# win10清除dns本地缓存 常用测试dns命令
ipconfig/flushdns
# 系统环境 centos7 dns和nginx版本如下
[root@mydns conf.d]# rpm -qa | grep dnsmasq
dnsmasq-2.76-16.el7_9.1.x86_64
[root@mydns conf.d]# rpm -qa | grep nginx
nginx-1.18.0-2.el7.ngx.x86_64
# 一 dns-nginx 配置 k8s 两个node节点负载均衡解析
# 安装方式 yum安装
yum -y install dnsmasq
# 原理简介: dnsmasq做基本配置 所有的 域名均配置在address.conf 里面做代理 然后交给nginx的server 匹配host头部 解析
# DNSMASQ配置文件:
# 删除域名 测试转发
rm -i ins.conf nslookup wiki.yuming.com.cn # 强制删除
nslookup wiki.yuming.com.cn
nslookup www.baidu.com
nslookup gitlab.yuming.com.cn
#cat /etc/dnsmasq.conf | grep -v ^$ | grep -v ^#
no-hosts
local-ttl=3600
listen-address=127.0.0.1,10.69.15.40
resolv-file=/etc/resolv.dnsmasq.conf
all-servers
log-queries
log-async=100 #异步log,缓解阻塞,提高性能。默认为5,最大为100
conf-dir=/etc/dnsmasq.d
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
#cat /etc/resolv.dnsmasq.conf
nameserver 122.200.121.230
nameserver 202.106.0.20
nameserver 114.114.114.114
nameserver 8.8.8.8
# cat /etc/dnsmasq.d/address.conf
address=/wiki.yuming.com.cn/10.69.15.40
address=/gitlab.yuming.com.cn/10.69.15.40
address=/yapi.yuming.com.cn/10.69.15.40
address=/jenkins.yuming.com.cn/10.69.15.40
address=/nexus.yuming.com.cn/10.69.15.40
address=/zabbix.yuming.com.cn/10.69.15.38
address=/harbor.yuming.com.cn/10.69.15.40
address=/ldap.yuming.com.cn/10.69.15.40
address=/ssp.yuming.com.cn/10.69.15.40
# nginx 配置文件
cat /etc/nginx/nginx.conf | grep -v ^$ | grep -v ^#
user nginx;
worker_processes 8 ;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# 好几个server 太多 没粘 都差不多
# cat /etc/nginx/conf.d/ins.conf | grep -v ^$ | grep -v ^#
server{
listen 80;
server_name zabbix.yuming.com.cn;
#proxy_set_header Host $host;
location /{
proxy_pass http://10.69.15.38/zabbix;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server{
listen 80;
server_name nexus.yuming.com.cn;
proxy_set_header Host $host;
location /{
proxy_pass http://10.69.15.39:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 1533新dns配置 dnsmasq的配置文件和 nginx的 与上面基础配置文件相同
# dns配置文件如下
#cat /etc/dnsmasq.d/address.conf
address=/hi-ins.com.cn/10.69.15.33 # 泛解析
address=/k8s64.hi-ins.com.cn/10.69.15.64
address=/k8s.hi-ins.com.cn/10.69.15.33 # 只有此行用的nginx代理 其他ip直接解析
address=/k8s88.hi-ins.com.cn/10.69.15.88
address=/k8s211.hi-ins.com.cn/10.69.15.211
# ins.conf配置文件如下:
cat /etc/nginx/conf.d//ins.conf
upstream ingress {
server 10.69.15.65:80;
server 10.69.15.76:80;
#server k8s.hi-ins.com.cn:80;
}
server {
listen 80;
location / {
proxy_pass http://ingress;
}
}
# qq cmdb
#server{
# listen 80;
# server_name *.hi-ins.com.cn; # 泛解析
# proxy_set_header Host $host;
# location /{
# proxy_pass http://10.69.15.86:8080;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
#}
# 二 配置 keepalive(内置lvs-DR模式) 负载均衡双机热备DNS服务器:参考:LVS+Keepalive双机热备_VLadimir_的博客-CSDN博客_keepalive lvs
# 环境说明 : dns1 :15.41 dbs2:15.4 vip:1533 系统版本centos7.6
# DNS和nginx配置无需修改 dnsmasq.d/address.conf 里面配置没变 还是主要指向 15.33(VIP) nginx更是如此 ,生产环境中1533可以直接配置为公网IP !棒!
# 简单来说 dns-15.41 dns-15.49服务器 dns和nginx配置做镜像配置即可
# 步骤1 安装 keepalive 和 lvs
yum -y install keepalived* ipvsadm #安装keepalived和lvs管理工具
modprobe ip_vs #加载内核模块
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak #备份配置文件
# 编辑keepalive配置文件
global_defs {
router_id LVS_TEST #服务器名字
}
vrrp_instance VI_1 {
state BACKUP #-------配置主备,备用机此配置项为BACKUP 主为MASTER ---唯一主备不同项---
interface eth0 #指定接口
virtual_router_id 51 #指定路由ID,主备必须一样
priority 99 #-------设置优先级,主略高于备份 主为101 ---唯一主备不同项---
advert_int 1 #设置检查时间
authentication {
auth_type PASS #设置验证加密方式
auth_type 1234 #设置验证密码
}
virtual_ipaddress {
10.69.15.33
}
}
virtual_server 10.69.15.33 80 {
delay_loop 15 #健康检查时间
lb_algo rr #LVS调度算法
lb_kind DR #LVS工作模式
!persistence 60 #是否保持连接,!不保持
protocol TCP #服务采用TCP协议
real_server 10.69.15.41 80 {
weight 1 #权重
TCP_CHECK { #TCP检查
connect_port 80 #检查端口80
connect_timeout 3 #超时时间3秒
nb_get_retry 3 #重试次数3次
delay_before_retry 4 #重试间隔4秒
}
}
real_server 10.69.15.49 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
# 重启 检查即可 注意关闭防火墙 NATmanager selinux
systemctl restart keepalived
systemctl enable keepalived
# 延伸 keepalive和lvs啥关系?前者HA 后者负载均衡 只不过lvs配置嵌入进keepalive.conf里面喽
参考阅读: LVS---10. lvs和keepalived的区别--软件功能区分_WenCoo的博客-CSDN博客_lvs和keepalived区别
# dnsmasq配置详解: