部署完master节点后,实现三节点的高可用。

一、安装haproxy keepalived

yum -y install haproxy keepalived

二、配置haproxy

##备份原文件
mv /etc/haproxy/haproxy.cfg{,.bak}
##指定新文件
cat > /etc/haproxy/haproxy.cfg << EOF
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind    *:8006
  mode    http
  stats   enable
  stats   hide-version
  stats   uri       /stats
  stats   refresh   30s
  stats   realm     Haproxy\ Statistics
  stats   auth      admin:admin

frontend k8s-master
  bind 0.0.0.0:8443            #此端口地址建议修改大点,以免和prometheu+grafana的端口产生冲突
  bind 127.0.0.1:8443          #此端口地址建议修改大点,以免和prometheu+grafana的端口产生冲突
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  #如下内容的主机名和IP地址请按你实际环境的来填写
  server master01   10.13.33.38:6443  check      
  server master02   10.13.33.40:6443  check
  server master03    10.13.33.29:6443  check
EOF

三、修改keepalived配置文件

##备份原文件
mv /etc/keepalived/keepalived.conf{,.bak}
##指定新文件
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id 10.13.33.38
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh 8443"
    interval 2
    weight -5
    fall 3
    rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    mcast_src_ip 10.13.33.38   #此处请填写相对应的本地的IP地址,IP不能相同,每个master节点的请另行修改
    virtual_router_id 51
    priority 102             #优先级高的能优先获得vip地址,优先级不能相同,每个master节点的请另行修改
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        10.13.33.241         #此处填写你要设定的VIP地址
    }
#    track_script {
#       chk_apiserver
#    }
}
EOF
##新建检测简本
cat > /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash

function check_apiserver() {
  for ((i=0;i<5;i++));do
    apiserver_job_id=$(pgrep kube-apiserver)
    if [[ ! -z $apiserver_job_id ]];then
       return
    else
       sleep 2
    fi
    apiserver_job_id=0
  done
}
# 1: running 0: stopped
check_apiserver
if [[ $apiserver_job_id -eq 0 ]]; then
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
EOF

#对检测脚本添加执行权限
chmod a+x /etc/keepalived/check_apiserver.sh

四、启动haproxy和keepalived服务

systemctl enable --now haproxy && systemctl enable --now keepalived

#查看haproxy和keepalived的服务状态
systemctl status haproxy keepalived