高可用组件HAProxy+KeeAlived安装

1. 高可用组件HAProxy+KeepAlived安装

为增加使用方便性及某些情况下IP唯一,增加高可用VIP,下面给K8S集群添加VIP的办法,同时:业务集群添加VIP方法也是一样的。

1.1 所有Master节点通过yum安装HAProxy和KeepAlived:

yum install keepalived haproxy -y

1.2 所有Master节点配置HAProxy

(详细配置参考HAProxy文档,所有Master节点的HAProxy配置相同):

[root@k8s-master01 etc]# mv  /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
[root@k8s-master01 etc]# vim /etc/haproxy/haproxy.cfg

global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server worker-01.techzsun.com  172.16.7.204:6443  check
  server worker-02.techzsun.com  172.16.7.205:6443  check
  server worker-03.techzsun.com  172.16.7.206:6443  check

1.3 所有Master节点配置KeepAlived,配置不一样,注意区分

注意每个节点的IP和网卡(interface参数)
Master01节点的配置

[root@k8s-master01 etc]# mv /etc/keepalived/keepalived.conf  /etc/keepalived/keepalived.conf.bak
[root@k8s-master01 ~]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2  
rise 1
}
vrrp_instance VI_1 {
    state MASTER
    interface ens192
    mcast_src_ip 172.16.7.204
    virtual_router_id 51
    priority 101
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        172.16.7.207
    }
#    track_script {
#       chk_apiserver
#    }
}

1.4 Master02节点的配置

! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
   interval 5
    weight -5
    fall 2  
rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    mcast_src_ip 172.16.7.205
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        172.16.7.207
    }
#    track_script {
#       chk_apiserver
#    }
}

1.5 Master03节点的配置

! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
 interval 5
    weight -5
    fall 2  
rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    mcast_src_ip 172.16.7.206
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        172.16.7.207
    }
#    track_script {
#       chk_apiserver
#    }
}

1.6 注意上述的健康检查是关闭的,集群建立完成后再开启:

track_script {

chk_apiserver

}

1.7 配置KeepAlived健康检查文件

在每台主机添加健康检查文件(check_apiserver.sh)并授权,给供给上面keepalived服务调用。

[root@k8s-master01 keepalived]# cat /etc/keepalived/check_apiserver.sh 
#!/bin/bash

err=0
for k in $(seq 1 3)
do
    check_code=$(pgrep haproxy)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi
chmod +x /etc/keepalived/check_apiserver.sh

设置随机启动并启动haproxy和keepalived

[root@k8s-master01 keepalived]# systemctl daemon-reload
[root@k8s-master01 keepalived]# systemctl enable --now haproxy
[root@k8s-master01 keepalived]# systemctl enable --now keepalived

1.8 测试VIP

查看VIP

[root@worker-03 ~]# ip a |grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 172.16.7.206/24 brd 172.16.7.255 scope global noprefixroute ens192
    inet 172.16.7.207/32 scope global ens192

测试VIP

[root@worker-01 ~]# ping 172.16.7.207 -c 4
PING 172.16.7.207 (172.16.7.207) 56(84) bytes of data.
64 bytes from 172.16.7.207: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 172.16.7.207: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 172.16.7.207: icmp_seq=3 ttl=64 time=0.040 ms

参考资料:
1.此文参考来源https://www.cnblogs.com/dukuan/p/14124600.html#6-%E9%AB%98%E5%8F%AF%E7%94%A8%E7%BB%84%E4%BB%B6%E5%AE%89%E8%A3%85
2.此文中安装了两个组件,但在此链接中只安装keepalived即实现vip ,https://www.cnblogs.com/zhaoya2019/p/13032218.html 并不需要负载均衡,这里需再次验证。
3.链接中有对接私有仓库
https://blog.csdn.net/yinwenjie/article/details/47130609