现集群架构是单master(192.168.110.3),为了提升高可用性决定增加2个master(192.168.110.4、192.168.110.5),但是当192.168.110.3宕机,需要逐个变更worker节点的
/etc/kubernetes/kubelet.conf配置,所以决定安装kube-vip。
根据官网文档分别在3台master上创建kube-vip
$vim /etc/kubernetes/manifests/kube-vip.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
name: kube-vip
namespace: kube-system
spec:
containers:
- args:
- manager
env:
- name: vip_arp
value: "true"
- name: port
value: "6443"
- name: vip_interface
value: ens192 #网卡
- name: vip_cidr
value: "32"
- name: cp_enable
value: "true"
- name: cp_namespace
value: kube-system
- name: vip_ddns
value: "false"
- name: svc_enable
value: "true"
- name: vip_leaderelection
value: "true"
- name: vip_leaseduration
value: "5"
- name: vip_renewdeadline
value: "3"
- name: vip_retryperiod
value: "1"
- name: address
value: 192.168.110.220 #vip
image: ghcr.io/kube-vip/kube-vip:v0.4.0
imagePullPolicy: Always
name: kube-vip
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_TIME
volumeMounts:
- mountPath: /etc/kubernetes/admin.conf
name: kubeconfig
hostAliases:
- hostnames:
- kubernetes
ip: 127.0.0.1
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes/admin.conf
name: kubeconfig
status: {}
稍等之后,测试vip网络
$tcping 192.168.110.220 6443
192.168.110.220 port 6443 open.
$kubectl edit cm kubeadm-config -n kube-system
#编辑以下内容
···
clusterName: kubernetes
controlPlaneEndpoint: ${vip}:6443
···
否则更改kubeconfig server后连接爆“Error while proxying request: tls: failed to verify certificate: x509”
#删除旧证书
$rm /etc/kubernetes/pki/apiserver.*
#更新证书
$kubeadm init phase certs apiserver --control-plane-endpoint 192.168.110.220:6443
否则一旦master宕机,无法正常工作
$sed -i 's/192.168.110.3/192.168.110.220/g' /etc/kubernetes/kubelet.conf
$systemctl restart kubelet