consul实现kubernetes-1.15集群master的高可用访问实现
1、准备consul环境,参考我之前的博客实现或参考consul的官网部署最新的consul。
2、本次测试使用的是kubernetes-1.15.0
3、初始化集群
1)准备初始化文件
controlPlaneEndpoint: "kubeadm-ha.service.hq:6443" ,kubeadm-ha.service.hq是注册到consul的域名。kubeadm-ha是service name,service.hq是consul的domain。
# cat kubeadm-config.yaml
--- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: "ipvs" --- apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controlPlaneEndpoint: "kubeadm-ha.service.hq:6443" dns: type: CoreDNS imageRepository: k8s.gcr.io kind: ClusterConfiguration kubernetesVersion: v1.15.0 networking: dnsDomain: cluster.local podSubnet: 192.244.0.0/16 serviceSubnet: 192.96.0.0/12 apiServer: timeoutForControlPlane: 4m0s certSANs: - 10.4.6.7 - kubeadm-ha.service.hq - ku13-1 controllerManager: extraArgs: address: 0.0.0.0 scheduler: extraArgs: address: 0.0.0.0 etcd: external: endpoints: - https://10.4.7.10:2379 - https://10.4.6.77:2379 - https://10.4.8.28:2379 caFile: /etc/kubernetes/ssl/ca.pem certFile: /etc/etcd/ssl/etcd.pem keyFile: /etc/etcd/ssl/etcd-key.pem
2)执行初始化
# kubeadm init --config kubeadm-config.yaml --upload-certs
等一段时间就会初始化完成,下面会输出一系列的信息,有两个信息非常重要,一个是加入control-plane,一个是加入worker
control-plane: kubeadm join kubeadm-ha.service.hq:6443 --token 8snd4e.j9o0icdh1mo0ls9b --discovery-token-ca-cert-hash sha256:4cfa22006b2be98388c14c20721005e990101d6e086ff5183644c7383149a7ed --experimental-control-plane --certificate-key 3640e475a8cd4a57396355gf3005dd40b44ccd8cc9dda624c7159cffdfr41989 --ignore-preflight-errors=IPVSProxierCheck worker: kubeadm join kubeadm-ha.service.hq:6443 --token 8snd4e.j9o0icdh1mo0ls9b --discovery-token-ca-cert-hash sha256:4cfa22006b2be98388c14c20721005e990101d6e086ff5183644c7383149a7ed --ignore-preflight-errors=IPVSProxierCheck
copy 配置文件/etc/kubernetes/admin.conf 并创建~/.kube目录,
# mkdir ~/.kube && cp /etc/kubernetes/admin.conf ~/.kube/config
4、在consul里面注册apiserver
由于我们这里使用的是3个master节点,所以service是三个
# cat kubeadm-ha.json
{ "services": [ { "id": "kubeadm-ha-0", "name": "kubeadm-ha", "tags": [ "kubeconfig-addr" ], "address": "10.4.6.77", "port": 6443, "check": { "args": ["/data/scripts/kubeadm-ha-0.sh",""], "interval": "10s" } }, { "id": "kubeadm-ha-1", "name": "kubeadm-ha", "tags": [ "kubeconfig-addr" ], "address": "10.4.7.10", "port": 6443, "check": { "args": ["/data/scripts/kubeadm-ha-1.sh",""], "interval": "10s" } }, { "id": "kubeadm-ha-2", "name": "kubeadm-ha", "tags": [ "kubeconfig-addr" ], "address": "10.4.8.28", "port": 6443, "check": { "args": ["/data/scripts/kubeadm-ha-2.sh",""], "interval": "10s" } } ] }
#cat kubeadm-ha-0.sh
#!/bin/bash # check kubernetes apiserver alive curl -k https://10.4.8.77:6443/healthz
#cat kubeadm-ha-1.sh
#!/bin/bash # check kubernetes apiserver alive curl -k https://10.4.7.10:6443/healthz
#cat kubeadm-ha-2.sh
#!/bin/bash # check kubernetes apiserver alive curl -k https://10.4.8.28:6443/healthz
使生效:
#consul-reload
ps:consul-reload是自己写的一个脚本,参考我的https://www.cnblogs.com/cuishuai/p/8194345.html
5、添加节点
1)control-plane
kubeadm join kubeadm-ha.service.hq:6443 --token 8snd4e.j9o0icdh1mo0ls9b --discovery-token-ca-cert-hash sha256:4cfa22006b2be98388c14c20721005e990101d6e086ff5183644c7383149a7ed --experimental-control-plane --certificate-key 3640e475a8cd4a57396355gf3005dd40b44ccd8cc9dda624c7159cffdfr41989 --ignore-preflight-errors=IPVSProxierCheck
这里会报错,找不到可执行文件ipset,所以加一个--ignore-preflight-errors=IPVSProxierCheck,保证命令顺利执行。
2)worker
kubeadm join kubeadm-ha.service.hq:6443 --token 8snd4e.j9o0icdh1mo0ls9b --discovery-token-ca-cert-hash sha256:4cfa22006b2be98388c14c20721005e990101d6e086ff5183644c7383149a7ed --ignore-preflight-errors=IPVSProxierCheck
扩展集群变得非常方便。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 周边上新:园子的第一款马克杯温暖上架