Shulou(Shulou.com)05/31 Report--

This article mainly introduces how to deploy Kubernetes highly available, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

I. Overview of Kubernetes High availability

The high availability of Kubernetes ensures the high availability of API Server services in Master nodes. API Server provides the only access to add, delete, modify and query all kinds of resource objects in Kubernetes, which is the data bus and data center of the whole Kubernetes system. Using load balancing (Load Balance) to connect two Master nodes can provide stable container cloud service.

1.1.The allocation of Kubernetes highly available hosts

Hostnam

IP address

Operating system

Main software

K8s-master01

192.168200.111

CentOS7.x

Etcd+Kubernetes

K8s-master02

192.168.200.112

CentOS7.x

Etcd+Kubernetes

K8s-node01

192.168.200.113

CentOS7.x

Etcd+Kubernetes+Flannel+Docker

K8s-node02

192.168.200.114

CentOS7.x

Etcd+Kubernetes+Flannel+Docker

K8s-lb01

192.168.200.115

CentOS7.x

Nginx+Keepalived

K8s-lb02

192.168.200.116

CentOS7.x

Nginx+Keepalived

The LB cluster VIP address is 192.168.200.200.

1.2.The Kubernetes High availability Architecture Topology

2. Highly available architecture deployment 2.1, basic environment configuration (1) configure basic network information

Configure all hosts with basic network information such as IP address, gateway, DNS (223.5.5.5 of Aliyun is recommended). It is recommended that the host be set to a static IP address to avoid the phenomenon that the cluster cannot connect to the API Server due to the change of the IP address, resulting in the unavailability of the Kubernetes cluster.

(2) configure hostname and address resolution records

Configure hostnames for all hosts and add address resolution records. Take the k8s-master01 host as an example to demonstrate.

[root@localhost ~] # hostnamectl set-hostname k8s-master01 [root@localhost ~] # bash [root@k8s-master01 ~] # cat / etc/hosts192.168.200.111 k8s-master01192.168.200.112 k8s-master02192.168.200.113 k8s-node01192.168.200.114 k8s-node02192.168.200.115 k8s-lb01192.168.200.116 k8s-lb02EOF (3) disable firewall and Selinux [root@k8s-master01 ~] # iptables-F [root@k8s-master01 ~ ] # systemctl stop firewalld & & systemctl disable firewalld [root@k8s-master01 ~] # setenforce 0 [root@k8s-master01 ~] # sed-I's Placement SELINUX license for a sign that SELINUX has changed ledUniplex g'/ etc/selinux/config2.2, Deploy the cluster certificate

Create the directory "/ k8s" on the k8s-master01 host and upload the prepared script files etcd-cert.sh and etcd.sh to the / k8s directory. The etcd-cert.sh script is the script for creating the etcd certificate; the etcd.sh script is the etcd service script, which contains the configuration file and the startup script.

[root@k8s-master01 ~] # mkdir / k8s [root@k8s-master01 ~] # cd / k8s/ [root@k8s-master01 k8s] # lsetcd-cert.sh etcd.sh

Create a directory / k8s/etcd-cert, and all certificates are stored in this directory for easy management.

[root@k8s-master01 k8s] # mkdir etcd-cert [root@k8s-master01 k8s] # mv etcd-cert.sh etcd-cert

Upload cfssl, cfssl-certinfo, cfssljson software packages. Deploy to / usr/local/bin directory and configure execution permissions

[root@k8s-master01 K8s] # ls # upload cfssl, cfssl-certinfo, Cfssljson software package (certificate generation tool) cfssl cfssl-certinfo cfssljson etcd-cert etcd.sh [root@k8s-master01 k8s] # mv cfssl* / usr/local/bin/ [root@k8s-master01 k8s] # chmod + x / usr/local/bin/cfssl* [root@k8s-master01 k8s] # ls-1 / usr/local/bin/cfssl*-rwxr-xr-x 1 root root 10376657 July 21 2020 / usr/local/bin/cfssl-rwxr-xr-x 1 root root 6595195 July 21 2020 / usr/local/bin/cfssl-certinfo-rwxr-xr-x 1 root root 2277873 July 21 2020 / usr/local/bin/cfssljson

Create CA and Server certificates

[root@k8s-master01 ~] # cd / k8s/etcd-cert/ [root@k8s-master01 etcd-cert] # cat etcd-cert.sh cat > ca-config.json

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.