内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档介绍Kubernetes多集群管理与联邦实战。
风哥提示:
Part01-多集群架构
1.1 集群规划
[root@k8s-master ~]# cat > /root/multi-cluster-arch.txt << 'EOF' FGEDU多集群架构 =============== 1. 集群分布 - 生产集群: 北京机房 - 灾备集群: 上海机房 - 开发集群: 深圳机房 2. 管理工具 - kubefed: 集群联邦 - rancher: 多集群管理 - argocd: GitOps部署 3. 网络互联 - VPN隧道: 集群间通信 - 服务网格: 跨集群服务发现 4. 数据同步 - etcd备份同步 - 配置同步 - 镜像仓库同步 EOF # 配置多集群访问 [root@k8s-master ~]# cat > ~/.kube/config-prod << 'EOF' apiVersion: v1 kind: Config clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTi... server: https://192.168.1.100:6443 name: fgedu-prod contexts: - context: cluster: fgedu-prod user: admin name: fgedu-prod current-context: fgedu-prod EOF [root@k8s-master ~]# cat > ~/.kube/config-dr << 'EOF' apiVersion: v1 kind: Config clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTi... server: https://192.168.2.100:6443 name: fgedu-dr contexts: - context: cluster: fgedu-dr user: admin name: fgedu-dr current-context: fgedu-dr EOF # 合并kubeconfig [root@k8s-master ~]# export KUBECONFIG=~/.kube/config-prod:~/.kube/config-dr [root@k8s-master ~]# kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * fgedu-prod fgedu-prod admin fgedu-dr fgedu-dr admin
Part02-集群联邦配置
2.1 安装KubeFed
[root@k8s-master ~]# curl -LO https://github.com/kubernetes-sigs/kubefed/releases/download/v0.11.0/kubefed_0.11.0_linux_amd64.tar.更多视频教程www.fgedu.net.cngz
[root@k8s-master ~]# tar -xzf kubefed_0.11.0_linux_amd64.tar.gz
[root@k8s-master ~]# mv kubefedctl /usr/local/bin/
# 部署KubeFed控制平面
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/config/crd/bases/core.federation.k8s.io_federatedtypeconfigs.yaml
customresourcedefinition.apiextensions.k8s.io/federatedtypeconfigs.core.federation.k8s.io created
# 初始化联邦
[root@k8s-master ~]# kubefedctl init fgedu-federation –host-cluster-context=fgedu-prod –dns-provider=coredns –dns-zone-name=fgedu.net.cn
Creating namespace “kube-federation-system”
Deploying the KubeFed control plane
Waiting for the KubeFed control plane to become ready
KubeFed control plane initialized successfully
# 加入集群到联邦
[root@k8s-master ~]# kubefedctl join fgedu-prod –cluster-context=fgedu-prod –host-cluster-context=fgedu-prod
cluster.federation.k8s.io/fgedu-prod created
[root@k8s-master ~]# kubefedctl join fgedu-dr –cluster-context=fgedu-dr –host-cluster-context=fgedu-prod
cluster.federation.k8s.io/fgedu-dr created
# 查看联邦集群
[root@k8s-master ~]# kubectl -n kube-federation-system get kubefedclusters
NAME READY AGE
fgedu-prod True 5m
fgedu-dr True 2m
Part03-联邦应用部署
3.1 跨集群应用部署
[root@k8s-master ~]# cat > federated-namespace.yaml << 'EOF' apiVersion: types.kubefed.io/v1beta1 kind: FederatedNamespace metadata: name: fgedu-app spec: placement: clusters: - name: fgedu-prod - name: fgedu-dr EOF [root@k8s-master ~]# kubectl apply -f federated-namespace.yaml federatednamespace.types.kubefed.io/fgedu-app created # 创建联邦Deployment [root@k8s-master ~]# cat > federated-deployment.yaml << 'EOF' apiVersion: types.kubefed.io/v1beta1 kind: FederatedDeployment metadata: name: fgedu-web namespace: fgedu-app spec: template: metadata: labels: app: fgedu-web spec: replicas: 3 selector: matchLabels: app: fgedu-web template: spec: containers: - name: web image: nginx:1.25 ports: - containerPort: 80 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi placement: clusters: - name: fgedu-prod - name: fgedu-dr overrides: - clusterName: fgedu-prod clusterOverrides: - path: /spec/replicas value: 5 - clusterName: fgedu-dr clusterOverrides: - path: /spec/replicas value: 2 EOF [root@k8s-master ~]# kubectl apply -f federated-deployment.yaml federateddeployment.types.kubefed.io/fgedu-web created # 查看联邦应用状态 [root@k8s-master ~]# kubectl get federateddeployment -n fgedu-app NAME AGE fgedu-web 1m # 验证各集群部署 [root@k8s-master ~]# kubectl --context=fgedu-prod get deploy -n fgedu-app NAME READY UP-TO-DATE AVAILABLE AGE fgedu-web 5/5 5 5 1m [root@k8s-master ~]# kubectl --context=fgedu-dr get deploy -n fgedu-app NAME READY UP-TO-DATE AVAILABLE AGE fgedu-web 2/2 2 2 1m
Part04-跨集群服务发现
4.1 联邦服务配置
[root@k8s-master ~]# cat > federated-service.yaml << 'EOF' apiVersion: types.kubefed.io/v1beta1 kind: FederatedService metadata: name: fgedu-web namespace: fgedu-app spec: template: spec: type: LoadBalancer ports: - port: 80 targetPort: 80 selector: app: fgedu-web placement: clusters: - name: fgedu-prod - name: fgedu-dr EOF [root@k8s-master ~]# kubectl apply学习交流加群风哥QQ113257174 -f federated-service.yaml f学习交流加群风哥微信: itpux-comederatedservice.types.kubefed.io/fgedu-web created # 创建联邦Ingress [root@k8s-master ~]# cat > federated-ingress.yaml << 'EOF' apiVersion: types.kubefed.io/v1beta1 kind: FederatedIngress metadata: name: fgedu-web namespace: fgedu-app spec: template: metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: app.fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-web port: number: 80 placement: clusters: - name: fgedu-prod - name: fgedu-dr EOF [root@k8s-master ~]# kubectl apply -f federated-ingress.yaml federatedingress.types.kubefed.io/fgedu-web created # 配置DNS故障转移 [root@k8s-master ~]# cat > federated-servicedns.yaml << 'EOF' apiVersion: multiclusterdns.kubefed.io/v1alpha1 kind: Domain metadata: name: fgedu-domain namespace: fgedu-app spec: domainName: fgedu.net.cn --- apiVersion: multiclusterdns.kubefed.io/v1alpha1 kind: ServiceDNSRecord metadata: name: fgedu-web namespace: fgedu-app spec: domainRef: fgedu-domain recordTTL: 300 dnsPrefix: app EOF [root@k8s-master ~]# kubectl apply -f federated-servfrom PG视频:www.itpux.comicedns.yaml domain.multiclusterdns.kubefed.io/fgedu-domain created servicednsrecord.multiclusterdns.kubefed.io/fgedu-web created
- 使用统一的访问凭证管理
- 配置跨集群网络互联
- 实施联邦应用部署策略
- 配置DNS故障转移
- 建立跨集群监控体系
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
