,然后使用uname -r查看内核版本是否升级成功。
2.6 配置IPVS
非必须操作,如果kube-proxy组件要使用IPVS模式,才需要配置IPVS。
# yum install -y ipvsadm ipset sysstat conntrack libseccomp
# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip "
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
# chmod 755 /etc/sysconfig/modules/ipvs.modules
# sh /etc/sysconfig/modules/ipvs.modules
# lsmod | grep ip_vs
dummy0网卡和kube-ipvs0网卡:在安装k8s集群时,启用了ipvs的话,就会有这两个网卡。(将service的IP绑定在kube-ipvs0网卡上)
2.7 内核环境参数
# cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# sysctl -p
说明:
net.bridge.bridge-nf-call-iptables:开启桥设备内核监控(ipv4);
net.ipv4.ip_forward:开启路由转发;
net.bridge.bridge-nf-call-ip6tables:开启桥设备内核监控(ipv6);
以上3项为必须参数,其他参数可根据需要添加。
2.8 docker部署
# yum install docker-ce-19.03.8
# systemctl start docker && systemctl enable docker
# cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://xcg41ct3.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# systemctl daemon-reload && systemctl restart docker.service
注:需要将docker的驱动器改为systemd才能与k8s的兼容
registry-mirrors:镜像仓库地址
docker部署后,通过ip addr命令可看到多了docker0的网卡。
2.9 安装kubelet、kubectl、kubeadm
Master和node均操作
# yum install -y kubelet-1.20.6
# yum install -y kubectl-1.20.6
# yum install -y kubeadm-1.20.6
# rpm -qa | grep kube
kubernetes-cni-0.8.7-0.x86_64
kubelet-1.20.6-0.x86_64
kubectl-1.20.6-0.x86_64
kubeadm-1.20.6-0.x86_64
# systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet
注:
有安装顺序,否则会出现版本不一致情况。启动kubelet会出现报错,属于正常情况,初始化集群后就好了。
2.10 设置table键补全
让命令可用自动table键进行补全,对新手无法记住命令提供很好的支持,所在主机进行该操作方可使用table补全。
- Kubectl命令补全:
$ kubectl completion bash > /etc/bash_completion.d/kubelet
- Kubeadm命令补全:
$ kubeadm completion bash > /etc/bash_completion.d/kubeadm
三、Keepalived + Nginx提供高可用
使用
keepalived和Nginx实现kube-apiserver的高可用。在master1和master2节点上安装
keepalived服务来提供VIP实现负载均衡。Nginx服务则实现将来到VIP的请求转发到后端服务器组(kube-apiserver)
3.1 安装nginx和keepalived
在master1和master2操作
$ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #配置epel源
$ yum install -y nginx keepalived
$ yum -y install nginx-all-modules.noarch #安装nginx的stream模块
nginx从
1.9.0开始新增了steam模块,用来实现四层协议的转发、代理、负载均衡等。二进制安装的nginx则在
./configure时添加--with-stream参数来安装stream模块。
3.2 修改nginx配置文件
在master1和master2的Nginx服务配置文件一样。
$ vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto; #自动设置nginx的工作进程数量
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024; #工作进程的连接数
}
# 四层负载均衡,为两台Master apiserver组件提供负载均衡
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.2.91:6443; # Master1 APISERVER IP:PORT
server 192.168.2.92:6443; # Master2 APISERVER IP:PORT
server 192.168.2.93:6443; #master3的API-Server地址和端口
}
server {
listen 16443; #由于nginx与master节点复用,这个监听端口不能是6443,否则会冲突
proxy_pass k8s-apiserver;
}
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
server_name _;
location / {
}
}
}
- 检测nginx配置文件语法
$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
3.3 修改keepalived配置
本处以master1为keepalived服务的主节点,master2为keepalived的备节点。主备节点的keepalived配置文件不一样。
- 主节点(master1)
[root@master2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
859281177@qq.com
}
router_id master1
}
vrrp_instance lidabai {
state MASTER
interface ens33
mcast_src_ip:192.168.2.91
virtual_router_id 90
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.90/24 #虚拟VIP地址
}
track_script {
chk_nginx
}
}
##### 健康检查
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight -20
}
- 备节点(master2)
[root@master2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
859281177@qq.com
}
router_id master2
}
vrrp_instance lidabai {
state BACKUP
interface ens33
mcast_src_ip:192.168.2.92
virtual_router_id 90
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.62/24
}
track_script {
chk_nginx
}
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight -20
}
3.4 编写健康检查脚本
在主备节点(master1和master2)同样操作。
$ vim /etc/keepalived/check_nginx.sh
#!/bin/bash
#1、判断Nginx是否存活
counter=`ps -C nginx --no-header | wc -l`
if [ $counter -eq 0 ]; then
#2、如果不存活则尝试启动Nginx
service nginx start
sleep 2
#3、等待2秒后再次获取一次Nginx状态
counter=`ps -C nginx --no-header | wc -l`
#4、再次进行判断,如Nginx还不存活则停止Keepalived,让地址进行漂移
if [ $counter -eq 0 ]; then
service keepalived stop
fi
fi
$ chmod +x /etc/keepalived/check_nginx.sh
3.5 启动服务
先启动master1和master2节点上的nginx服务,再启动keepalived服务
- 启动nginx服务
[root@master1 ~]# systemctl enable --now nginx #启动nginx服务并设置开机自启
[root@master2 ~]# systemctl enable --now nginx
[root@master1 ~]# systemctl status nginx.service
[root@master2 ~]# systemctl status nginx.service
- 启动keepalived服务
[root@master1 ~]# systemctl enable --now keepalived
[root@master2 ~]# systemctl enable --now keepalived
[root@master1 ~]# systemctl status keepalived.service
3.6 查看VIP
在master1节点查看VIP是否成功绑定。
[root@master1 ~]# ip addr
......
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f1:a3:65 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.91/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.90/24 scope global secondary ens33 #VIP地址
valid_lft forever preferred_lft forever
inet6 fe80::80b0:1d7f:b5d4:19e8/64 scope link tentative dadfailed
......
通过ifconfig是无法查看到VIP的,通过
hostname -I命令也可以查看到VIP。
四、初始化kubernetes集群
4.1 检测安装环境
检测主机环境是否达到集群的要求,可根据结果提示进行逐一排除故障。
kubeadm init --dry-run
4.2 创建集群初始化配置文件
在master1上创建kubeadm-config.yaml文件,集群初始化时将会根据该文件内容进行初始化。
[root@master01]# vim kubeadm-config.yaml
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
certificatesDir: /etc/kubernetes/pki #证书存放位置(必需)
clusterName: kubernetes #集群名称(必需)
kubernetesVersion: v1.20.6 #kubernetes版本(必需)
imageRepository: registry.aliyuncs.com/google_containers #镜像拉取位置(必需)
controlPlaneEndpoint: 192.168.2.90:16443 #为控制台设置一个稳定的 IP 地址或 DNS 名称(必需),多master集群中该值为VIP地址
etcd: #etcd 数据库的配置(必需)
local:
dataDir: /var/lib/etcd
apiServer: #必需
timeoutForControlPlane: 4m0s
certSANs: #生成证书的机器
- 192.168.2.90 #vip
- 192.168.2.91 #master1
- 192.168.2.92 #master2
- 192.168.2.93 #master3
- 192.168.2.94 #node1
scheduler: {} #必需
controllerManager: {} #必需
networking: #网络拓扑配置(必需)
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 #Pod网段
serviceSubnet: 10.96.0.0/12 #service网段
dns: #必需
type: CoreDNS
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
4.3 初始化k8s集群
在master1操作
[root@master1]# kubeadm init --config kubeadm-config.yaml
初始化流程:
- 环境检查:检查安装环境是否满足安装要求;
- 拉取镜像:拉取设置Kubernetes群集所需的镜像;
- 证书生成:生成各个组件的证书并放到
/etc/kubernetes/pki下;
看到以下内容则表示初始化操作成功完成:
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
##master节点加入集群的命令:
kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
--discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
## node节点加入集群的命令
kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
--discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976
4.4 master节点基础设置
在初始化完成后,根据输出的提示信息对master节点进行一些基本的设置,设置完成后才可以实现对集群的管理操作。
在master1进行操作:
[root@master1 ~]# mkdir -p $HOME/.kube #创建隐藏的工作目录
[root@master1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config #拷贝集群管理配置文件
[root@master1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config #设置配置文件权限
[root@master1 ~]# export KUBECONFIG=/etc/kubernetes/admin.conf #设置环境变量
[root@master1 ~]# kubectl get nodes #查看集群节点
NAME STATUS ROLES AGE VERSION
master1 NotReady control-plane,master 36m v1.20.6
4.5 将master2加入集群
1)在master2上创建目录
$ cd /root && mkdir -p /etc/kubernetes/pki/etcd &&mkdir -p ~/.kube/
2)将master1上的证书拷贝到master2上
[root@master1 ~]# scp /etc/kubernetes/pki/ca.crt master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/ca.key master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/sa.key master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/sa.pub master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/front-proxy-ca.crt master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/front-proxy-ca.key master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/etcd/ca.crt master2:/etc/kubernetes/pki/etcd/
[root@master1 ~]# scp /etc/kubernetes/pki/etcd/ca.key master2:/etc/kubernetes/pki/etcd/
根据集群初始化完成的输出提示,复制master加入集群的命令到master2和master3执行:
$ kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
--discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976 \
--control-plane
–control-plane参数表示加入的主机是master节点,不加则是加入node节点到集群。
出现以下表示master2加入集群成功:
This node has joined the cluster and a new control plane instance was created:
* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Control plane (master) label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.
To start administering your cluster from this node, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Run 'kubectl get nodes' to see this node join the cluster.
3)master2基础设置
根据输出结果提示执行以下命令:
[root@master2 ~]# mkdir -p $HOME/.kube
[root@master2 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master2 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master2 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 NotReady control-plane,master 40m v1.20.6
master2 NotReady control-plane,master 119s v1.20.6
可以看到master2成功加入集群。
4.6 将master3加入集群
操作和将master2加入集群一致
4.7 将node1节点加入集群
将master加入集群的命令去掉 ---control-plane参数后复制到node节点执行
$ kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 --discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976
五、安装插件
5.1 安装Calico网络插件
Calico的版本和kubernetes的版本是有对应关系的,1.20.6的k8s安装Calico 3.20.x以上的版本会报错,本处安装的是3.18.5版本的Calico。
- 查看集群状态
[root@master1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 NotReady control-plane,master 63m v1.20.6
master2 NotReady control-plane,master 24m v1.20.6
master3 NotReady control-plane,master 6m36s v1.20.6
node1 NotReady <none> 85s v1.20.6
可以看到STATUS的状态还是NotReady状态,说明集群还是无法正常使用的,需要安装Calico网络插件和CoreDNS域名解析插件才可以正常使用。
- 下载资源清单
默认下载的是最新的Calico版本,3.18.5版本的下载地址:https://ost.51cto.com/resource/1991
[root@master1 ~]# wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
- 查看Calico版本
[root@master1 ~]# grep image: calico-3.18.5.yaml
image: docker.io/calico/cni:v3.18.5
image: docker.io/calico/cni:v3.18.5
image: docker.io/calico/pod2daemon-flexvol:v3.18.5
image: docker.io/calico/node:v3.18.5
image: docker.io/calico/kube-controllers:v3.18.5
- 更新资源清单
[root@master1 ~]# kubectl apply -f calico-3.18.5.yaml
- 查看Calico服务状态
[root@master1 ~]# kubectl -n kube-system get pods -owide | grep calico
calico-kube-controllers-755f6449f-jnc94 1/1 Running 0 8m7s 10.244.166.130 node1 <none> <none>
calico-node-dv9ss 1/1 Running 0 8m7s 192.168.2.92 master2 <none> <none>
calico-node-ncqm2 1/1 Running 0 8m7s 192.168.2.93 master3 <none> <none>
calico-node-vmtwc 1/1 Running 0 8m7s 192.168.2.91 master1 <none> <none>
calico-node-ztnnd 1/1 Running 0 8m7s 192.168.2.94 node1 <none> <none>
Calico服务状态都正常!
5.2 安装CoreDNS域名解析插件
在kubeadm安装的k8s集群中,安装Calico网络插件后会自动安装CoreDNS插件。
5.3 安装Metrics数据采集插件
metrics-server 是一个集群范围内的资源数据集和工具,同样的,metrics-server 也只是显示数据,并不提供数据存储服务,主要关注的是资源度量 API 的实现,比如 CPU、文件描述符、内存、请求延时等指标,metric-server 收集数据给 k8s 集群内使用,如 kubectl,hpa,scheduler 等!
1)修改apiserver配置
生产环境多master要逐个修改
$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.2.91:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=192.168.2.91
- --allow-privileged=true
- --enable-aggregator-routing=true #添加该行内容,其它不变
2)重新更新 apiserver 配置
$ kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml
然后将旧的Pod删除!
3)下载Metrics的资源清单文件
资源清单文件和镜像下载地址:https://ost.51cto.com/resource/1992
[root@master1 ~]# grep image: metrics.yaml
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
image: k8s.gcr.io/addon-resizer:1.8.4
[root@master1 ~]# kubectl apply -f metrics.yaml #更新资源
[root@master1 ~]# kubectl -n kube-system get pods -owide | grep metrics
metrics-server-6595f875d6-kfmx7 0/2 ContainerCreating 0 17s <none> node1 <none> <none>
4)导入镜像
查看Pod被调度到哪个节点就在哪个节点导入镜像。
[root@node1 ~]# docker load -i metrics-server-amd64-0-3-6.tar.gz
932da5156413: Loading layer [==================================================>] 3.062MB/3.062MB
7bf3709d22bb: Loading layer [==================================================>] 38.13MB/38.13MB
Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@node1 ~]# docker load -i addon.tar.gz
8a788232037e: Loading layer [==================================================>] 1.37MB/1.37MB
cd05ae2f58b4: Loading layer [==================================================>] 37.2MB/37.2MB
Loaded image: k8s.gcr.io/addon-resizer:1.8.4
5)查看metrics服务状态
[root@master1 ~]# kubectl -n kube-system get pods | grep metrics
metrics-server-6595f875d6-kfmx7 2/2 Running 0 3m37s
服务状态正常!
6)查看集群资源
[root@master1 ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master1 121m 6% 1188Mi 64%
master2 121m 6% 1093Mi 58%
master3 128m 6% 1101Mi 59%
node1 72m 3% 768Mi 41%
[root@master1 ~]# kubectl -n kube-system top pods | grep metrics
metrics-server-6595f875d6-kfmx7 1m 19Mi
六、验证
验证集群是否可以正常使用。
6.1 测试coredns是否正常
[root@master1 ~]# docker pull busybox:1.28 #下载镜像
[root@master1 ~]# kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh
/ # nslookup kubernetes.default.svc.cluster.local
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes.default.svc.cluster.local
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local #正常!
【本文正在参加云原生有奖征文活动】,活动链接:https://ost.51cto.com/posts/12598
©著作权归作者所有,如需转载,请注明出处,否则将追究法律责任
分类
【2】Kubeadm部署高可用K8S集群.pdf 416.62K 36次下载
赞
2
收藏 1
回复
相关推荐
