If you need to provide high availability for kube-apiserver, it is recommended to deploy keepalived+nginx in advance when deploying the kubernetes cluster.
Otherwise, you need to modify the kube-apiserver certificate and add vip to the certificate.
And amend kube-configthe relevant keys ( kube-controller, , kube-scheduler, kubelet) kube-proxyneed to be regenerated, will modify the original kube-apiserver certification for the VIP address
Restart kube-apiserver, kube-controller, kube-scheduler, kubelet, kube-proxyservices, and ultimately you can achieve high availability
Therefore, it will be much more convenient to complete keepalived+nginx before deploying the kubernetes cluster
Why choose keepalived?
Because keepalived has a back-end service 健康检测mechanism, it detects that the back-end nginx (nginx is upstreamimplemented using modules 负载均衡) service is faulty, it will shut itself (keepalived), and make VIP 漂移to one of the other two nodes to ensure and implement kube -High availability of apiserver service
The deployment is based on the front of my blog suse 12 二进制部署 Kubernetets 1.19.7series, the final distribution scripts and start the service inside the array to modify their own (modified to own ip or host name to the host name of the hosts need to be resolved in advance)
Compile and deploy nginx
Download the nginx source package
k8s-01:~ # cd /opt/k8s/packages/
k8s-01:/opt/k8s/packages # wget http://nginx.org/download/nginx-1.16.1.tar.gz
k8s-01:/opt/k8s/packages # tar xf nginx-1.16.1.tar.gz
In order to avoid problems with the keepalived service, restart keepalived after repairing, and the IP drifting back occurs. Here, three modes are selected as BACKUP to reduce data loss.
Create a health check script
k8s-01:~ # cd /opt/k8s/conf/
k8s-01:/opt/k8s/conf # cat > check_port.sh <<"EOF"
CHK_PORT=$1if[ -n "$CHK_PORT"];then
PORT_PROCESS=$(ss -lt|grep $CHK_PORT|wc -l)if[$PORT_PROCESS -eq 0 ];thenecho"Port $CHK_PORT Is Not Used,End."exit 1
fielseecho"Check Port Cant Be Empty!"fi
EOF
Configure keepalived as systemctl management
k8s-01:~ # cd /opt/k8s/conf/
k8s-01:/opt/k8s/conf # cat > keepalived.service <<EOF[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target
[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived \$KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP \$MAINPID[Install]
WantedBy=multi-user.target
EOF
Distribute keepalived binaries and configuration files