keepalived 主备就优先和state 不一样,主备的check_nginx.sh内容一样。
[root@k8s-lb01 ~]# cat /etc/nginx/check_nginx.sh #!/bin/bash count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then systemctl stop keepalived fi [root@k8s-lb01 ~]# systemctl start keepalived# 查看vip
[root@k8s-lb01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:c6:79:90 brd ff:ff:ff:ff:ff:ff inet 192.168.0.4/24 brd 192.168.186.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.0.200/24 scope global secondary ens33 valid_lft forever preferred_lft forever inet6 fe80::9d58:5651:daa8:880a/64 scope link noprefixroute valid_lft forever preferred_lft forever到目前为止 k8s的前端HA和SLB做准备已经实现,下面开始部署另一个k8s-master,部署完在测试。
如果想配置 master 机器高可用,其实配置的就是apiserver 应用的高可用,但是需要配置好高可用ip地址之后,再去配置master02。
Kubernets Master02 部署 准备环境接下来准备安装另一个Kubernets master(192.168.0.12)。我们要安装两个master前端做slb。其实就是新增一个master节点,无非就是把证书,启动文件,拷过去,然后修改对应参数即可。
拷贝master01 配置文件 scp -P 12525 -r /data/soft/kubernetes www@192.168.0.12:/data/soft/ scp -P 12525 -r /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service www@192.168.0.12:/usr/lib/systemd/system/ scp -P 12525 -r /usr/bin/kubectl root@192.168.0.12:/usr/bin/ scp -P 12525 -r /data/soft/etcd/ssl/ www@192.168.0.12:/data/soft/etcd/注意修改配置文件,把kube-apiserver中的bind-address和dvertise-address ip地址修改为为本地ip地址
启动apiserver,scheduler,controller-manager组件 systemctl start kube-apiserver.service systemctl start kube-scheduler.service systemctl start kube-controller-manager.service检查 master02 对应的进程
[root@k8s-master02 cfg]# ps axf|grep scheduler 8644 pts/1 S+ 0:00 \_ grep --color=auto scheduler 8576 ? Ssl 0:01 /data/soft/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect [root@k8s-master02 cfg]# ps axf|grep controller-manager 8646 pts/1 S+ 0:00 \_ grep --color=auto controller-manager 8628 ? Ssl 0:00 /data/soft/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem --cluster-signing-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem --root-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem --service-account-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s [root@k8s-master02 etcd]# ps axf|grep apiserver 9528 pts/1 S+ 0:00 \_ grep --color=auto apiserver 9479 ? Ssl 0:28 /data/soft/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.0.10:2379,https://192.168.0.12:2379,https://192.168.0.4:2379 --bind-address=192.168.0.12 --secure-port=6443 --advertise-address=192.168.0.12 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=http://www.likecs.com/data/soft/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/server.pem --tls-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/server-key.pem --client-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem --service-account-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem --etcd-cafile=http://www.likecs.com/data/soft/etcd/ssl/ca.pem --etcd-certfile=http://www.likecs.com/data/soft/etcd/ssl/server.pem --etcd-keyfile=http://www.likecs.com/data/soft/etcd/ssl/server-key.pem[root@k8s-master02 etcd]# ps axf|grep scheduler 9530 pts/1 S+ 0:00 \_ grep --color=auto scheduler 8576 ? Ssl 0:21 /data/soft/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect [root@k8s-master02 etcd]# ps axf|grep controller-manager 9532 pts/1 S+ 0:00 \_ grep --color=auto controller-manager 8628 ? Ssl 0:01 /data/soft/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem --cluster-signing-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem --root-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem --service-account-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s