Kubernetes二進(jìn)制部署——負(fù)載均衡部署（3）

前言：

接上一篇多節(jié)點(diǎn)部署（2）部署負(fù)載均衡

部署環(huán)境

負(fù)載均衡
Nginx1:192.168.13.128/24
Nginx2:192.168.13.129/24
Master節(jié)點(diǎn)
master1:192.168.13.131/24 kube-apiserver kube-controller-manager kube-scheduler etcd
master2:192.168.13.130/24 kube-apiserver kube-controller-manager kube-scheduler etcd
Node節(jié)點(diǎn)
node1:192.168.13.132/24 kubelet kube-proxy docker flannel etcd
node2:192.168.13.133/24 kubelet kube-proxy docker flannel etcd

負(fù)載均衡部署

1，在兩臺(tái)Nginx服務(wù)器上安裝nginx服務(wù)

[root@nginx01 ~]# rz -E    ##上傳nginx腳本和keepalive配置文件
[root@nginx01 ~]# ls      
keepalived.conf   nginx.sh 
[root@nginx01 ~]# systemctl stop firewalld.service   ##關(guān)閉防火墻
[root@nginx01 ~]# setenforce 0

vim nginx.sh   ##nginx腳本
cat > /etc/yum.repos.d/nginx.repo << EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
EOF

stream {

     log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
        access_log  /var/log/nginx/k8s-access.log  main;

        upstream k8s-apiserver {
                server 10.0.0.3:6443;
                server 10.0.0.8:6443;
        }
        server {
                                listen 6443;
                                proxy_pass k8s-apiserver;
        }
        }

[root@nginx01 ~]# vim /etc/yum.repos.d/nginx.repo   ##配置nginx的yum源
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
[root@nginx01 ~]# yum list   ##更新yum
[root@nginx01 ~]# yum install -y nginx  ##下載Nginx

2，修改兩臺(tái)nginx服務(wù)器的配置文件

[root@nginx01 ~]# vim /etc/nginx/nginx.conf
events {
        worker_connections  1024;
}     ##在此處下面添加四層轉(zhuǎn)發(fā)配置

stream {

     log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; 
        access_log  /var/log/nginx/k8s-access.log  main;

        upstream k8s-apiserver {
                server 192.168.13.131:6443;   ##master01地址
                server 192.168.13.130:6443;   ##master02地址
        }   
        server {
                                listen 6443;
                                proxy_pass k8s-apiserver;
        }           
        }
[root@nginx01 ~]# systemctl start nginx  ##開啟nginx服務(wù)
##可以修改/usr/share/nginx/html/index.html主頁區(qū)分主master從backup
##瀏覽器查看兩個(gè)nginx網(wǎng)站

3，在兩臺(tái)nginx上部署keepalived服務(wù)，并修改配置文件

[root@nginx01 ~]# yum install -y keepalived  ##安裝keepalived服務(wù)
[root@nginx01 ~]# cp keepalived.conf /etc/keepalived/keepalived.conf  ##復(fù)制配置文件
[root@nginx01 ~]# vim /etc/keepalived/keepalived.conf  ##主master的配置文件修改
! Configuration File for keepalived 

global_defs { 
     # 接收郵件地址 
     notification_email { 
         acassen@firewall.loc 
         failover@firewall.loc 
         sysadmin@firewall.loc 
     } 
     # 郵件發(fā)送地址 
     notification_email_from Alexandre.Cassen@firewall.loc  
     smtp_server 127.0.0.1 
     smtp_connect_timeout 30 
     router_id NGINX_MASTER 
} 

vrrp_script check_nginx {
        script "/etc/nginx/check_nginx.sh"     ##nginx檢查腳本，需要自己去編輯的
}

vrrp_instance VI_1 { 
        state MASTER    ##主服務(wù)
        interface ens33
        virtual_router_id 51 ## VRRP 路由 ID實(shí)例，每個(gè)實(shí)例是唯一的 
        priority 100    ## 優(yōu)先級，備服務(wù)器設(shè)置 90 
        advert_int 1    ## 指定VRRP 心跳包通告間隔時(shí)間，默認(rèn)1秒 
        authentication { 
                auth_type PASS      ##驗(yàn)證不需要修改，主從一致
                auth_pass 1111 
        }  
        virtual_ipaddress { 
                192.168.13.100/24     ##虛擬ip地址
        } 
        track_script {
                check_nginx
        } 
}

[root@nginx02 ~]# vim /etc/keepalived/keepalived.conf  ##備backup的配置文件修改
! Configuration File for keepalived 

global_defs { 
     # 接收郵件地址 
     notification_email { 
         acassen@firewall.loc 
         failover@firewall.loc 
         sysadmin@firewall.loc 
     } 
     # 郵件發(fā)送地址 
     notification_email_from Alexandre.Cassen@firewall.loc  
     smtp_server 127.0.0.1 
     smtp_connect_timeout 30 
     router_id NGINX_MASTER 
} 

vrrp_script check_nginx {
        script "/etc/nginx/check_nginx.sh"     ##nginx檢查腳本
}

vrrp_instance VI_1 { 
        state BACKUP 
        interface ens33
        virtual_router_id 51 # VRRP 路由 ID實(shí)例，每個(gè)實(shí)例是唯一的 
        priority 90    # 優(yōu)先級，備服務(wù)器設(shè)置 90 
        advert_int 1    # 指定VRRP 心跳包通告間隔時(shí)間，默認(rèn)1秒 
        authentication { 
                auth_type PASS      
                auth_pass 1111 
        }  
        virtual_ipaddress { 
                192.168.13.100/24 
        } 
        track_script {
                check_nginx
        } 
}
[root@nginx01 ~]#  vim /etc/nginx/check_nginx.sh   ##編輯nginx檢查腳本
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ];then
        systemctl stop keepalived
fi
[root@nginx01 ~]# chmod +x /etc/nginx/check_nginx.sh   ##給執(zhí)行權(quán)限
[root@nginx01 ~]# systemctl start keepalived.service   ##開啟服務(wù)
[root@nginx01 ~]# ip a   ##查看地址信息
        inet 192.168.13.100/24 scope global secondary ens33   ##漂移地址在master上

4，驗(yàn)證地址漂移

##在nginx01中關(guān)閉nginx服務(wù)，此時(shí)keepalived服務(wù)也關(guān)閉了（check_nginx.sh）
[root@nginx01 ~]# pkill nginx
##在nginx02中查看漂移地址
[root@nginx02 ~]# ip a  ##此時(shí)13.100在nginx02上
##在nginx01上恢復(fù)nginx和keepalived服務(wù)，查看漂移地址
[root@nginx01 ~]# systemctl start nginx
[root@nginx01 ~]# systemctl start keepalived.service 
[root@nginx01 ~]# ip a   ##此時(shí)漂移地址又到了nginx01上
##用瀏覽器訪問虛擬ip

5，在所有的node節(jié)點(diǎn)服務(wù)器上統(tǒng)一配置VIP

[root@node01 ~]# vim /opt/kubernetes/cfg/bootstrap.kubeconfig 
server: https://192.168.13.100:6443
[root@node01 ~]# vim /opt/kubernetes/cfg/kubelet.kubeconfig
server: https://192.168.13.100:6443
[root@node01 ~]# vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
server: https://192.168.13.100:6443
[root@node01 ~]# cd /opt/kubernetes/cfg/  ##切換到配置文件目錄
[root@node01 cfg]# grep 100 *   ##查看修改的情況
bootstrap.kubeconfig:    server: https://192.168.13.100:6443
kubelet.kubeconfig:    server: https://192.168.13.100:6443
kube-proxy.kubeconfig:    server: https://192.168.13.100:6443
[root@node01 cfg]# systemctl restart kubelet.service   ##重啟兩個(gè)服務(wù)
[root@node01 cfg]# systemctl restart kube-proxy.service
##在nginx01上查看訪問日志
[root@nginx01 ~]# tail /var/log/nginx/k8s-access.log
192.168.13.132 k8s-apiserver - [10/Feb/2020:13:17:11 +0800] 502 0
192.168.13.132 k8s-apiserver - [10/Feb/2020:13:17:11 +0800] 502 0
192.168.13.132 k8s-apiserver - [10/Feb/2020:13:17:11 +0800] 502 0
192.168.13.133 k8s-apiserver - [10/Feb/2020:13:17:11 +0800] 502 0
192.168.13.133 k8s-apiserver - [10/Feb/2020:13:17:11 +0800] 502 0

6，在matser01上創(chuàng)建pod

[root@master01 ~]# kubectl get pods   ##查看pod
No resources found.
[root@master01 ~]# kubectl run nginx --image=nginx   ##創(chuàng)建pod
[root@master01 ~]# kubectl get pods    ##查看pod狀態(tài)是正在創(chuàng)建的狀態(tài)
NAME                    READY   STATUS              RESTARTS   AGE
nginx-dbddb74b8-brjlj   0/1     ContainerCreating   0          86s
[root@master01 ~]# kubectl get pods   ##此時(shí)pod是已經(jīng)運(yùn)行的狀態(tài)
NAME                    READY   STATUS    RESTARTS   AGE
nginx-dbddb74b8-brjlj   1/1     Running   0          87s
[root@master01 ~]# kubectl logs nginx-dbddb74b8-brjlj  ##此時(shí)日志文件不能查看
[root@master01 ~]# kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
##提權(quán)后日志文件就可以查看了
[root@master01 ~]# kubectl get pods -o wide  ##查看pod網(wǎng)絡(luò)，此時(shí)pod容器分配到node01上
NAME                    READY   STATUS    RESTARTS   AGE     IP            NODE             NOMINATED NODE
nginx-dbddb74b8-brjlj   1/1     Running   0          5m18s   172.17.45.2   192.168.13.132   <none>

7，在對應(yīng)的網(wǎng)段node01上訪問

[root@node01 cfg]# curl 172.17.45.2  ##此時(shí)就可以訪問nginx信息
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
##用node01虛擬機(jī)的瀏覽器訪問

8，此時(shí)在master01上查看日志文件

[root@master01 ~]# kubectl logs nginx-dbddb74b8-brjlj                             
172.17.45.1 - - [10/Feb/2020:05:29:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"

負(fù)載均衡部署完成，未完待續(xù)...