标签：kubernetes 可用 keepalived 192.168 apiserver systemctl master kube

#（1）规划
master01:192.168.19.128
master02:192.168.19.129
VIP : 192.168.19.133

#（2）在跳板机上更新master证书和把证书发送到master上

# cat k8s-csr.json 
{
    "CN": "kubernetes",
    "hosts": [
        "127.0.0.1",
        "192.168.19.128",
        "192.168.19.129",
        "192.168.19.133",
        "10.254.0.1",
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "Hangzhou",
            "L": "Hangzhou",
            "O": "k8s",
            "OU": "System"
        }
    ]
}

#重新生成master证书和私钥文件
cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes

#发送到master01上
ansible 192.168.19.128 -m copy -a 'src=kubernetes.pem dest=/opt/kubernetes/ssl/kubernetes.pem'
ansible 192.168.19.128 -m copy -a 'src=kubernetes-key.pem dest=/opt/kubernetes/ssl/kubernetes-key.pem'

#（3）master相关配置和组件

#在master01上把kube-apiserver, kube-scheduler, kube-controller-manager相关组件发到master02上
cd /opt/kubernetes/bin/
scp  kube* master02:/opt/kubernetes/bin/

#在master01上把相关证书发送master02上
scp /opt/kubernetes/ssl/* master02:/opt/kubernetes/ssl/

#修改master01上kube-apiserver的启动脚本
vi /usr/lib/systemd/system/kube-apiserver.service
--advertise-address=0.0.0.0   --bind-address=0.0.0.0   修改监听地址为0.0.0.0

#在master01上把kube-apiserver, kube-scheduler, kube-controller-manager的服务启动脚本发到master02上
cd /usr/lib/systemd/system
scp kube-* master02:/usr/lib/systemd/system/

#master01上重启kube-apiserver
systemctl daemon-reload 
systemctl restart kube-apiserver

#在master02启动服务
systemctl enable kube-apiserver
systemctl enable kube-controller-manager
systemctl enable kube-scheduler
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler

#（4）配置keepalived, 注意keepalived的优先级

1）安装keepalived

yum install keepalived -y 

2）master01的keepalived配置文件

#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
     router_id MASTER
}
vrrp_script check_apiserver {
                script "/server/scripts/check_apiserver.sh"
                interval 3
                weight -20

}

vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
                auth_type PASS
                auth_pass redhat
        }
        virtual_ipaddress {
                192.168.19.133
        }
        track_script {
                check_apiserver
                }
}

3）master02的keepalived的配置文件

#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
     router_id BACKUP
}
vrrp_script check_apiserver {
                script "/server/scripts/check_apiserver.sh"
                interval 3
                weight -20

}

vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 51
        priority 99
        advert_int 1
        authentication {
                auth_type PASS
                auth_pass redhat
        }
        virtual_ipaddress {
                192.168.19.133
        }
        track_script {
                check_apiserver
                }
}

4）master01和master02上准备服务检测脚本

test -d /server/scripts ||mkdir -pv /server/scripts;cd /server/scripts 
#vi /server/scripts/check_apiserver.sh 
#!/bin/bash
flag=$(systemctl status kube-apiserver &> /dev/null;echo $?)
if [[ $flag !=]];then
                echo "kube-apiserver is down,close the keepalived"
                systemctl stop keepalived
fi

5）master01和master02上启动服务

systemctl daemon-reload
systemctl enable keepalived
systemctl start keepalived
systemctl status keepalived 

#（5）修改客户端node节点配置

1）查看配置

grep server /opt/kubernetes/cfg/kubelet.kubeconfig 
grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig 
grep server /opt/kubernetes/cfg/bootstrap.kubeconfig 

2）修改ip为vip

sed -ri 's/192.168.19.128/192.168.19.133/g' /opt/kubernetes/cfg/*.kubeconfig

3）node节点重启kube-proxy和kubelet

systemctl daemon-reload
systemctl restart kube-proxy 
systemctl restart kubelet
systemctl status kube-proxy 
systemctl status kubelet 

4）node节点验证是否修改成功

grep server /opt/kubernetes/cfg/kubelet.kubeconfig 
grep server /opt/kubernetes/cfg/kube-proxy.kubeconfig 
grep server /opt/kubernetes/cfg/bootstrap.kubeconfig

5）修改kubectl客户端的配置文件

sed -ri 's/192.168.19.128/192.168.19.133/g' /root/.kube/config

6）验证

现在vip在master01上;

kubectl客户端能正常连接apiserver

停止master01上kube-apiserver服务

systemctl stop kube-apiserver 

vip成功的漂移到master02上

kubectl客户端还是能够正常连接apiserver

再次启动master01上kube-apiserver 和keepalived服务

systemctl start kube-apiserver 
systemctl start keepalived 

vip再次漂移到master01上

kubectl 客户端还是能够正常的连接apiserver

标签：kubernetes,可用,keepalived,192.168,apiserver,systemctl,master,kube
来源： https://blog.51cto.com/1000682/2358393

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。