一、安装nginx服务
#需要两台新的服务器来做nginx,来组成Load Balancer
#此步骤nginx1和nginx2一样
#先关闭防火墙
[root@nginx1 ~]# systemctl stop firewalld.service
[root@nginx1 ~]# setenforce 0
#配置nginx的yum源
[root@nginx1 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
#安装nginx
[root@nginx1 ~]# yum install -y nginx
二、修改nginx配置文件
#添加四层转发
[root@nginx1 ~]# vim /etc/nginx/nginx.conf
events {
worker_connections 1024;
}
stream {
log_format main ‘$remote_addr u p s t r e a m a d d r − [ upstream_addr - [ upstreamaddr−[time_local] $status $upstream_bytes_sent’;
access_log /var/log/nginx/k8s-access.log main; #这儿是k8s的日志路径
upstream k8s-apiserver {
server 192.168.200.11:6443; #此处添加两个master的IP
server 192.168.200.14:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
http {
#然后重启服务
[root@nginx1 ~]# systemctl start nginx
三、安装keepalived服务
[root@nginx1 ~]# yum install -y keepalived
#修改配置文件,将keepalived.conf文件覆盖原本的配置文件
[root@nginx1 ~]# cp keepalived.conf /etc/keepalived/keepalived.conf
[root@nginx1 ~]# vim /etc/keepalived/keepalived.conf
#以下是nginx1的配置
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script “/etc/nginx/check_nginx.sh”
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的
priority 100 # 优先级,备服务器设置 90
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.100/24
}
track_script {
check_nginx
}
#以下是nginx2的keepalived的配置文件
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script “/etc/nginx/check_nginx.sh”
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的
priority 90 # 优先级,备服务器设置 90
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.100/24
}
track_script {
check_nginx
}
}
四、添加脚本
#master1和master2都需要添加
#添加keepalived配置文件中所需的check_nginx.sh的脚本
[root@nginx1 ~]# vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv “grep|$$”)
if [ “$count” -eq 0 ];then
systemctl stop keepalived
fi
#创建完后,需要进行授权
[root@nginx1 ~]# chmod +x /etc/nginx/check_nginx.sh
五、重启服务
[root@nginx1 ~]# systemctl restart keepalived.service
[root@nginx1 nginx]# ip a #查看虚拟IP
#可以将nginx杀掉来检查keepalived是否起作用了
六、配置node节点
#node1和node2都要修改
[root@node1 ~]# vim /opt/kubernetes/cfg/bootstrap.kubeconfig
[root@node1 ~]# vim /opt/kubernetes/cfg/kubelet.kubeconfig
[root@node1 ~]# vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
#将配置文件中的IP修改成VIP
server: https://192.168.200.100:6443
#重启服务
[root@node1 ~]# systemctl restart kubelet.service
[root@node1 ~]# systemctl restart kube-proxy.service
#替换完成后可以自行检查
[root@node1 cfg]# grep 100 *
#还可以检查日志
tail /var/log/nginx/k8s-access.log
七、测试
#在master1上进行测试创建pod
[root@master1 opt]# kubectl run nginx --image=nginx
[root@master1 opt]# kubectl get pods #查看并检查状态
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-c7k52 1/1 Running 0 106s[root@master1 opt]# kubectl get pods -o wide #查看pod的详细信息
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-c7k52 1/1 Running 0 5m56s 172.17.69.3 192.168.200.12
八、查看日志
[root@master1 opt]# kubectl logs nginx-dbddb74b8-c7k52
#当出现Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log nginx-dbddb74b8-c7k52)这种错误时
#解决方法
[root@master1 opt]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/cluster-system-anonymous created
九、节点访问
[root@node1 cfg]# curl 172.17.69.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
<h1>Welcome to nginx!
可能会报错的地方
按理论说node2应该也是可以进行访问的,如果node2无法进行访问,应该检查flannel,如果发现flannel已经down掉,则需要先重启flannel,然后重启network网卡,最后重启docker就可以进行访问了