Haproxy和Keepalived是两种常用的负载均衡软件,它们有以下区别:
-
功能:Haproxy是一种高性能的负载均衡软件,可以根据不同的算法将请求分发到多个后端服务器。它还可以进行会话保持和健康检查等功能。Keepalived是一种高可用性软件,可以监控服务的运行状态,当主服务器故障时,可以自动切换到备份服务器。
-
架构:Haproxy是一个独立的软件,需要安装在每台负载均衡服务器上。Keepalived则是一个守护进程,可以运行在负载均衡服务器上,也可以运行在其他服务器上。
-
高可用性:Haproxy本身不提供高可用性功能,但可以与Keepalived配合使用,实现高可用性。Keepalived可以监控Haproxy的运行状态,当Haproxy出现故障时,可以自动切换到备份服务器。
-
配置:Haproxy的配置相对复杂,需要手动配置多个参数和后端服务器。Keepalived的配置相对简单,只需要指定主备服务器的IP地址和监控端口即可。
-
管理界面:Haproxy有一些开源的管理界面,可以提供图形化的操作界面,方便管理和监控。Keepalived本身没有管理界面,需要通过命令行或配置文件进行管理。
总结:Haproxy和Keepalived在功能和架构上有一些区别,但它们可以互补使用,提供高性能和高可用性的负载均衡解决方案。
使用Haproxy+keepalived场景:
如k8s 3master节点使用haproxy+keepalived架构实现高可用性的负载均衡:
Haproxy配置:
cat /etc/haproxy/haproxy.cfg global log 127.0.0.1 local2 maxconn 20480 chroot /usr/local/etc/haproxy daemon quiet nbproc 1 pidfile /usr/local/etc/haproxy/haproxy.pid tune.ssl.default-dh-param 2048 defaults log global mode http maxconn 20480 option tcplog option httplog option forwardfor option dontlognull option redispatch retries 3 balance roundrobin contimeout 5000 clitimeout 10m srvtimeout 10m frontend frontend-apiserver-tcp bind *:443 mode tcp tcp-request inspect-delay 5s acl local_net src 10.0.0.0/8 default_backend backend-apiserver-https backend backend-apiserver-https mode tcp option tcp-check balance roundrobin server master-1 kubeapi-ip1:6443 check inter 2000 fall 3 weight 20 server master-2 kubeapi-ip2:6443 check inter 2000 fall 3 weight 20 server master-3 kubeapi-ip3:6443 check inter 2000 fall 3 weight 20 listen admin_stats bind 0.0.0.0:80 log global mode http maxconn 10 stats enable stats hide-version stats refresh 30s stats show-node stats realm Haproxy\Statistics stats auth user:pass stats uri /haproxy?stats
keepalived配置:
cat /etc/keepalived/keepalived.conf global_defs { router_id $hostname } vrrp_script chk_haproxy_service { script "/etc/keepalived/check-haproxy-status.sh" interval 2 fall 2 rise 2 } vrrp_instance vip { virtual_router_id 66 interface bond0 mcast_src_ip $hostip priority 99 nopreempt state BACKUP advert_int 1 virtual_ipaddress { vip/32 dev bond0 } virtual_ipaddress_excluded { } track_interface { bond0 } track_script { chk_haproxy_service } authentication { auth_type PASS auth_pass pass } }
haproxy服务:
systemctl enable haproxy systemctl status haproxy systemctl start/stop/restart haproxy
测试:
curl -u "user:pass" http://ip/haproxy?stats
keepalived服务:
systemctl enable keepalived systemctl status keepalived systemctl start/stop/restart keepalived