安裝haproxy, keealived
Master: kube-master115, kube-master116 两台机安装 haproxy,keepalived 作为api-server 入口
Node: kube-node118, kube-node119 两台机安装 keepalived, 作为 edge 入口
一、Master安装配置 haproxy, keepalived
# yum -y install haproxy keepalived
1、配置 haproxy
7443端口 映射 master api-server 服务端口 6443
# vi /etc/haproxy/haproxy.cfg
global
maxconn 64000
chroot /usr/share/haproxy
uid 99
gid 99
daemon
nbproc 5
tune.ssl.default-dh-param 2048
stats bind-process 1
stats socket /var/run/haproxy.stats level admin
defaults
log global
log 127.0.0.1 local0
mode http
option dontlognull
retries 3
option redispatch
option httpclose
balance roundrobin
#balance leastconn
#option forwardfor
#option forwardfor if-none
maxconn 64000
timeout http-request 5s
timeout connect 5000
timeout client 10000
timeout server 30000
listen monitor_stat :8088
stats uri /ihaproxy-stats
stats realm Haproxy Statistics
stats auth ha_house:ZW5dmKRTObmOuA1nnS5U
stats hide-version
bind-process 1
#############################kube-apiserver###
# newk8s
frontend ctm-k8s
mode tcp
log global
option tcplog
bind *:7443
default_backend ctm-k8s-apiserver
backend ctm-k8s-apiserver
balance source
mode tcp
option tcplog
server kube-master115 192.168.5.115:6443 check fall 3 rise 2
server kube-master116 192.168.5.116:6443 check fall 3 rise 2
server kube-master117 192.168.5.117:6443 check fall 3 rise 2
2、配置 keepalived
kube-master115, kube-master116 新增 VIP地址: 192.168.5.114 作为高可用IP
# vi /etc/keeaplived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
# notification_email_from keepalived@localhost
# smtp_server 127.0.0.1
# smtp_connect_timeout 30
router_id haproxy1
}
vrrp_script chk_haproxy { #HAproxy 服务监控脚本
script "/data/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.5.114/24
}
}
2.1、配置haproxy检查脚本
发现haproxy服务异常,停止 keepalived服务
# cat /data/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header | wc -l`
if [ $A -eq 0 ];then
systemctl start haproxy.service
sleep 3
if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ];then
systemctl stop keepalived.service
fi
fi
二、 Node节点安装 keepalived
Node: kube-node118, kube-node119 两台机安装 keepalived, 作为 edge 入口
VIP: 192.168.5.110
# yum -y install keepalived
1、配置 keepalived
注意 以下两个参数不能跟上面的配置相同
router_id haproxy2
virtual_router_id 2
# vi /etc/keeaplived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
# notification_email_from keepalived@localhost
# smtp_server 127.0.0.1
# smtp_connect_timeout 30
router_id haproxy2
}
vrrp_instance VI_1 {
state MASTER
# 另外一台机设置 BACKUP
interface eno16777736
virtual_router_id 2
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.5.110/24
}
}
三、开机启动服务
# systemctl enable haproxy
# systemctl enable keepalived
# systemctl start haproxy
# systemctl start keepalived