(3) Kubernetes/K8s High availability Architecture 04/26 Update SLTechnology News&Howtos

(3) Kubernetes/K8s High availability Architecture

2025-04-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

高可用架构采用多master+多lb+keepalive的方案实现（注意其中lb的ip 地址的证书）

1，多master安装

将原master 1 部署文件拷贝到新master,修改bind 地址启动注意由于需要连接etcd 需要拷贝etcd 的证书

scp -r /opt/kubernetes root@192.168.0.102:/optscp -r /opt/etcd/ssl root@192.168.0.102:/opt/etcdscp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.31.64:/usr/lib/systemd/system##修改apiserver配置文件为本地IPvim /opt/kubernetes/cfg/kube-apiserver.conf--bind-address=192.168.0.102 \--secure-port=6443 \--advertise-address=192.168.0.102 \#启动for i in $(ls /opt/kubernetes/bin/);do systemctl start $i;systemctl enable $i; done

lb部署

lb--nginx-mater

#安装Nginx+Keepalivedrpm -ivh http://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-1.16.0-1.el7.ngx.x86_64.rpmvim /etc/nginx/nginx.conf ##注意添加的配置文件的位置特别是需要inclued 插入放于events 和http 之间stream { log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; ## 安装好之后不需要可以关闭日志量比较大 upstream k8s-apiserver { server 192.168.0.101:6443; ## 后端安装master 地址 server 192.168.0.102:6443; } server { listen 6443; proxy_pass k8s-apiserver; }}

keepalived 高可用

yum install keepalivedvi /etc/keepalived/keepalived.confglobal_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER} vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" }vrrp_instance VI_1 { state MASTER interface ens33 ## 自己机器网卡的名称 virtual_router_id 51 # VRRP 路由 ID实例，每个实例是唯一的 priority 100 # 优先级，备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间，默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.105/24 ## 虚拟vip地址 } track_script { check_nginx } }

判断nginx 进程脚本

#!/bin/bashcount=$(ps -ef |grep nginx |egrep -cv "grep|$$")if [ "$count" -eq 0 ];then exit 1else exit 0fisystemctl start keepalivedsystemctl enable keepalived

lb-nginx-backup

nginx 安装同上

yum install keepalivedvi /etc/keepalived/keepalived.confglobal_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_BACKUP} vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh"}vrrp_instance VI_1 { state BACKUP ##标注角色 interface ens33 ##自己网卡的名称 virtual_router_id 51 # VRRP 路由 ID实例，每个实例是唯一的 priority 90 # 优先级，备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间，默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.105/24 } track_script { check_nginx } }# cat /etc/keepalived/check_nginx.sh #!/bin/bashcount=$(ps -ef |grep nginx |egrep -cv "grep|$$")if [ "$count" -eq 0 ];then exit 1else exit 0fi# systemctl start keepalived# systemctl enable keepalived

测试

##在lb master节点ip addr show ## 查看vip 是否绑定到了网卡上面关闭nginx 查看vip 是否能漂移到backup 上面

修改所有node apiserver地址填写为vip

cd /opt/kubernetes/cfggrep 192 *bootstrap.kubeconfig: server: https://192.168.31.63:6443kubelet.kubeconfig: server: https://192.168.31.636443kube-proxy.kubeconfig: server: https://192.168.31.63:6443#批量修改：sed -i 's#192.168.0.63#192.168.0.105 * curl -k --header "Authorization: Bearer c47ffb939f5ca36231d9e3121a252940" https://192.168.31.60:6443/version##此teken 是bootstarp 的token

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.