Centos7 k8s安装脚本+3台master的高可用配置

1、CentOS7 安装Docker和K8s

kubekey安装k8s
1. 执行init_docker.sh脚本，安装docker
2. yum install -y socat conntrack ebtables ipset
3. 下载kubekey并解压： 下载地址（7zip格式windows平台自解压文件<因为阿里云不允许分享压缩包，博客园不能上传10M以上文件>）：https://www.aliyundrive.com/s/xcZ4jJxdsvM「kubekey-v2.2.0-linux-amd64.tar.exe」https://www.aliyundrive.com/s/xcZ4jJxdsvM 点击链接保存，或者复制本段内容，打开「阿里云盘」APP ，无需下载极速在线查看，视频原画倍速播放。「kubekey-v2.2.0-linux-amd64.tar.exe」https://www.aliyundrive.com/s/xcZ4jJxdsvM 点击链接保存，或者复制本段内容，打开「阿里云盘」APP ，无需下载极速在线查看，视频原画倍速播放。https://www.aliyundrive.com/s/xcZ4jJxdsvM
4. 查看kubekey支持的k8s版本：  ./kk version --show-supported-k8s
5. 生成默认的配置文件：./kk create config --with-kubernetes v1.23.7 -f config.yaml
6. 修改config文件（ip、节点数量、用户名密码等）
7. 使用国内源：export KKZONE=cn
8. 创建集群：./kk create cluster -f config.yaml
9. 升级集群：
  a. ./kk upgrade -f config.yaml
  b. 增加节点：./kk add nodes -f config.yaml
  c. 删除节点：./kk delete node <nodeName> -f config-sample.yaml
10. 删除集群：./kk delete cluster -f config.yaml

 

2、CentOS7下配置Master高可用
高可用部分来自：
原文链接：https://blog.csdn.net/hhhhhhhzp/article/details/118653067

keepalived+haproxy高可用（三台master）

//安装（3台）

yum -y install haproxy keepalived
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

编辑keepalived配置文件

vi /etc/keepalived/keepalived.conf

 

内容：

! /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER                # 主从关系需要更改
    interface ens32             # 网卡注意更改
    virtual_router_id 50        # 虚拟id每一台要一样
    priority 100                #优先级主为100、两从分别为98、96
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.100.200/24      # 虚拟ip设置
    }
    track_script {
        check_apiserver
    }
}

#需要按需修改的参数
#state MASTE/SLAVE
#interface 主网卡名称
#虚拟id
#优先级priority
#virtual_ipaddress 虚拟ip

 

编辑脚本文件

 chmod +x /etc/keepalived/check_apiserver.sh
 vim /etc/keepalived/check_apiserver.sh

内容：

#!/bin/bash
APISERVER_VIP=192.168.100.200   #虚拟IP地址
APISERVER_DEST_PORT=6443

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP};then
    curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi

 

编辑haproxy配置文件

vi /etc/haproxy/haproxy.cfg

 

# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log /dev/log local0
    log /dev/log local1 notice
    daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 1
    timeout http-request    10s
    timeout queue           20s
    timeout connect         5s
    timeout client          20s
    timeout server          20s
    timeout http-keep-alive 10s
    timeout check           10s

#---------------------------------------------------------------------
# apiserver frontend which proxys to the masters
#---------------------------------------------------------------------
frontend apiserver
    bind *:8443
    mode tcp
    option tcplog
    default_backend apiserver

#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserver
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk
    balance     roundrobin
        server k8s-master1 192.168.100.20:6443 check    #三台masterIP及端口，还有master就往下加即可
        server k8s-master2 192.168.100.21:6443 check
        server k8s-master3 192.168.100.22:6443 check

开启服务

//开启keepalived和haproxy

 systemctl enable keepalived --now
systemctl enable haproxy --now

 

启用了防火墙后，需要放开下列防火墙：

https://github.com/kubesphere/kubekey/blob/master/docs/network-access.md