How to Build a Highly Available Kubernetes 1.18 Cluster with kubeadm, HAProxy, and Keepalived

The author needed to create a Kubernetes 1.18 high‑availability (HA) cluster in a test environment and shares the complete process.

Resource download

YAML files are hosted at https://github.com/luckylucky421/kubernetes1.17.3/tree/master. Required container images can be obtained from the Baidu Netdisk link provided in the article.

Node planning

Three master nodes (k8s‑master01, k8s‑master02, k8s‑master03) and one worker node (k8s‑node01) plus a load‑balancer IP (k8s‑lb) are used, all running CentOS 7.6.1800.

Base environment preparation

Install Kubernetes 1.18.2 and Docker 19.0.3.

Set hostnames, update /etc/hosts, disable firewalld, SELinux, and swap; configure time sync, ulimit, and kernel parameters.

Upgrade the kernel to 4.9.220 via rpm.

Component installation

Install ipvs

# yum install ipvsadm ipset sysstat conntrack libseccomp -y
# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
modprobe -- ip_tables
modprobe -- ip_set
modprobe -- xt_set
modprobe -- ipt_set
modprobe -- ipt_rpfilter
modprobe -- ipt_REJECT
modprobe -- ipip
EOF
# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules

Install Docker‑CE

# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce-19.03.8-3.el7 -y
# systemctl start docker && systemctl enable docker
# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
# systemctl restart docker

Install Kubernetes components

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
# yum install -y kubelet-1.18.2-0 kubeadm-1.18.2-0 kubectl-1.18.2-0 --disableexcludes=kubernetes
# systemctl enable kubelet

Cluster initialization

High‑availability configuration

Install keepalived and haproxy on all master nodes, configure haproxy to balance the API server on port 16443, and set up keepalived with a virtual IP (10.211.55.10). A health‑check script monitors the API server.

Master deployment

# cat > kubeadm.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.18.2
controlPlaneEndpoint: "k8s-lb:16443"
networking:
  dnsDomain: cluster.local
  podSubnet: 192.168.0.0/16
  serviceSubnet: 10.211.0.0/12
EOF
# kubeadm config images pull --config kubeadm.yaml
# kubeadm init --config kubeadm.yaml --upload-certs

After initialization, set KUBECONFIG=/etc/kubernetes/admin.conf, install a pod network (e.g., Calico), and join the remaining masters and workers using the generated kubeadm join command.

HA testing

Stop keepalived on one master and verify that the remaining masters continue to serve the cluster and all system pods remain in the Running state.

Dashboard and metrics

Deploy the Kubernetes dashboard (v2) and expose it via NodePort. Retrieve the dashboard token from the kubernetes-dashboard-token-* secret or create a cluster‑role binding for admin access.

Deploy metrics‑server and addon‑resizer images, apply metrics.yaml, and confirm the pods are Running, enabling kubectl top pods and kubectl top nodes usage.