kubernetes 添加删除master 节点及etcd节点
发表于:2024-12-03 作者:千家信息网编辑
千家信息网最后更新 2024年12月03日,业务场景:测试环境 由于一开始资源有限使用虚拟机机部署节点都是单节点,随着使用频繁业务量增加从新采购新的服务器把以前的master及etcd 单节点迁移到新采购服务器上面同时增加节点至3节点提供高可用
千家信息网最后更新 2024年12月03日kubernetes 添加删除master 节点及etcd节点
业务场景:
测试环境 由于一开始资源有限使用虚拟机机部署节点都是单节点,随着使用频繁业务量增加从新采购新的服务器把以前的master及etcd 单节点迁移到新采购服务器上面同时增加节点至3节点提供高可用环境
环境:
etcd 旧 节点IP: 192.168.30.31etcd 新节点IP:192.168.30.17,192.168.30.18,192.168.30.19kube-apiserver 旧节点IP:192.168.30.32kube-apiserver 新节点IP:192.168.30.17,192.168.30.18,192.168.30.19kube-apiserver vipIP: 192.168.30.254kube-apiserver 启动应用 kube-apiserver kube-controller-manager kube-scheduler节点hostname node03 node4 node5etcd 节点添加
# 操作节点:192.168.30.31# 配置etcd 操作环境 API V3版本操作修改 /etc/profile 添加export ETCDCTL_API=3export ENDPOINTS=https://192.168.30.31:2379source /etc/profile修改 ~/.bashrc 添加alias etcdctl='/apps/etcd/bin/etcdctl --endpoints=${ENDPOINTS} --cacert=/apps/etcd/ssl/etcd-ca.pem --cert=/apps/etcd/ssl/etcd_client.pem --key=/apps/etcd/ssl/etcd_client-key.pem'source ~/.bashrc测试配置是否正确etcdctl endpoint health[root@etcd ~]# etcdctl endpoint healthhttps://192.168.30.31:2379 is healthy: successfully committed proposal: took = 20.258113ms输出正常证明配置正确# 备份etcd 数据 一定要进行备份如果不备份出错只能重新部署了etcdctl snapshot save snapshot.db# 出现问题还原数据etcdctl snapshot restore ./snapshot.db --name=etcd \--initial-advertise-peer-urls=https://192.168.30.31:2380 \--initial-cluster-token=etcd-cluster-0 \--initial-cluster=etcd=https://192.168.30.31:2380 \--data-dir=/apps/etcd/data/default.etcd# 生成新的数组证书## 创建 ETCD Server 配置文件export ETCD_SERVER_IPS=" \ \"192.168.30.31\", \ \"192.168.30.17\", \ \"192.168.30.18\", \ \"192.168.30.19\" \" && \export ETCD_SERVER_HOSTNAMES=" \ \"etcd \", \ \"etcd03 \", \ \"etcd4 \", \ \"etcd5\" \" && \cat << EOF | tee /opt/k8s/cfssl/etcd/etcd_server.json{ "CN": "etcd", "hosts": [ "127.0.0.1", ${ETCD_SERVER_IPS}, ${ETCD_SERVER_HOSTNAMES} ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangDong", "L": "GuangZhou", "O": "niuke", "OU": "niuke" } ]}EOF## 生成 ETCD Server 证书和私钥cfssl gencert \ -ca=/opt/k8s/cfssl/pki/etcd/etcd-ca.pem \ -ca-key=/opt/k8s/cfssl/pki/etcd/etcd-ca-key.pem \ -config=/opt/k8s/cfssl/ca-config.json \ -profile=kubernetes \ /opt/k8s/cfssl/etcd/etcd_server.json | \ cfssljson -bare /opt/k8s/cfssl/pki/etcd/etcd_server## 创建 ETCD Member 2 配置文件export ETCD_MEMBER_2_IP=" \ \"192.168.30.17\" \" && \export ETCD_MEMBER_2_HOSTNAMES="etcd03\" && \cat << EOF | tee /opt/k8s/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json{ "CN": "etcd", "hosts": [ "127.0.0.1", ${ETCD_MEMBER_2_IP}, "${ETCD_MEMBER_2_HOSTNAMES}" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangDong", "L": "GuangZhou", "O": "niuke", "OU": "niuke" } ]}EOF## 生成 ETCD Member 2 证书和私钥cfssl gencert \ -ca=/opt/k8s/cfssl/pki/etcd/etcd-ca.pem \ -ca-key=/opt/k8s/cfssl/pki/etcd/etcd-ca-key.pem \ -config=/opt/k8s/cfssl/ca-config.json \ -profile=kubernetes \ /opt/k8s/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json | \ cfssljson -bare /opt/k8s/cfssl/pki/etcd/etcd_member_${ETCD_MEMBER_2_HOSTNAMES} ## 创建 ETCD Member 3 配置文件export ETCD_MEMBER_3_IP=" \ \"192.168.30.18\" \" && \export ETCD_MEMBER_3_HOSTNAMES="etcd4\" && \cat << EOF | tee /opt/k8s/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json{ "CN": "etcd", "hosts": [ "127.0.0.1", ${ETCD_MEMBER_3_IP}, "${ETCD_MEMBER_3_HOSTNAMES}" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangDong", "L": "GuangZhou", "O": "niuke", "OU": "niuke" } ]}EOF## 生成 ETCD Member 3 证书和私钥cfssl gencert \ -ca=/opt/k8s/cfssl/pki/etcd/etcd-ca.pem \ -ca-key=/opt/k8s/cfssl/pki/etcd/etcd-ca-key.pem \ -config=/opt/k8s/cfssl/ca-config.json \ -profile=kubernetes \ /opt/k8s/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json | \ cfssljson -bare /opt/k8s/cfssl/pki/etcd/etcd_member_${ETCD_MEMBER_3_HOSTNAMES} ## 创建 ETCD Member 4 配置文件export ETCD_MEMBER_4_IP=" \ \"192.168.30.19\" \" && \export ETCD_MEMBER_4_HOSTNAMES="etcd5\" && \cat << EOF | tee /opt/k8s/cfssl/etcd/${ETCD_MEMBER_4_HOSTNAMES}.json{ "CN": "etcd", "hosts": [ "127.0.0.1", ${ETCD_MEMBER_4_IP}, "${ETCD_MEMBER_4_HOSTNAMES}" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangDong", "L": "GuangZhou", "O": "niuke", "OU": "niuke" } ]}EOF## 生成 ETCD Member 4证书和私钥cfssl gencert \ -ca=/opt/k8s/cfssl/pki/etcd/etcd-ca.pem \ -ca-key=/opt/k8s/cfssl/pki/etcd/etcd-ca-key.pem \ -config=/opt/k8s/cfssl/ca-config.json \ -profile=kubernetes \ /opt/k8s/cfssl/etcd/${ETCD_MEMBER_4_HOSTNAMES}.json | \ cfssljson -bare /opt/k8s/cfssl/pki/etcd/etcd_member_${ETCD_MEMBER_4_HOSTNAMES}#分发证书到每个节点scp -r /opt/k8s/cfssl/pki/etcd/etcd* root@192.168.30.17: /apps/etcd/ssl/scp -r /opt/k8s/cfssl/pki/etcd/etcd* root@192.168.30.18: /apps/etcd/ssl/scp -r /opt/k8s/cfssl/pki/etcd/etcd* root@192.168.30.19: /apps/etcd/ssl/# 数据备份完成 添加节点 etcdctl member add node03 --peer-urls=https://192.168.30.17:2380##########################################################etcdctl member add etcd03 https://192.168.30.17:2380Added member named etcd03 with ID 92bf7d7f20e298fc to clusterETCD_NAME="etcd03"ETCD_INITIAL_CLUSTER="etcd03=https://192.168.30.17:2380,etcd=https://192.168.30.31:2380"ETCD_INITIAL_CLUSTER_STATE="existing"################################################################################## 修改启动配文件ETCD_OPTS="--name=node03 \ --data-dir=/apps/etcd/data/default.etcd \ --listen-peer-urls=https://192.168.30.17:2380 \ --listen-client-urls=https://192.168.30.17:2379,https://127.0.0.1:2379 \ --advertise-client-urls=https://192.168.30.17:2379 \ --initial-advertise-peer-urls=https://192.168.30.17:2380 \ --initial-cluster=etcd=https://192.168.30.31:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-token=etcd=https://192.168.30.31:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-state=existing \ --heartbeat-interval=6000 \ --election-timeout=30000 \ --snapshot-count=5000 \ --auto-compaction-retention=1 \ --max-request-bytes=33554432 \ --quota-backend-bytes=17179869184 \ --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \ --cert-file=/apps/etcd/ssl/etcd_server.pem \ --key-file=/apps/etcd/ssl/etcd_server-key.pem \ --peer-cert-file=/apps/etcd/ssl/etcd_member_node03.pem \ --peer-key-file=/apps/etcd/ssl/etcd_member_node03-key.pem \ --peer-client-cert-auth \ --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"# 启动 node03 节点 etcdservice etcd start修改 /etc/profile 添加新节点export ENDPOINTS=https://192.168.30.17:2379,https://192.168.30.31:2379 source /etc/profile etcdctl endpoint status# 查看数据存储大小是否一致如果一致添加新的节点 etcdctl member add node4 --peer-urls=https://192.168.30.18:2380 ETCD_OPTS="--name=node4 \ --data-dir=/apps/etcd/data/default.etcd \ --listen-peer-urls=https://192.168.30.18:2380 \ --listen-client-urls=https://192.168.30.18:2379,https://127.0.0.1:2379 \ --advertise-client-urls=https://192.168.30.18:2379 \ --initial-advertise-peer-urls=https://192.168.30.18:2380 \ --initial-cluster=node4=https://192.168.30.18:2380,etcd=https://192.168.30.31:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-token=node4=https://192.168.30.18:2380,etcd=https://192.168.30.31:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-state=existing \ --heartbeat-interval=6000 \ --election-timeout=30000 \ --snapshot-count=5000 \ --auto-compaction-retention=1 \ --max-request-bytes=33554432 \ --quota-backend-bytes=17179869184 \ --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \ --cert-file=/apps/etcd/ssl/etcd_server.pem \ --key-file=/apps/etcd/ssl/etcd_server-key.pem \ --peer-cert-file=/apps/etcd/ssl/etcd_member_node4.pem \ --peer-key-file=/apps/etcd/ssl/etcd_member_node4-key.pem \ --peer-client-cert-auth \ --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem" etcdctl member add node5 --peer-urls=https://192.168.30.19:2380 ETCD_OPTS="--name=node5 \ --data-dir=/apps/etcd/data/default.etcd \ --listen-peer-urls=https://192.168.30.19:2380 \ --listen-client-urls=https://192.168.30.19:2379,https://127.0.0.1:2379 \ --advertise-client-urls=https://192.168.30.19:2379 \ --initial-advertise-peer-urls=https://192.168.30.19:2380 \ --initial-cluster=node4=https://192.168.30.18:2380,etcd=https://192.168.30.31:2380,node5=https://192.168.30.19:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-token=node4=https://192.168.30.18:2380,etcd=https://192.168.30.31:2380,node5=https://192.168.30.19:2380,node03=https://192.168.30.17:2380 \ --initial-cluster-state=existing \ --heartbeat-interval=6000 \ --election-timeout=30000 \ --snapshot-count=5000 \ --auto-compaction-retention=1 \ --max-request-bytes=33554432 \ --quota-backend-bytes=17179869184 \ --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \ --cert-file=/apps/etcd/ssl/etcd_server.pem \ --key-file=/apps/etcd/ssl/etcd_server-key.pem \ --peer-cert-file=/apps/etcd/ssl/etcd_member_node5.pem \ --peer-key-file=/apps/etcd/ssl/etcd_member_node5-key.pem \ --peer-client-cert-auth \ --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"####修改 /etc/profileexport ENDPOINTS=https://192.168.30.17:2379,https://192.168.30.18:2379,https://192.168.30.19:2379# 验证etcd 集群是否正常[root@node03 ~]# etcdctl endpoint statushttps://192.168.30.17:2379, 92bf7d7f20e298fc, 3.3.13, 30 MB, false, 16, 3963193https://192.168.30.18:2379, 127f6360c5080113, 3.3.13, 30 MB, true, 16, 3963193https://192.168.30.19:2379, 5a0a05654c847f54, 3.3.13, 30 MB, false, 16, 3963193节点正常#然后替换所有新节点--initial-cluster=node4=https://192.168.30.18:2380,node5=https://192.168.30.19:2380,node03=https://192.168.30.17:2380 \--initial-cluster-token=node4=https://192.168.30.18:2380,node5=https://192.168.30.19:2380,node03=https://192.168.30.17:2380 \#这两个配置kube-apiserver 节点添加
# 创建 新节点证书## 创建 Kubernetes API Server 配置文件export K8S_APISERVER_VIP=" \ \"192.168.30.32\", \ \"192.168.30.17\", \ \"192.168.30.18\", \ \"192.168.30.19\", \ \"192.168.30.254\", \" && \export K8S_APISERVER_SERVICE_CLUSTER_IP="10.64.0.1" && \export K8S_APISERVER_HOSTNAME="api.k8s.niuke.local" && \export K8S_CLUSTER_DOMAIN_SHORTNAME="niuke" && \export K8S_CLUSTER_DOMAIN_FULLNAME="niuke.local" && \cat << EOF | tee /opt/k8s/cfssl/k8s/k8s_apiserver.json{ "CN": "kubernetes", "hosts": [ "127.0.0.1", ${K8S_APISERVER_VIP} "${K8S_APISERVER_SERVICE_CLUSTER_IP}", "${K8S_APISERVER_HOSTNAME}", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.${K8S_CLUSTER_DOMAIN_SHORTNAME}", "kubernetes.default.svc.${K8S_CLUSTER_DOMAIN_FULLNAME}" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangDong", "L": "GuangZhou", "O": "niuke", "OU": "niuke" } ]}EOF## 生成 Kubernetes API Server 证书和私钥cfssl gencert \ -ca=/opt/k8s/cfssl/pki/k8s/k8s-ca.pem \ -ca-key=/opt/k8s/cfssl/pki/k8s/k8s-ca-key.pem \ -config=/opt/k8s/cfssl/ca-config.json \ -profile=kubernetes \ /opt/k8s/cfssl/k8s/k8s_apiserver.json | \ cfssljson -bare /opt/k8s/cfssl/pki/k8s/k8s_server# 分发ssl 证书到节点scp -r /opt/k8s/cfssl/pki/k8s/ root@192.168.30.17:/apps/kubernetes/ssl/k8sscp -r /opt/k8s/cfssl/pki/k8s/ root@192.168.30.18:/apps/kubernetes/ssl/k8sscp -r /opt/k8s/cfssl/pki/k8s/ root@192.168.30.19:/apps/kubernetes/ssl/k8s# 修改配置文件### kube-apiserverKUBE_APISERVER_OPTS="--logtostderr=false \ --bind-address=192.168.30.17 \ --advertise-address=192.168.30.17 \ --secure-port=5443 \ --insecure-port=0 \ --service-cluster-ip-range=10.64.0.0/16 \ --service-node-port-range=30000-65000 \ --etcd-cafile=/apps/kubernetes/ssl/etcd/etcd-ca.pem \ --etcd-certfile=/apps/kubernetes/ssl/etcd/etcd_client.pem \ --etcd-keyfile=/apps/kubernetes/ssl/etcd/etcd_client-key.pem \ --etcd-prefix=/registry \ --etcd-servers=https://192.168.30.17:2379,https://192.168.30.18:2379,https://192.168.30.19:2379 \ --client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \ --tls-cert-file=/apps/kubernetes/ssl/k8s/k8s_server.pem \ --tls-private-key-file=/apps/kubernetes/ssl/k8s/k8s_server-key.pem \ --kubelet-client-certificate=/apps/kubernetes/ssl/k8s/k8s_server.pem \ --kubelet-client-key=/apps/kubernetes/ssl/k8s/k8s_server-key.pem \ --service-account-key-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \ --requestheader-client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \ --proxy-client-cert-file=/apps/kubernetes/ssl/k8s/aggregator.pem \ --proxy-client-key-file=/apps/kubernetes/ssl/k8s/aggregator-key.pem \ --requestheader-allowed-names=aggregator \ --requestheader-group-headers=X-Remote-Group \ --requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-username-headers=X-Remote-User \ --enable-aggregator-routing=true \ --anonymous-auth=false \ --experimental-encryption-provider-config=/apps/kubernetes/config/encryption-config.yaml \ --enable-admission-plugins=AlwaysPullImages,DefaultStorageClass,DefaultTolerationSeconds,LimitRanger,NamespaceExists,NamespaceLifecycle,NodeRestriction,OwnerReferencesPermissionEnforcement,PodNodeSelector,PersistentVolumeClaimResize,PodPreset,PodTolerationRestriction,ResourceQuota,ServiceAccount,StorageObjectInUseProtection MutatingAdmissionWebhook ValidatingAdmissionWebhook \ --disable-admission-plugins=DenyEscalatingExec,ExtendedResourceToleration,ImagePolicyWebhook,LimitPodHardAntiAffinityTopology,NamespaceAutoProvision,Priority,EventRateLimit,PodSecurityPolicy \ --cors-allowed-origins=.* \ --enable-swagger-ui \ --runtime-config=api/all=true \ --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \ --authorization-mode=Node,RBAC \ --allow-privileged=true \ --apiserver-count=1 \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --kubelet-https \ --event-ttl=1h \ --feature-gates=RotateKubeletServerCertificate=true,RotateKubeletClientCertificate=true \ --enable-bootstrap-token-auth=true \ --audit-log-path=/apps/kubernetes/log/api-server-audit.log \ --alsologtostderr=true \ --log-dir=/apps/kubernetes/log \ --v=2 \ --endpoint-reconciler-type=lease \ --max-mutating-requests-inflight=100 \ --max-requests-inflight=500 \ --target-ram-mb=6000"### kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \--leader-elect=true \--address=0.0.0.0 \--service-cluster-ip-range=10.64.0.0/16 \--cluster-cidr=10.65.0.0/16 \--node-cidr-mask-size=24 \--cluster-name=kubernetes \--allocate-node-cidrs=true \--kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \--authentication-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \--authorization-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \--use-service-account-credentials=true \--client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \--requestheader-client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \--node-monitor-grace-period=40s \--node-monitor-period=5s \--pod-eviction-timeout=5m0s \--terminated-pod-gc-threshold=50 \--alsologtostderr=true \--cluster-signing-cert-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \--cluster-signing-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \--deployment-controller-sync-period=10s \--experimental-cluster-signing-duration=86700h0m0s \--enable-garbage-collector=true \--root-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \--service-account-private-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \--feature-gates=RotateKubeletServerCertificate=true,RotateKubeletClientCertificate=true \--controllers=*,bootstrapsigner,tokencleaner \--horizontal-pod-autoscaler-use-rest-clients=true \--horizontal-pod-autoscaler-sync-period=10s \--flex-volume-plugin-dir=/apps/kubernetes/kubelet-plugins/volume \--tls-cert-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager.pem \--tls-private-key-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager-key.pem \--kube-api-qps=100 \--kube-api-burst=100 \--log-dir=/apps/kubernetes/log \--v=2"### kube-schedulerKUBE_SCHEDULER_OPTS=" \ --logtostderr=false \ --address=0.0.0.0 \ --leader-elect=true \ --kubeconfig=/apps/kubernetes/config/kube_scheduler.kubeconfig \ --authentication-kubeconfig=/apps/kubernetes/config/kube_scheduler.kubeconfig \ --authorization-kubeconfig=/apps/kubernetes/config/kube_scheduler.kubeconfig \ --alsologtostderr=true \ --kube-api-qps=100 \ --kube-api-burst=100 \ --log-dir=/apps/kubernetes/log \ --v=2"# 其它两个节点参考17节点service kube-apiserver startservice kube-controller-manager startservice kube-scheduler start验证新增节点是否正常
https://192.168.30.17:5443/apishttps://192.168.30.18:5443/apishttps://192.168.30.18:5443/apis签名证书
安装haproxy 及keepalived
yum install -y haproxy keepalived修改 haproxy 配置 /etc/haproxy/haproxy.cfg frontend kube-apiserver-https mode tcp bind :6443 default_backend kube-apiserver-backendbackend kube-apiserver-backend mode tcp server 192.168.30.17-api 192.168.30.17:5443 check server 192.168.30.18-api 192.168.30.18:5443 check server 192.168.30.19-api 192.168.30.19:5443 check# 启动haproxy service haproxy start 三台配置一样# 修改keepalived 配置192.168.30.19配置cat /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { router_id LVS_DEVEL}vrrp_script check_haproxy { script "killall -0 haproxy" interval 3 weight -2 fall 10 rise 2}vrrp_instance VI_1 { state MASTER interface br0 virtual_router_id 51 priority 250 advert_int 2 authentication { auth_type PASS auth_pass 99ce6e3381dc326633737ddaf5d904d2 } virtual_ipaddress { 192.168.30.254/24 } track_script { check_haproxy }}### 192.168.30.18 配置cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs { router_id LVS_DEVEL}vrrp_script check_haproxy { script "killall -0 haproxy" interval 3 weight -2 fall 10 rise 2}vrrp_instance VI_1 { state BACKUP interface br0 virtual_router_id 51 priority 249 advert_int 2 authentication { auth_type PASS auth_pass 99ce6e3381dc326633737ddaf5d904d2 } virtual_ipaddress { 192.168.30.254/24 } track_script { check_haproxy }}## 192.168.30.17 配置cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs { router_id LVS_DEVEL}vrrp_script check_haproxy { script "killall -0 haproxy" interval 3 weight -2 fall 10 rise 2}vrrp_instance VI_1 { state BACKUP interface br0 virtual_router_id 51 priority 248 advert_int 2 authentication { auth_type PASS auth_pass 99ce6e3381dc326633737ddaf5d904d2 } virtual_ipaddress { 192.168.30.254/24 } track_script { check_haproxy }}### 启动三台 keepalived service keepalived start192.168.30.19 配置为master[root@node5 ~]# ip a | grep br02: eth0: mtu 1500 qdisc mq master br0 state UP group default qlen 10006: br0: mtu 1500 qdisc noqueue state UP group default qlen 1000 inet 192.168.30.19/24 brd 192.168.30.255 scope global br0 inet 192.168.30.254/24 scope global secondary br0# 测试192.168.30.254 是否能正常访问https://192.168.30.254:6443
能正常打开
修改node 节点 bootstrap.kubeconfigkubelet.kubeconfig 两个文件连接地址本地~/.kube/config 文件连接地址可以使用vim 修改 server: https://192.168.30.254:6443 修改完成重启node 节点 service kubelet restart 验证node 节点是否正 kubectl get node [root@]~]#kubectl get nodeNAME STATUS ROLES AGE VERSIONingress Ready k8s-ingress 60d v1.14.6ingress-01 Ready k8s-ingress 29d v1.14.6node01 Ready k8s-node 60d v1.14.6node02 Ready k8s-node 60d v1.14.6node03 Ready k8s-node 12d v1.14.6node4 Ready k8s-node 12d v1.14.6node5 Ready k8s-node 12d v1.14.6所有节点正常删除etcd 旧节点
service etcd stopetcdctl member list查找 member keyetcdctl endpoint status验证k8s 集群是否正常### 删除旧节点etcdctl member remove 7994ca589d94dceb再次验证集群[root@node03 ~]# etcdctl member list127f6360c5080113, started, node4, https://192.168.30.18:2380, https://192.168.30.18:23795a0a05654c847f54, started, node5, https://192.168.30.19:2380, https://192.168.30.19:237992bf7d7f20e298fc, started, node03, https://192.168.30.17:2380, https://192.168.30.17:2379[root@node03 ~]# etcdctl endpoint statushttps://192.168.30.17:2379, 92bf7d7f20e298fc, 3.3.13, 30 MB, false, 16, 3976114https://192.168.30.18:2379, 127f6360c5080113, 3.3.13, 30 MB, true, 16, 3976114https://192.168.30.19:2379, 5a0a05654c847f54, 3.3.13, 30 MB, false, 16, 3976114[root@node03 ~]# etcdctl endpoint hashkvhttps://192.168.30.17:2379, 189505982https://192.168.30.18:2379, 189505982https://192.168.30.19:2379, 189505982[root@node03 ~]# etcdctl endpoint healthhttps://192.168.30.17:2379 is healthy: successfully committed proposal: took = 2.671314mshttps://192.168.30.18:2379 is healthy: successfully committed proposal: took = 2.2904mshttps://192.168.30.19:2379 is healthy: successfully committed proposal: took = 3.555137ms[root@]~]#kubectl get nodeNAME STATUS ROLES AGE VERSIONingress Ready k8s-ingress 60d v1.14.6ingress-01 Ready k8s-ingress 29d v1.14.6node01 Ready k8s-node 60d v1.14.6node02 Ready k8s-node 60d v1.14.6node03 Ready k8s-node 12d v1.14.6node4 Ready k8s-node 12d v1.14.6node5 Ready k8s-node 12d v1.14.6一切正常删除etcd 开机启动chkconfig etcd off删除 kube-apiserver 旧节点
service kube-controller-manager stopservice kube-scheduler stopservice kube-apiserver stop 删除开机启动 chkconfig kube-controller-manager offchkconfig kube-scheduler offchkconfig kube-apiserver off再次验证kubectl get node[root@]~]#kubectl get nodeNAME STATUS ROLES AGE VERSIONingress Ready k8s-ingress 60d v1.14.6ingress-01 Ready k8s-ingress 29d v1.14.6node01 Ready k8s-node 60d v1.14.6node02 Ready k8s-node 60d v1.14.6node03 Ready k8s-node 12d v1.14.6node4 Ready k8s-node 12d v1.14.6node5 Ready k8s-node 12d v1.14.6[root@]~]#kubectl get csNAME STATUS MESSAGE ERRORscheduler Healthy okcontroller-manager Healthy oketcd-0 Healthy {"health":"true"}etcd-1 Healthy {"health":"true"}etcd-2 Healthy {"health":"true"}访问k8s 集群里面的业务如果都正常证明增加删除节点操作正确
节点
配置
证书
文件
生成
验证
备份
数据
环境
集群
业务
两个
测试
一致
再次
地址
服务器
三台
服务
采购
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
服务器应用突然响应慢
错误代码105服务器连接失败
梦幻西游手游清歌留欢服务器
济南鼎弘网络技术
Qq同步助手数据库不删除
数据库死锁错误
物联网医疗网络安全图片
剑灵二区哪个服务器人多
灵动互联网科技
深圳元大网络技术有限公司
安全学院网络安全学习教程
网络安全法多少年检测一次
h5专业软件开发服务
数据库设计包含几个内容
始兴租房软件开发
嗨漫服务器
数据库sql如何查询所有表
服务器 H330 S140
软件开发合同额
网络安全协议考试题库
虚拟服务器需要每年都交钱吗
mysql数据库中可以写代码吗
全球海水数据库
超市管理大师服务器掉线
贵州软件开发哪家好
深圳元大网络技术有限公司
网络安全防护4个原则是
5g网络技术解读
Hbase属于什么类型的数据库
黄岛区电商软件开发哪家好
