高可用组件HAProxy+KeeAlived安装
<h1>1. 高可用组件HAProxy+KeepAlived安装</h1>
<p>为增加使用方便性及某些情况下IP唯一,增加高可用VIP,下面给K8S集群添加VIP的办法,同时:业务集群添加VIP方法也是一样的。</p>
<h2>1.1 所有Master节点通过yum安装HAProxy和KeepAlived:</h2>
<pre><code class="language-bash">yum install keepalived haproxy -y</code></pre>
<h2>1.2 所有Master节点配置HAProxy</h2>
<p>(详细配置参考HAProxy文档,所有Master节点的HAProxy配置相同):</p>
<pre><code class="language-bash">[root@k8s-master01 etc]# mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
[root@k8s-master01 etc]# vim /etc/haproxy/haproxy.cfg
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
frontend k8s-master
bind 0.0.0.0:16443
bind 127.0.0.1:16443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server worker-01.techzsun.com 172.16.7.204:6443 check
server worker-02.techzsun.com 172.16.7.205:6443 check
server worker-03.techzsun.com 172.16.7.206:6443 check</code></pre>
<h2>1.3 所有Master节点配置KeepAlived,配置不一样,注意区分</h2>
<p>注意每个节点的IP和网卡(interface参数)
Master01节点的配置</p>
<pre><code class="language-bash">[root@k8s-master01 etc]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@k8s-master01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens192
mcast_src_ip 172.16.7.204
virtual_router_id 51
priority 101
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.16.7.207
}
# track_script {
# chk_apiserver
# }
}</code></pre>
<h2>1.4 Master02节点的配置</h2>
<pre><code class="language-bash">! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens192
mcast_src_ip 172.16.7.205
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.16.7.207
}
# track_script {
# chk_apiserver
# }
}</code></pre>
<h2>1.5 Master03节点的配置</h2>
<pre><code class="language-bash">! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens192
mcast_src_ip 172.16.7.206
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.16.7.207
}
# track_script {
# chk_apiserver
# }
}</code></pre>
<h2>1.6 注意上述的健康检查是关闭的,集群建立完成后再开启:</h2>
<h1>track_script {</h1>
<h1>chk_apiserver</h1>
<h1>}</h1>
<h2>1.7 配置KeepAlived健康检查文件</h2>
<p>在每台主机添加健康检查文件(check_apiserver.sh)并授权,给供给上面keepalived服务调用。</p>
<pre><code class="language-bash">[root@k8s-master01 keepalived]# cat /etc/keepalived/check_apiserver.sh
#!/bin/bash
err=0
for k in $(seq 1 3)
do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi</code></pre>
<pre><code class="language-bash">chmod +x /etc/keepalived/check_apiserver.sh</code></pre>
<p>设置随机启动并启动haproxy和keepalived</p>
<pre><code class="language-bash">[root@k8s-master01 keepalived]# systemctl daemon-reload
[root@k8s-master01 keepalived]# systemctl enable --now haproxy
[root@k8s-master01 keepalived]# systemctl enable --now keepalived</code></pre>
<h2>1.8 测试VIP</h2>
<p>查看VIP</p>
<pre><code class="language-bash">[root@worker-03 ~]# ip a |grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 172.16.7.206/24 brd 172.16.7.255 scope global noprefixroute ens192
inet 172.16.7.207/32 scope global ens192</code></pre>
<p>测试VIP</p>
<pre><code class="language-bash">[root@worker-01 ~]# ping 172.16.7.207 -c 4
PING 172.16.7.207 (172.16.7.207) 56(84) bytes of data.
64 bytes from 172.16.7.207: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 172.16.7.207: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 172.16.7.207: icmp_seq=3 ttl=64 time=0.040 ms</code></pre>
<p>参考资料:
1.此文参考来源https://www.cnblogs.com/dukuan/p/14124600.html#6-%E9%AB%98%E5%8F%AF%E7%94%A8%E7%BB%84%E4%BB%B6%E5%AE%89%E8%A3%85
2.此文中安装了两个组件,但在此链接中只安装keepalived即实现vip ,<a href="https://www.cnblogs.com/zhaoya2019/p/13032218.html">https://www.cnblogs.com/zhaoya2019/p/13032218.html</a> 并不需要负载均衡,这里需再次验证。
3.链接中有对接私有仓库
<a href="https://blog.csdn.net/yinwenjie/article/details/47130609">https://blog.csdn.net/yinwenjie/article/details/47130609</a></p>