发布集群控制面板

Loading word count...

安装Nginx

1.安装编译Nginx所需的依赖项：

$ sudo apt update
$ sudo apt install libgd-dev libpcre3 libpcre3-dev build-essential zlib1g-dev libssl-dev -y 

2.下载Nginx 1.24.0源代码包：

$ wget http://nginx.org/download/nginx-1.24.0.tar.gz

3.解压源代码包：

$ tar -xvf nginx-1.24.0.tar.gz
$ cd nginx-1.24.0

4.配置编译选项和模块：

$ ./configure --prefix=/usr/local/nginx \
--with-pcre \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_image_filter_module \
--with-http_slice_module \
--with-mail \
--with-threads \
--with-file-aio \
--with-stream \
--with-mail_ssl_module \
--with-stream_ssl_module

5.编译源代码：

$ make

6.安装已编译的二进制文件和相关文件：

$ sudo make install

7.验证安装是否成功：

$ cd /usr/local/nginx && ./sbin/nginx -v

8.创建 Systemd 服务单元文件

$ vim /etc/systemd/system/nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

重新加载 Systemd 配置

$ systemctl daemon-reload

#启用 Nginx 服务
$ systemctl start nginx
#将 Nginx 服务添加到启动项中
$ systemctl enable nginx

使用 stream 块来代理 K8S 集群TCP流量

创建stream 配置文件

将这个配置文件放在 /etc/nginx/stream.d/ 目录下

$ vim /usr/local/nginx/conf/stream.d/k8s_proxy.conf

    upstream k8s_6443 {
        server 10.0.0.202:6443;
    }

    server {
        listen 26443;
        #ssl_certificate /path/to/your/ssl_certificate.crt;
        #ssl_certificate_key /path/to/your/ssl_certificate.key;
        proxy_pass k8s_6443;
    }

k8s-dashboard 代理

    upstream k8s_30036 {
        server 10.0.0.202:30036;
        server 10.0.0.203:30036;
        server 10.0.0.204:30036;
    }

   server {
        listen 30066;
        #ssl_certificate /path/to/your/ssl_certificate.crt;
        #ssl_certificate_key /path/to/your/ssl_certificate.key;
        proxy_pass k8s_30036;
    }

应用配置文件

可以在主配置文件（通常是 /etc/nginx/nginx.conf）的 http 部分添加如下语句：
这样，Nginx 将会加载这个文件夹下所有以 .conf 结尾的文件作为 TCP 流量的代理配置。

include /etc/nginx/stream.d/*.conf;

#检查配置文件
$ /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

检查监听端口

$ netstat -ltup | grep 6443
tcp        0      0 0.0.0.0:26443           0.0.0.0:*               LISTEN      43676/nginx: master
tcp6       0      0 [::]:6443               [::]:*                  LISTEN      1867/kube-apiserver

开启阿里云安全组

访问测试