nginx配置
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } # 四层负载均衡,为两台 Master apiserver 组件提供负载均衡 stream { log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; upstream k8s-apiserver { server 192.168.53.36:6443; # k8s-jy-master1 APISERVER IP:PORT server 192.168.53.37:6443; # k8s-jy-master2 APISERVER IP:PORT server 192.168.53.38:6443; # k8s-jy-master3 APISERVER IP:PORT } server { listen 16443; # 由于 nginx 与 master 节点复用,这个监听端口不能是 6443,否则会冲突 proxy_pass k8s-apiserver; } } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80 default_server; server_name _; location / { } } }
### 如果没有加载stream模块启动会失败,yum安装得nginx这个模块是动态加载得 可以直接yum安装
yum install -y nginx-mod-stream
keepalived配置
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" interval 2 weight -2 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { check_nginx } virtual_ipaddress { 192.168.53.40/24 } }
——nginx 健康检测脚本
#!/bin/bash count=`ps aux |grep nginx|grep -v grep|wc -l` if [ $count -eq 0 ];then nginx else sleep 3 systemctl stop keepalived.service fi
最后将所有 Worker Node(kubectl get node 命令查看到的节点)组件配置文件,由 原来 连接 修改为 VIP,重启kubelet服务和kube-proxy服务。
原创文章,作者:,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/267134.html