keepalived、haproxy安装
所有master节点安装keepalived和haproxy
yum install keepalived haproxy -y
所有master节点都需配置keepalived,注意需要修改:interface(服务器网卡)、priority(优先级,不同即可)、mcast_src_ip(本机IP)
k8s-master01节点keepalived.conf配置如下
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface ens32
mcast_src_ip 192.168.1.20
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.1.10
}
# track_script {
# chk_apiserver
# }
}
k8s-master02节点keepalived.conf配置如下
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
mcast_src_ip 192.168.1.21
virtual_router_id 51
priority 101
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.1.10
}
# track_script {
# chk_apiserver
# }
}
k8s-master03节点keepalived.conf配置如下
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
mcast_src_ip 192.168.1.22
virtual_router_id 51
priority 102
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.1.10
}
# track_script {
# chk_apiserver
# }
}
注意:以上配置中健康检查是关闭的,集群建立完成后再开启
# track_script {
# chk_apiserver
# }
配置keepalived健康检查文件,启动服务:
[root@k8s-master03 keepalived]# more /etc/keepalived/check_apiserver.sh
#!/bin/bash
function check_apiserver() {
for ((i=0;i<5;i++));do
apiserver_job_id=$(pgrep kube-apiserver)
if [[ ! -z $apiserver_job_id ]];then
return
else
sleep 2
fi
apiserver_job_id=0
done
}
# 1: running 0: stopped
check_apiserver
if [[ $apiserver_job_id -eq 0 ]]; then
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
[root@k8s-master01 keepalived]# systemctl enable --now keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@k8s-master01 keepalived]#
配置、启动haproxy
[root@k8s-master01 haproxy]# cat /etc/haproxy/haproxy.cfg
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
listen stats
bind *:8006
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy\ Statistics
stats auth admin:admin
frontend k8s-master
bind 0.0.0.0:16443
bind 127.0.0.1:16443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s-master01 192.168.1.20:6443 check
server k8s-master02 192.168.1.21:6443 check
server k8s-master03 192.168.1.22:6443 check
[root@k8s-master01 haproxy]# systemctl enable --now haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@k8s-master01 haproxy]#