Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to build a high-availability kubernetes cluster in the production environment". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to build a high-availability kubernetes cluster available in the production environment".

Kubernetes Cluster three-step installation to build a high-availability kubernetes cluster available in the production environment | sealos project address feature

[X] automatic construction of etcd clusters with any node is supported, and etcd clusters are started by static pod using security certificates, so that the health status of etcd clusters can be monitored by monitoring pod.

[X] multiple master nodes are supported, allowing any Mastermaster downtime cluster function to be unaffected

[X] calico uses etcd clusters to configure security certificates, and network management data has no single point of failure.

[X] contains double copies of dashboard, heapster coreDNS addons and coreDNS with no single point of failure

[X] use haproxy load master nodes, as well as static pod, so that you can monitor the health of pod by monitoring the status of haproxy uniformly

[X] haproxy nodes use keepalived to provide virtual IP. Virtual IP can drift when any node goes down, without affecting the node connection to master.

[X] node node and kube-proxy configuration using virtual IP

[] Cluster health detection function

[] promethus monitoring function, installed with one click, without configuration

[] EFK log collection function

[] distributed HA mode, without keepalived, reduces the probability of errors in cluster construction, and has no VIP switching time

[X] istio microservice support

Ship on docker you must already have the sealyun kubernetes offline installation package (kubernetes version v1.12.x is supported by default, and branch processing will be cut for special versions)

There will be more optimizations for subsequent high versions

The general principle is that in order to reduce the need for people to build ansible and sealos environment, everything on the client side is put into docker, the installation package is mounted into a container, and then the ansible script distributes the package to all the servers that you configure in the hosts file.

So it's roughly divided into three steps:

Configure keyless to distribute the public key in docker to all your servers

Configure the hosts file for ansible playbook

Execute ansible

The following are explained one by one:

Start the ansible container and key-free settings

Find a host such as your PC or a server, copy the downloaded offline package to the / data directory, start the sealos container, and mount the offline package:

Docker run-- rm-v / data/kube1.12.0.tar.gz:/data/kube1.12.0.tar.gz-it-w / etc/ansible fanux/sealos:v1.12.0-beta bash

Execute in the container:

Mkdir ~ / .sshcd ~ / .sshssh-keygen-t rsa

Ssh public key:

Cat / .ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7fTirP9zPcx7wIjhsF+Dyu0A2sV5llC8jsmp/xtiyuJirE3mclpNEqgrzHC26f+ckfzwoE0HPU0wDPxbWFl3B0K89EwJSBsVZSZ0VLYnZp0u2JgwCLZzZzKfY0018yoqoL9KHz/68RpqtG2bWVf0/WSj+4hN7xTRpRTtXJHBOQRQBfqVSIcfMBSEnO15buUbDaLol/HvQd0YBrWwafQtMacmBlqDG0Z6/yeY4sTNRVRV2Uu5TeaHfzgYgmY9+Nxt***8Td6tgZtq7cVU//kSsbzkUzDSD8zsh8kPUm4yljT5tYM1cPFLGM4m/zqAjAZN2YaEdFckJFAQ7TWAK857d root@8682294b9464

So the public key is generated.

Execute on all other servers where k8s is to be installed: cd ~ / .sshecho "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7fTirP9zPcx7wIjhsF+Dyu0A2sV5llC8jsmp/xtiyuJirE3mclpNEqgrzHC26f+ckfzwoE0HPU0wDPxbWFl3B0K89EwJSBsVZSZ0VLYnZp0u2JgwCLZzZzKfY0018yoqoL9KHz/68RpqtG2bWVf0/WSj+4hN7xTRpRTtXJHBOQRQBfqVSIcfMBSEnO15buUbDaLol/HvQd0YBrWwafQtMacmBlqDG0Z6/yeY4sTNRVRV2Uu5TeaHfzgYgmY9+Nxt***8Td6tgZtq7cVU//kSsbzkUzDSD8zsh8kPUm4yljT5tYM1cPFLGM4m/zqAjAZN2YaEdFckJFAQ7TWAK857d root@8682294b9464" > > authorized_keys

In this way, the public key distribution work is completed, and all machines can log in directly ssh without entering a password.

Modify configuration

Config your own hosts

# cd / etc/ansible# vim hosts

Configuration instructions:

[k8s-master] 10.1.86.204 name=node01 order=1 role=master lb=MASTER lbname=lbmaster priority=10010.1.86.205 name=node02 order=2 role=master lb=BACKUP lbname=lbbackup priority=8010.1.86.206 name=node03 order=3 role=master [k8s-node] 10.1.86.207 name=node04 role=node [k8s-all:children] k8sMurmasterk8sNode [all: vars] vip=10.1.86.209 # same network segment is not occupied IPk8s_version=1.12.0 # kubernetes version ip_interface=eth.*etcd_crts= ["ca-key.pem", "ca.pem", "client-key.pem" "client.pem", "member1-key.pem", "member1.pem", "server-key.pem", "server.pem", "ca.csr", "client.csr", "member1.csr", "server.csr"] k8sroomcrts = ["apiserver.crt", "apiserver-kubelet-client.crt", "ca.crt", "front-proxy-ca.key", "front-proxy-client.key", "sa.pub", "apiserver.key", "apiserver-kubelet-client.key" "ca.key", "front-proxy-ca.crt", "front-proxy-client.crt", "sa.key"]

Note that the assembly etcd and kubernetes control node of role=master, role=node is k8s node node, is relatively simple to configure, except for the change of IP and version, the rest is basically unchanged.

Launch installation # ansible-playbook roles/install-all.yamluninstall all# ansible-playbook roles/uninstall-all.yaml thank you for reading. The above is the content of "how to build a high-availability kubernetes cluster available in the production environment". After the study of this article, I believe you have a deeper understanding of how to build a high-availability kubernetes cluster available in the production environment, and the specific usage needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.