Cluster HA
最后更新于
最后更新于
Since version 1.5, Kubernetes has supported the automatic deployment of a high-availability system for clusters set up with kops or kube-up.sh. This includes:
Etcd in cluster mode
Load balancing for the kube-apiserver
Automatic leader election for kube-controller-manager, kube-scheduler, and cluster-autoscaler (ensuring only one instance is running at any time)
The system is illustrated in the following figure:
Note: The steps below assume that Kubelet and Docker are configured and running normally on each machine.
Installing cfssl:
Generate CA certs:
Generate etcd server/peer certs:
Lastly, run etcd by writing the yaml configuration below to the /etc/kubernetes/manifests/etcd.yaml file on each etcd node. Remember to replace:
<podname> with the etcd node name (e.g., etcd0, etcd1, and etcd2)
<etcd0-ip-address>, <etcd1-ip-address> and <etcd2-ip-address> with the internal IP addresses of the etcd nodes
Note: The above method requires that every etcd node runs kubelet. If you don't want to use kubelet, you can also start etcd through systemd:
Place the kube-apiserver.yaml in the /etc/kubernetes/manifests/ directory on each master node and store related configurations in /srv/kubernetes/. Kubelet will then automatically create and start the apiserver. Configurations include:
basic_auth.csv - basic auth user and password
ca.crt - Certificate Authority cert
known_tokens.csv - tokens that entities (e.g., the kubelet) can use to talk to the apiserver
kubecfg.crt - Client certificate, public key
kubecfg.key - Client certificate, private key
server.cert - Server certificate, public key
server.key - Server certificate, private key
Note: Ensure that the kube-apiserver configuration includes
--etcd-quorum-read=true(set to true by default as of v1.9).
If you're using kubeadm to deploy the cluster, you can follow these steps:
After kube-apiserver is up, it will need to be load-balanced. You could use a cloud platform's load balancing service or configure load balancing for the master nodes with haproxy/lvs.
kube-controller-manager and kube-scheduler must ensure that only one instance is running at any time. This requires a leader election process, so they should be started with --leader-elect=true, for example:
Place the kube-scheduler.yaml and kube-controller-manager.yaml files in the /etc/kubernetes/manifests/ directory on each master node.
kube-dns can be deployed via a Deployment, which is automatically created by kubeadm by default. However, in large-scale clusters, resource limits need to be relaxed, such as:
In addition, resources for dnsmasq should be increased, for example by increasing the cache size to 10000 and increasing the concurrent processing number with --dns-forward-max=1000.
By default, kube-proxy uses iptables for load balancing Services, which can introduce significant latency at scale. An alternative method using IPVS might be considered (note that IPVS was still in beta as of v1.9).
Moreover, it's important to configure kube-proxy to use the IP address of kube-apiserver's load balancer:
kubelet also needs to be configured with the IP address of kube-apiserver's load balancer.
In addition to the configurations mentioned above, persistent storage is also a must for highly available Kubernetes clusters.
For clusters deployed on public clouds, consider using the cloud platform's persistent storage solutions, such as AWS EBS or GCE Persistent Disk.
For clusters deployed on physical machines, network storage solutions such as iSCSI, NFS, Gluster, or Ceph could be used, as well as RAID configurations.
Links to official Kubernetes documentation and related resources
Now let's rephrase this in a more accessible manner, maintaining the original format and transforming it into the style of a popular science magazine.
