HA

• tools

  • cfssl & cfssljson

  • etcd

  • keepalived

  • haproxy

  • helm

• external etcd

kubernetes high availability

[!TIP|label:references]

• extenal etcd topology certificates located in : /etc/etcd/ssl
• stacked etcd topology certificates located in : /etc/kubernetes/pki/etcd
• Proposal for a highly available control plane configuration for ‘kubeadm’ deployments
• Proposal for kubeadm self-hosted HA deployment
• kubeadm upgrades / self-hosting / HA v1.8 implementation working group
• Ansible Tutorial: Setup HAProxy and HTTPS from Let’s Encrypt with Ansible
• * Kubernetes High Availability

tools

cfssl & cfssljson

$ sudo bash -c "curl -o /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64"
$ sudo bash -c "curl -o /usr/local/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64"
$ sudo chmod +x /usr/local/bin/cfssl*

etcd

$ curl -fsSL https://github.com/etcd-io/etcd/releases/download/v3.3.15/etcd-v3.3.15-linux-amd64.tar.gz |
       sudo tar -xzv --strip-components=1 -C /usr/local/bin/

keepalived

references:

• Step 26 - KeepAliveD

$ mkdir -p ~/temp
$ sudo mkdir -p /etc/keepalived/

$ curl -fsSL ${keepaliveDownloadUrl}/keepalived-2.0.18.tar.gz | tar xzf - -C ~/temp

$ pushd .
$ cd ~/temp/keepalived-2.0.18
$ ./configure && make
$ sudo make install
$ sudo cp keepalived/keepalived.service /etc/systemd/system/
$ popd
$ rm -rf ~/temp

haproxy

$ curl -fsSL http://www.haproxy.org/download/2.0/src/haproxy-2.0.6.tar.gz | tar xzf - -C ~

$ pushd .
$ cd ~/haproxy-2.0.6
$ make TARGET=linux-glibc \
       USE_LINUX_TPROXY=1 \
       USE_ZLIB=1 \
       USE_REGPARM=1 \
       USE_PCRE=1 \
       USE_PCRE_JIT=1 \
       USE_OPENSSL=1 \
       SSL_INC=/usr/include \
       SSL_LIB=/usr/lib \
       ADDLIB=-ldl \
       USE_SYSTEMD=1
$ sudo make install
$ sudo cp haproxy /usr/sbin/
$ sudo cp examples/haproxy.init /etc/init.d/haproxy && sudo chmod +x $_
$ popd
$ rm -rf ~/haproxy-2.0.6

helm

$ curl -fsSL \
       https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz |
       sudo tar -xzv --strip-components=1 -C /usr/local/bin/

$ while read -r _i; do
    sudo chmod +x "/usr/local/bin/${_i}"
done < <(echo helm tiller)

• configuration

  $ helm init
  $ helm init --client-only
  
  $ kubectl -n kube-system create serviceaccount tiller
  $ kubectl create clusterrolebinding tiller-cluster-rule \
                   --clusterrole=cluster-admin \
                   --serviceaccount=kube-system:tiller
  $ kubectl -n kube-system patch deploy \
                  tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
  
  $ helm repo add jetstack https://charts.jetstack.io

external etcd

external etcd topology