内容简介:组件配置配置文件:/usr/lib/systemd/system/docker.service
机器
| IP | 用途 | 备注 |
|---|---|---|
| 10.100.81.11 | master、etcd | 主节点 |
| 10.100.81.12 | master、etcd、keepalived、haproxy | 主节点,同时部署keepalived、haproxy,保证master高可用 |
| 10.100.81.13 | master、etcd、keepalived、haproxy | 主节点,同时部署keepalived、haproxy,保证master高可用 |
| 10.100.81.14 | node、etcd | 非业务节点 |
| 10.100.81.15 | node、etcd | 非业务节点 |
| 10.100.81.16 | node | 业务节点 |
| 10.100.81.17 | node | 业务节点 |
| 10.100.81.18 | node | 业务节点 |
| 10.100.81.19 | node | 业务节点 |
| 10.100.81.20 | node | 业务节点 |
| 10.100.81.21 | node | 业务节点 |
| 10.100.81.22 | node | 业务节点 |
| 10.100.81.23 | node | 业务节点 |
| 10.100.81.24 | node、harbor | 业务节点 |
| 10.100.81.25 | node | 业务节点 |
组件版本
| 组件名 | 版本 |
|---|---|
| docker | Docker version 1.12.6, build 78d1802 |
| kubernetes | v1.10.0 |
| harbor | v1.2.0 |
| keepalived | v1.3.5 |
| haproxy | 1.7 |
配置
组件配置
docker
配置文件:/usr/lib/systemd/system/docker.service
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H 0.0.0.0:2375 -H unix:///var/run/docker.sock --registry-mirror https://registry.docker-cn.com --insecure-registry 172.16.59.153 --insecure-registry hub.xfyun.cn --insecure-registry k8s.gcr.io --insecure-registry quay.io --default-ulimit core=0:0 --live-restore ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process MountFlags=slave [Install] WantedBy=multi-user.target
--registry-mirror:指定 docker pull 时使用的注册服务器镜像地址,指定为https://registry.docker-cn.com可以加快docker hub中的镜像拉取速度 --insecure-registry:配置非安全的 docker 镜像注册服务器 --default-ulimit:配置容器默认的ulimit选项 --live-restore:开启此选项,当dockerd服务出现问题时,容器照样运行,服务恢复后,容器也可以再被服务抓到并可管理 MountFlags=slave:解决移除容器时出现的"Unable to remove filesystem for $id: remove /var/lib/docker/containers/$id/shm: device or resource busy"问题
kubernetes
etcd
以10.100.81.11节点为例,其它节点类似:
apiVersion: v1
kind: Pod
metadata:
labels:
component: etcd
tier: control-plane
name: etcd-10.100.81.11
namespace: kube-system
spec:
containers:
- command:
- etcd
- --name=infra0
- --initial-advertise-peer-urls=http://10.100.81.11:2380
- --listen-peer-urls=http://10.100.81.11:2380
- --listen-client-urls=http://10.100.81.11:2379,http://127.0.0.1:2379
- --advertise-client-urls=http://10.100.81.11:2379
- --data-dir=/var/lib/etcd
- --initial-cluster-token=etcd-cluster-1
- --initial-cluster=infra0=http://10.100.81.11:2380,infra1=http://10.100.81.12:2380,infra2=http://10.100.81.13:2380,infra3=http://10.100.81.14:2380,infra4=http://10.100.81.15:2380
- --initial-cluster-state=new
image: k8s.gcr.io/etcd-amd64:3.1.12
livenessProbe:
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
failureThreshold: 8
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
volumeMounts:
- name: etcd-data
mountPath: /var/lib/etcd
hostNetwork: true
volumes:
- hostPath:
path: /var/lib/etcd
type: DirectoryOrCreate
name: etcd-data
kubernetes系统组件
kubeadm init 启动k8s集群config.yaml配置
apiVersion: kubeadm.k8s.io/v1alpha1 kind: MasterConfiguration networking: podSubnet: 192.168.0.0/16 api: advertiseAddress: 10.100.81.11 etcd: endpoints: - http://10.100.81.11:2379 - http://10.100.81.12:2379 - http://10.100.81.13:2379 - http://10.100.81.14:2379 - http://10.100.81.15:2379 apiServerCertSANs: - 10.100.81.11 - master01.bja.paas - 10.100.81.12 - master02.bja.paas - 10.100.81.13 - master03.bja.paas - 10.100.81.10 - 127.0.0.1 token: kubernetesVersion: v1.10.0 apiServerExtraArgs: endpoint-reconciler-type: lease bind-address: 10.100.81.11 runtime-config: storage.k8s.io/v1alpha1=true admission-control: NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota featureGates: CoreDNS: true
kubelet配置
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true" Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0" Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs" Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki --eviction-hard=memory.available<5%,nodefs.available<5%,imagefs.available<5%" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS
keepalived
keepalived采取直接在物理机部署,使用 yum install keepalived
安装。
启动配置文件:/etc/keepalived/keepalived.conf。keepalived的MASTER和BACKUP配置有部分差异
MASTER
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
router_id master02
}
vrrp_script chk_haproxy {
script "/etc/keepalived/haproxy_check.sh"
interval 3
weight -20
}
vrrp_instance VI_1 {
state MASTER # BACKUP节点改成BACKUP
interface bond1
virtual_router_id 151
priority 110 # BACKUP节点改成100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.100.81.10 # k8s使用的VIP
10.100.81.9 # 数据库组件使用的VIP
}
track_script {
chk_haproxy
}
}
haproxy检查脚本:/etc/keepalived/haproxy_check.sh
#!/bin/bash
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ] ; then
docker restart k8s-haproxy
sleep 2
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ] ; then
service keepalived stop
fi
fi
haproxy
haproxy以容器的形式启动,启动命令如下:
docker run -d --net host --name k8s-haproxy -v /etc/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7
haproxy配置文件:/etc/haproxy/haproxy.conf
global daemon log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 defaults log global retries 3 maxconn 2000 timeout connect 5s timeout client 50s timeout server 50s frontend k8s bind *:6444 mode tcp default_backend k8s-backend backend k8s-backend balance roundrobin mode tcp server k8s-1 10.100.81.11:6443 check server k8s-2 10.100.81.12:6443 check server k8s-3 10.100.81.13:6443 check
部署完成后操作
修改kube-proxy configmap
kubectl edit configmap kube-proxy -n kube-system
.....
kubeconfig.conf: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://10.100.81.10:6444 # 更改此行ip为vip,改成10.100.81.10
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
......
执行如下命令让kube-proxy组件重新启动
kubectl get pod -n kube-system | grep kube-proxy | awk '{print $1}' | xargs kubectl delete pod -n kube-system
修改所有node节点kubelet.conf
/etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXhPREF4TXpNME1Gb1hEVEk0TURVeE5UQXhNek0wTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGJoCmw1TDRaNHFiWTJ3MmY5TFlEb0ZqVlhhcHRhYklkQmZmTS9zMTJaWFd1NU5LYWlPR09ub3RxK1gwM0VJb3Z4VEkKUGh5NzBqY294VGlLUTk5ZkFsUS82a2Vhc0x5MDNGZXJvYkhmaldUenBkZE5mWVNEZStMazlMV0hIZ0phOXVUQQpDU3kyay9sZGo3VWQ0Sk9pMi9lcGhVTUNNMUNlbmdPeWZDNUl0SUpFZzJmMk95cTE5U0JBeW1zYzFTalg5Q0F6CnNyMlhiTm9hK1lVS2Flek1QSldvYlNxdEg0czQ1TkluYytMREJFTkk4VGVITktybENsamdIeUorUjU1V2pCTW8KeSs3Y1BxL2cwTkxmSU4xRjJVbkFFa3RTSmVYUFBSaGlQUUhJcGRBU0xySXhVcE9HNlN3Yk51bmRGdGsxaUJiUgpUSW9md2UyT0VhZkhySmV5OHJrQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLME1mOFM5VjUyaG9VZ3JYcGQyK09rOHF2Ny8KR3hpWnRFelFISW9RdWRLLzJ2ZGJHbXdnem10V3hFNHRYRWQyUnlXTTZZR1VQSmNpMmszY1Z6QkpSaGcvWFB2UQppRVBpUDk5ZkdiM0kxd0QyanlURWVaZVd1ekdSRDk5ait3bStmcE9wQzB2ZU1LN3hzM1VURjRFOFlhWGcwNmdDCjBXTkFNdTRxQmZaSUlKSEVDVDhLUlB5TEN5Zlgvbm84Q25WTndaM3pCbGZaQmFONGZaOWw0UUdGMVd4dlc0OHkKYmpvRDhqUVJnL1kwYUVUMWMrSEhpWTNmNDF0dG9kMWJoSWR3c1NDNUhhRjJQSVAvZ2dCSnZ2Uzh2V1cwcVRDegpDV2EzcVJ0bVB0MHdtcEZic2RPWmdsWkl6aWduYTdaaDFWMDJVM0VFZ2kwYjNGZWR5OW5MRUZaMGJZbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.100.81.10:6444 # 此处改为VIP加haproxy监听端口6444
name: default-cluster
contexts:
- context:
cluster: default-cluster
namespace: default
user: default-auth
name: default-context
current-context: default-context
kind: Config
preferences: {}
users:
- name: default-auth
user:
client-certificate: /var/lib/kubelet/pki/kubelet-client.crt
client-key: /var/lib/kubelet/pki/kubelet-client.key
部署前注意事项
1. 确保所有节点时间同步
2. 确保所有节点ip转发功能打开
net.ipv4.ip_forward = 1
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- Keepalived高可用介绍与配置详解
- Redis 主从配置心得及其高可用方案
- RabbitMQ 高级指南:从配置、使用到高可用集群搭建
- 超长干货!在裸机上配置高可用 K3s,部署生产就绪工作负载
- 官宣:慕课网课程“Kubernetes实战:高可用集群搭建、配置、运维与应用”上线了
- 配置管理 ACM 在高可用服务 AHAS 流控降级组件中的应用场景
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
CSS权威指南(第三版)
[美] Eric A.Meyer / 侯妍、尹志忠 / 中国电力出版社 / 2007-10 / 58.00
你是否既想获得丰富复杂的网页样式,同时又想节省时间和精力?本书为你展示了如何遵循CSS最新规范(CSS2和CSS2.1)将层叠样式表的方方面面应用于实践。 通过本书提供的诸多示例,你将了解如何做到仅在一处建立样式表就能创建或修改整个网站的外观,以及如何得到HTML力不能及的更丰富的表现效果。 资深CSS专家Eric A.Meyer。利用他独有的睿智和丰富的经验对属性、标记、标记属性和实......一起来看看 《CSS权威指南(第三版)》 这本书的介绍吧!
