1、Master高可用
其他 master 加⼊集群时,输⼊如下命令 如:必要⾼可⽤时,⼜克隆了 master02 、 03... 等,那么这些节点都执⾏下⾯的命令 留意: 每个主机的 token 值是不⼀样的,下⾯是我192.168.15.11 (master)主机的 token 值,这是集群初始化⽣成的代码,必要在当时记录下来。 - kubeadm join 192.168.15.11:6443 --token
- 7t2weq.bjbawausm0jaxury \
- --discovery-token-ca-cert-hash \
- sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
- 94c6f88f634a6b1250a2f \
- --control-plane --certificate-key \
- 80fcc505867ccbc6550c18ed11f40e64ecf486d626403823f5
- 48dda65c19953d
复制代码 2、Token 逾期处置惩罚 留意: * * 以下步骤是上述初始化命令产⽣的 Token 逾期了才必要执⾏以下步骤,假如没有逾期不必要执⾏,直接 join 即可。 **Token 逾期后⽣成新的 token kubeadm token create --print-join-command Master 必要⽣成 --certificate-key : kubeadm init phase upload-certs --upload-certs 3、、Node 节点设置 Node 节点上主要部署公司的⼀些业务应⽤,⽣产情况中不发起 Master 节点部署系统组件之外的其他 Pod ,测试情况可以答应 Master 节点部署 Pod 以节流系统资源。 ( 1 ) node 加⼊集群 - [root@k8s-node01 ~]# kubeadm join
- 192.168.15.11:6443 --token 7t2weq.bjbawausm0jaxury
- \ # node01通过复制master初始化⽣成的token来加⼊集群
- > --discovery-token-ca-cert-hash \
- >
- sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
- 94c6f88f634a6b1250a2f
- [preflight] Running pre-flight checks
- [preflight] Reading configuration from the
- cluster...
- [preflight] FYI: You can look at this config file
- with 'kubectl -n kube-system get cm kubeadm-config
- -o yaml'
- [kubelet-start] Writing kubelet configuration to
- file "/var/lib/kubelet/config.yaml"
- [kubelet-start] Writing kubelet environment file
- with flags to file "/var/lib/kubelet/kubeadmflags.env"
- [kubelet-start] Starting the kubelet
- [kubelet-start] Waiting for the kubelet to perform
- the TLS Bootstrap...
- This node has joined the cluster:
- * Certificate signing request was sent to
- apiserver and a response was received.
- * The Kubelet was informed of the new secure
- connection details.
- Run 'kubectl get nodes' on the control-plane to
- see this node join the cluster.
- # 正确加⼊集群后的输出信息
复制代码 ( 2 )检察集群状态 master 上检察集群状态( NotReady 不影响) - [root@k8s-master ~]# kubectl get node # 获取所有节
- 点信息
- NAME STATUS ROLES AGE
- VERSION
- k8s-master NotReady control-plane 35m
- v1.28.2
- k8s-node01 NotReady <none> 6m39s
- v1.28.2
- k8s-node02 NotReady <none> 7m27s
- v1.28.2
复制代码 4、Calico 组件安装 ( 1 )切换 git 分⽀ - [root@k8s-master ~]# cd /root/k8s-ha-install &&
- git checkout manual-installation-v1.28.x && cd
- calico/
- 分⽀ 'manual-installation-v1.28.x' 设置为跟踪
- 'origin/manual-installation-v1.28.x'。
- 切换到⼀个新分⽀ 'manual-installation-v1.28.x'
复制代码 ( 2 )修改 Pod ⽹段 - [root@k8s-master calico]# POD_SUBNET=`cat
- /etc/kubernetes/manifests/kube-controllermanager.yaml | grep cluster-cidr= | awk -F=
- '{print $NF}'` # 获取已定义的Pod⽹段
- [root@k8s-master calico]# sed -i
- "s#POD_CIDR#${POD_SUBNET}#g" calico.yaml # 修改
- calico.yml⽂件中的pod⽹段
- [root@k8s-master calico]# kubectl apply -f
- calico.yaml # 创建calico的pod
复制代码 ( 3 )检察容器和节点状态 - [root@k8s-master calico]# kubectl get po -n kubesystem
- NAME READY
- STATUS RESTARTS AGE
- calico-kube-controllers-6d48795585-wj8g5 1/1
- Running 0 130m
- calico-node-bk4p5 1/1
- Running 0 130m
- calico-node-kmsh7 1/1
- Running 0 130m
- calico-node-qthgh 1/1
- Running 0 130m
- coredns-6554b8b87f-jdc2b 1/1
- Running 0 133m
- coredns-6554b8b87f-thftb 1/1
- Running 0 133m
- etcd-master 1/1
- Running 0 133m
- kube-apiserver-master 1/1
- Running 0 133m
- kube-controller-manager-master 1/1
- Running 0 133m
- kube-proxy-46j4z 1/1
- Running 0 131m
- kube-proxy-8g887 1/1
- Running 0 133m
- kube-proxy-vwp27 1/1
- Running 0 131m
- kube-scheduler-master 1/1
- Running 0 133m
- [root@k8s-master calico]# kubectl get node # 此
- 时节点全部准备完成
- NAME STATUS ROLES AGE
- VERSION
- k8s-master Ready control-plane 40m
- v1.28.2
- k8s-node01 Ready <none> 12m
- v1.28.2
- k8s-node02 Ready <none> 12m
- v1.28.2
复制代码 5、Metrics 部署 在新版的 Kubernetes 中系统资源的采集均使⽤ Metrics-server ,可以通过 Metrics 采集节点和 Pod 的内存、磁盘、 CPU 和⽹络的使⽤率。 ( 1 )复制证书到全部 node 节点 将 master 节点的 front-proxy-ca.crt 复制到全部 Node 节点,每有⼀个节点执⾏⼀次,仅需修改命令内的 node 节点主机名即可。 - [root@k8s-master calico]# scp
- /etc/kubernetes/pki/front-proxy-ca.crt k8snode01:/etc/kubernetes/pki/front-proxy-ca.crt #
- 向node01节点发送代理证书
- front-proxy-ca.crt
- 100% 1123 937.0KB/s 00:00
- [root@k8s-master calico]# scp
- /etc/kubernetes/pki/front-proxy-ca.crt k8snode02:/etc/kubernetes/pki/front-proxy-ca.crt #
- 向node02节点发送代理证书
- front-proxy-ca.crt
- 100% 1123 957.4KB/s 00:00
- # 若有其他node节点,按照格式执⾏下⾯命令,这⾥不⽤执⾏,因
- 为node只有两台主机
- [root@k8s-master calico]# scp
- /etc/kubernetes/pki/front-proxy-ca.crt k8snode03:/etc/kubernetes/pki/front-proxy-ca.crt
复制代码 ( 2 )安装 metrics server - [root@k8s-master calico]# cd /root/k8s-hainstall/kubeadm-metrics-server
- [root@k8s-master kubeadm-metrics-server]# kubectl
- create -f comp.yaml # 添加metric server的pod资源
- serviceaccount/metrics-server created
- clusterrole.rbac.authorization.k8s.io/system:aggre
- gated-metrics-reader created
- clusterrole.rbac.authorization.k8s.io/system:metri
- cs-server created
- rolebinding.rbac.authorization.k8s.io/metricsserver-auth-reader created
- clusterrolebinding.rbac.authorization.k8s.io/metri
- cs-server:system:auth-delegator created
- clusterrolebinding.rbac.authorization.k8s.io/syste
- m:metrics-server created
- service/metrics-server created
- deployment.apps/metrics-server created
- apiservice.apiregistration.k8s.io/v1beta1.metrics.
- k8s.io created
复制代码 ( 3 )检察 metrics server 状态 - [root@master kubeadm-metrics-server]# kubectl get
- po -n kube-system -l k8s-app=metrics-server # 在
- kube-system命名空间下查看metrics server的pod运⾏状态
- NAME READY STATUS
- RESTARTS AGE
- metrics-server-8df99c47f-mkbfd 1/1 Running
- 0 34s
- [root@master kubeadm-metrics-server]# kubectl top
- node # 查看node节点的系统资源使⽤情况
- NAME CPU(cores) CPU% MEMORY(bytes)
- MEMORY%
- k8s-node01 51m 1% 831Mi
- 23%
- k8s-node02 55m 1% 931Mi
- 25%
- master 107m 2% 1412Mi
- 39%
- [root@master kubeadm-metrics-server]# kubectl top
- po -A
- NAMESPACE NAME
- CPU(cores) MEMORY(bytes)
- kube-system calico-kube-controllers-6d48795585-
- wj8g5 2m 25Mi
- kube-system calico-node-bk4p5
- 20m 155Mi
- kube-system calico-node-kmsh7
- 25m 152Mi
- kube-system calico-node-qthgh
- 24m 145Mi
- kube-system coredns-6554b8b87f-jdc2b
- 1m 22Mi
- kube-system coredns-6554b8b87f-thftb
- 1m 20Mi
- kube-system etcd-master
- 14m 66Mi
- kube-system kube-apiserver-master
- 29m 301Mi
- kube-system kube-controller-manager-master
- 10m 56Mi
- kube-system kube-proxy-46j4z
- 1m 22Mi
- kube-system kube-proxy-8g887
- 1m 24Mi
- kube-system kube-proxy-vwp27
- 1m 22Mi
- kube-system kube-scheduler-master
- 2m 26Mi
- kube-system metrics-server-8df99c47f-mkbfd
- 3m 29Mi
复制代码 6、Dashboard 部署 Dashboard ⽤于展示集群中的各类资源,同时也可以通过 Dashboard 及时检察 Pod 的⽇志和在容器中执⾏⼀些命令等。 ( 1 )安装组件 - [root@master kubeadm-metrics-server]# cd
- /root/k8s-ha-install/dashboard/
- [root@master dashboard]# kubectl create -f . #
- 建⽴dashboard的pod资源
- serviceaccount/admin-user created
- clusterrolebinding.rbac.authorization.k8s.io/admin
- -user created
- namespace/kubernetes-dashboard created
- serviceaccount/kubernetes-dashboard created
- service/kubernetes-dashboard created
- secret/kubernetes-dashboard-certs created
- secret/kubernetes-dashboard-csrf created
- secret/kubernetes-dashboard-key-holder created
- configmap/kubernetes-dashboard-settings created
- role.rbac.authorization.k8s.io/kubernetesdashboard created
- clusterrole.rbac.authorization.k8s.io/kubernetesdashboard created
- rolebinding.rbac.authorization.k8s.io/kubernetesdashboard created
- clusterrolebinding.rbac.authorization.k8s.io/kuber
- netes-dashboard created
- deployment.apps/kubernetes-dashboard created
- service/dashboard-metrics-scraper created
- deployment.apps/dashboard-metrics-scraper created
复制代码 ( 2 )登录 dashboard 假如是⾕歌浏览器,必要在启动⽂件中加⼊下⾯的启动参数,⽤于办理⽆法访问 Dashboard 的题目 --test-type --ignore-certificate-errors ( 3 )更改 svc 模式 - [root@master dashboard]# kubectl edit svc
- kubernetes-dashboard -n kubernetes-dashboard
- # edit:进⼊kubernetes的⽂本编辑器
- # svc:指定某个服务项,这⾥指定的是kubernetes-dashboard
- # -n:指定命名空间,kubernetes-dashboard
- # 命令执⾏后相当于进⼊vim⽂本编辑器,不要⽤⿏标滚轮,会输出
- 乱码的!可以使⽤“/”搜索,输⼊“/type”找到⽬标,如果已经为
- NodePort忽略此步骤
- ......省略部分内容......
- selector:
- k8s-app: kubernetes-dashboard
- sessionAffinity: None
- type: NodePort
复制代码
( 4 )检察访问端⼝号 - [root@master dashboard]# kubectl get svc
- kubernetes-dashboard -n kubernetes-dashboard # 获
- 取kubernetes-dashboard状态信息,包含端⼝,服务IP等
- NAME TYPE CLUSTER-IP
- EXTERNAL-IP PORT(S) AGE
- kubernetes-dashboard NodePort 10.96.137.94
- <none> 443:30582/TCP 8m50s
复制代码 找到端⼝号后,通过 master 的 IP+ 端⼝ 即可访问 dashboard (端⼝为终端查询到的端⼝,要⽤ https 协议访问) ( 5 )创建登录 token 复制代码 在 “ 输⼊ token *” 内输⼊终端⽣成的 token
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |