以下是基于 多Master高可用Kubernetes集群 的企业级部署详细步骤,涵盖 Nginx Ingress + MySQL高可用集群 + Tomcat负载均衡 的完整流程:
一、前置条件准备
1. 节点规划
Master节点:3台(高可用控制平面,需奇数台)
Worker节点:至少2台
操作系统:CentOS 7/8 或 Ubuntu 20.04+
网络要求:所有节点间网络互通,禁用防火墙/SELinux
2. 配置主机名及解析
# 所有节点执行sudo hostnamectl set-hostname master1 # 按实际修改为master1, master2, master3, worker1等sudovi /etc/hosts# 添加以下内容(替换实际IP):192.168.1.101 master1192.168.1.102 master2192.168.1.103 master3192.168.1.201 worker1192.168.1.202 worker23. 安装依赖工具
# 所有节点执行sudoapt-get update &&sudoapt-getinstall-y apt-transport-https ca-certificates curl software-properties-common # Ubuntu# 或sudo yum install-y yum-utils device-mapper-persistent-data lvm2 # CentOS二、部署高可用Kubernetes集群
1. 安装Docker
# 所有节点执行curl-fsSL https://get.docker.com |bash-sdocker--mirror Aliyunsudo systemctl enabledocker&&sudo systemctl start docker2. 安装kubeadm/kubelet/kubectl
# 所有节点执行(以Ubuntu为例)sudocurl-fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpgecho"deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" |sudotee /etc/apt/sources.list.d/kubernetes.listsudoapt-get updatesudoapt-getinstall-ykubelet=1.28.0-00kubeadm=1.28.0-00kubectl=1.28.0-00sudo apt-mark hold kubelet kubeadm kubectl3. 初始化第一个Master节点
# 在master1节点执行sudo kubeadm init \ --control-plane-endpoint "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT"\ --upload-certs \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.28.0 \ --service-cidr=10.96.0.0/12\ --pod-network-cidr=192.168.0.0/16\ --apiserver-advertise-address=192.168.1.101# 输出中会包含加入其他Master和Worker的命令,保存备用mkdir-p$HOME/.kubesudocp-i /etc/kubernetes/admin.conf $HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/config4. 加入其他Master节点
# 在master2和master3执行(使用上一步生成的命令,形如):sudo kubeadm join LOAD_BALANCER_DNS:LOAD_BALANCER_PORT \--token xxxx \ --discovery-token-ca-cert-hash sha256:xxxx \ --control-plane \ --certificate-key xxxx5. 加入Worker节点
# 在所有Worker节点执行(使用kubeadm init输出的命令):sudo kubeadm join LOAD_BALANCER_DNS:LOAD_BALANCER_PORT --token xxxx --discovery-token-ca-cert-hash sha256:xxxx6. 安装网络插件(Calico)
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml三、配置存储(NFS示例)
1. 部署NFS Server(可选)
# 在存储节点执行(例如192.168.1.250)sudoapt-getinstall-y nfs-kernel-server # Ubuntusudomkdir-p /data/nfssudochmod777 /data/nfssudovi /etc/exports# 添加:/data/nfs *(rw,sync,no_root_squash)sudo exportfs -asudo systemctl restart nfs-server2. 部署NFS StorageClass
# 使用Helm安装NFS Provisionerhelm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/helm install nfs-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \--setnfs.server=192.168.1.250\--setnfs.path=/data/nfs\--setstorageClass.name=nfs-sc# 验证StorageClasskubectl get storageclass四、部署高可用MySQL集群
1. 创建Secret存储密码
kubectl create secret generic mysql-secret \ --from-literal=root_password=yourpassword\ --from-literal=replication_password=replpassword2. 部署MySQL StatefulSet
# mysql-ha.yamlapiVersion: apps/v1kind: StatefulSetmetadata:name: mysqlspec:serviceName: mysql replicas:3selector:matchLabels:app: mysql template:metadata:labels:app: mysql spec:containers:-name: mysql image: mysql:8.0env:-name: MYSQL_ROOT_PASSWORD valueFrom:secretKeyRef:name: mysql-secretkey: root_password -name: MYSQL_REPLICATION_PASSWORD valueFrom:secretKeyRef:name: mysql-secretkey: replication_password args:-"--server-id=$(expr $RANDOM % 100 + 1)" -"--gtid-mode=ON"-"--enforce-gtid-consistency=ON"-"--log-bin=mysql-bin"-"--binlog-format=ROW"-"--relay-log=mysql-relay"-"--innodb_flush_log_at_trx_commit=1"-"--sync_binlog=1"ports:-containerPort:3306volumeMounts:-name: mysql-datamountPath: /var/lib/mysql volumeClaimTemplates:-metadata:name: mysql-dataspec:accessModes:["ReadWriteOnce"]storageClassName:"nfs-sc"resources:requests:storage: 20Gi3. 部署MySQL服务
# mysql-service.yamlapiVersion: v1kind: Servicemetadata:name: mysqlspec:ports:-port:3306clusterIP: None selector:app: mysqlkubectl apply -f mysql-ha.yamlkubectl apply -f mysql-service.yaml五、部署Tomcat应用
1. 创建Tomcat Deployment
# tomcat-deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: tomcat-appspec:replicas:3selector:matchLabels:app: tomcat strategy:rollingUpdate:maxSurge:1maxUnavailable:0template:metadata:labels:app: tomcat spec:containers:-name: tomcat image: tomcat:9.0-jdk17ports:-containerPort:8080env:-name: DATABASE_URL value:"jdbc:mysql://mysql.default.svc.cluster.local:3306/appdb?useSSL=false"resources:requests:cpu:"100m"memory:"512Mi"limits:cpu:"500m"memory:"1Gi"livenessProbe:httpGet:path: / port:8080initialDelaySeconds:30periodSeconds:10readinessProbe:httpGet:path: / port:8080initialDelaySeconds:20periodSeconds:52. 创建Service
# tomcat-service.yamlapiVersion: v1kind: Servicemetadata:name: tomcat-servicespec:selector:app: tomcat ports:-protocol: TCP port:80targetPort:8080kubectl apply -f tomcat-deployment.yamlkubectl apply -f tomcat-service.yaml六、部署Nginx Ingress Controller
1. 使用Helm安装
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginxhelm install ingress-nginx ingress-nginx/ingress-nginx \--setcontroller.replicaCount=3\--setcontroller.service.type=LoadBalancer\--setcontroller.service.externalTrafficPolicy=Local\--set controller.nodeSelector."kubernetes\.io/os"=linux\--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux\--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux2. 配置Ingress路由规则
# ingress-rule.yamlapiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: web-ingressannotations:nginx.ingress.kubernetes.io/rewrite-target: /spec:ingressClassName: nginx rules:-host: example.com http:paths:-path: / pathType: Prefix backend:service:name: tomcat-serviceport:number:80kubectl apply -f ingress-rule.yaml七、验证与维护
1. 查看集群状态
kubectl get nodes -o widekubectl get pods -A-o widekubectl get svc,pv,pvc2. 测试数据库连接
kubectlexec-it mysql-0 -- mysql -uroot -p$(kubectl get secret mysql-secret -ojsonpath='{.data.root_password}'| base64 --decode)-e"CREATE DATABASE appdb;"3. 访问测试
# 获取Ingress外部IPkubectl get svc ingress-nginx-controller -ojsonpath='{.status.loadBalancer.ingress[0].ip}'# 测试访问(替换实际IP)curl-H"Host: example.com" http://<INGRESS_IP>4. 配置HPA自动扩缩
# hpa.yamlapiVersion: autoscaling/v2kind: HorizontalPodAutoscalermetadata:name: tomcat-hpaspec:scaleTargetRef:apiVersion: apps/v1 kind: Deployment name: tomcat-appminReplicas:2maxReplicas:10metrics:-type: Resource resource:name: cpu target:type: Utilization averageUtilization:80八、架构示意图
用户访问 -> 云厂商LB/Nginx Ingress (外部流量) ↓K8S Ingress Controller (3副本) ↓Tomcat Pods (HPA自动扩缩) ↓MySQL Cluster (3节点StatefulSet) ↓NFS/Ceph Persistent Volumes
补充建议
监控:部署Prometheus + Grafana监控集群状态
日志:使用EFK(Elasticsearch+Fluentd+Kibana)收集日志
备份:使用Velero定期备份K8S资源
安全:启用NetworkPolicy限制Pod间通信,使用Cert-Manager管理TLS证书
以上为完整的企业级高可用架构部署流程,需根据实际环境调整IP地址、存储配置和域名信息。