1、安装
yum install -y haproxy
2、配置
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 40000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# kubernetes apiserver frontend which proxys to the backends
#---------------------------------------------------------------------
frontend k8s-apiserver
mode tcp
bind *:16443
option tcplog
default_backend k8s-apiserver
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend k8s-apiserver
mode tcp
balance roundrobin
server master-0 192.168.0.183:6443 check
server master-1 192.168.0.228:6443 check
server master-2 192.168.0.169:6443 check
listen admin_stats
bind 0.0.0.0:19198
mode http
log 127.0.0.1 local3 err
#HAProxy监控页面统计自动刷新时间。
stats refresh 30s
#设置监控页面URL路径。 http://IP:19198/haproxy-status可查看
stats uri /haproxy-status
#统计页面密码框提示信息
stats realm welcome login\ Haproxy
#登录统计页面用户和密码
stats auth toowe:toowe
#隐藏HAProxy版本信息
stats hide-version
#设置TURE后可在监控页面手工启动关闭后端真实服务器
stats admin if TRUE
3、开机自启动
sudo systemctl enable haproxy
4、统计页面防火墙打开端口
firewall-cmd --zone=public --remove-port=19198/tcp --permanent
配置立即生效
firewall-cmd --reload
查看防火墙状态
systemctl status firewalld
关闭防火墙
systemctl stop firewalld
打开防火墙
systemctl start firewalld
5、遇到的问题
根据提示执行命令,再重新启动
还有更简单的办法 管理SELinux