kubernetes学习---安装haproxy并配置keepalived高可用

kubernetes学习—安装haproxy并配置keepalived高可用

所有master节点(192.168.100.52 192.168.100.53 192.168.100.54)安装hapoxy

yum install haproxy -y

所有master节点(192.168.100.52 192.168.100.53 192.168.100.54)配置haproxy，配置一样

# 修改配置文件，每个master节点的配置文件都需要修改
vim /etc/haproxy/haproxy.cfg

/etc/haproxy/haproxy.cfg文件内容如下：

# 内容如下
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend k8s-master
  bind 0.0.0.0:8443
  bind 127.0.0.1:8443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server k8s-100-52    192.168.100.52:6443  check
  server k8s-100-53    192.168.100.53:6443  check
  server k8s-100-54    192.168.100.54:6443  check

在三个master01（192.168.100.52）、master02（192.168.100.53）和 master03（192.168.100.54）上安装keepalived

KEEPNODE = 'k8s-100-52 k8s-100-53 k8s-100-54'
for NODE in $KEEPNODE; do
    ssh $NODE "yum install keepalived -y"
done

进行文件的配置

vim /etc/keepalived/check_apiserver.sh

/etc/keepalived/check_apiserver.sh配置文件内容如下：

#!/bin/bash
err=0
for k in $(seq 1 3)
do
    check_code=$(pgrep haproxy)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi

# 给 check_apiserver.sh 脚本赋予执行权限
chmod +x /etc/keepalived/check_apiserver.sh

配置keepalived.conf的内容，三个master节点的keepalived.conf内容不一样

• (192.168.100.52)上的keepalived.conf文件

# 配置keepalived.conf
vim /etc/keepalived/keepalived.conf

/etc/keepalived/keepalived.conf内容如下：

! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL  #此处注意router_id为负载均衡标识，在局域网内应该是唯一的
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
# 健康检测脚本，必须声明在vrrp_instance节点前
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh" # 检测apiserver的脚本
    interval 5 # 检测时间间隔
    weight -20 # 如果条件成立，权重-20
    fall 2
    rise 1
}
# vrrp实例设置
vrrp_instance VI_1 {
    state MASTER           # master为主机
    interface eth0         # 网卡跟实际情况一样
    virtual_router_id 251  # 实例1的VRID为251
    priority 100           # 主（192.168.100.52）的优先级为100，从的（192.168.100.53、192.168.100.54）的优先级为99
    advert_int 1
    mcast_src_ip 192.168.100.52
    unicast_src_ip 192.168.100.52
    unicast_peer {
        #对象IP  发送vrrp包给备服务器
        192.168.100.53,
        192.168.100.54
    }
    nopreempt              # 不抢占模式  如果是抢占模式，虚拟ip如果断了一次  再重启会相互抢占   请仔细查询相关资料
    authentication {
        auth_type PASS
        auth_pass 11111111    # 随便设置
    }
    track_script {         # 脚本追踪
         chk_apiserver
    }
    virtual_ipaddress {    # 虚拟ip
        192.168.100.57
    }
}

• (192.168.100.53)上的keepalived.conf文件

# 配置keepalived.conf
vim /etc/keepalived/keepalived.conf

/etc/keepalived/keepalived.conf内容如下：

! Configuration File for keepalived
global_defs {
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -20
    fall 2
    rise 1
 
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    mcast_src_ip 192.168.100.53
    unicast_src_ip 192.168.100.53
    unicast_peer {
        192.168.100.52,
        192.168.100.54
    }
    virtual_router_id 251
    priority 90
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 11111111
    }
    virtual_ipaddress {
        192.168.100.57
    }
    track_script {
      chk_apiserver 
    } 
}

• (192.168.100.54)上的keepalived.conf文件

# 配置keepalived.conf
vim /etc/keepalived/keepalived.conf

/etc/keepalived/keepalived.conf内容如下：

! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
    vrrp_skip_check_adv_addr
    vrrp_garp_interval 0
    vrrp_gna_interval 0
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2  
    rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    mcast_src_ip 192.168.100.54
    unicast_src_ip 192.168.100.54
    unicast_peer {
        192.168.100.52,
        192.168.100.53
    }
    virtual_router_id 251
    priority 80
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 11111111
    }
    virtual_ipaddress {
        192.168.100.57
    }
    track_script {
      chk_apiserver 
    } 
}

启动keepalived和haproxy

# master节点上给 check_aiserver.sh 赋予执行权限
chmod +x /etc/keepalived/check_apiserver.sh
# 所有master节点启动haproxy和keepalived
systemctl daemon-reload && \
systemctl enable --now haproxy && \
systemctl enable --now keepalived