IP SERVICES
192.168.72.55 keepalived+nginx
192.168.72.56 keepalived+nginx
192.168.72.57 keepalived+nginx
192.168.72.100 VIP
  • 如果需要给kube-apiserver提供高可用,建议在部署kubernetes集群的时候就预先部署好keepalived+nginx,

    • 否则的话,需要修改kube-apiserver的证书,将vip加入到证书内,
    • 并且修改kube-config相关的秘钥(kube-controllerkube-schedulerkubeletkube-proxy)都需要重新生成,将原有的kube-apiserver的认证地址修改为VIP
    • 重启kube-apiserverkube-controllerkube-schedulerkubeletkube-proxy服务,最终就可以实现高可用
    • 所以,在kubernetes集群部署前先完成keepalived+nginx就会方便很多
  • 为什么选择keepalived?
    • 因为keepalived有后端服务健康检测机制,检测到后端的nginx(nginx为了使用upstream模块实现负载均衡)服务有故障,就会将自己(keepalived)关闭,使VIP漂移到另外两个节点中的一个,用来保证和实现kube-apiserver服务的高可用
  • 此次部署,是基于了我博客前面的 suse 12 二进制部署 Kubernetets 1.19.7系列,最后的分发脚本和启动服务里面的数组需要自行修改(修改成自己的ip或者主机名即可,主机名需要提前做好hosts解析)

编译部署nginx

下载nginx源码包

k8s-01:~ # cd /opt/k8s/packages/

k8s-01:/opt/k8s/packages # wget http://nginx.org/download/nginx-1.16.1.tar.gz

k8s-01:/opt/k8s/packages # tar xf nginx-1.16.1.tar.gz

编译nginx

k8s-01:~ # cd /opt/k8s/packages/nginx-1.16.1/

k8s-01:/opt/k8s/packages/nginx-1.16.1 # ./configure --prefix=$(pwd)/nginx-prefix \

--with-stream \

--without-http \

--without-http_uwsgi_module && \

make && \

make install

配置nginx.conf

k8s-01:~ # cd /opt/k8s/conf/

k8s-01:/opt/k8s/conf # cat > kube-nginx.conf <<EOF

worker_processes 1;

events {

    worker_connections  1024;

}

stream {

    upstream backend {

        hash \$remote_addr consistent;

        server 192.168.72.55:6443        max_fails=3 fail_timeout=30s;

        server 192.168.72.56:6443        max_fails=3 fail_timeout=30s;

        server 192.168.72.57:6443        max_fails=3 fail_timeout=30s;

    }

    server {

        listen *:8443;

        proxy_connect_timeout 1s;

        proxy_pass backend;

    }

}

EOF

配置nginx为systemctl管理

k8s-01:~ # cd /opt/k8s/conf/

k8s-01:/opt/k8s/conf # cat > kube-nginx.service <<EOF

[Unit]

Description=kube-apiserver nginx proxy

After=network.target

After=network-online.target

Wants=network-online.target

[Service]

Type=forking

ExecStartPre=/opt/k8s/server/kube-nginx/sbin/nginx \

          -c /opt/k8s/server/kube-nginx/conf/kube-nginx.conf \

          -p /opt/k8s/server/kube-nginx -t

ExecStart=/opt/k8s/server/kube-nginx/sbin/nginx \

       -c /opt/k8s/server/kube-nginx/conf/kube-nginx.conf \

       -p /opt/k8s/server/kube-nginx

ExecReload=/opt/k8s/server/kube-nginx/sbin/nginx \

        -c /opt/k8s/server/kube-nginx/conf/kube-nginx.conf \

        -p /opt/k8s/server/kube-nginx -s reload

PrivateTmp=true

Restart=always

RestartSec=5

StartLimitInterval=0

LimitNOFILE=65536

[Install]

WantedBy=multi-user.target

EOF

分发nginx二进制文件和配置文件

#!/usr/bin/env bash

source /opt/k8s/bin/k8s-env.sh

for host in ${MASTER_IPS[@]}

do

    printf "\e[1;34m${host}\e[0m\n"

    ssh root@${host} "mkdir -p /opt/k8s/server/kube-nginx/{conf,logs,sbin}"

    scp /opt/k8s/packages/nginx-1.16.1/nginx-prefix/sbin/nginx ${host}:/opt/k8s/server/kube-nginx/sbin/

    scp /opt/k8s/conf/kube-nginx.conf ${host}:/opt/k8s/server/kube-nginx/conf/

    scp /opt/k8s/conf/kube-nginx.service ${host}:/etc/systemd/system/

done

启动kube-nginx服务

#!/usr/bin/env bash

source /opt/k8s/bin/k8s-env.sh

for host in ${MASTER_IPS[@]}

do

    printf "\e[1;34m${host}\e[0m\n"

    ssh root@${host} "systemctl daemon-reload && \

                      systemctl enable kube-nginx --now && \

                      systemctl status kube-nginx | grep Active"

done

编译部署keepalived

下载keepalived源码包

k8s-01:~ # cd /opt/k8s/packages/

k8s-01:/opt/k8s/packages # wget https://www.keepalived.org/software/keepalived-2.2.0.tar.gz

k8s-01:/opt/k8s/packages # tar xf keepalived-2.2.0.tar.gz

编译keepalived

k8s-01:/opt/k8s/packages/keepalived-2.2.0 # ./configure --prefix=$(pwd)/keepalived-prefix && \

make && \

make install

配置keepalived.conf

k8s-01:~ # cd /opt/k8s/conf/

k8s-01:/opt/k8s/conf # cat > keepalived.conf.template <<EOF

! Configuration File for keepalived

global_defs {

}

vrrp_script chk_nginx {

    script "/etc/keepalived/check_port.sh 8443"

    interval 2

    weight -20

}

vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 251

    priority 100

    advert_int 1

    mcast_src_ip ##NODE_IP##

    nopreempt

    authentication {

        auth_type PASS

        auth_pass 11111111

    }

    track_script {

         chk_nginx

    }

    virtual_ipaddress {

        192.168.72.100

    }

}

EOF
  • 为了避免keepalived服务出现问题,修复后重启keepalived,出现IP漂移回来的情况,这里选择了3个都是BACKUP的模式,减少数据的丢失

创建健康检测脚本

k8s-01:~ # cd /opt/k8s/conf/

k8s-01:/opt/k8s/conf # cat > check_port.sh <<"EOF"

CHK_PORT=$1

 if [ -n "$CHK_PORT" ];then

        PORT_PROCESS=$(ss -lt|grep $CHK_PORT|wc -l)

        if [ $PORT_PROCESS -eq 0 ];then

                echo "Port $CHK_PORT Is Not Used,End."

                exit 1

        fi

 else

        echo "Check Port Cant Be Empty!"

 fi

EOF

配置keepalived为systemctl管理

k8s-01:~ # cd /opt/k8s/conf/

k8s-01:/opt/k8s/conf # cat > keepalived.service <<EOF

[Unit]

Description=LVS and VRRP High Availability Monitor

After=syslog.target network-online.target

[Service]

Type=forking

PIDFile=/var/run/keepalived.pid

KillMode=process

EnvironmentFile=-/etc/sysconfig/keepalived

ExecStart=/usr/sbin/keepalived \$KEEPALIVED_OPTIONS

ExecReload=/bin/kill -HUP \$MAINPID

[Install]

WantedBy=multi-user.target

EOF

分发keepalived二进制文件和配置文件

#!/usr/bin/env bash

source /opt/k8s/bin/k8s-env.sh

for (( i=0; i < 3; i++ ))

do

    sed -e "s/##NODE_IP##/${MASTER_IPS[i]}/" /opt/k8s/conf/keepalived.conf.template > \

           /opt/k8s/conf/keepalived.conf-${MASTER_IPS[i]}.template

done

for host in ${MASTER_IPS[@]}

do

    printf "\e[1;34m${host}\e[0m\n"

    ssh root@${host} "mkdir -p /etc/keepalived"

    scp /opt/k8s/packages/keepalived-2.2.0/keepalived-prefix/sbin/keepalived ${host}:/usr/sbin/

    scp /opt/k8s/packages/keepalived-2.2.0/keepalived-prefix/etc/sysconfig/keepalived ${host}:/etc/sysconfig/

    scp /opt/k8s/conf/keepalived.conf-${host}.template ${host}:/etc/keepalived/keepalived.conf

    scp /opt/k8s/conf/check_port.sh ${host}:/etc/keepalived/

    scp /opt/k8s/conf/keepalived.service ${host}:/etc/systemd/system/

done

for host in ${MASTER_IPS[@]}

do

    printf "\e[1;34m${host}\e[0m\n"

    ssh root@${host} "systemctl daemon-reload && \

                      systemctl enable keepalived --now && \

                      systemctl status keepalived | grep Active"

done

查看VIP所在的机器以及是否ping通

#!/usr/bin/env bash

source /opt/k8s/bin/k8s-env.sh

for host in ${MASTER_IPS[@]}

do

    printf "\e[1;34m${host}\e[0m\n"

    ssh root@${host} "ip a | grep 192.168.72.100"

done

ping 192.168.72.100 -c 1

suse 12 编译部署Keepalived + nginx 为 kube-apiserver 提供高可用的更多相关文章

  1. Keepalived+Nginx+tomcat实现系统的高可用

    Keepalived+Nginx+tomcat实现系统的高可用 1:安装vmware虚拟机 2:安装linux系统,我自己下载的centos6.5 3:安装JDK,tomcat 解压tomcat到/u ...

  2. 高可用高性能分布式文件系统FastDFS进阶keepalived+nginx对多tracker进行高可用热备

    在上一篇 分布式文件系统FastDFS如何做到高可用 中已经介绍了FastDFS的原理和怎么搭建一个简单的高可用的分布式文件系统及怎么访问. 高可用是实现了,但由于我们只设置了一个group,如果现在 ...

  3. 编译安装keepalived,实现双主mysql高可用

    安装keepalived 1.官网下载源码包,解压 # wget http://www.keepalived.org/software/keepalived-1.1.20.tar.gz # tar x ...

  4. LVS + Keepalived + Nginx基于DR模式构建高可用方案

    在大型网站中一般服务端会做集群,同时利用负载均衡器做负载均衡.这样有利于将大量的请求分散到各个服务器上,提升网站的响应速度.当然为了解决单点故障的问题,还会做热备份方案.这里演示利用LVS做负载均衡器 ...

  5. keepalived+nginx负载均衡+ApacheWeb实现高可用

    1.Keepalived高可用软件 Keepalived软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能.因此,kee ...

  6. suse 12 编译部署 Nginx

    文章目录 编译前准备 创建nginx用户 下载nginx源码包 安装编译环境依赖 编译nginx 配置nginx为systemctl管理 Linux:~ # cat /etc/os-release N ...

  7. suse 12 二进制部署 Kubernetets 1.19.7 - 番外篇 - 增加node节点

    文章目录 0.前景提要 1.准备node节点环境 1.0.修改配置脚本参数 1.1.配置免密 1.2.添加hosts解析 1.3.修改主机名 1.4.更新PATH变量 1.5.安装依赖包 1.6.关闭 ...

  8. suse 12 二进制部署 Kubernetets 1.19.7 - 第01章 - 创建CA证书和kubectl集群管理命令

    文章目录 1.kubernetes集群部署 1.0.创建CA证书和秘钥 1.0.0.安装cfssl工具 1.0.1.创建根证书 1.0.2.创建证书签名请求文件 1.0.3.生成CA证书和秘钥 1.0 ...

  9. suse 12 二进制部署 Kubernetets 1.19.7 - 第06章 - 部署kube-apiserver组件

    文章目录 1.6.部署kube-apiserver 1.6.0.创建kubernetes证书和私钥 1.6.1.生成kubernetes证书和私钥 1.6.2.创建metrics-server证书和私 ...

随机推荐

  1. react中Fragment组件

    什么是Fragment?在我们定义组件的时候return里最外层包裹的div往往不想渲染到页面,那么就要用到我们的Fragment组件了,具体使用如下: import React, { Compone ...

  2. nginx配置指定域名访问,nginx禁止ip访问,配置空主机头 syscal

    1.大家有过这方面的困扰,就是自己的网站给其他人恶意域名解析到自己的服务器ip上. 特别不爽,那大家可以用用空主机头的方法. 先给大家看下我的nginx.conf配置 http { log_forma ...

  3. 鲜为人知的一些meta标签作用

    来自UC Scrat-team http://scrat-team.github.io/ <meta name="viewport" content="width= ...

  4. Java包装类和处理对象

    Java中基本类型变量和字符串之间的转换 public class Primitive2String { public static void main(String args[]) { String ...

  5. 白话linux操作系统原理

    虽然计算机相关专业,操作系统和计算机组成原理是必修课.但是大学时和真正从事相关专业工作之后,对于知识的认知自然会发生变化.还很有可能,一辈子呆在学校的老师们只是照本宣科,自己的理解也不深.所以今天我站 ...

  6. 『德不孤』Pytest框架 — 3、Pytest的基础说明

    目录 1.Pytest参数介绍 2.Pytest框架用例命名规则 3.Pytest Exit Code说明 4.pytest.ini全局配置文件 5.Pytest执行测试用例的顺序 1.Pytest参 ...

  7. java接口概述及特点

    1 package face_09; 2 3 4 5 6 abstract class AbsDemo{ 7 abstract void show1(); 8 abstract void show2( ...

  8. 中招了,重写TreeMap的比较器引发的问题…

    需求背景 给一个无序的map,按照value的值进行排序,value值越小,排在越前面. key和value都不为null value可能相同 返回结果为一个相同的有序map 代码如下所示: 1 // ...

  9. es的settings设置详解

    //静态设置:只能在索引创建时或者在状态为 closed index(闭合的索引)上设置   index.number_of_shards //主分片数,默认为5.只能在创建索引时设置,不能修改   ...

  10. mysql加强(4)~多表查询

    mysql加强(4)~多表查询:笛卡尔积.消除笛卡尔积操作(等值.非等值连接),内连接(隐式连接.显示连接).外连接.自连接 一.笛卡尔积 1.什么是笛卡尔积: 数学上,有两个集合A={a,b},B= ...