Location>code7788 >text

Use kubeadm to create highly available Kubernetes and external etcd clusters

Popularity:79 ℃/2025-02-27 23:11:19

Blog link:Use kubeadm to create highly available Kubernetes and external etcd clusters

Preface

Kubernetes' official Chinese documentation is comprehensive and has clear expression, with a large number of examples and analysis

In any case, it is recommended to spend a few hours reading through the official documentation to understand the options during the configuration process and what problems you may encounter.

This article is based on the official documentationGetting started - Production environmentOne chapter to organize the deployment process

Kubernetes Documentation | Kubernetes

Architecture

  • OS: Debian 12
  • CGroup Driver: systemd
  • Container Runtime: containerd
  • CNI: Calico
  • Kubernetes: v1.32.0

Notice
All node servers need to shut down swap

  • Other
    • illustrate
      • This server runs K8S external applications, including Nginx, Nexus, etc.
      • All businesses running by this server are managed through docker-compose
      • "All nodes" in the step description related to K8S's own configuration does not include the server
    • Server
      • vCPU: 2
      • Memory: 4G
    • Network: 192.168.1.100 2E:7E:86:3A:A5:20
    • Port:
      • 8443/tcp: Provide Kubernetes APIServer load balancing to the cluster
  • Etcd
    • Server
      • vCPU: 1
      • Memory: 1G
    • Network
      • Etcd-01: 192.168.1.101 2E:7E:86:3A:A5:21
      • Etcd-02: 192.168.1.102 2E:7E:86:3A:A5:22
      • Etcd-03: 192.168.1.103 2E:7E:86:3A:A5:23
    • Port:
      • 2379/tcp: etcd HTTP API
      • 2380/tcp: etcd peer communication
  • Master
    • Server
      • vCPU: 4
      • Memory: 8G
    • Network
      • Master-01: 192.168.1.104 2E:7E:86:3A:A5:24
      • Master-02: 192.168.1.105 2E:7E:86:3A:A5:25
      • Master-03: 192.168.1.106 2E:7E:86:3A:A5:26
    • Port:
      • 179/tcp: Calico BGP
      • 6443/tcp: Kubernetes APIServer
      • 10250/tcp: kubelet API
  • Node
    • Server
      • vCPU: 4
      • Memory: 8G
    • Network
      • Node-01: 192.168.1.107 2E:7E:86:3A:A5:27
      • Node-02: 192.168.1.108 2E:7E:86:3A:A5:28
      • Node-03: 192.168.1.109 2E:7E:86:3A:A5:29
    • Port:
      • 179/tcp: Calico BGP
      • 10250/tcp: kubelet API

Configure the basic environment

illustrate
All nodes

apt update
apt upgrade
apt install curl apt-transport-https ca-certificates gnupg2 software-properties-common vim

curl -fsSL /kubernetes/core:/stable:/v1.32/deb/ | gpg --dearmor -o /etc/apt/keyrings/
chmod 644 /etc/apt/keyrings/
echo "deb [signed-by=/etc/apt/keyrings/] /kubernetes/core:/stable:/v1.32/deb/ /" | tee /etc/apt//

curl -fsSL /docker-ce/linux/debian/gpg -o /etc/apt/keyrings/
chmod a+r /etc/apt/keyrings/
echo "deb [signed-by=/etc/apt/keyrings/] /docker-ce/linux/debian bookworm stable" | tee /etc/apt//

apt update

apt install 

mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/

systemctl restart containerd

apt install kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

Turn on ipv4 forwarding

edit/etc/, find the configuration below and uncomment

net.ipv4.ip_forward=1

implementsysctl -pApplication configuration

Create a crictl configuration

cat << EOF > /etc/
runtime-endpoint: unix:///run/containerd/
image-endpoint: unix:///run/containerd/
timeout: 10
debug: false
EOF

If you need to access the container repository through a proxy server, you need tocontainerdConfigure proxy services

mkdir -p /etc/systemd/system/
cat << EOF > /etc/systemd/system//
[Service]
Environment="HTTP_PROXY=http://username:password@proxy-server-ip:port"
Environment="HTTPS_PROXY=http://username:password@proxy-server-ip:port"
Environment="NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
EOF

systemctl daemon-reload
systemctl restart

Known issues

usesystemdAs a CGroup Driver and usecontainerdRuntime as a CRI

Need to modify/etc/containerd/, add the following configuration

<Previous Next>