使用lvscare 监控后端节点
# 使用centos7
# lvscare 完成后端master 检查发现错误摘掉后端IP 恢复正常重新加入负载
# 使用sealyun 开源的LVScare 项目
# 项目地址:https://github.com/sealyun/LVScare
# haproxy 在流量很大节点数很多的时候占用cpu非常高整个性能也不会太高。
编译LVScare 项目
1、go环境的搭建
#下载go 二进制包
cd /usr/local/src/
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz
# 解压 go 二进制包
tar -xvf go1.14.linux-amd64.tar.gz
# 复制解压完成的go 目录到 /usr/local/
mv go ../
# 配置环境变量
vi /etc/profile
export GOPATH=/root/go
export GOBIN=/root/go/bin
PATH=$PATH:/usr/local/go/bin:$HOME/bin:$GOBIN
export PATH
# 生效环境变量
source /etc/profile
#验证go 是否安装正常
go version
[root@localhost ]# go version
go version go1.14 linux/amd64
# 安装git
yum install git -y
# 编译LVScare
go get github.com/sealyun/lvscare
# 编译完成寻找编译结果
which lvscare
[root@localhost src]# which lvscare
/root/go/bin/lvscare
准备配置文件及启动文件
# 创建配置文件
mkdir -p /apps/lvscare/{bin,conf}
cat << EOF | tee /apps/lvscare/conf/lvscare
LVSCARE_OPTS="care \\
--vs 10.10.10.10:9443 \\
--rs 192.168.2.10:6443 \\
--rs 192.168.2.11:6443 \\
--rs 192.168.2.12:6443 \\
--health-path / \\
--health-schem https"
EOF
# 配置项说明:
# --vs vip IP 劲量使用一个陌生ip 新的端口
# --rs 后端服务器IP 负载端口号
# --health-path 路径
# health-schem http https
# tcp 负载可以删除 health-path health-schem
# 创建启动文件
cat << EOF | tee /usr/lib/systemd/system/lvscare.service
[Unit]
Description=lvscare
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
LimitNOFILE=1024000
LimitNPROC=1024000
LimitCORE=infinity
LimitMEMLOCK=infinity
EnvironmentFile=-/apps/lvscare/conf/lvscare
ExecStart=/apps/lvscare/bin/lvscare \$LVSCARE_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
修改kube-proxy
# 修改 kube-proxy ipvs 模式时会全局删除ipvs规则所以添加过滤IP
# 修改的参数ipvs-exclude-cidrs=10.10.10.10/32
# kubeadm 方式部署
# 由于修改configmaps kube-proxy 一直启动不了所以改为修改启动参数
kubectl -n kube-system edit configmaps kube-proxy
# 修改内容
ipvs:
excludeCIDRs:
- "10.10.10.10/32" vip ip
#二进制方式部署修改内容
# 修改内容
- --logtostderr=true
- --v=4
- --feature-gates=SupportIPVSProxyMode=true
- --masquerade-all=true
- --proxy-mode=ipvs
- --ipvs-min-sync-period=5s
- --ipvs-sync-period=5s
- --ipvs-scheduler=rr
- --cluster-cidr=10.244.0.0/16
- --metrics-bind-address=0.0.0.0
- --ipvs-exclude-cidrs=10.10.10.10/32 vip ip
启动LVScare
# 设置开机启动
systemctl enable lvscare.service
# 启动 lvscare
systemctl start lvscare.service
# 查看启动状态
systemctl status lvscare.service
[root@localhost apps]# systemctl status lvscare.service
● lvscare.service - lvscare Kubelet
Loaded: loaded (/usr/lib/systemd/system/lvscare.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2020-03-13 15:57:35 CST; 5min ago
Main PID: 118865 (lvscare)
Tasks: 12 (limit: 204628)
Memory: 24.4M
CGroup: /system.slice/lvscare.service
└─118865 /apps/lvscare/bin/lvscare care --vs 10.10.10.10:9443 --rs 192.168.2.10:6443 --rs 192.168.2.11:6443 --rs 192.168.2.12:6443 --health-path / --health-schem https
Mar 13 16:02:40 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.11, port %!s(uint16=6443)
Mar 13 16:02:40 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.12, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check svc ip: 10.96.0.10, port 53
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check svc ip: 10.10.10.10, port 9443
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.12, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.11, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.10, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.12, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.11, port %!s(uint16=6443)
Mar 13 16:02:45 localhost.localdomain lvscare[118865]: check realserver ip: 192.168.2.12, port %!s(uint16=6443)
验证LVScare
[root@localhost apps]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.10.10:9443 rr
-> 192.168.2.10:6443 Masq 1 0 0
-> 192.168.2.11:6443 Masq 1 0 0
-> 192.168.2.12:6443 Masq 1 0 0
curl -k https://10.10.10.10:9443
[root@localhost apps]# curl -k https://10.10.10.10:9443
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}[root@localhost apps]#
能正常返回数据 lvs 正常
# 验证LVScare 是否能够计算删除故障节点及故障节点恢复自动添加
[root@localhost apps]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.10.10:9443 rr
-> 192.168.2.10:6443 Masq 1 0 0
-> 192.168.2.11:6443 Masq 1 0 0
-> 192.168.2.12:6443 Masq 1 0 0
6443 端口后端正常
#关闭 192.168.2.12 kube-apiserver
service kube-apiserver stop
[root@k8s-master3 ~]# ps -ef | grep kube-apiserver
root 3770208 3769875 0 16:07 pts/0 00:00:00 grep --color=auto kube-apiserver
# 192.168.2.12:6443 已经删除
启动 192.168.2.12 kube-apiserver
[root@k8s-master3 ~]# service kube-apiserver start
Redirecting to /bin/systemctl start kube-apiserver.service
[root@k8s-master3 ~]# ps -ef | grep kube-apiserver
root 3771436 1 99 16:09 ? 00:00:02 /apps/k8s/bin/kube-apiserver -
# 节点已经恢复
最后说明:
# 记得在每个node 节点部署lvscare
# vip ip 子网是32的只能本机访问