自建k8s的ingress组件pod更新后4层解析的更新问题
背景
自建k8s的ingress组件使用k8s社区的ingress-nginx组件,使用nodeport的形式部署service,使用nginx 4层代理到ingress组件。
方案
shell脚本
- 安装kubectl
- 新增同步脚本
- 配置定时任务
- 观察效果
安装kubectl
配置yum源
1
2
3
4
5
6
7
8
9
10
| cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
|
安装
配置kubeconfig
同步脚本
/data/scripts/sync_k8s_ingress_node_upstream.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
| #!/bin/bash
# 动态生成nginx配置文件
# 后续需调整为etcd confd nginx-template生成
# 赵宏业
# 20230222
btime=$(date "+%Y%m%d_%H%M%S")
log_file="/data/logs/sync_k8s_ingress_node_upstream.log"
make_config() {
http_port=$(kubectl -n ingress-nginx describe svc ingress-nginx-controller | grep NodePort | grep http | grep -v https | awk '{print $3}' | awk -F '/' '{print $1}')
https_port=$(kubectl -n ingress-nginx describe svc ingress-nginx-controller | grep NodePort | grep https | awk '{print $3}' | awk -F '/' '{print $1}')
\rm -f /tmp/k8s-ingress.conf
echo "upstream k8s_ingress_80 {" >>/tmp/k8s-ingress.conf
node_list=$(kubectl -n ingress-nginx get po -o wide | grep ingress-nginx-controller | awk '{print $7}')
for node in ${node_list}; do
node_ip=$(kubectl describe no ${node} | grep InternalIP | awk -F ':' '{print $2}')
echo " server ${node_ip}:${http_port};" >>/tmp/k8s-ingress.conf
done
echo "}" >>/tmp/k8s-ingress.conf
echo "upstream k8s_ingress_443 {" >>/tmp/k8s-ingress.conf
node_list=$(kubectl -n ingress-nginx get po -o wide | grep ingress-nginx-controller | awk '{print $7}')
for node in ${node_list}; do
node_ip=$(kubectl describe no ${node} | grep InternalIP | awk -F ':' '{print $2}')
echo " server ${node_ip}:${https_port};" >>/tmp/k8s-ingress.conf
done
echo "}" >>/tmp/k8s-ingress.conf
echo "
server {
listen 80;
proxy_pass k8s_ingress_80;
}
server {
listen 443;
proxy_pass k8s_ingress_443;
}
" >>/tmp/k8s-ingress.conf
echo "检测时间: ${btime}" >>${log_file}
echo "-- file begin --" >>${log_file}
cat /tmp/k8s-ingress.conf >>${log_file}
echo "-- file end --" >>${log_file}
}
update_config() {
config_name="/data/servers/nginx/conf/stream/k8s-ingress.conf"
if [ -f ${config_name} ]; then
diff /tmp/k8s-ingress.conf ${config_name}
if [ $? == 0 ]; then
echo "文件内容一致, 忽略" >>${log_file}
else
echo "替换文件" >>${log_file}
mkdir -p /data/backup/nginx/
mv ${config_name} /data/backup/nginx/k8s-ingress.conf_bak_${btime}
nginx_reload
fi
else
nginx_reload
fi
}
nginx_reload() {
cp /tmp/k8s-ingress.conf ${config_name}
/usr/local/sbin/nginx -t
if [ $? == 0 ]; then
/usr/local/sbin/nginx -s reload
echo "reload ok" >>${log_file}
else
echo "文件异常, 还原配置" >>${log_file}
echo "异常回滚" >>${log_file}
\rm -f ${config_name}
cp /data/backup/nginx/k8s-ingress.conf_bak_${btime} ${config_name}
/usr/local/sbin/nginx -t
fi
}
echo "---- begin scripts ----" >>${log_file}
make_config
update_config
echo "---- end scripts ----" >>${log_file}
|
配置脚本权限
1
| chmod +x sync_k8s_ingress_node_upstream.sh
|
新增定时任务
1
| */1 * * * * /data/scripts/sync_k8s_ingress_node_upstream.sh
|
观察日志
1
| tail -f /data/logs/sync_k8s_ingress_node_upstream.log
|
etcd+confd
待研究