2. 科技
    3. kubernetesk8s多节点部署以及负载均衡和nginx反向代理部署

    kubernetesk8s多节点部署以及负载均衡和nginx反向代理部署

    科技2024-10-18  20

    kubernetes/k8s多节点部署以及负载均衡和nginx反向代理部署

    文章目录

    kubernetes/k8s多节点部署以及负载均衡和nginx反向代理部署一、k8s多节点部署【1】在master01上复制kubernetes目录到master02【2】在master01上复制kube-apiserver,kube-controller-manager,kube-scheduler管理服务【3】在master01上复制etcd证书【4】在master02上面修改配置文件kube-apiserver中的IP地址【5】在master02上面启动master三个组件【6】添加kubectl的环境变量【7】在master02上面查看节点信息 二、kubernetes负载均衡部署【1】重新增加服务器作为nginx代理【2】下载nginx服务【3】添加nginx反向代理服务功能【4】启动nginx服务【5】下载安装keepalived双机热备【6】添加双机热备功能【nginx01和nginx02是不同的】【7】添加nginx自检功能【8】启动双机热备功能并验证【注意启动之前必须nginx服务启动】【9】验证在nginx01上面关闭nginx服务和恢复nginx服务漂移地址的变化【10】统一node节点上面bootstrap.kubeconfig,kubelet.kubeconfig,kube-proxy.kubeconfig配置文件的IP地址【12】修改自检【13】在nginx01上查看nginx的k8s日志【14】在master01上面测试创建pod【15】因为查看日志是不能使用匿名访问的所以要创建用户【16】查看pod网络并在相应节点访问【17】在master01上查看日志产生

    一、k8s多节点部署

    多节点部署需要单节点的基础之上 ——————master02部署——————————

    【1】在master01上复制kubernetes目录到master02

    [root@master ~]# scp -r /opt/kubernetes/ root@192.168.60.20:/opt/

    【2】在master01上复制kube-apiserver,kube-controller-manager,kube-scheduler管理服务

    [root@master ~]# scp -r /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.60.20:/usr/lib/systemd/system/

    【3】在master01上复制etcd证书

    [root@master ~]# scp -r /opt/etcd/ root@192.168.60.20:/opt/

    【4】在master02上面修改配置文件kube-apiserver中的IP地址

    [root@master2 ~]# cd /opt/kubernetes/cfg/ [root@master2 cfg]# vim kube-apiserver --bind-address=192.168.60.20 \ --advertise-address=192.168.60.20 \

    【5】在master02上面启动master三个组件

    [root@master2 cfg]# systemctl start kube-apiserver [root@master2 cfg]# systemctl start kube-controller-manager [root@master2 cfg]# systemctl start kube-scheduler

    【6】添加kubectl的环境变量

    [root@master2 cfg]# vim /etc/profile export PATH=$PATH:/opt/kubernetes/bin/ [root@master2 cfg]# source /etc/profile

    【7】在master02上面查看节点信息

    [root@master2 cfg]# kubectl get nodes NAME STATUS ROLES AGE VERSION 192.168.60.100 Ready <none> 7d23h v1.12.3 192.168.60.60 Ready <none> 8d v1.12.3

    二、kubernetes负载均衡部署

    【1】重新增加服务器作为nginx代理

    192.168.60.40和192.168.60.50是nginx代理服务器分别是nginx01和nginx02

    【2】下载nginx服务

    [root@nginx01 ~]# vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 [root@nginx01 ~]# yum install -y nginx

    【3】添加nginx反向代理服务功能

    [root@nginx01 ~]# vim /etc/nginx/nginx.conf events { worker_connections 1024; } —————————————————————————— stream { log_format main '$remote_addr $upstream_addr - [$time_local] $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; upstream k8s-apiserver { server 192.168.60.10:6443; server 192.168.60.20:6443; } server { listen 6443; proxy_pass k8s-apiserver; } } ——————————————————————————— http {

    【4】启动nginx服务

    [root@nginx01 ~]# systemctl start nginx

    【5】下载安装keepalived双机热备

    [root@nginx01 ~]# yum install keepalived -y

    【6】添加双机热备功能【nginx01和nginx02是不同的】

    //nginx01双机热备安装

    [root@nginx01 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/nginx/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.60.201/24 } track_script { check_nginx } }

    //nginx02双机热备安装

    [root@nginx02 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/nginx/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.60.201/24 } track_script { check_nginx } }

    【7】添加nginx自检功能

    [root@nginx01 ~]# vim /etc/nginx/check_nginx.sh count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then systemctl stop keepalived fi [root@nginx01 ~]# chmod +x /etc/nginx/check_nginx.sh

    【8】启动双机热备功能并验证【注意启动之前必须nginx服务启动】

    [root@nginx01 ~]# systemctl start keepalived [root@nginx01 ~]# ip add //应该可以看到漂移地址 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:40:57:ae brd ff:ff:ff:ff:ff:ff inet 192.168.60.40/24 brd 192.168.60.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.60.201/24 scope global secondary ens33

    【9】验证在nginx01上面关闭nginx服务和恢复nginx服务漂移地址的变化

    [root@nginx01 ~]# pkill -9 nginx [root@nginx02 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.60.201/24 scope global secondary ens33 [root@nginx01 ~]# systemctl start nginx [root@nginx01 ~]# systemctl restart keepalived [root@nginx02 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:56:72:3a brd ff:ff:ff:ff:ff:ff inet 192.168.60.50/24 brd 192.168.60.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::ede1:e07b:68c4:a8e7/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@nginx02 ~]#

    【10】统一node节点上面bootstrap.kubeconfig,kubelet.kubeconfig,kube-proxy.kubeconfig配置文件的IP地址

    //IP地址修改为漂移地址192.168.60.201/24 server: https://192.168.60.201:6443

    【11】重新启动kubelet和kube-proxy服务

    [root@node1 cfg]# systemctl restart kubelet.service [root@node1 cfg]# systemctl restart kube-proxy.service

    【12】修改自检

    [root@node1 cfg]# grep 201 * bootstrap.kubeconfig: server: https://192.168.60.201:6443 kubelet.kubeconfig: server: https://192.168.60.201:6443 kube-proxy.kubeconfig: server: https://192.168.60.201:6443

    【13】在nginx01上查看nginx的k8s日志

    [root@nginx01 ~]# tail /var/log/nginx/k8s-access.log 192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:14:06:27 +0800] 1566 192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1119 192.168.60.60 192.168.60.10:6443 - [07/Oct/2020:19:09:13 +0800] 1120 192.168.60.60 192.168.60.20:6443 - [07/Oct/2020:19:09:34 +0800] 1566

    【14】在master01上面测试创建pod

    [root@master ~]# kubectl run nginx --image=nginx [root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-dbddb74b8-bb9tc 0/1 ContainerCreating 0 16s

    【15】因为查看日志是不能使用匿名访问的所以要创建用户

    [root@master ~]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous [root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Configuration complete; ready for start up

    【16】查看pod网络并在相应节点访问

    [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE nginx-dbddb74b8-bb9tc 1/1 Running 0 118s 172.17.85.2 192.168.60.100 <none> [root@node2 ~]# curl 172.17.85.2 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> [root@node2 ~]#

    【17】在master01上查看日志产生

    [root@master ~]# kubectl logs nginx-dbddb74b8-bb9tc 172.17.85.1 - - [07/Oct/2020:06:11:07 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" [root@master ~]#
    Processed: 0.010, SQL: 8