[!TIP|label:references]
- extenal etcd topology certificates located in :
/etc/etcd/ssl
- stacked etcd topology certificates located in :
/etc/kubernetes/pki/etcd
- Proposal for a highly available control plane configuration for ‘kubeadm’ deployments
- Proposal for kubeadm self-hosted HA deployment
- kubeadm upgrades / self-hosting / HA v1.8 implementation working group
- Ansible Tutorial: Setup HAProxy and HTTPS from Let’s Encrypt with Ansible
- * Kubernetes High Availability
tools
cfssl & cfssljson
$ sudo bash -c "curl -o /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64"
$ sudo bash -c "curl -o /usr/local/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64"
$ sudo chmod +x /usr/local/bin/cfssl*
etcd
$ curl -fsSL https://github.com/etcd-io/etcd/releases/download/v3.3.15/etcd-v3.3.15-linux-amd64.tar.gz |
sudo tar -xzv --strip-components=1 -C /usr/local/bin/
keepalived
references:
$ mkdir -p ~/temp
$ sudo mkdir -p /etc/keepalived/
$ curl -fsSL ${keepaliveDownloadUrl}/keepalived-2.0.18.tar.gz | tar xzf - -C ~/temp
$ pushd .
$ cd ~/temp/keepalived-2.0.18
$ ./configure && make
$ sudo make install
$ sudo cp keepalived/keepalived.service /etc/systemd/system/
$ popd
$ rm -rf ~/temp
haproxy
$ curl -fsSL http://www.haproxy.org/download/2.0/src/haproxy-2.0.6.tar.gz | tar xzf - -C ~
$ pushd .
$ cd ~/haproxy-2.0.6
$ make TARGET=linux-glibc \
USE_LINUX_TPROXY=1 \
USE_ZLIB=1 \
USE_REGPARM=1 \
USE_PCRE=1 \
USE_PCRE_JIT=1 \
USE_OPENSSL=1 \
SSL_INC=/usr/include \
SSL_LIB=/usr/lib \
ADDLIB=-ldl \
USE_SYSTEMD=1
$ sudo make install
$ sudo cp haproxy /usr/sbin/
$ sudo cp examples/haproxy.init /etc/init.d/haproxy && sudo chmod +x $_
$ popd
$ rm -rf ~/haproxy-2.0.6
helm
$ curl -fsSL \
https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz |
sudo tar -xzv --strip-components=1 -C /usr/local/bin/
$ while read -r _i; do
sudo chmod +x "/usr/local/bin/${_i}"
done < <(echo helm tiller)
configuration
$ helm init $ helm init --client-only $ kubectl -n kube-system create serviceaccount tiller $ kubectl create clusterrolebinding tiller-cluster-rule \ --clusterrole=cluster-admin \ --serviceaccount=kube-system:tiller $ kubectl -n kube-system patch deploy \ tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' $ helm repo add jetstack https://charts.jetstack.io