#云原生征文# Kubeadm部署高可用k8S集群 原创 精华

发布于 2022-5-24 11:37
浏览
1收藏

👨🏻‍🎓博主介绍:大家好!我是李大白,一名运维容器运维工程师,热爱分享知识🌟
🌈擅长领域:云原生、数据库、自动化运维
🙏🏻如果本文章对小伙伴们有帮助的话,🍭关注+👍🏻点赞+🗣评论+📦收藏!
🤝如果在文章描述时如有错,恳请各位大佬指正,在此感谢!!!
🍂 落叶而知秋,博闻而强识!
📕 精品专栏:​​Harbor大白话(企业级)


一、部署说明

1.1 部署环境

​ 为在vmware workstation16 Pro中开通的Linux虚拟机作为安装主机。

【操作系统】:CentOS7.5

1.2 主机清单

IP地址 主机名 角色 备注
192.168.2.90 虚拟VIP地址 通过keepalived提供的虚拟VIP地址
192.168.2.91 master1 master
192.168.2.92 master2 master
192.168.2.93 master3 master
192.168.2.94 node1 node

**说明:**可根据自己的安装环境,使用Ctrl + F快捷键将对应的IP和主机名全局修改为自己的IP和主机名!

1.3 版本说明

​ 本处安装的是1.20.6版本的kubernetes集群,其它版本也可参考本篇文章。


二、主机初始化

2.1 配置yum仓库

配置阿里云镜像仓库

$ cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF 
$ yum clean all && yum makecache  && yum repolist
$ yum install -y vim net-tools  bash-completion wget lrzsz     #下载常用的软件

bash-completion:命令table键

2.2 配置hosts

# cat >> /etc/hosts << EOF
192.168.2.91 master1
192.168.2.92 master2
192.168.2.93 master3
192.168.2.94 node01
EOF

🐖:未配置会hosts在集群检测会出现以下警告:

[WARNING Hostname]: hostname “master02” could not be reached

[WARNING Hostname]: hostname “master02”: lookup master02 on 8.8.8.8:53: no such host

2.3 关闭selinux、swap、firewalld

$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'  /etc/selinux/config
$ swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
$ systemctl disable --now firewalld
$ yum remove  -y firewalld*
$ systemctl stop NetworkManager
$ systemctl disable NetworkManager         #关闭网络管理工具

2.4 配置时间同步(Chrony)

服务端(Master)

# yum install  -y  chrony 
# vim /etc/chrony.conf
server 127.127.1.0 iburst         #表示与本机IP同步时间,其他server注释或删除
allow 192.168.2.0/24   #指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器
local stratum 10    #不去同步任何人的时间。时间同步服务级别
# systemctl restart chronyd  &&  systemctl enable chronyd

客户端(Node)

# yum install chrony -y
# vim /etc/chrony.conf
server 服务端IP iburst
# systemctl restart chronyd  &&  systemctl enable chronyd
# chronyc sources  -v              #查看同步状态^*正常
chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.2.201                4   6   377    48  +1118us[+4139us] +/-   18ms
# date                                   //同时在所有主机敲date命令查看时间是否一致

2.5 内核升级

必须操作,内核太低会出现很多问题,需要上传kernel内核包进行安装升级

# grub2-install  /dev/sda 
# rpm -ivh  kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
# vim /etc/default/grub               //修改内核启动顺序
 GRUB_DEFAULT=0                          //GRUB_DEFAULT=saved中,将saved修改为0

重新编译内核启动文件

# grub2-mkconfig -o /boot/grub2/grub.cfg 

查看默认启动的内核

# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg 
0 : CentOS Linux (4.19.12-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-862.el7.x86_64) 7 (Core)
2 : CentOS Linux (0-rescue-35ac0fa1f7924eb18b1c0697c294d34d) 7 (Core)

重启主机后查看内核版本

# reboot 
# uname -r
4.19.12-1.el7.elrepo.x86_64

注:

​ 内核升级完成后需要重启主机,然后使用uname -r查看内核版本是否升级成功。

2.6 配置IPVS

​ 非必须操作,如果kube-proxy组件要使用IPVS模式,才需要配置IPVS。

# yum install  -y ipvsadm ipset sysstat conntrack libseccomp  
# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip "
for kernel_module in \${ipvs_modules}; do
  /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
  if [ $? -eq 0 ]; then
    /sbin/modprobe \${kernel_module}
  fi
done
EOF  
# chmod 755 /etc/sysconfig/modules/ipvs.modules 
# sh /etc/sysconfig/modules/ipvs.modules 
# lsmod | grep ip_vs

dummy0网卡和kube-ipvs0网卡:

在安装k8s集群时,启用了ipvs的话,就会有这两个网卡。(将service的IP绑定在kube-ipvs0网卡上)

2.7 内核环境参数

# cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF    
# sysctl -p

说明:

  • net.bridge.bridge-nf-call-iptables:开启桥设备内核监控(ipv4);

  • net.ipv4.ip_forward:开启路由转发;

  • net.bridge.bridge-nf-call-ip6tables:开启桥设备内核监控(ipv6);

以上3项为必须参数,其他参数可根据需要添加。

2.8 docker部署

# yum  install  docker-ce-19.03.8
# systemctl start docker && systemctl enable docker 
# cat >  /etc/docker/daemon.json <<EOF
{
    "registry-mirrors": ["https://xcg41ct3.mirror.aliyuncs.com"],        
    "exec-opts": ["native.cgroupdriver=systemd"]            
}
EOF    
# systemctl daemon-reload && systemctl restart docker.service

注:需要将docker的驱动器改为systemd才能与k8s的兼容

registry-mirrors:镜像仓库地址

docker部署后,通过ip addr命令可看到多了docker0的网卡。

2.9 安装kubelet、kubectl、kubeadm

Master和node均操作

# yum install  -y kubelet-1.20.6
# yum  install  -y kubectl-1.20.6    
# yum  install  -y kubeadm-1.20.6
# rpm  -qa |  grep kube
kubernetes-cni-0.8.7-0.x86_64
kubelet-1.20.6-0.x86_64
kubectl-1.20.6-0.x86_64
kubeadm-1.20.6-0.x86_64
# systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet

注:

​ 有安装顺序,否则会出现版本不一致情况。启动kubelet会出现报错,属于正常情况,初始化集群后就好了。

2.10 设置table键补全

​ 让命令可用自动table键进行补全,对新手无法记住命令提供很好的支持,所在主机进行该操作方可使用table补全。

  • Kubectl命令补全:
$ kubectl completion  bash >  /etc/bash_completion.d/kubelet
  • Kubeadm命令补全:
$ kubeadm  completion  bash >  /etc/bash_completion.d/kubeadm

三、Keepalived + Nginx提供高可用

使用keepalivedNginx实现kube-apiserver的高可用。

master1master2节点上安装keepalived服务来提供VIP实现负载均衡。Nginx服务则实现将来到VIP的请求转发到后端服务器组(kube-apiserver

3.1 安装nginx和keepalived

在master1和master2操作

$ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo   #配置epel源
$ yum install -y nginx keepalived
$ yum -y install nginx-all-modules.noarch #安装nginx的stream模块

nginx从1.9.0开始新增了steam模块,用来实现四层协议的转发、代理、负载均衡等。

二进制安装的nginx则在./configure时添加--with-stream参数来安装stream模块。

3.2 修改nginx配置文件

​ 在master1和master2的Nginx服务配置文件一样。

$ vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;   #自动设置nginx的工作进程数量
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;   #工作进程的连接数
}

# 四层负载均衡,为两台Master apiserver组件提供负载均衡
stream {
    log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
    access_log  /var/log/nginx/k8s-access.log  main;
    upstream k8s-apiserver {
       server 192.168.2.91:6443;   # Master1 APISERVER IP:PORT
       server 192.168.2.92:6443;   # Master2 APISERVER IP:PORT
       server 192.168.2.93:6443;  #master3的API-Server地址和端口
    }
    server {
       listen 16443;  #由于nginx与master节点复用,这个监听端口不能是6443,否则会冲突
       proxy_pass k8s-apiserver;
    }
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    server {
        listen       80 default_server;
        server_name  _;
        location / {
        }
    }
}
  • 检测nginx配置文件语法
$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

3.3 修改keepalived配置

​ 本处以master1为keepalived服务的主节点,master2为keepalived的备节点。主备节点的keepalived配置文件不一样。

  • 主节点(master1)
[root@master2 ~]# cat  /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     859281177@qq.com
   }
   router_id master1
}

vrrp_instance lidabai {
    state MASTER
    interface ens33
    mcast_src_ip:192.168.2.91 
    virtual_router_id 90
    priority 100
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.2.90/24  #虚拟VIP地址
    }
    track_script {
        chk_nginx
    }
}
##### 健康检查
vrrp_script chk_nginx {      
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    weight -20
}
  • 备节点(master2)
[root@master2 ~]# cat  /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     859281177@qq.com
   }
   router_id master2
}

vrrp_instance lidabai {
    state BACKUP
    interface ens33
    mcast_src_ip:192.168.2.92
    virtual_router_id 90
    priority 80
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.2.62/24
    }
    track_script {
    chk_nginx
    }
}
vrrp_script chk_nginx {
  script "/etc/keepalived/check_nginx.sh"
  interval 2
  weight -20
}

3.4 编写健康检查脚本

​ 在主备节点(master1和master2)同样操作。

$ vim /etc/keepalived/check_nginx.sh 
#!/bin/bash
#1、判断Nginx是否存活
counter=`ps -C nginx --no-header | wc -l`
if [ $counter -eq 0 ]; then
    #2、如果不存活则尝试启动Nginx
    service nginx start
    sleep 2
    #3、等待2秒后再次获取一次Nginx状态
    counter=`ps -C nginx --no-header | wc -l`
    #4、再次进行判断,如Nginx还不存活则停止Keepalived,让地址进行漂移
    if [ $counter -eq 0 ]; then
        service  keepalived stop
    fi
fi
$ chmod +x /etc/keepalived/check_nginx.sh 

3.5 启动服务

先启动master1和master2节点上的nginx服务,再启动keepalived服务

  • 启动nginx服务
[root@master1 ~]# systemctl enable --now nginx   #启动nginx服务并设置开机自启
[root@master2 ~]# systemctl enable --now nginx
[root@master1 ~]# systemctl status nginx.service 
[root@master2 ~]# systemctl status nginx.service
  • 启动keepalived服务
[root@master1 ~]# systemctl enable --now keepalived
[root@master2 ~]# systemctl enable --now keepalived
[root@master1 ~]# systemctl status keepalived.service

3.6 查看VIP

​ 在master1节点查看VIP是否成功绑定。

[root@master1 ~]# ip addr
......
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:f1:a3:65 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.91/24 brd 192.168.2.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.2.90/24 scope global secondary ens33     #VIP地址
       valid_lft forever preferred_lft forever
    inet6 fe80::80b0:1d7f:b5d4:19e8/64 scope link tentative dadfailed 
......

通过ifconfig是无法查看到VIP的,通过hostname -I命令也可以查看到VIP。


四、初始化kubernetes集群

4.1 检测安装环境

​ 检测主机环境是否达到集群的要求,可根据结果提示进行逐一排除故障。

kubeadm   init  --dry-run

4.2 创建集群初始化配置文件

​ 在master1上创建kubeadm-config.yaml文件,集群初始化时将会根据该文件内容进行初始化。

[root@master01]# vim kubeadm-config.yaml
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
certificatesDir: /etc/kubernetes/pki   #证书存放位置(必需)
clusterName: kubernetes   #集群名称(必需)
kubernetesVersion: v1.20.6   #kubernetes版本(必需)
imageRepository: registry.aliyuncs.com/google_containers  #镜像拉取位置(必需)
controlPlaneEndpoint: 192.168.2.90:16443  #为控制台设置一个稳定的 IP 地址或 DNS 名称(必需),多master集群中该值为VIP地址
etcd:    #etcd 数据库的配置(必需)
  local:
    dataDir: /var/lib/etcd
apiServer:   #必需
  timeoutForControlPlane: 4m0s
  certSANs:   #生成证书的机器
  - 192.168.2.90  #vip
  - 192.168.2.91  #master1
  - 192.168.2.92  #master2
  - 192.168.2.93  #master3
- 192.168.2.94  #node1
scheduler: {}  #必需
controllerManager: {} #必需
networking:  #网络拓扑配置(必需)
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16   #Pod网段
  serviceSubnet: 10.96.0.0/12   #service网段
dns:  #必需
  type: CoreDNS

---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind:  KubeProxyConfiguration
mode: ipvs

#云原生征文# Kubeadm部署高可用k8S集群-开源基础软件社区

4.3 初始化k8s集群

​ 在master1操作

[root@master1]# kubeadm init --config kubeadm-config.yaml

初始化流程:

  • 环境检查:检查安装环境是否满足安装要求;
  • 拉取镜像:拉取设置Kubernetes群集所需的镜像;
  • 证书生成:生成各个组件的证书并放到/etc/kubernetes/pki下;

看到以下内容则表示初始化操作成功完成:

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
##master节点加入集群的命令:
  kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
    --discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976 \
    --control-plane 

Then you can join any number of worker nodes by running the following on each as root:
## node节点加入集群的命令
kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
    --discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976 

4.4 master节点基础设置

​ 在初始化完成后,根据输出的提示信息对master节点进行一些基本的设置,设置完成后才可以实现对集群的管理操作。

在master1进行操作:

[root@master1 ~]# mkdir -p $HOME/.kube   #创建隐藏的工作目录
[root@master1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config   #拷贝集群管理配置文件
[root@master1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config   #设置配置文件权限
[root@master1 ~]# export KUBECONFIG=/etc/kubernetes/admin.conf  #设置环境变量
[root@master1 ~]# kubectl get nodes  #查看集群节点
NAME      STATUS     ROLES                  AGE   VERSION
master1   NotReady   control-plane,master   36m   v1.20.6

4.5 将master2加入集群

1)在master2上创建目录

$ cd /root && mkdir -p /etc/kubernetes/pki/etcd &&mkdir -p ~/.kube/

2)将master1上的证书拷贝到master2上

[root@master1 ~]# scp /etc/kubernetes/pki/ca.crt   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/ca.key   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/sa.key   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/sa.pub   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/front-proxy-ca.crt   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/front-proxy-ca.key   master2:/etc/kubernetes/pki/
[root@master1 ~]# scp /etc/kubernetes/pki/etcd/ca.crt   master2:/etc/kubernetes/pki/etcd/
[root@master1 ~]# scp /etc/kubernetes/pki/etcd/ca.key   master2:/etc/kubernetes/pki/etcd/

​ 根据集群初始化完成的输出提示,复制master加入集群的命令到master2和master3执行:

$ kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2 \
 --discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976 \
 --control-plane

–control-plane参数表示加入的主机是master节点,不加则是加入node节点到集群。

出现以下表示master2加入集群成功:

This node has joined the cluster and a new control plane instance was created:

* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Control plane (master) label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.

To start administering your cluster from this node, you need to run the following as a regular user:

	mkdir -p $HOME/.kube
	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config

Run 'kubectl get nodes' to see this node join the cluster.

3)master2基础设置

​ 根据输出结果提示执行以下命令:

[root@master2 ~]# mkdir -p $HOME/.kube
[root@master2 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master2 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master2 ~]# kubectl get nodes
NAME      STATUS     ROLES                  AGE    VERSION
master1   NotReady   control-plane,master   40m    v1.20.6
master2   NotReady   control-plane,master   119s   v1.20.6

​ 可以看到master2成功加入集群。

4.6 将master3加入集群

​ 操作和将master2加入集群一致

4.7 将node1节点加入集群

​ 将master加入集群的命令去掉 ---control-plane参数后复制到node节点执行

$ kubeadm join 192.168.2.90:16443 --token 3sjroi.5x3j6j4clvx1jan2   --discovery-token-ca-cert-hash sha256:beb95fb20c4a026555aaaed917b967a233f3ab2ebe8cfb1a5361951685ef4976

五、安装插件

5.1 安装Calico网络插件

​ Calico的版本和kubernetes的版本是有对应关系的,1.20.6的k8s安装Calico 3.20.x以上的版本会报错,本处安装的是3.18.5版本的Calico。

  • 查看集群状态
[root@master1 ~]# kubectl get nodes
NAME      STATUS     ROLES           AGE     VERSION
master1   NotReady   control-plane,master   63m     v1.20.6
master2   NotReady   control-plane,master   24m     v1.20.6
master3   NotReady   control-plane,master   6m36s    v1.20.6
node1    NotReady   <none>             85s     v1.20.6

​ 可以看到STATUS的状态还是NotReady状态,说明集群还是无法正常使用的,需要安装Calico网络插件和CoreDNS域名解析插件才可以正常使用。

  • 下载资源清单

​ 默认下载的是最新的Calico版本,3.18.5版本的下载地址:https://ost.51cto.com/resource/1991

[root@master1 ~]# wget  https://docs.projectcalico.org/manifests/calico.yaml  --no-check-certificate
  • 查看Calico版本
[root@master1 ~]# grep image: calico-3.18.5.yaml 
          image: docker.io/calico/cni:v3.18.5
          image: docker.io/calico/cni:v3.18.5
          image: docker.io/calico/pod2daemon-flexvol:v3.18.5
          image: docker.io/calico/node:v3.18.5
          image: docker.io/calico/kube-controllers:v3.18.5
  • 更新资源清单
[root@master1 ~]# kubectl apply -f calico-3.18.5.yaml 
  • 查看Calico服务状态
[root@master1 ~]# kubectl -n kube-system  get pods -owide |  grep calico
calico-kube-controllers-755f6449f-jnc94   1/1     Running   0          8m7s   10.244.166.130   node1     <none>           <none>
calico-node-dv9ss                         1/1     Running   0          8m7s   192.168.2.92     master2   <none>           <none>
calico-node-ncqm2                         1/1     Running   0          8m7s   192.168.2.93     master3   <none>           <none>
calico-node-vmtwc                         1/1     Running   0          8m7s   192.168.2.91     master1   <none>           <none>
calico-node-ztnnd                         1/1     Running   0          8m7s   192.168.2.94     node1     <none>           <none>

Calico服务状态都正常!

5.2 安装CoreDNS域名解析插件

​ 在kubeadm安装的k8s集群中,安装Calico网络插件后会自动安装CoreDNS插件。

5.3 安装Metrics数据采集插件

​ metrics-server 是一个集群范围内的资源数据集和工具,同样的,metrics-server 也只是显示数据,并不提供数据存储服务,主要关注的是资源度量 API 的实现,比如 CPU、文件描述符、内存、请求延时等指标,metric-server 收集数据给 k8s 集群内使用,如 kubectl,hpa,scheduler 等!

1)修改apiserver配置

​ 生产环境多master要逐个修改

$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.2.91:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.2.91
    - --allow-privileged=true
    - --enable-aggregator-routing=true   #添加该行内容,其它不变

2)重新更新 apiserver 配置

$ kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml

然后将旧的Pod删除!

3)下载Metrics的资源清单文件

​ 资源清单文件和镜像下载地址:https://ost.51cto.com/resource/1992

[root@master1 ~]# grep  image: metrics.yaml 
        image: k8s.gcr.io/metrics-server-amd64:v0.3.6
        image: k8s.gcr.io/addon-resizer:1.8.4
[root@master1 ~]# kubectl apply -f metrics.yaml   #更新资源
[root@master1 ~]# kubectl -n kube-system  get  pods  -owide |  grep metrics
metrics-server-6595f875d6-kfmx7           0/2     ContainerCreating   0          17s    <none>           node1     <none>           <none>

4)导入镜像

​ 查看Pod被调度到哪个节点就在哪个节点导入镜像。

[root@node1 ~]# docker load  -i metrics-server-amd64-0-3-6.tar.gz 
932da5156413: Loading layer [==================================================>]  3.062MB/3.062MB
7bf3709d22bb: Loading layer [==================================================>]  38.13MB/38.13MB
Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@node1 ~]# docker  load -i addon.tar.gz 
8a788232037e: Loading layer [==================================================>]   1.37MB/1.37MB
cd05ae2f58b4: Loading layer [==================================================>]   37.2MB/37.2MB
Loaded image: k8s.gcr.io/addon-resizer:1.8.4

5)查看metrics服务状态

[root@master1 ~]# kubectl -n kube-system  get  pods   |  grep metrics
metrics-server-6595f875d6-kfmx7           2/2     Running   0          3m37s

​ 服务状态正常!

6)查看集群资源

[root@master1 ~]# kubectl top nodes
NAME      CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
master1   121m         6%     1188Mi     64%       
master2   121m         6%     1093Mi     58%       
master3   128m         6%     1101Mi     59%       
node1     72m         3%     768Mi     41% 
[root@master1 ~]# kubectl -n kube-system top pods |  grep metrics
metrics-server-6595f875d6-kfmx7           1m           19Mi 

六、验证

​ 验证集群是否可以正常使用。

6.1 测试coredns是否正常

[root@master1 ~]# docker  pull busybox:1.28   #下载镜像
[root@master1 ~]#  kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh
/ #  nslookup kubernetes.default.svc.cluster.local
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default.svc.cluster.local
Address 1:  10.96.0.1 kubernetes.default.svc.cluster.local   #正常! 

【本文正在参加云原生有奖征文活动】,活动链接:https://ost.51cto.com/posts/12598

©著作权归作者所有,如需转载,请注明出处,否则将追究法律责任
分类
【2】Kubeadm部署高可用K8S集群.pdf 416.62K 5次下载
2
收藏 1
回复
举报
回复
添加资源
添加资源将有机会获得更多曝光,你也可以直接关联已上传资源 去关联
    相关推荐