使用nginx反代实现k8s apiserver高可用

---

一、架构图

　　

二、nginx配置

    error_log stderr notice;

worker_processes auto;
events {
      multi_accept on;
      use epoll;
      worker_connections 1024;
}

stream {
    upstream kube_apiserver {
        least_conn;
        server 192.168.174.140:6443;
        server 192.168.174.151:6443;
    }

    server {
        listen        0.0.0.0:6443;
        proxy_pass    kube_apiserver;
        proxy_timeout 10m;
        proxy_connect_timeout 1s;
    }
}

 三、kube-apiserver相关配置

1、确保每个节点上的apiserver的证书都被k8s CA机构签署，且apiserver服务正常运行。

2、配置kubectl配置文件

kubectl config set-cluster k8s_ha --server="https://192.168.174.190:6443" --certificate-authority=/root/k8s_ssl/master/nginx/ca.pem --embed-certs=true   #192.168.174.190为nginx的地址
kubectl config set-context hel@k8s_ha --cluster=k8s_ha --user=hel 
kubectl config use-context hel@k8s_ha