负载均衡器部署 Haproxy+Keepalived ¶
Haproxy & Keepalived 安装 ¶
hpa1和hpa2节点上安装
yum -y install haproxy keepalived
Haproxy 配置文件准备 ¶
所有 hpa 节点保持一致,直接复制就可以。
/etc/haproxy/haproxy.cfg
cat > /etc/haproxy/haproxy.cfg << "EOF"
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
frontend k8s-master
bind 0.0.0.0:6443
bind 127.0.0.1:6443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s-master01 192.168.3.50:6443 check
server k8s-master02 192.168.3.51:6443 check
server k8s-master03 192.168.3.52:6443 check
EOF
Keepalived 配置文件及健康检查脚本 ¶
注意:Master 节点与 Backup 节点配置有区别。
1. keepalived.conf 配置
cat > /etc/keepalived/keepalived.conf << "EOF"
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 192.168.3.30
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.3.200
}
track_script {
chk_apiserver
}
}
EOF
1. keepalived.conf 配置
cat > /etc/keepalived/keepalived.conf << "EOF"
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 192.168.3.31
virtual_router_id 51
priority 99
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.3.200
}
track_script {
chk_apiserver
}
}
EOF
2. keepalived 检查存活脚本配置
cat > /etc/keepalived/check_apiserver.sh <<"EOF"
#!/bin/bash
err=0
for k in $(seq 1 3)
do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
EOF
3. keepalived 检查存活脚本配置
chmod +x /etc/keepalived/check_apiserver.sh
Haproxy & Keepalived 服务启动及验证 ¶
两个节点都执行
1. Haproxy & Keepalived 服务启动
systemctl enable --now haproxy keepalived
2. 发现有 192.168.3.200
[root@hpa-1 ~]# ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:0c:f3:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.3.30/24 brd 192.168.3.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.3.200/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe0c:f3ba/64 scope link
valid_lft forever preferred_lft forever