multipass 搭建高可用 microk8s 集群

安装 multipass


$ brew search multipass
$ brew cask info multipass
$ brew cask install multipass
$ multipass version

关于 multipass 如何使用和启用虚拟机参考官方文档。

安装 microk8s


$ sudo snap install microk8s --classic --channel=latest/stable

已安装过：


$ sudo snap refresh microk8s --classic --channel=latest/stable

启动 dns：


$ microk8s enable dns

添加节点

master 节点启用 high availability：


$ microk8s enable ha-cluster

获取添加节点的命令：


$ microk8s add-node
From the node you wish to join to this cluster, run the following:
microk8s join 192.168.64.4:25000/d503839edbda78cf69f88546dbd38070

If the node you are adding is not reachable through the default interface you can use one of the following:
 microk8s join 192.168.64.4:25000/d503839edbda78cf69f88546dbd38070
 microk8s join 10.88.0.1:25000/d503839edbda78cf69f88546dbd380

从节点运行上述的 join 命令添加到 cluster：


$ microk8s join 192.168.64.4:25000/d503839edbda78cf69f88546dbd38070

等待几分钟，在 master 节点上就可以查询到添加的节点：


$ microk8s.kubectl get node
NAME   STATUS   ROLES    AGE   VERSION
vm1    Ready    <none>   18h   v1.20.2-34+350770ed07a558
vm2    Ready    <none>   15h   v1.20.2-34+350770ed07a558
vm3    Ready    <none>   15h   v1.20.2-34+350770ed07a558

部署应用


$ microk8s kubectl create deployment microbot --image=dontrebootme/microbot:v1
$ microk8s kubectl scale deployment microbot --replicas=3

创建服务：


$ microk8s kubectl expose deployment microbot --type=NodePort --port=80 --name=microbot-service

查看服务：


$ microk8s.kubectl get svc
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes         ClusterIP   10.152.183.1     <none>        443/TCP        12h
microbot-service   NodePort    10.152.183.113   <none>        80:31569/TCP   9h

浏览器分别访问：

http://<vm1-ip>:31569

http://<vm2-ip>:31569

http://<vm3-ip>:31569

访问 dashboard


$ microk8s enable dashboard

为 dashboard 配置 https 证书：


$ openssl genrsa -out dashboard.key 2048
$ openssl req -days 36000   -new -out dashboard.csr    -key dashboard.key   -subj '/CN=**vm1.solirpa.com**'
$ openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
$ microk8s kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system

# 若提示已经存在 kubernetes-dashboard-certs 证书，执行以下命令
$ microk8s kubectl delete secret kubernetes-dashboard-certs -n kube-system

生成访问 token：


$ microk8s.kubectl -n kube-system describe secret $(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)

使用 port forward 访问 dashboard 页面：


$ microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443 --address 0.0.0.0
Forwarding from 0.0.0.0:10443 -> 8443

使用上述生成的 token 就可以访问 dashboard 页面了。

prometheus 监测集群指标


$ microk8s enable prometheus

访问 prometheus 及 Grafana UI：


# Prometheus UI
$ microk8s kubectl port-forward -n monitoring service/prometheus-k8s --address 0.0.0.0 9090:9090
Forwarding from 0.0.0.0:9090 -> 9090
# Grafana UI
$ microk8s kubectl port-forward -n monitoring service/grafana --address 0.0.0.0 3000:3000
Forwarding from 0.0.0.0:3000 -> 3000