本文详述了如何在离线环境中通过Haproxy实现Kubernetes集群的高可用部署,包括安装etcd、Docker、kubelet等组件,配置Haproxy作为负载均衡器,以及初始化和加入节点到集群的过程。
Updating for dependencies:
openssl x86_64 1:1.0.2k-22.el7_9 updates 494 k
openssl-libs x86_64 1:1.0.2k-22.el7_9 updates 1.2 M
Transaction Summary
==========================================================================================
Install 1 Package
Upgrade ( 2 Dependent packages)
Total download size: 2.5 M
Background downloading packages, then exiting:
No Presto metadata available for updates
warning: /root/haproxy/haproxy-1.5.18-9.el7_9.1.x86_64.rpm.54894.tmp: Header V3 RSA/SHA256
Signature, key ID f4a80eb5: NOKEYPublic key for haproxy-1.5.18-9.el7_9.1.x86_64.rpm.54894.tmp is not installed
(1/3): haproxy-1.5.18-9.el7_9.1.x86_64.rpm | 835 kB 00:00:06
(2/3): openssl-1.0.2k-22.el7_9.x86_64.rpm | 494 kB 00:00:06
(3/3): openssl-libs-1.0.2k-22.el7_9.x86_64.rpm | 1.2 MB 00:00:00
Total 353 kB/s | 2.5 MB 00:00:07
exiting because “Download Only” specified
[root@ccx yum.repos.d]# cd /root/haproxy/
[root@ccx haproxy]# ls
haproxy-1.5.18-9.el7_9.1.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
openssl-1.0.2k-22.el7_9.x86_64.rpm
[root@ccx haproxy]#
- 把上面3个包导入到内网环境并安装
[root@haproxy-164 haproxy]# ls
haproxy-1.5.18-9.el7_9.1.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
openssl-1.0.2k-22.el7_9.x86_64.rpm
[root@haproxy-164 haproxy]# rpm -ivhU * --nodeps --force
准备中… ################################# [100%]
正在升级/安装…
1:openssl-libs-1:1.0.2k-22.el7_9 ################################# [ 20%]
2:haproxy-1.5.18-9.el7_9.1 ################################# [ 40%]
3:openssl-1:1.0.2k-22.el7_9 ################################# [ 60%]
正在清理/删除…
4:openssl-1:1.0.2k-8.el7 ################################# [ 80%]
5:openssl-libs-1:1.0.2k-8.el7 ################################# [100%]
[root@haproxy-164 haproxy]#
[](()编辑配置文件
- 在配置文件
/etc/haproxy/haproxy.cfg最后加上下面5行内容
[root@haproxy-164 haproxy]# tail -n 5 /etc/haproxy/haproxy.cfg
listen k8s-lb *:6443
mode tcp
balance roundrobin
server s1 192.168.59.163:6443 weight 1
server s2 192.168.59.162:6443 weight 1
[root@haproxy-164 haproxy]#
k8s-lb #自定义名称
192.168.59.163/162 # 2个master节点ip
- 然后重启该服务并加入自启动
[root@haproxy-164 haproxy]# systemctl enable haproxy.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@haproxy-164 haproxy]#
[root@haproxy-164 haproxy]# systemctl is-active haproxy.service
active
[root@haproxy-164 haproxy]#
- 这时候可以看到6443端口已经被监听了
[root@haproxy-164 haproxy]# netstat -ntlp | grep 6443
tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN 2504/haproxy
[root@haproxy-164 haproxy]#
[](()配置etcd
- 2台etcd需要同步操作
[](()安装etcd
- 有外网直接执行
yum -y install etcd
- 没有外网的,去下载这个包
[root@ccx haproxy]# mkdir /root/etcd
[root@ccx haproxy]# yum -y install etcd --downloadonly --downloaddir=/root/etcd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
-
base: mirror.lzu.edu.cn
-
extras: mirrors.aliyun.com
-
updates: mirrors.aliyun.com
Resolving Dependencies
–> Running transaction check
—> Package etcd.x86_64 0:3.3.11-2.el7.centos will be installed
–> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
etcd x86_64 3.3.11-2.el7.centos extras 10 M
Transaction Summary
==========================================================================================
Install 1 Package
Total download size: 10 M
Installed size: 45 M
Background downloading packages, then exiting:
warning: /root/etcd/etcd-3.3.11-2.el7.centos.x86_64.rpm.55125.tmp: Header V3 RSA/SHA256 Si
gnature, key ID f4a80eb5: NOKEYPublic key for etcd-3.3.11-2.el7.centos.x86_64.rpm.55125.tmp is not installed
etcd-3.3.11-2.el7.centos.x86_64.rpm | 10 MB 00:07:24
exiting because “Download Only” specified
[root@ccx haproxy]# cd /root/etcd/
[root@ccx etcd]# ls
etcd-3.3.11-2.el7.centos.x86_64.rpm
[root@ccx etcd]#
- 然后导入内网并安装
两台etcd均需要安装
[root@etcd-161 etcd]# ls
etcd-3.3.11-2.el7.centos.x86_64.rpm
[root@etcd-161 etcd]#
[root@etcd-161 etcd]# rpm -ivhU * --nodeps --force
准备中… ################################# [100%]
正在升级/安装…
1:etcd-3.3.11-2.el7.centos ################################# [100%]
[root@etcd-161 etcd]#
[root@etcd-161 etcd]# scp etcd-3.3.11-2.el7.centos.x86_64.rpm 192.168.59.160:~
The authenticity of host ‘192.168.59.160 (192.168.59.160)’ can’t be established.
ECDSA key fingerprint is SHA256:zRtVBoNePoRXh9aA8eppKwwduS9Rjjr/kT5a7zijzjE.
ECDSA key fingerprint is MD5:b8:53:cc:da:86:2a:97:dc:bd:64:6b:b1:d0:f3:02:ce.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.59.160’ (ECDSA) to the list of known hosts.
root@192.168.59.160’s password:
Permission denied, please try again.
root@192.168.59.160’s password:
etcd-3.3.11-2.el7.centos.x86_64.rpm 100% 10MB 38.8MB/s 00:00
[root@etcd-161 etcd]#
#另一台
[root@etcd-160 ~]# mkdir etcd
[root@etcd-160 ~]# mv etcd-3.3.11-2.el7.centos.x86_64.rpm etcd
[root@etcd-160 ~]# cd etcd
[root@etcd-160 etcd]# ls
etcd-3.3.11-2.el7.centos.x86_64.rpm
[root@etcd-160 etcd]#
[root@etcd-160 etcd]# rpm -ivhU * --nodeps --force
准备中… ################################# [100%]
正在升级/安装…
1:etcd-3.3.11-2.el7.centos ################################# [100%]
[root@etcd-160 etcd]#
[](()编辑配置文件
- 两台都需要编辑,注意看主机名【需要对应修改ip】
看不懂的去我之前对etcd的安装说明博客,里面有详细介绍,我这就不做说明了
[k8s的核心组件etcd的安装使用、快照说明及etcd命令详解【含单节点,多节点和新节点加入说明】](()
- 编辑配置文件
记得修改ip和ETCD_NAME行
[root@etcd-161 ~]# ip a | grep 59
inet 192.168.59.161/24 brd 192.168.59.255 scope global ens32
[root@etcd-161 ~]#
[root@etcd-161 ~]# cat /etc/etcd/etcd.conf
ETCD_DATA_DIR=“/var/lib/etcd/cluster.etcd”
ETCD_LISTEN_PEER_URLS=“http://192.168.59.161:2380,http://localhost:2380”
ETCD_LISTEN_CLIENT_URLS=“http://192.168.59.161:2379,http://localhost:2379”
ETCD_NAME=“etcd-161”
ETCD_INITIAL_ADVERTISE_PEER_URLS=“http://192.168.59.161:2380”
ETCD_ADVERTISE_CLIENT_URLS=“http://localhost:2379,http://192.168.59.161:2379”</
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
