在centos7.5系统部署一个k8s高可用集群。k8s版本采用v1.15.2。docker版本18.09
根据官方的文档,部署集群前首先要部署负载均衡器,这里简要记录下LB负载均衡器的部署过程。
环境说明
节点 | IP | 备注 |
haproxy-1、keepalived-1 | 10.0.0.21 | 代理节点1 |
haproxy-2、keepalived-2 | 10.0.0.22 | 代理节点2 |
vip | 10.0.0.10 | LB入口IP |
k8s-master01 | 10.0.0.11 | k8s主节点1 |
k8s-master02 | 10.0.0.12 | k8s主节点2 |
k8s-master03 | 10.0.0.13 | k8s主节点3 |
k8s-node01 | 10.0.0.14 | k8s工作节点 |
1.在haproxy-1和haproxy-2节点上安装haproxy
$ yum install haproxy -y
2.备份然后编辑haproxy的配置文件如下:
$ mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.default
$ vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemonstats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000#http前端代理配置 指定代理端口8080
frontend proxy_http
bind *:8080
mode http
log global
use_backend server_http#https前端代理配置 指定代理端口6444
frontend proxy_https#这里用*表示当机器有多个IP时,不论请求的IP是哪个,都可以接收请求。适用于有VIP的场景
bind *:6444
mode tcp
log global
use_backend server_https#http后端配置
backend server_http
mode http
balance roundrobin
server nginx 10.0.0.21:80#https后端配置
backend server_https
mode tcp
balance roundrobin
server rancher01 10.0.0.11:6443
server rancher02 10.0.0.12:6443
server rancher03 10.0.0.13:6443
注:上面http的配置并未真正使用到,只是作为测试使用
3.启动haproxy服务
$ systemctl start haproxy
本次部署启动的时候出现了一个错误提示:
Starting proxy mysql: cannot bind socket [0.0.0.0:6444]
若遇到该问题,需要执行以下命令:
$ setsebool -P haproxy_connect_any=1
查看haproxy是否成功启动:
$ systemctl status haproxy
4.测试haproxy配置是否正确
在haproxy-1上安装nginx
这里需要安装epel源
$ yum install nginx -y
启动nginx
$ where is nginx
#根据上面的地址启动
$ /usr/sbin/nginx
#检测是否正常启动
$ netstat -nlp |grep -w 80
在haproxy-1上执行如下命令,测试haproxy反向代理是否正常:
$ curl localhost:8080
1.在haproxy-1和haproxy-2上安装keepalived
$ yum install keepalived -y
2.备份然后编辑配置文件
haproxy-1上
$ mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.default
$ vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr#这里需要将vrrp_strict注释起来,否则设置的VIP无法ping通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}vrrp_instance VI_1 {
#指定该节点为主节点,备用节点设置为BACKUP
state MASTER
#绑定虚拟IP 的网络接口 要与虚拟机的网络接口对应
interface ens33
#整个虚拟组的id,同组配置须保持一致
virtual_router_id 88
#主节点的优先级,数值在1~254,注意从节点必须比主节点的优先级别低
priority 50
authentication {
auth_type PASS
auth_pass 1111
}
#指定虚拟IP,两个节点需设置一样
virtual_ipaddress {
10.0.0.5/24
}
}
注意:默认设置中global_defs配置块下面有一个配置项vrrp_strict,这个会导致设置的VIP无法ping通,需要将这个配置项注释起来。
haproxy-2上
$ mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.default
$ vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr#这里需要将vrrp_strict注释起来,否则设置的VIP无法ping通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}vrrp_instance VI_1 {
#指定该节点为主节点,备用节点设置为BACKUP
state BACKUP
#绑定虚拟IP 的网络接口 要与虚拟机的网络接口对应
interface ens33
#整个虚拟组的id,同组配置须保持一致
virtual_router_id 88
#主节点的优先级,数值在1~254,注意从节点必须比主节点的优先级别低
priority 30
authentication {
auth_type PASS
auth_pass 1111
}
#指定虚拟IP,两个节点需设置一样
virtual_ipaddress {
10.0.0.5/24
}
}
haproxy-2上的keepalived与haproxy-1上的keepalived有两个地方配置不一样,红色标出来的部分
state表明节点的角色,主节点为master,备节点为backup
priority 优先级 vip会优先漂移到优先级高的节点上,备节点的优先级设置数值要比主节点的数值小
3.启动keepalived
在haproxy-1和haproxy-2上执行如下命令
$ systemctl start keepalived
#检查是否正常启动
$ systemctl status keepalived
4.测试keepalived是否正常工作
在haproxy-1上查看vip是否已经绑定到网卡上
$ ip a
成功会看到ens33网卡上有两个ip,一个是本机ip 10.0.0.21,一个是vip 10.0.0.10
测试是否能ping通vip
$ ping 10.0.0.10
关闭haproxy-1或者停掉keepalived程序,vip会漂移到haproxy-2机器
5.测试keepalived与haproxy配合是否工作
harproxy-1和haproxy-2会监听本机上8080端口。同时vip会绑定在其中一台机器上。当请求绑定有vip的机器的8080端口时,haproxy会将请求转发给后端的nginx,返回nginx页面。
$ curl 10.0.0.10:8080
至此,keepalived+haproxy配置的高可用LB就搭建完成。