Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to configure multi-Master in Kubeadm. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

1. references

Https://github.com/HikoQiu/kubeadm-install-k8s

Https://kubernetes.io/docs/setup/independent/high-availability/

Http://blog.51cto.com/nosmoking/2062887

two。 Basic environmental preparation

Configure the basic environment with reference to https://my.oschina.net/baobao/blog/3029145

# install kubelet, kubeadm and kubectl on the three servers, and ensure that kubelet starts up #

# modify the / etc/hosts files of the three services to keep the name of the server consistent with the resolution, such as node1 node2 node3. Plus the resolution domain name of apiServer, you can define it yourself. Remember that the following steps should be changed to the same resolution domain name #

# it is relatively simple to use hosts instead of the parsing function of HA. It can also be implemented with three servers using nginx, and each server has to do alias mapping. #

3. Initialize the kubeadm configuration file

# copy the configuration file kubeadm-config.yaml of kubeadm init to three servers #

ApiVersion: kubeadm.k8s.io/v1beta2kind: ClusterConfiguration### specify the version of k8s # kubernetesVersion: v1.19.0 image warehouse # imageRepository: registry.aliyuncs.com/k8sxio### apiServerCertSANs fill in all masterip,lbip other addresses, domain names or hostnames that may need to access apiserver through it # such as Ali fip These ip # are allowed in the certificate. Enter a custom domain name # to access the LB of APIServer, usually through nginx or haproxy for cluster resolution. You can do hosts mapping to 127.0.0.1 on each server, and then install nginx on each server and do upstream for health check. # here for convenience, I modify the / etc/hosts on three servers and resolve the IP with three master to the domain name of domain. Hosts seems to have done a health check. Instead of DNS function # apiServer: # add SSL certificate for domain name # # certSANs:-"api.k8s.mzywx.com" # apiServer cluster access address # controlPlaneEndpoint: "api.k8s.mzywx.com:6443" # calico network plug-in subnet # networking: podSubnet: "192.168.0.0ip 16" dnsDomain: cluster.local serviceSubnet: "10.96.0.0max 12"

# download the required image locally, so that the installation process will be relatively smooth #

Kubeadm config images pull-config kubeadm-config.yaml

4. Install node1

Our goal is to build a highly available master cluster. Node2 node3 needs to rely on the certificate files generated by node1 initialization, so it needs to be initialized in node1 first.

Kubeadm init-config kubeadm-config.yaml

Make a note of the commands added, such as:

Kubeadm join api.k8s.mzywx.com:6443-token 39tdfod-discovery-token-ca-cert-hash sha256:4270dsf6f7

# install network plug-in #

Wget https://docs.projectcalico.org/manifests/calico.yaml

# you can modify 192.168.0.0 pod-network-cidr=192.168.0.0/16 16 in the file, which is consistent with the-pod-network-cidr=192.168.0.0/16 in the file #

Kubectl apply-f calico.yaml

# master also acts as a work node #

Kubectl taint nodes-all node-role.kubernetes.io/master-

# # node/master untainted

# synchronize certificate files and use shell script to copy certificates generated on node1 to node2 and node3####

#! / bin/shvhost= "node2 node3" usr=rootwho= `whoami`if [["$who"! = "$usr"]] Then echo "Please use root user execution or sudo. / sync.master.ca.sh" exit 1fiecho $who# ca file caFiles= (/ etc/kubernetes/pki/ca.crt/etc/kubernetes/pki/ca.key/etc/kubernetes/pki/sa.key/etc/kubernetes/pki/sa.pub/etc/kubernetes/pki/front-proxy-ca.crt/etc/kubernetes/pki/front-proxy-ca.key/etc/kubernetes/pki/etcd/ca) that needs to be copied from node1 .crt / etc/kubernetes/pki/etcd/ca.key/etc/kubernetes/admin.conf) pkiDir=/etc/kubernetes/pki/etcdfor h in $vhost do ssh ${usr} @ $h "mkdir-p $pkiDir" echo "Dirs for ca scp created Start to scp... "# scp file to target machine scp / etc/kubernetes/pki/ca.crt / etc/kubernetes/pki/ca.key / etc/kubernetes/pki/sa.key / etc/kubernetes/pki/sa.pub / etc/kubernetes/pki/front-proxy-ca.crt / etc/kubernetes/pki/front-proxy-ca.key ${usr} @ $h:/etc/kubernetes/pki/ scp / etc/kubernetes/pki/etcd/ Ca.crt / etc/kubernetes/pki/etcd/ca.key ${usr} @ $h:/etc/kubernetes/pki/etcd/ scp / etc/kubernetes/admin.conf ${usr} @ $h:/etc/kubernetes/ echo "Ca files transfered for $h... Ok "done

# check the / etc/kubernetes/ directory on node2 and node3 #

5. Install node2,node3

Add the-- experimental-control-plane parameter to the join command of master, which is the addition of master clusters, not ordinary node nodes.

Kubeadm join api.k8s.mzywx.com:6443-token 39tdfod-discovery-token-ca-cert-hash sha256:4270dsf6f7-experimental-control-plane

# master also acts as a work node #

Kubectl taint nodes-all node-role.kubernetes.io/master-

# Operation of node3 is consistent with that of node2 #

6. View node status

Kubectl get node

7. The validity period of the certificate is extended to one year, and all nodes are executed once.

Kubeadm alpha certs renew all

This is the end of this article on "how to configure multiple Master in Kubeadm". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.