Document: Official document, 中文文档, Blog
Organization: DingTalk(35371178), Telegram
Build a kubernetes HA cluster for a production environment.
- Each node will be configured with an ipvs proxy for masters LB, so we needn't haproxy or keepalived any more.
- Then run a lvscare as a staic pod to check apiserver is aviliable.
/etc/kubernetes/manifests/sealyun-lvscare.yaml - If any master is down, lvscare will remove the ipvs realserver, when master recover it will add it back.
- Sealos will send package and apply install commands, so we needn't ansible.
- Debian 9+, x86_64/ arm64
- Ubuntu 16.04, 18.04, 20.04 , x86_64/ arm64
- Centos/RHEL 7.6+, x86_64/ arm64
- 99% systemd manage linux system, x86_64/ arm64
- Kylin arm64
- 1.16+
- 1.17+
- 1.18+
- 1.19+
- 1.20+
- 1.21+
- 1.22+
- 1.23+
Looking for more supported versions, sealyun.com.
-
Minimum resource requirements
- 2 vCpu
- 4G RAM
- 40G+ Storage
-
OS requirements
- SSH can access to all nodes.
- These nodes have unique host names that meet the hostname requirements for kubernetes.
- Time synchronization for all nodes.
- Network Iface name is unique, it is recommended to change it to a standard NIC name, such as (eth.|en.|em.*).
- Kubernetes1.20+, use containerd for default cri. user should not to install containerd or docker-ce. sealos will do it
- Kubernetes1.19-, use docker for default cri. user should not to install docker-ce. sealos will do it for you
-
Networking and DNS requirements:
- Make sure the DNS address in /etc/resolv.conf is available. Otherwise, it may cause some issues of DNS in cluster。
- If you use Ali cloud or Huawei cloud host to deploy. The default pod segment will conflict with AliCloud's dns segment, it is recommended to customize the pod segment by specifying --podcidr during init.
- Sealos disables the firewall by default ,If you need to open the firewall, it is recommended to release the relevant ports manually.
-
Kernel requirements:
- The cni component requires a kernel version of not less than 5.4 when selecting cilium
- If you use Tencent Cloud Hosting to deploy, calico's IPIP rules are disabled by default, and you need to change to VXLAN rules to use it properly.
Environmental information
| Hostname | IP Address |
|---|---|
| master0 | 192.168.0.2 |
| master1 | 192.168.0.3 |
| master2 | 192.168.0.4 |
| node0 | 192.168.0.5 |
Server password:123456
kubernetes .0, the version is not recommended for production environment!!!
Just prepare the server and execute the following command on any server
# download and install sealos, sealos is a binary tool of golang, just download and copy directly to the bin directory, the release page can also be downloaded
wget -c https://sealyun-home.oss-cn-beijing.aliyuncs.com/sealos/latest/sealos && \
chmod +x sealos && mv sealos /usr/bin
# download offline resource pack
wget -c https://sealyun.oss-cn-beijing.aliyuncs.com/05a3db657821277f5f3b92d834bbaf98-v1.22.0/kube1.22.0.tar.gz
# Install a three-master kubernetes cluster
sealos init --passwd '123456' \
--master 192.168.0.2 --master 192.168.0.3 --master 192.168.0.4 \
--node 192.168.0.5 \
--pkg-url /root/kube1.22.0.tar.gz \
--version v1.22.0Parameter meaning
| parameter | meaning | example |
|---|---|---|
| passwd | server password | 123456 |
| master | k8s master IP Address | 192.168.0.2 |
| node | k8s node IP Address | 192.168.0.3 |
| pkg-url | offline resource package address, support downloading to local or a remote address | /root/kube1.22.0.tar.gz |
| version | Resource pack Corresponding version | v1.22.0 |
add master
🐳 → sealos join --master 192.168.0.6 --master 192.168.0.7
🐳 → sealos join --master 192.168.0.6-192.168.0.9 # or multiple consecutive IPsadd node
🐳 → sealos join --node 192.168.0.6 --node 192.168.0.7
🐳 → sealos join --node 192.168.0.6-192.168.0.9 # or multiple consecutive IPsdelete the specified master
🐳 → sealos clean --master 192.168.0.6 --master 192.168.0.7
🐳 → sealos clean --master 192.168.0.6-192.168.0.9 # or multiple consecutive IPsDelete the specified node
🐳 → sealos clean --node 192.168.0.6 --node 192.168.0.7
🐳 → sealos clean --node 192.168.0.6-192.168.0.9 # or multiple consecutive IPsclean up the cluster
🐳 → sealos clean --all- Support ARM version offline package, v1.20 version offline package supports containerd integration, completely abandon docker
- 99 years certificate, support cluster backup and upgrade
- No dependency on ansible haproxy keepalived, a binary tool, 0 dependency
- Offline installation, different versions of kubernetes download corresponding to different versions Resource pack, Offline package contains all binary files configuration files and images
- High-availability local LIB implemented through ipvs, which takes up less resources, is stable and reliable, and is similar to the implementation of kube-proxy
- Almost compatible with all environments that support systemd x86_64 architecture
- Easily add and delete cluster nodes
- Thousands of users use sealos in the online environment, which is stable and reliable
- The resource pack is placed on Alibaba Cloud OSS, so you don’t have to worry about network speed anymore
