K8s 通过 keepalive+nginx 实现 nginx-ingress-controller 高可用
Posted 笨小孩@GF 知行合一
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了K8s 通过 keepalive+nginx 实现 nginx-ingress-controller 高可用相关的知识,希望对你有一定的参考价值。
- 参考:https://github.com/kubernetes/ingress-nginx
https://github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/baremetal -
通过 keepalive+nginx 实现 nginx-ingress-controller 高可用
- 给 node 节点增加标签
- kubectl label node k8s-01 kubernetes.io/ingress=nginx
kubectl label node k8s-02 kubernetes.io/ingress=nginx
- 下载 yaml 文件
- wget https://ghproxy.com/https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/baremetal/deploy.yaml -O ingress-deploy.yaml
- 更新 yaml 文件
-
在 k8s-01 和 k8s-02 上分别安装 keepalive 和 nginx
- yum install nginx keepalived nginx-mod-stream -y
修改 nginx 配置文件。主备一样
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events
worker_connections 1024;
stream
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver
server 192.168.2.20:80; #后端的服务器IP地址,根据实际情况填写
server 192.168.2.21:80;
server
proxy_pass k8s-apiserver;
http
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
scp一份到备用服务器后,分别启动 nginx
systemctl enable nginx.service --now
-
配置 keepalive
- 主 keepalived
vim keepalived.confglobal_defs
notification_email
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
vrrp_script check_nginx
script "/etc/keepalived/check_nginx.sh"
vrrp_instance VI_1
state MASTER
interface ens33 # 修改为实际网卡名
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的
priority 100 # 优先级,备服务器设置 90
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒
authentication
auth_type PASS
auth_pass 1111
# 虚拟IP
virtual_ipaddress
192.168.2.168/24
track_script
check_nginx
#vrrp_script:指定检查nginx工作状态脚本(根据nginx状态判断是否故障转移)
#virtual_ipaddress:虚拟IP(VIP)
拷贝一份配置文件到备用服务器
scp /etc/keepalived/keepalived.conf root@k8s-02:/etc/keepalived/global_defs
notification_email
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
vrrp_script check_nginx
script "/etc/keepalived/check_nginx.sh"
vrrp_instance VI_1
state BACKUP
interface ens33 # 修改为实际网卡名
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的
priority 90 # 优先级,备服务器设置 90
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒
authentication
auth_type PASS
auth_pass 1111
# 虚拟IP
virtual_ipaddress
192.168.2.168/24
track_script
check_nginx
#vrrp_script:指定检查nginx工作状态脚本(根据nginx状态判断是否故障转移)
#virtual_ipaddress:虚拟IP(VIP) -
nginx 检测脚本
vim /etc/keepalived/check_nginx.sh
#!/bin/bash
#1、判断 Nginx 是否存活
counter=`ps -C nginx --no-header | wc -l`
if [ $counter -eq 0 ]; then
#2、如果不存活则尝试启动 Nginx
service nginx start
sleep 2
#3、等待 2 秒后再次获取一次 Nginx 状态
counter=`ps -C nginx --no-header | wc -l`
#4、再次进行判断,如 Nginx 还不存活则停止 Keepalived,让地址进行漂移
if [ $counter -eq 0 ]; then
service keepalived stop
fi
fi - chmod +x /etc/keepalived/check_nginx.sh
-
分别启动 keepalived
测试 keepalived:
停掉 k8s-01 上的 keepalived。Vip 会漂移到 k8s-02
-
测试 Ingress HTTP 代理 k8s 内部站点
部署后端 tomcat 服务
vim ingress-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:8.5.34-jre8-alpine
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
name: ajp
containerPort: 8009
-
编写 ingress 规则
- #编写 ingress 的配置清单
vim ingress-myapp.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.lucky.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat
port:
number: 8080 - rules: #定义后端转发的规则
- host: tomcat.lucky.com #通过域名进行转发
http:
paths:
- path: / #配置访问路径,如果通过 url 进行转发,需要修改;空默认为访问的路径为"/"
pathType: Prefix
backend: #配置后端服务
service :
name: tomcat #转发到前面定义的serviceIngress 的路径类型
- ImplementationSpecific (默认): 对于这种类型,匹配取决于 IngressClass。 具体实现可以将其作为单独的
pathType处理或者与Prefix或Exact类型作相同处理。 Exact:精确匹配 URL 路径,且对大小写敏感。Prefix:基于以/分隔的 URL 路径前缀匹配。匹配对大小写敏感,并且对路径中的元素逐个完成。 路径元素指的是由/分隔符分隔的路径中的标签列表。 如果每个 p 都是请求路径 p 的元素前缀,则请求与路径 p 匹配。
- #修改电脑本地的 host 文件,增加如下一行,下面的 ip 是 keepalived 的 vip
192.168.2.168 tomcat.lucky.com
-
查看 pod 调度
spec:
hostNetwork: true #表示容器使用和宿主机一样的网络
affinity: #设置亲和性
podAntiAffinity: #设置 pod 的反亲和性
preferredDuringSchedulingIgnoredDuringExecution: #软亲和性
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx #选择标签
topologyKey: kubernetes.io/hostname # hostname 标签 保证同一组 pod 不会调度到同一个节点,达到高可用
以上是关于K8s 通过 keepalive+nginx 实现 nginx-ingress-controller 高可用的主要内容,如果未能解决你的问题,请参考以下文章
k8s 通过 Ingress-nginx 高可用 实现灰度发布
k8s 通过 Ingress-nginx 高可用 实现灰度发布