部署Nginx负载均衡器【待续】

IT
IT
IT
335
文章
1
评论
2020年9月14日14:19:01 评论 820 3413字阅读11分22秒

kube-apiserver高可用架构图

部署Nginx负载均衡器【待续】

涉及软件

Keepalived是一个主流高可用软件,基于VIP绑定实现服务器双机热备,在上述拓扑中, Keepalived主要根据Nginx运行状态判断是否需要故障转移(偏移VIP),例如当Nginx主节点挂 掉,VIP会自动绑定在Nginx备节点,从而保证VIP一直可用,实现Nginx高可用。 Nginx是一个主流Web服务和反向代理服务器,这里用四层实现对apiserver实现负载均衡。

安装软件包(主/备)

[root@k8s-master1 ~]# yum install epel-release -y
[root@k8s-master1 ~]# yum install nginx keepalived -y

Nginx配置文件(主/备一样)

  • 清理原有配置,导入根据自身所需资源
[root@k8s-master1 ~]# > /etc/nginx/nginx.conf
cat > /etc/nginx/nginx.conf << "EOF"
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

stream {

log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';

access_log /var/log/nginx/k8s-access.log main;

upstream k8s-apiserver {
server 10.10.1.37:6443;
server 10.10.1.38:6443;
}

server {
listen 6443;
proxy_pass k8s-apiserver;
}
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

server {
listen 80 default_server;
server_name _;

location / {
}
}
}
EOF
  • 检查是否有问题
[root@k8s-master1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

keepalived配置文件

  • (Nginx Master)
[root@k8s-master1 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.confback
[root@k8s-master1 ~]# > /etc/keepalived/keepalived.conf
  • 导入配置文件
cat > /etc/keepalived/keepalived.conf << EOF
global_defs { 
notification_email { 
acassen@firewall.loc 
failover@firewall.loc 
sysadmin@firewall.loc 
} 
notification_email_from Alexandre.Cassen@firewall.loc 
smtp_server 127.0.0.1 
smtp_connect_timeout 30 
router_id NGINX_MASTER
}

vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_1 { 
state MASTER 
interface eth0
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 
priority 100 # 优先级,备服务器设置 90 
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 
authentication { 
auth_type PASS 
auth_pass 1111 
} 
virtual_ipaddress { 
10.10.1.41/24
} 
track_script {
check_nginx
} 
}
EOF

vrrp_script:指定检查nginx工作状态脚本(根据nginx状态判断是否故障转移)

virtual_ipaddress:虚拟IP(VIP)

  • 检查nginx状态脚本
[root@k8s-master1 ~]# 
cat > /etc/keepalived/check_nginx.sh << "EOF"
#!/bin/bash
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ];then
exit 1
else
exit 0
fi
EOF
[root@k8s-master1 ~]# chmod +x /etc/keepalived/check_nginx.sh
  • Nginx Backup
[root@k8s-master2 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.confback
[root@k8s-master2 ~]# > /etc/keepalived/keepalived.conf 


cat > /etc/keepalived/keepalived.conf << EOF
global_defs { 
notification_email { 
acassen@firewall.loc 
failover@firewall.loc 
sysadmin@firewall.loc 
} 
notification_email_from Alexandre.Cassen@firewall.loc 
smtp_server 127.0.0.1 
smtp_connect_timeout 30 
router_id NGINX_BACKUP
}

vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_1 { 
state MASTER 
interface eth0
virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 
priority 90 # 优先级,备服务器设置 90 
advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 
authentication { 
auth_type PASS 
auth_pass 1111 
} 
virtual_ipaddress { 
10.10.1.41/24
} 
track_script {
check_nginx
} 
}
EOF
  • nginx检查脚本
cat > /etc/keepalived/check_nginx.sh << "EOF"
#!/bin/bash
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ];then
exit 1
else
exit 0
fi
EOF
[root@k8s-master2 ~]# chmod +x /etc/keepalived/check_nginx.sh

启动并设置开机启动

systemctl daemon-reload 
systemctl start nginx
systemctl start keepalived
systemctl enable nginx 
systemctl enable keepalived

 

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
nginx 最后更新:2020-9-28
IT
  • 本文由 发表于 2020年9月14日14:19:01
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Nginx正向代理配置 nginx

Nginx正向代理配置

通过把Nginx设置为正向代理,我们就可以在局域网中用运行着Nginx的主机作为正向代理服务器了。那什么是正向代理和反向代理呢?正向代理和反向代理-百度百科 正向代理:如果把局域网外的Internet...
nginx反向代理获取用户真实ip nginx

nginx反向代理获取用户真实ip

提要 nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,那么如何转发用户的真实IP到后端程序呢? 当前端使用nginx代理,后端使用php-fpm时,如果还是使用$_SERVER...