k8s二进制安装04-安装配置nginx和keepalived

keepalived设定#

安装keepalived

## 在lb01和lb02上安装keepalived软件
yum install -y keepalived

配置keepalived

keepalived主节点--lb01上配置

## 修改配置文件-/etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb01_192.168.1.41
   enable_script_security
   script_user root
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx_process.sh"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 90
    advert_int 1
    mcast_src_ip 192.168.1.41
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    
    track_script {
        chk_nginx
    }
    
    virtual_ipaddress {
        192.168.1.40
    }
}

keepalived从节点--lb02上配置

## 修改配置文件-/etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb02_192.168.1.42
   enable_script_security
   script_user root
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx_process.sh"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    mcast_src_ip 192.168.1.42
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    
    track_script {
        chk_nginx
    }
    
    virtual_ipaddress {
        192.168.1.40
    }
}

创建监听nginx的脚本

## 在lb01和lb02上创建nginx监听脚本，当nginx进程挂了，停掉keepalived，VIP
## 飘到另外一台lb主机上
cat <<'EOF' | sudo tee /etc/keepalived/check_nginx_process.sh
#!/bin/bash

err=0
for k in $(seq 1 3)
do
    check_code=$(pgrep nginx)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
EOF

## 添加可执行权限
chmod +x /etc/keepalived/check_nginx_process.sh

启动服务

systemctl enable keepalived --now

nginx设定#

安装nginx

## 在lb01和lb02上安装nginx软件
yum install -y keepalived

配置nginx

## 添加apiserver的反向代理配置
cat >> /etc/nginx/nginx.conf <<EOF
stream {
    upstream kube-apiserver {
        server 192.168.1.51:6443    max_fails=3 fail_timeout=30s;
        server 192.168.1.52:6443    max_fails=3 fail_timeout=30s;
        server 192.168.1.53:6443    max_fails=3 fail_timeout=30s;
    }
    server {
        listen 8443;
        proxy_connect_timeout 2s;
        proxy_timeout 900s;
        proxy_pass kube-apiserver;
    }
}
EOF

启动服务

systemctl enable nginx --now