Comprehensive Guide to Deploying a Highly Available Kubernetes Cluster with Nginx+Keepalived, Ingress, NFS, and Harbor

This article provides a detailed, practical guide for building a production‑grade Kubernetes environment with high availability and integrated services.

1. Environment preparation : Set hostnames, configure /etc/hosts, establish SSH trust, synchronize time, disable firewalls, swap, and SELinux, and enable bridge‑network traffic inspection.

2. Container runtime : Install Docker (or Docker CE) and configure a registry mirror, then install containerd and adjust the cgroup driver to systemd.

3. Kubernetes components : Add the Kubernetes yum repository, install specific versions of kubelet, kubeadm, and kubectl, and enable kubelet as a system service.

4. Cluster initialization : Pull required images, run kubeadm init with custom API server advertise address, image repository, service CIDR, and pod network CIDR, then set up kubeconfig for the admin user.

5. Node join : Generate a token and certificate key, then join worker nodes using kubeadm join with the control‑plane endpoint.

6. Networking : Deploy the Flannel CNI plugin, verify pod communication, and troubleshoot network readiness errors.

7. High availability : Add a second master node, configure Nginx as a TCP load balancer, and set up Keepalived with VRRP to provide a virtual IP for the API server.

8. Dashboard : Deploy the Kubernetes dashboard, expose it via a NodePort service, create a ServiceAccount with cluster‑admin privileges, and obtain a login token.

9. NFS storage : Install NFS utilities on all nodes, configure exports on the master, mount the share on workers, and set up an NFS‑subdir external provisioner via Helm with a custom StorageClass.

10. Ingress controller : Install the NGINX Ingress controller using Helm (or a YAML manifest), ensuring proper image sources and NodePort exposure.

11. Harbor registry : Generate a self‑signed CA and server certificate, create a TLS secret, add the Harbor Helm repo, and install Harbor with TLS, external URL, and NFS‑backed persistence for all components.

12. Containerd registry configuration : Add the Harbor CA to containerd’s TLS config, set authentication credentials, and reload containerd to enable pulling images directly from Harbor.

By following these steps, readers can achieve a fully functional, highly available Kubernetes cluster with integrated monitoring, storage, and private image registry.