访问集群中部署的Nginx,打开浏览器输入::38696
Kubernets Apiserver HA SLB 准备环境 内网ip 角色 安装软件 主机名192.168.0.10 master01 etcd,kube-apiserver,kube-controller-manager,kube-scheduler 8bettest518
192.168.0.12 master02 etcd,kube-apiserver,kube-controller-manager,kube-scheduler 8bettest519
192.168.0.7 node01 docker,kubelet,kube-proxy,flannel 8bettest520
192.168.0.8 node02 docker,kubelet,kube-proxy,flannel 8bettest521
192.168.0.4 slb master etcd,keeaplived,nginx 8bettest522
192.168.0.9 slb backup keeaplived,nginx 8bettest523
192.168.0.200 keepalived上的VIP
我们使用两台机器,当前是使用nginx+keepalived软件进行apiserver 6443接口的负载均衡,实现apiserver高可用。
部署nginx和keepalived这里我们采用Nginx作为负载均衡软件,现在流量大的apiserver 也可以采用haproxy 作为负载均衡软件,也可以使用。
nginx 配置 yum install -y nginx k8s-lb01,k8s-lb02都要安装 centos7要是没有nginx源,添加nginx的源 cat > /etc/yum.repos.d/nginx.repo << EOF [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/\$basearch/ gpgcheck=0 EOFnginx 主配置文件
[root@k8s-lb02 nginx]# egrep -v '#|^$' /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } stream { log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; upstream k8s-apiserver { server 192.168.0.10:6443; server 192.168.0.12:6443; } server { listen 6443; proxy_pass k8s-apiserver; } } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }# 两台nginx的配置文件一样
[root@k8s-lb01 nginx]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@k8s-lb01 nginx]# systemctl start nginx Keepalived配置安装keepalived
yum install -y keepalived主keepalived.conf
[root@k8s-lb01 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/nginx/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface eth0 # 网卡名 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 100 # 优先级,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.200/24 # vip地址 } track_script { check_nginx # 监控脚本 } }从keepalived.conf
[root@k8s-lb02 nginx]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/nginx/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP interface eth0 # 网卡名 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 90 # 优先级,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.200/24 # vip地址 } track_script { check_nginx # 监控脚本 } }编写check_nginx.sh
#!/bin/bash count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then systemctl stop keepalived fi