您好,登錄后才能下訂單哦!
本篇文章為大家展示了Kubernetes模擬生產環境搭建高可用集群中的Master節點高可用方案是怎樣的,內容簡明扼要并且容易理解,絕對能使你眼前一亮,通過這篇文章的詳細介紹希望你能有所收獲。
注意:本高可用方案不僅適用于本文的K8S主控節點的高可用,還適用于任何需要高可用的業務場景,haproxy可改用nginx或其他負載均衡器實現
大家都知道在生產環境部署服務一定要堅持一條:不允許出現單點故障。我們在測試環境部署k8s的架構一般是單主控Master節點多個工作Node節點,生產上部署K8S集群要避免主控節點宕機,我們需要對主控節點進行高可用部署。
生產環境對主控節點的高可用的解決方案:對主控節點部署多臺(3臺以上),然后多部署多臺(一般2臺以上)負載均衡器(一般選用Nginx或者Haproxy)來對主控節點的api-server服務進行負載以防止單點故障。下面將詳細說明怎么對主控節點的api-server服務高可用,主要講負載均衡器配置值部署這一塊,集群的詳細搭建在后面的文章中。
主工作節點:192.168.100.107
從工作節點:192.168.100.108
虛擬IP :192.168.100.110
一、環境說明
系統環境:CentOS7.7
Keepalived版本:2.0.19
Haproxy版本:2.0.8
二、安裝配置Keepalived服務
1.下載Keepalived源碼包
官網地址:https://www.keepalived.org/
下載地址:https://www.keepalived.org/software/keepalived-2.0.19.tar.gz
2.上傳并解壓Keepalived源碼包
tar -zxvf keepalived-2.0.19.tar.gz
3.編譯Keepalived準備
進入解壓目錄:cd keepalived-2.0.19
執行編譯準備:./configure --prefix=/work/keepalived
注意:一定要有gcc和openssl編譯相關的依賴
4.編譯安裝Keepalived
make && make install
5.安裝配置Keepalived
keepalived啟動時會從/etc/keepalived/中相關的目錄下查找keepalived.conf配置文件,因此將keepalived安裝目錄/usr/local/keepalived/etc/keepalived.conf 拷貝到/etc/keepalived/中。
mkdir /etc/keepalived/
cp /work/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
cp /work/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
6.設置Keepalived開機啟動項
systemctl enable keepalived
然后就能使用systemctl start/stop/status keepalived管理keepalived了
7.配置Keepalived服務
107機器的配置信息:
vrrp_script check_haproxy { interval 3 script "/work/script/check_haproxy.sh" } vrrp_instance kube_master{ state master interface ens33 virtual_router_id 110 priority 100 advert_int 3 authentication { auth_type PASS auth_pass kube_master_password } virtual_ipaddress { 192.168.100.110 } track_script { check_haproxy } }
108機器的配置信息:
vrrp_script check_haproxy { interval 3 script "/work/script/check_haproxy.sh" } vrrp_instance kube_master{ state backup interface ens33 virtual_router_id 110 priority 90 advert_int 3 authentication { auth_type PASS auth_pass kube_master_password } virtual_ipaddress { 192.168.100.110 } track_script { check_haproxy } }
8.編寫haproxy服務檢測腳本
vi /work/script/check_haproxy.sh
#!/bin/bash active_status=`netstat -lntp|grep haproxy|wc -l` if [ $active_status -gt 0 ]; then exit 0 else exit 1 fi
然后給腳本賦予執行權限:chmod +x /work/script/check_haproxy.sh
三、Haproxy安裝部署
1.下載Haproxy源碼包
官網地址:https://www.haproxy.org/
下載地址:https://www.haproxy.org/download/2.0/src/haproxy-2.0.8.tar.gz
2.上傳并解壓Haproxy源碼包
tar -zxvf haproxy-2.0.8.tar.gz
3.編譯Haproxy
需要的依賴庫:openssl openssl-devel systemd-deve pcre zlib
make TARGET=linux-glibc USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
定內核版本:
開啟https模式:USE_OPENSSL=1
指定systemd模式:USE_SYSTEMD=1
支持pcre庫:USE_PCRE=1
支持zlib庫:USE_ZLIB=1
支持crypt_h庫:USE_CRYPT_H=1
支持libcrypt庫:USE_LIBCRYPT=1
4.安裝haproxy
make install PREFIX=/work/haproxy
指定安裝目錄:PREFIX=/work/haproxy
5.注冊到系統服務
vi /usr/lib/systemd/system/haproxy.service
[Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] ExecStartPre=/work/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q ExecStart=/work/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target
6.編寫Haproxy配置文件
vi /etc/haproxy/haproxy.cfg
global log 127.0.0.1 local0 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user root group root stats socket /var/lib/haproxy/stats daemon listen admin_stats stats enable bind *:8080 mode http option httplog log global maxconn 10 stats refresh 30s stats uri /admin stats realm haproxy stats auth admin:admin stats hide-version stats admin if TRUE listen kube_cluster_api_server log global bind 192.168.100.110:6443 mode tcp option tcplog timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 balance roundrobin server kube_cluster_master01 192.168.100.111:6443 check inter 5000 rise 2 fall 3 server kube_cluster_master02 192.168.100.112:6443 check inter 5000 rise 2 fall 3 server kube_cluster_master03 192.168.100.113:6443 check inter 5000 rise 2 fall 3
7.創建所需目錄
創建/var/lib/haproxy/stats文件
mkdir -p /var/lib/haproxy
touch /var/lib/haproxy/stats
8.修改內核參數
vi /etc/sysctl.conf
增加如下內容:
net.ipv4.ip_nonlocal_bind = 1 #啟動haproxy的時候,允許忽視VIP的存在 net.ipv4.ip_forward = 1 #允許轉發
執行sysctl -p 保存結果,使結果生效
如果沒有配置以上內核參數,那么haproxy在啟動的會報出cannot bind socket的錯誤
9.開放監控頁面端口
iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
四、安裝驗證
兩臺機器上都完成了如上的安裝配置后
1.分別啟動Keepalived服務
systemctl start keepalived
2.分別啟動Haproxy服務
systemctl start haproxy
分別登陸兩臺機器查看haproxy服務監控頁面:
分別查看兩臺機器的keepalived服務是否正常
分別停止兩臺機器keepalived服務查看VIP分配的情況:
五、常見問題
1.configure: error: no acceptable C compiler found in $PATH See `config.log' for more details.
解決方法:安裝gcc庫
2.OpenSSL is not properly installed on your system. !!! !!! Can not include OpenSSL headers files.
解決方法:安裝openssl openssl-devel
3. WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
解決方法:安裝libnl libnl-devel
上述內容就是Kubernetes模擬生產環境搭建高可用集群中的Master節點高可用方案是怎樣的,你們學到知識或技能了嗎?如果還想學到更多技能或者豐富自己的知識儲備,歡迎關注億速云行業資訊頻道。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。