# k8s单节点升级为高可用 参考网址:[https://zahui.fan/posts/34d8fad0/](https://zahui.fan/posts/34d8fad0/) - 导出kubeadm配置 ``` kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm.yaml ``` - 添加证书SANs信息 **certSANs到extraArgs中间的内容,既负载均衡地址,所有的master主机名,IP地址** **controlPlaneEndpoint: kube-api-server:6443 修改成负载均衡的地址** **如果没有则增加** ``` apiServer: certSANs: # 这里需要包含负载均衡、所有master节点的hostname和ip - kube-api-server - 5-10.vpclub.io - 5-11.vpclub.io - 5-12.vpclub.io - 192.168.5.10 - 192.168.5.11 - 192.168.5.12 - 192.168.5.200 extraArgs: authorization-mode: Node,RBAC timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controlPlaneEndpoint: kube-api-server:6443 # 修改成负载均衡的地址 controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.20.15 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 serviceSubnet: 10.96.0.0/12 scheduler: {} ``` [![](http://qq829.cn/book/uploads/images/gallery/2023-08/scaled-1680-/h1x4Rkd5vBO19VDb-image-1691428059058.png)](http://qq829.cn/book/uploads/images/gallery/2023-08/h1x4Rkd5vBO19VDb-image-1691428059058.png) - 备份原kubernetes配置文件 ``` mkdir -p /data/vpclub/kubernetes-bak/kubernetes-20240619 cp /etc/kubernetes/** /data/vpclub/kubernetes-bak/kubernetes-20240619 -rf ``` - 生成新的证书 ``` # 删除旧的证书 rm /etc/kubernetes/pki/apiserver.key -rf rm /etc/kubernetes/pki/apiserver.crt # 生成新的配置 kubeadm init phase certs apiserver --config kubeadm.yaml # 查看证书内容,应该要多出刚增加的那些主机和IP地址 openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text ``` [![](http://qq829.cn/book/uploads/images/gallery/2023-08/scaled-1680-/iqKnlTINgI5hkig2-image-1691428177862.png)](http://qq829.cn/book/uploads/images/gallery/2023-08/iqKnlTINgI5hkig2-image-1691428177862.png) - 更新cluster-info配置 ``` # server部分修改为负载均衡地址,本次使用的是 kube-api-server kubectl -n kube-public edit cm cluster-info ``` [![](http://qq829.cn/book/uploads/images/gallery/2023-08/scaled-1680-/F3rEo9b4zXVYjuTu-image-1691428504407.png)](http://qq829.cn/book/uploads/images/gallery/2023-08/F3rEo9b4zXVYjuTu-image-1691428504407.png) - 将配置更新到集群 ``` kubeadm init phase upload-config kubeadm --config kubeadm.yaml # 再次查看配置是否已经生效,如果有不正确的地方需要修改过来 kubectl edit cm kubeadm-config -n kube-system ``` - 重启Apiserver ``` kubectl delete pod kube-apiserver-5-10.vpclub.io kube-controller-manager-5-10.vpclub.io -n kube-system ``` - 创建KUBE-VIP自动部署清单 ``` # 注意命令行中的VIP地址,网卡名称 docker run --network host --rm swr.cn-south-1.myhuaweicloud.com/vp-whdev/all-in-devops/kube-vip:v0.6.0 manifest pod --interface=eth0 --vip 192.168.5.200 --controlplane --services --arp --leaderElection | tee /etc/kubernetes/manifests/kube-vip.yaml # 测试一下VIP是否起效,到其他机器也ping一下 ping kube-api-server ping 192.168.5.200 ``` - 更新其他配置,将所有如下三个文件的server部分修改为负载均衡地址,本次使用的是 kube-api-server ``` vi /etc/kubernetes/kubelet.conf # 不确定,默认情况下应该为主机IP vi /etc/kubernetes/controller-manager.conf # 不确定,默认情况下应该为主机IP vi /etc/kubernetes/scheduler.conf ``` [![](http://qq829.cn/book/uploads/images/gallery/2023-08/scaled-1680-/JJqvZj4ChFO7sKen-image-1691428541769.png)](http://qq829.cn/book/uploads/images/gallery/2023-08/JJqvZj4ChFO7sKen-image-1691428541769.png) - 重启kubelet和容器 ``` systemctl restart kubelet kubectl delete pod -n kube-system kube-controller-manager-5-10.vpclub.io kubectl delete pod -n kube-system kube-scheduler-5-10.vpclub.io ``` - 修改kube-proxy配置,将server 部分修改为负载均衡地址,本次使用的是 kube-api-server ``` kubectl edit configmap kube-proxy -n kube-system # 重启 kube-proxy kubectl rollout restart daemonset kube-proxy -n kube-system ``` - 修改kubectl 配置 ``` vi ~/.kube/config vi /etc/kubernetes/admin.conf # 查看集群信息 kubectl cluster-info ``` - 加入新master集群 ``` echo "$(kubeadm token create --print-join-command) --control-plane --certificate-key $(kubeadm init phase upload-certs --upload-certs | tail -1)" 复制回显到新的master机器执行 ``` - 加入node到集群 ``` kubeadm token create --print-join-command ```