K8S 二进制安装部署_08_部署主控节点反代服务

一、在 10.4.7.11 10.4.7.12 上面安装nginx，并修改nginx.conf
yum install nginx -y
vim /etc/nginx/nginx.conf
##在nginx.conf 最后面添加如下内容。（10.4.7.11 10.4.7.12 都一样。）
stream {
  upstream kube-apiserver {
    server 10.4.7.21:6443 max_fails=3 fail_timeout=30s;
    server 10.4.7.22:6443 max_fails=3 fail_timeout=30s;
  }
  server {
    listen 7443;
    proxy_connect_timeout 2s;
    proxy_timeout 900s;
    proxy_pass kube-apiserver;
  }
}
############++++++++++
在越往后，如果直接用yum 安装nginx
这时的nginx 版本会是最新的，把上面的stream 模块这一段
复制到nginx.conf 的最后面，最后重启nginx 会报错。





解决办法：
直接把原来用yum 安装的nginx 卸载掉，安装旧一点的版本。
rpm -ivh http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.14.2-1.el7_4.ngx.x86_64.rpm



#####################++++++++

nginx -t
systemctl start nginx
systemctl enable nginx

#####+++++++++++++
二、在 10.4.7.11 10.4.7.12 上面安装keepalived

yum install keepalived -y

编写端口检测脚本
vim /etc/keepalived/check_port.sh
#!/bin/bash
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
   PORT_PROCESS=`ss -lnt|grep $CHK_PORT|wc -l`
  if [ $PORT_PROCESS -eq 0 ];then
     echo "Port $CHK_PORT Is Not Used,End."
     exit 1
  fi
else
  echo "Check Port Cant Be Empty!"
fi
chmod +x /etc/keepalived/check_port.sh
###+++
keepalived 10.4.7.11 为主: ## 清除原来的内容

vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
 router_id 10.4.7.11
}
vrrp_script chk_nginx {
 script "/etc/keepalived/check_port.sh 7443"
 interval 2
 weight -20
}
vrrp_instance VI_1 {
 state MASTER
 interface eth0
 virtual_router_id 251
priority 100
 advert_int 1
 mcast_src_ip 10.4.7.11
nopreempt
 authentication {
 auth_type PASS
 auth_pass 78900987
 }
 track_script {
 chk_nginx
 }
 virtual_ipaddress {
 10.4.7.10
 }

}
#####+++++++++++=
keepalived 10.4.7.12 为备: ## 清除原来的内容
vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
    router_id 10.4.7.12
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_port.sh 7443"
    interval 2
    weight -20
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 251
    mcast_src_ip 10.4.7.12
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 78900987
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        10.4.7.10
    }
}
启动keepalived 先启动 10.4.7.11 上面的keepalived
systemctl start keepalived
systemctl enable keepalived