首页 > 系统相关 >k8s 1.26.5 Ingress-nginx 的高可用部署

k8s 1.26.5 Ingress-nginx 的高可用部署

时间:2023-06-11 14:22:47浏览次数:57  
标签:kubectl Ingress keepalived ingress nginx controller k8s

1.安装部署ingress-nginx

本次部署使用了高可用的形式,会在每个node节点做亲和性(master不部署),让每一个pod都部署上去,然后加入NGINX去过负载,这样我们之后用NGINX的80端口访问域名就可以了。

主机 地址 端口
k8s-node01 192.168.80.48 nginx启动端口:3080,负载均衡端口:根据ingress svc自己生成的NodePort的端口
k8s-node02 192.168.80.49 nginx启动端口:3080,负载均衡端口:根据ingress svc自己生成的NodePort的端口
vip 192.168.80.66 访问端口:80

通过 keepalived+nginx 实现 nginx-ingress-controller高可用。

1.1.替换镜像

查看当前版api版本

kubectl explain Ingress
KIND:     Ingress
VERSION:  networking.k8s.io/v1
....

注:查看ingress和自己本地的k8s版本是否对应上,在GitHub上有表格参考。

mkdir -p /root/ingress && cd /root/ingress
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/baremetal/deploy.yaml -O deploy.yaml

cat deploy.yaml | grep image:
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f


# 替换镜像
sed  -i 's#registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f#registry.cn-hangzhou.aliyuncs.com/image-storage/controller:v1.6.4#' deploy.yaml
sed  -i 's#registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f#registry.cn-hangzhou.aliyuncs.com/image-storage/kube-webhook-certgen:v20220916-gd32f8c343#' deploy.yaml

注:从外网下载的镜像放在了自己的阿里镜像服务内。

1.2.ingress高可用配置

1.2.1修改文件和主机打标签

vim deploy.yaml
kind: Deployment	#改为DaemonSet控制器
spec:
  template:
    spec:
      nodeSelector:		#修改节点选择,亲和度
        custom/ingress-controller-ready: true

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx-controller
  namespace: ingress-nginx
  ....
spec:
  ....
  type: NodePort #后端svc访问改成NodePort

# node主机打标签
kubectl label nodes k8s-node01 custom/ingress-controller-ready=true
kubectl label nodes k8s-node02 custom/ingress-controller-ready=true
kubectl taint nodes k8s-master01 node-role.kubernetes.io/master=true:NoSchedule
kubectl taint nodes k8s-master02 node-role.kubernetes.io/master=true:NoSchedule
kubectl taint nodes k8s-master03 node-role.kubernetes.io/master=true:NoSchedule

1.2.2部署ingress

# 部署ingress
kubectl apply -f deploy.yaml

# 查看ingress pod
kubectl get pod -n ingress-nginx 
NAME                                   READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-849p4   0/1     Completed   0          61s
ingress-nginx-admission-patch-7qk5c    0/1     Completed   0          61s
ingress-nginx-controller-vblkz         1/1     Running     0          61s
ingress-nginx-controller-zmn49         1/1     Running     0          61s

2.部署NGINX和keepalived

  • node01、node02操作

apt install nginx keepalived -y
sudo useradd nginx -G www-data

2.1.修改配置

# 修改默认端口为3080
cd /etc/nginx/sites-enabled
cat default
listen 3080 default_server;
listen [::]:3080 default_server;

# 重启nginx
systemctl restart  nginx.service
netstat -lntup  | grep 3080
tcp        0      0 0.0.0.0:3080            0.0.0.0:*               LISTEN      263469/nginx: maste
tcp6       0      0 :::3080                 :::*                    LISTEN      263469/nginx: maste

# 查看ingress本地端口
kubectl get svc  -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.101.53.92     <none>        80:30371/TCP,443:32335/TCP   11m
ingress-nginx-controller-admission   ClusterIP   10.101.103.120   <none>        443/TCP                      11m

2.2.添加负载

cd /etc/nginx ; cp nginx.conf nginx.conf_bak
cat > nginx.conf <<"EOF"
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

stream {

    log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';

    access_log  /var/log/nginx/k8s-access.log  main;

    upstream ingress {
       server 192.168.80.48:30371;   # #这里配置成要访问的地址
       server 192.168.80.49:30371;
    }

    server {
       listen 80; #需要监听的端口
       proxy_pass ingress;
    }
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}
EOF

# 检查格式
nginx -t

2.3.keepalived配置

  • k8s-node01

cat > /etc/keepalived/keepalived.conf << EOF
global_defs { 
   notification_email { 
     [email protected] 
     [email protected] 
     [email protected] 
   } 
   notification_email_from [email protected]  
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
} 

# 检查脚本
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_NGINX { 
    state MASTER 
    interface ens33 # 修改为实际网卡名
    virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 
    priority 100    # 优先级,备服务器设置 90 
    advert_int 1    # 指定VRRP 心跳包通告间隔时间,默认1秒 
    authentication { 
        auth_type PASS      
        auth_pass 1111 
    }  
    # 虚拟IP
    virtual_ipaddress { 
        192.168.80.66/24
    } 
    track_script {
        check_nginx
    } 
}
EOF
  • k8s-node02

cat > /etc/keepalived/keepalived.conf << EOF
global_defs { 
   notification_email { 
     [email protected] 
     [email protected] 
     [email protected] 
   } 
   notification_email_from [email protected]  
   smtp_server 127.0.0.1 
   smtp_connect_timeout 30 
   router_id NGINX_BACKUP
} 

# 检查脚本
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_NGINX { 
    state BACKUP 
    interface ens33 # 修改为实际网卡名
    virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 
    priority 90     # 优先级,备服务器设置 90 
    advert_int 1    # 指定VRRP 心跳包通告间隔时间,默认1秒 
    authentication { 
        auth_type PASS      
        auth_pass 1111 
    }  
    # 虚拟IP
    virtual_ipaddress { 
        192.168.80.66/24
    } 
    track_script {
        check_nginx
    } 
}
EOF

keepalived 检查脚本(注意脚本内的端口是需要监听的端口):

cat > /etc/keepalived/check_nginx.sh  <<"EOF"
#!/bin/bash
count=$(ss -antp |grep 80 |egrep -cv "grep|$$")

if [ "$count" -eq 0 ];then
    exit 1
else
    exit 0
fi
EOF

useradd keepalived_script
passwd keepalived_script
chown -R keepalived_script:keepalived_script /etc/keepalived/check_nginx.sh
chmod +x /etc/keepalived/check_nginx.sh

重启服务:

systemctl daemon-reload
systemctl start nginx keepalived
systemctl enable nginx keepalived
systemctl restart keepalived.service nginx.service

3.测试ingress

3.1.pod和svc创建

mkdir -p /root/ingress ; cd /root/ingress
cat > /root/ingress/deploy-demo.yaml <<EOF
#创建service为myapp
apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
#创建后端服务的pod
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-backend-pod
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v2
        ports:
        - name: http
          containerPort: 80
EOF

启动容器:

kubectl apply -f deploy-demo.yaml

kubectl get pod -l app=myapp
NAME                                READY   STATUS    RESTARTS   AGE
myapp-backend-pod-9f9b5bd95-5d487   1/1     Running   0          23m
myapp-backend-pod-9f9b5bd95-k87tc   1/1     Running   0          23m
myapp-backend-pod-9f9b5bd95-vssh7   1/1     Running   0          23m

3.2.ingress创建

cat > /root/ingress/ingress-myapp.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-myapp
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: "myapp.magedu.com"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myapp
            port:
              number: 80
EOF

创建ingress:

kubectl apply -f ingress-myapp.yaml
 
kubectl get ingress
NAME            CLASS    HOSTS              ADDRESS                       PORTS   AGE
ingress-myapp   <none>   myapp.magedu.com   192.168.80.48,192.168.80.49   80      5m15s

注:Windows本地hosts去绑定下vip地址和ingress定义的域名。 

效果:

标签:kubectl,Ingress,keepalived,ingress,nginx,controller,k8s
From: https://www.cnblogs.com/-k8s/p/17472891.html

相关文章

  • Nginx用作反向代理服务器使用!
        Nginx("enginex")是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP代理服务器。Nginx是由IgorSysoev为俄罗斯访问量第二的Rambler.ru站点开发的,它已经在该站点运行超过三年了。Igor将源代码以类BSD许可证的形式发布。Nginx超越Apache的高性......
  • Linux系统下配置Nginx服务器
    Nginx是一个高性能的开源HTTP和反向代理服务器,也可以作为电子邮件(SMTP/POP3/IMAP)代理服务器、负载均衡器和HTTP缓存服务器,使用在安装Nginx之前,需要安装一些其他软件依赖,如gcc、pcre、zlib和openssl。1、yum installgcc-ygcc是GNUCompilerCollection的简称,包含编译器和其他编......
  • K8S 证书详解(认证)
    K8S证书介绍在Kube-apiserver中提供了很多认证方式,其中最常用的就是TLS认证,当然也有BootstrapToken,BasicAuth认证等,只要有一个认证通过,那么Kube-apiserver即认为认证通过。下面就主要讲解TLS认证。如果你是使用kubeadm安装的Kubernetes,则会自动生成集群所需的证......
  • k8s 升级 cka
    题目:GivenanexistingKubernetesclusterrunningversion1.18.8upgradealloftheKubernetescontrolplaneandnodeComponentsonthemasternodeonlytoversion1.19.0.Youarealsoexpectedtoupgradekubeletandkubectlonthemasternode.Besuretod......
  • nginx-clojure-0.6.0 集成nginx 1.25.0 构建的解决方法
    今天也说过关于nginx-clojure-0.6.0集成nginx1.2.50构建是有问题的,以下是解决方法实际问题staticdeclarationof‘ngx_http_close_request’followsnon-staticdeclaration原因nginx-clojure复制了nginx源码中对于nginx的处理函数(ngx_http_clojure_mem.c文件)......
  • nginx优化配置进程数与cpu亲和性之间的关系,你真正了解吗???
    关于nginx的进程数的配置,以及cpu亲和性的配置,大家能了解多少呢? worker_processes:配置线程数在高并发的web服务器场景下,并发实际是有进程处理,那么为了保障处理并发,线程数肯定要事先启动足。打个比方就像是开餐厅,开业之前需要招聘相对数量的服务员来接待客户。而worker_process......
  • Nginx 获取与传递真实访问IP
    1.环境首先,我这里的环境为nginx-1.1.2.2,通过yum安装。如果想要源码安装,需要通过如下参数,启用ngx_http_realip_module模块。--with-http_realip_module而传递真实IP到后端,需要使用到ngx_http_proxy_module模块,此模块默认会编译。对于Nginx的安装和添加nginx模块等,有问题可参考......
  • nginx及常用部署方式与性能优化
    nginx做反向代理服务器nginx配置:upstreambackend_server{server123.34.34.34weight=1server123.34.34.35weight=1}server{location/{proxy_passhttp://backend_server;proxy_set_headerHost$http_hosti:$http_host:$proxy_port;......
  • NGINX配置详解
    NGINX配置详解关于ngx虽然一直在用,但是对其配置及详细作用有些一知半解,本周趁有时间刚好一起梳理下。本篇文章将包括常用的ngx功能,如代理及负载均衡等,争取内容尽量全面丰富一些。什么是NGXNginx是开源的轻量级Web服务器、反向代理服务器,以及负载均衡器和HTTP缓存器。其特......
  • 8、利用构建好的Ubuntu镜像构建Nginx镜像
    利用DockerFile文件执行dockerbuild基于基础镜像自动构建nginx镜像做的时候可以找一台宿主机边执行命令,边写Dockerfile应用级镜像一定要有一个进程是前台执行,进程存在不至于程序启动就退出CMD:容器启动命令第一步:按照业务类型或系统类型等方式划分创建目录环境,方便后期镜像比较多......