一、k8s高可用集群(3.12日課)

幾種常見的集群結構

1、堆疊的 etcd 拓撲

2、?外部 etcd 拓撲

3、外部 etcd 拓撲(load balancer = lvs + keepalived)

4、外部 etcd 拓撲(負載均衡器置于node上)

以第三種方式：外部 etcd 拓撲(load balancer = lvs + keepalived)結構為例

(1)搭建高可用平臺：新建兩個虛擬機server5和server6，作為高可用主機

第一步：安裝haproxy

#在server5和server6上安裝haproxy yum install -y haproxy

修改server5/6的haproxy的配置文件

注意：前臺端口設置的是6443,這是因為k8s集群的對外暴露端口是6443,設為一樣的方便。

在8000端口上設置“狀態頁”和用戶名密碼。

vim /etc/haproxy/haproxy.cfg1 #---------------------------------------------------------------------2 # Example configuration for a possible web application. See the3 # full configuration options online.4 #5 # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt6 #7 #---------------------------------------------------------------------8 9 #---------------------------------------------------------------------10 # Global settings11 #---------------------------------------------------------------------12 global13 # to have these messages end up in /var/log/haproxy.log you will14 # need to:15 #16 # 1) configure syslog to accept network log events. This is done17 # by adding the '-r' option to the SYSLOGD_OPTIONS in18 # /etc/sysconfig/syslog19 #20 # 2) configure local2 events to go to the /var/log/haproxy.log21 # file. A line like the following can be added to22 # /etc/sysconfig/syslog23 #24 # local2.* /var/log/haproxy.log25 #26 log 127.0.0.1 local227 28 chroot /var/lib/haproxy29 pidfile /var/run/haproxy.pid30 maxconn 400031 user haproxy32 group haproxy33 daemon34 35 # turn on stats unix socket36 stats socket /var/lib/haproxy/stats37 38 #---------------------------------------------------------------------39 # common defaults that all the 'listen' and 'backend' sections will40 # use if not designated in their block41 #---------------------------------------------------------------------42 defaults43 mode http44 log global45 option httplog46 # option dontlognull47 option http-server-close48 # option forwardfor except 127.0.0.0/849 option redispatch50 retries 351 timeout http-request 10s52 timeout queue 1m53 timeout connect 10s54 timeout client 1m55 timeout server 1m56 timeout http-keep-alive 10s57 timeout check 10s58 maxconn 300059 60 listen stats61 bind *:800062 stats uri /status63 stats auth admin:westos64 #---------------------------------------------------------------------65 # main frontend which proxys to the backends66 #---------------------------------------------------------------------67 frontend k8s *:644368 mode tcp69 # acl url_static path_beg -i /static /images /javascript /stylesheets70 # acl url_static path_end -i .jpg .gif .png .css .js71 72 # use_backend static if url_static73 default_backend apiserver74 75 #---------------------------------------------------------------------76 # round robin balancing between the various backends77 #---------------------------------------------------------------------78 backend apiserver79 mode tcp80 balance roundrobin81 server api1 172.25.254.2:6443 check82 server api2 172.25.254.3:6443 check83 server api3 172.25.254.4:6443 check

在server5/6上重啟服務

systemctl restart haproxy.service

瀏覽器測試：

兩臺主機互不干擾，都可以監視后端的k8s集群中主機的狀態。

測試完成后，停止服務，

第二步：添加高可用——設置vip

由于默認的軟件源目錄中不包含高可用的軟件包，所以需要在server5/6上先設置高可用的軟件源：

[root@server5 ~]# cat /etc/yum.repos.d/dvd.repo [dvd] name=rhel7.6 baseurl=http://172.25.254.50/rhel7.6 gpgcheck=0[HighAvailability] name=rhel7.6 HighAvailability baseurl=http://172.25.254.50/rhel7.6/addons/HighAvailability gpgcheck=0

安裝集群軟件并配置

#在server5/6安裝集群軟件包 yum install -y pacemaker pcs psmisc policycoreutils-python#在server5/6設置服務開機自啟動 systemctl enable --now pcsd.service#在server5/6為hacluster創建密碼，這個密碼將為后邊創建虛擬機使用 echo westos | passwd --stdin hacluster#在server5上認證高可用節點 [root@server5 ~]# pcs cluster auth server5 server6 Username: hacluster Password: server5: Authorized server6: Authorized#在server5上，將兩個節點加入“mycluster”集群中 [root@server5 ~]# pcs cluster setup --name mycluster server5 server6 Destroying cluster on nodes: server5, server6... server5: Stopping Cluster (pacemaker)... server6: Stopping Cluster (pacemaker)...

#啟動集群內所有節點 pcs cluster start --all#設置集群內所有節點開機自啟動 pcs cluster enable --all

#關閉stonith-enabled，防止報錯 [root@server5 ~]# pcs property set stonith-enabled=false [root@server5 ~]# crm_verify -LV

?注意：如果<crm_verify -LV>顯示有報錯，集群將無法正常啟動。所以這里先關閉stonith-enabled(禁止掛載存儲系統)，防止因報錯而無法啟動集群

#在server5上創建資源，并指定IP為 pcs resource create vip ocf:heartbeat:IPaddr2 ip=172.25.254.200 op monitor interval=30s#查看資源狀態 [root@server5 ~]# pcs status Cluster name: mycluster Stack: corosync Current DC: server6 (version 1.1.19-8.el7-c3c624ea3d) - partition with quorum Last updated: Sun Mar 13 17:59:03 2022 Last change: Sun Mar 13 17:58:57 2022 by root via cibadmin on server5

#創建haproxy資源 pcs resource create haproxy systemd:haproxy op monitor interval=60s#查看pcs狀態 pcs status#查看服務開機自啟動狀態 systemctl is-enabled haproxy.service #列出agents下關于systemed的所有資源 pcs resource agents systemd pcs resource describe systemd:haproxy

?默認創建好haproxy資源后，會均衡到server6節點上，而VIP設置在server5上，因此還是不對，解決方法是新建一個組，將haproxy和vip放在一起。?

#新建一個hagroup組 pcs resource group add hagroup vip haproxy

新建一個haproxy組，包含vip和haproxy?

在瀏覽器測試：

模擬問題：當server5掛掉后，會自動切換到server6上，并且用戶在瀏覽器上不會看到變化。?

第三步：創建k8s集群并加入worker

注意：更改網絡組件時，需要先刪除</etc/cni/net.d/>目錄下的文件，防止之前的網絡組件影響

總結

以上是生活随笔為你收集整理的自动化运维之k8s——Helm、普罗米修斯、EFK日志管理、k8s高可用集群(未完待续)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。