- keepalived 提供 kube-apiserver 对外服务的 VIP;
- haproxy 监听 VIP,后端连接所有 kube-apiserver 实例,提供健康检查和负载均衡功能;
- 运行 keepalived 和 haproxy 的节点称为 LB 节点。由于 keepalived 是一主多备运行模式,故至少两个 LB 节点。
- 注意:如果是云服务器(需要申请虚拟IP并绑定到服务器上,公有云不支持keepalived虚拟VIP)
一,安装keepalived
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "yum -y install keepalived"
done
#验证是否安装成功
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "rpm -q keepalived"
done
二,配置虚拟IP
用于k8s集群的apiserver代理,同时要设置对haproxy的状态判断,如果节点上的haproxy进程结束需要自动切换VIP到另一节点上,
#主HA配置如下
cat > keepalived-master.conf << EOF
! Configuration File for keepalived
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 3
weight -20
}
vrrp_instance K8S {
state backup
interface eth0
virtual_router_id 44
priority 200
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.27.128.200
}
track_script {
check_haproxy
}
}
EOF
#从HA配置如下
cat > keepalived-backup.conf << EOF
! Configuration File for keepalived
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 3
weight -20
}
vrrp_instance K8S {
state backup
interface eth0
virtual_router_id 44
priority 190
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.27.128.200
}
track_script {
check_haproxy
}
}
EOF
三,分发 keepalived-master.conf 配置文件
source /root/env.sh
for keepalived_master_ip in ${KEEPALIVED_MASTER_IPS}
do
echo -e "\033[31m>>> ${keepalived_master_ip} \033[0m"
scp keepalived-master.conf root@${keepalived_master_ip}:/etc/keepalived/keepalived.conf
done
#验证是否分发成功
source /root/env.sh
for keepalived_master_ip in ${KEEPALIVED_MASTER_IPS}
do
echo -e "\033[31m>>> ${keepalived_master_ip} \033[0m"
ssh root@${keepalived_master_ip} "cat /etc/keepalived/keepalived.conf"
done
四,分发 keepalived-backup.conf 配置文件
source /root/env.sh
for keepalived_backup_ip in ${KEEPALIVED_BACKUP_IPS}
do
echo -e "\033[31m>>> ${keepalived_backup_ip} \033[0m"
scp keepalived-backup.conf root@${keepalived_backup_ip}:/etc/keepalived/keepalived.conf
done
#验证是否分发成功
source /root/env.sh
for keepalived_backupr_ip in ${KEEPALIVED_BACKUP_IPS[@]}
do
echo -e "\033[31m>>> ${keepalived_backup_ip} \033[0m"
ssh root@${keepalived_backup_ip} "cat /etc/keepalived/keepalived.conf"
done
五,配置对应的监测脚本check_haproxy.sh
cat > /etc/keepalived/check_haproxy.sh << "EOF"
#!/bin/bash
active_status=$(netstat -lntp | grep haproxy | wc -l)
if [ "$active_status" -gt "0" ];then
exit 0
else
exit 1
fi
EOF
六,分发check_haproxy.sh
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
scp /etc/keepalived/check_haproxy.sh root@${master_ip}:/etc/keepalived/check_haproxy.sh
ssh root@${master_ip} "chmod +x /etc/keepalived/check_haproxy.sh"
done
#验证是否分发成功
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "cat /etc/keepalived/check_haproxy.sh"
ssh root@${master_ip} "ls -ld /etc/keepalived/check_haproxy.sh"
done
七,启动keepalived
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "systemctl restart keepalived && systemctl enable keepalived"
done
八,验证是否启动keepalived成功
source /root/env.sh
for master_ip in ${MASTER_IPS[@]}
do
echo -e "\033[31m>>> ${master_ip} \033[0m"
ssh root@${master_ip} "systemctl status keepalived | grep Active"
done
确保状态为 active (running)
,否则查看日志,确认原因
journalctl -u keepalived