阿里云搭建k8s高可用集群（1.17.3）

首先准备5台centos7 ecs实例最低要求2c4G 开启SLB（私网）

这里我们采用堆叠拓扑的方式构建高可用集群，因为k8s 集群etcd采用了raft算法保证集群一致性，所以高可用必须保证至少3台master+2work

master01 172.26.0.1
master01 172.26.0.2
master01 172.26.0.3
work01 172.26.0.4
work02 172.26.0.5
slb 172.26.0.99

　　

首先在每台机器上执行以下脚本，这段脚本将会帮助你初始安装docker+k8s三件套：

yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
rm -rf /etc/docker/daemon.json
cat>>/etc/docker/daemon.json<<EOF
{
  "registry-mirrors": ["https://你的镜像加速器地址"]
}
EOF
systemctl start docker.service
systemctl enable docker.service
rm -rf /etc/yum.repos.d/kubernetes.repo
cat>>/etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
systemctl enable kubelet.service

　　接着我们进入master01修改hosts加入k8sapi地址(这里是实现高可用的重点)并初始化集群：

cat>>/etc/hosts<<EOF
172.26.0.1 k8sapi
EOF
kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=cri --control-plane-endpoint "k8sapi:6443"  --kubernetes-version=1.17.3 
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

　　初始化成功后，我们需要将slb映射到master01的tcp:6443端口上并将master01生成的证书拷贝到02,03两台机器上，登录02 03分别执行：

cat>>/etc/hosts<<EOF
172.26.0.99 k8sapi
EOF
mkdir  /etc/kubernetes/pki/
mkdir /etc/kubernetes/pki/etcd

　　重新登录01并执行：

cd /etc/kubernetes/pki/
scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
cd etcd
scp ca.crt ca.key [email protected]:/etc/kubernetes/pki/etcd/
scp ca.crt ca.key [email protected]:/etc/kubernetes/pki/etcd/

　　再次登录02 03并分别执行：

kubeadm join k8sapi:6443 --token xxx     --discovery-token-ca-cert-hash sha256 :xxx  --control-plane
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

　　登录04 05 并执行：

cat>>/etc/hosts<<EOF
172.26.0.99 k8sapi
EOF
kubeadm join k8sapi:6443 --token xxx   --discovery-token-ca-cert-hash sha256:xxx

　　最后重新登录到02 03 修改etc/hosts k8sapi指向各自的内网IP地址。这时候在任意master节点执行安装网络插件：

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

　　最终效果如下：

$kubectl get node
NAME                    STATUS   ROLES    AGE   VERSION
master01                Ready    master   92m   v1.17.3
master02                Ready    <none>   50m   v1.17.3
master03                Ready    master   51m   v1.17.3
worker01                Ready    master   77m   v1.17.3
worker02                Ready    <none>   50m   v1.17.3