#阿里云服务器
#本来是要LSB作为api-server的负载均衡是最好的,但是阿里云的SLB对TCP方式的监听,如果是本服务器访问SLB最后又通过SLB访问到本机的话是走不通的,只有http和https的方式能通。
#node节点最好是使用阿里云的弹性伸缩服务创建,这样后面扩容和伸缩方便。
172.16.208.161 master1
172.16.208.159 master2
172.16.208.160 master3
172.16.208.163 haproxy
172.16.208.164 node1
#修改内核参数
echo net.bridge.bridge-nf-call-iptables = 1 >>/etc/sysctl.conf
echo net.ipv4.ip_forward=1 >>/etc/sysctl.conf
echo net.bridge.bridge-nf-call-iptables=1 >>/etc/sysctl.conf
echo net.bridge.bridge-nf-call-ip6tables=1 >>/etc/sysctl.conf
echo vm.swappiness=0 >>/etc/sysctl.conf
sysctl -p
#关闭swap
#swapoff -a
#sed -i ‘/swap/s/^/#/‘ /etc/fstab
#关闭firewalld
systemctl stop firewalld
systemctl disable firewalld
sed -i ‘s/=enforcing/=disabled/g‘ /etc/selinux/config
#配置IPVS模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#配置源
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
yum makecache
#安装docker
yum -y install docker-ce
#配置加速地址
mkdir -p /etc/docker
cat>/etc/docker/daemon.json <<-‘EOF‘
{
"registry-mirrors": [
"https://1nj0zren.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"http://f1361db2.m.daocloud.io",
"https://registry.docker-cn.com"
]
}
EOF
systemctl daemon-reload
systemctl restart docker
#安装kubeadm等
yum install kubelet kubeadm kubectl -y
#安装ipvs
yum -y install ipvsadm ipset
#启动kubelet
systemctl enable kubelet && systemctl start kubelet
#haproxy服务器操作
yum install -y haproxy
#修改haproxy配置文件
[root@nginx-proxy ~]# egrep -v "^$|^#|#" /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend k8s-master
bind 0.0.0.0:6443
bind 127.0.0.1:6443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server master1 172.16.208.161:6443 check
server master2 172.16.208.159:6443 check
server master3 172.16.208.160:6443 check
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#启动haproxy
[root@haproxy ~]# systemctl start haproxy
#查看
[root@haproxy ~]# ss -lntp|grep 6443
LISTEN 0 128 127.0.0.1:6443 *:* users:(("haproxy",pid=11943,fd=6))
LISTEN 0 128 *:6443 *:* users:(("haproxy",pid=11943,fd=5))
原文:https://www.cnblogs.com/zhangb8042/p/14155035.html