Shulou(Shulou.com)06/02 Report--

K8s defaults to running a single-member etcd cluster in a kubelet-managed static pod on a control plane node, but this is not a highly available scenario.

Etcd high availability clusters require at least three members.

etcd default ports are 2379, 2380, these two ports of the three nodes should be able to pass.

You can change the default port in the kubeadm configuration file.

This experiment has five servers.

I opened the Tencent Cloud (Cloud) Hong Kong server to do the experiment, the network speed is very fast, ssh stability.

Baidu Cloud did not measure.

Aliyun test does not give force.

Tencent Cloud is recommended.

k8s1: master1

k8s2: node1

k8s3: haproxy

k8s4: master2

k8s5: master3

1. First install kubeadm,kubelet,kubectl on k8s master1, then kubeadm init, and finally kubectl get nodes, making sure k8s master1 is ready.

k8s install: ubuntu18 install kubernetes v1.15

2. Install kubeadm,kubectl,kubelet on k8s node1,k8s master2, k8s master3 respectively

k8s install: ubuntu18 install kubernetes v1.15

3. Find the commands for join worker node and join control-plane node in the kubeadm-init.out file on k8s master1.

4. Execute join command on k8s master2 and k8s master3 respectively, note, -control-plane

kubeadm join k8s1:6443 --token 8vqitz.g1qyah2wpd3n723o \

--discovery-token-ca-cert-hash sha256:abd9a745b8561df603ccd58e162d7eb11b416feb4a7bbe1216a3aa114f4fecd9 \

--control-plane --certificate-key 0e1e2844d565e657465f41707d8995b2d9d64246d5f2bf90f475b7782343254f

5. Execute join command on node1

kubeadm join k8s1:6443 --token 8vqitz.g1qyah2wpd3n723o \

--discovery-token-ca-cert-hash sha256:abd9a745b8561df603ccd58e162d7eb11b416feb4a7bbe1216a3aa114f4fecd9

6. Now master1, master2, master3 can all execute kubectl to manage the k8s cluster.

kubectl get nodes

There are three masters and one node.

7. Install haproxy Load Balancer

apt-get update

apt-get install haproxy -y

cd /etc/haproxy

cp haproxy.conf haproxy.conf.bak

Below the defaults.

log global

mode tcp

option tcplog

frontend proxynode

bind *:80

stats uri /proxystats

default_backend k8s-qq

backend k8s-qq

balance roundrobin

server master1 172.19.0.12:6443 check

server master2 172.19.0.8:6443 check

server master3 172.19.0.4:6443 check

systemctl restart haproxy

systemctl enable haproxy

8. View haproxy

https://k8s3.example.com/proxystats

You can see three back-end servers.

9. View pods running etcd

kubectl -n kube-system get pods | grep etcd

Here we can see etcd running on k8s1,k8s2,k8s3 respectively

10. View etcd's logs

kubectl -n kube-system logs etcd-k8s1

kubectl -n kube-system logs etcd-k8s1 -f

11. Log in to another etcd pod to check the etcd cluster status

kubectl -n kube-system exec -it k8s2 - /bin/sh

/# ETCDCTL_API=3 etcdctl -w table \

-endpoints 172.19.0.12:2379, 172.19.0.4:2379, 172.19.0.8:2379 \

-cacert /etc/kubernetes/pki/etcd/ca.crt \

-cert /etc/kubernetes/pki/etcd/server.crt \

-key /etc/kubernetes/pki/etcd/server.key \

endpoint status

Here we will see our three etcds, one true and two false.

12. test failover

12.1. Assuming k8s2 is true now,ssh logs in to k8s2 and closes docker

systemctl stop docker

12.2. View node information

kubectl get node

K8S2 is displayed as NotReady.

12.4. Check endpoint status again on k8s3, k8s2 is now false, k8s3 is now true

12.5. The docker test of k8s1 cannot be turned off, and the whole cluster is unavailable when k8s1 is turned off.

12.6. Check out haproxy's statistics report.

12.7. After testing, start docker.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.