Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡-CSDN博客

五、Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡

简介： Keepalived 提供 VRRP 实现，并允许您配置 Linux 机器使负载均衡，预防单点故障。 HAProxy 提供可靠、高性能的负载均衡，能与 Keepalived 完美配合

1、配置Keepalive

官方文档提供了两种运行方式（此案例使用选项1）：

选项1：在操作系统上运行服务
选项2：将服务作为静态pod运行

参考文档：[ https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#options-for-software-load-balancing]

1.1、安装keepalived组件

注：三台master节点上安装

1.2、配置keepalived

### 在k8s-master01上设置：
[root@k8s-m01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back
[root@k8s-master01 keepalived]# 

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master01
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens192
    virtual_router_id 51
    priority 100
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF

### 在k8s-master02上设置：
$ mkdir /etc/keepalived 

[root@k8s-master02 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master02
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 99
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF


### 在k8s-master03上设置：
$ mkdir /etc/keepalived

[root@k8s-master03 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master03
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 98
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.

扩展：参数说明

参数说明:
    router_id:
        节点ip，master每个节点配置自己的IP
    mcast_src_ip:
        节点IP，master每个节点配置自己的IP
    virtual_ipaddress:
        虚拟IP，即VIP。
    interface:
        指定接口的名称。
    virtual_router_id:
        有效值为0-255，可以理解为一个组ID，只有相同的ID才被确认为一个组。
        如果每个keepalived实例修改的ID不一致，则会出现各自有一个VIP的现象。

1.3、编写健康检查脚本

[root@k8s-master01 keepalived]# cat > /etc/keepalived/check_apiserver.sh   <<EOF
#!/bin/sh  

errorExit() {  
    echo "*** $*" 1>&2  
    exit 1  
}  

curl --silent --max-time 2 --insecure https://localhost:16443/ -o /dev/null || errorExit "Error GET https://localhost:16443/"  
if ip addr | grep -q 10.255.210.99; then  
curl --silent --max-time 2 --insecure https://10.255.210.99:16443/ -o /dev/null || errorExit "Error GET https://10.255.210.99:16443/"  
fi  

EOF

chmod +x  /etc/keepalived/check_apiserver.sh

scp /etc/keepalived/check_apiserver.sh root@k8s-master02:/etc/keepalived/
scp /etc/keepalived/check_apiserver.sh root@k8s-master03:/etc/keepalived/

1.4、启动Keepalived

systemctl enable keepalived --now; systemctl restart keepalived.service ;systemctl status keepalived.service

1.5、测试keepalived

ip a   
#查看VIP在那个节点   

systemctl stop keepalived.service   
#VIP所在节点停止服务，观察是否飘移VIP  

 systemctl restart keepalived.service   
#重启服务后，VIP将迁回

2、配置Haproxy

2.1、安装Haproxy

2.2、配置haproxy.cfg

global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5s
  timeout client  50s
  timeout server  50s
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind    *:8006
  mode    http
  stats   enable
  stats   hide-version
  stats   uri       /stats
  stats   refresh   30s
  stats   realm     Haproxy\ Statistics
  stats   auth      admin:admin

frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server k8s-master01 10.255.210.1:6443  check
  server k8s-master02 10.255.210.2:6443  check
  server k8s-master03 10.255.210.3:6443  check

2.3、启动haproxy

2.4、查看端口

ss -alnupt |grep 16443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))
[root@k8s-master02 ~]# ss -alnupt |grep 6443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))

原创作者: u_4068847 转载于: https://blog.51cto.com/u_4068847/11919539