在10.4.7.11和10.4.7.12主机上部署
一、安装keepalived和nginx
yum install -y nginx keepalived
- 配置四层反向代理
vim /etc/nginx/nginx.conf // 注意是末尾追加,不要添加到http语句块中,将6443端口映射为7443
stream {
upstream kube-apiserver {
server 10.4.7.21:6443 max_fails=3 fail_timeout=30s;
server 10.4.7.22:6443 max_fails=3 fail_timeout=30s;
}
server {
listen 7443;
proxy_connect_timeout 2s;
proxy_timeout 900s;
proxy_pass kube-apiserver;
}
}
启动nginx
systemctl enable --now ngin
- 配置主从keepalived
a.写一个监听nginx的脚本vi /etc/keepalived/check_port.sh#!/bin/bash
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
PORT_PROCESS=`ss -lnt|grep $CHK_PORT|wc -l`
if [ $PORT_PROCESS -eq 0 ];then
echo "Port $CHK_PORT Is Not Used,End."
exit 1
fi
else
echo "Check Port Cant Be Empty!"
fi
b.赋予执行权限
chmod +x /etc/keepalived/check_port.sh
c.配置文件,从服务器修改红色字体即可
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.4.7.11 // 从改为10.4.7.12
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_port.sh 7443"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER // 这是主,从的那边改为BACKUP
interface ens32 // 网卡
virtual_router_id 251
priority 100 //从的优先级要小于100
advert_int 1
mcast_src_ip 10.4.7.11 // 从改为10.4.7.12
nopreempt // 非抢占,从服务器不需要,可以删掉 停止主的nginx后vip不会回到主服务器,如想回到主服务器,那么需要重启主从的keepalived
authentication {
auth_type PASS
auth_pass 11111111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.4.7.10
}
}
d.启动keepalived
systemctl enable --now keepalived
e.查看主服务器的虚拟ip
