Prerequisites for High-Available (HA) K8s Deployment on Debian
Before starting, ensure the following requirements are met to avoid configuration issues:
- Hardware: At least 3 Debian nodes (1 master + 2 workers recommended for production) with 2+ CPU cores, 2GB+ RAM, and 20GB+ disk space.
- Software: Debian 12 (Bookworm) or later (stable kernel for container runtime support).
- Network: Static IPs for all nodes; all nodes must be able to communicate over required ports (e.g., 6443 for kube-apiserver, 10250 for kubelet).
Step 1: Prepare All Nodes
- Disable Swap: Kubelet requires swap to be disabled for proper memory management. Run on all nodes:
sudo swapoff -a sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab - Set Hostnames & Update
/etc/hosts: Assign unique hostnames (e.g.,k8s-master-01,k8s-worker-01) and add IP-hostname mappings to/etc/hostson all nodes:sudo hostnamectl set-hostnameecho " " - Install Container Runtime: Use
containerd(default for K8s) as the container runtime. On all nodes:sudo apt update && sudo apt install -y containerd sudo mkdir -p /etc/containerd sudo containerd config default | sudo tee /etc/containerd/config.toml sudo systemctl restart containerd - Add Kubernetes Repository & Install Core Components: On all nodes, add the official Kubernetes APT repo and install
kubelet,kubeadm, andkubectl:sudo apt update && sudo apt install -y apt-transport-https curl curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt update && sudo apt install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl # Prevent accidental upgrades
Step 2: Initialize the Master Node with HA Support
- Initialize Master with Pod Network CIDR: Use
kubeadmto initialize the master node, specifying a pod network range (e.g.,10.244.0.0/16for Calico):
Replacesudo kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint:6443 192.168.1.100) that will route traffic to the master nodes. - Configure
kubectl: Set upkubectlfor the current user to manage the cluster:mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config - Deploy Pod Network Plugin: Install a CNI plugin (e.g., Calico) to enable pod communication. Run on the master node:
Verify the network is running:kubectl apply -f https://docs.projectcalico.org/manifests/calico.yamlkubectl get pods -n calico-system
Step 3: Join Worker Nodes to the Cluster
Run the kubeadm join command (output during master initialization) on each worker node to add them to the cluster:
sudo kubeadm join :6443 --token --discovery-token-ca-cert-hash sha256:<hash>
Replace
Step 4: Configure HA for Control Plane Components
The control plane (kube-apiserver, etcd, kube-scheduler, kube-controller-manager) requires redundancy to avoid single points of failure.
A. Etcd High Availability
Etcd is the key-value store for K8s cluster state. Deploy a 3-node etcd cluster (recommended for quorum) using kubeadm:
- Modify Master Initialization: Add
--control-plane-endpointand--upload-certsto thekubeadm initcommand to enable etcd clustering:sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint:6443 --upload-certs - Join Additional Masters: For each additional master node, run the
kubeadm joincommand with--control-planeflag (output during initial master setup):sudo kubeadm join:6443 --token --discovery-token-ca-cert-hash sha256:<hash> --control-plane --certificate-key
B. Kube-API Server Load Balancing
Use a load balancer (e.g., HAProxy, Nginx, or cloud-native LB) to distribute traffic to multiple kube-apiserver instances (running on each master). Example HAProxy config (/etc/haproxy/haproxy.cfg):
frontend k8s-api
bind :6443
mode tcp
default_backend k8s-api-backend
backend k8s-api-backend
mode tcp
balance roundrobin
server master-01 :6443 check
server master-02 :6443 check
server master-03 :6443 check
Restart HAProxy to apply changes:
sudo systemctl restart haproxy
C. Scheduler & Controller Manager High Availability
These components run on each master node and use leader election (--leader-elect=true, enabled by default) to ensure only one instance is active at a time. No additional configuration is needed during initialization.
Step 5: Validate the HA Cluster
- Check Node Status: Ensure all nodes are
Ready:kubectl get nodes - Verify Control Plane Components: Check that kube-apiserver, etcd, scheduler, and controller-manager are running on each master:
kubectl get pods -n kube-system - Test Failover: Simulate a master node failure (e.g., stop the kubelet service) and verify that another master takes over leadership (check etcd logs or
kubectl get componentstatuses).
Step 6: Implement Monitoring & Backup
- Monitoring: Deploy Prometheus + Grafana to track cluster metrics (e.g., node CPU/memory, pod status, etcd latency). Use the kube-prometheus-stack Helm chart for easy deployment.
- Backup: Regularly back up etcd data (critical for cluster recovery). Use
etcdctlor tools like Velero:# Example: Snapshot etcd data (run on any master) ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot save /tmp/etcd-snapshot.db
Key Best Practices
- Use Odd Number of Etcd Nodes: 3 or 5 nodes ensure quorum (majority) and prevent split-brain scenarios.
- Secure Communication: Enable TLS for etcd, kube-apiserver, and load balancers. Use certificates issued by a trusted CA.
- Regular Updates: Keep Kubernetes components and Debian packages up to date to patch security vulnerabilities.
- Disaster Recovery Plan: Test backup restoration (e.g., restore etcd from a snapshot) to ensure quick recovery from failures.
以上就是关于“Debian如何实现K8S高可用部署”的相关介绍,筋斗云是国内较早的云主机应用的服务商,拥有10余年行业经验,提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩,主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复;电子化备案,提交快速,专业团队7×24小时服务支持!
简单好用、高性价比云服务器租用链接:https://www.jindouyun.cn/product/cvm