- keepalived 提供 kube-apiserver 对外服务的 VIP;
- haproxy 监听 VIP,后端连接所有 kube-apiserver 实例,提供健康检查和负载均衡功能
- 所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP 和 haproxy 监听的 8443 端口访问 kube-apiserver 服务。
1.1 部署haproxy程序
1.1.1 安装haproxy程序
yum install -y haproxy
1.1.2 准备haproxy程序环境
mkdir -p /run/haproxy # 必须将此命令开机执行,否则服务器重启后服务无法自启动 echo 'mkdir -p /run/haproxy' >> /etc/rc.local
1.1.3 配置haproxy程序
cat > /etc/haproxy/haproxy.cfg <<EOF
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
nbproc 1
defaults
log global
timeout connect 5000
timeout client 10m
timeout server 10m
listen admin_stats
bind 0.0.0.0:10080
mode http
log 127.0.0.1 local0 err
stats refresh 30s
stats uri /status
stats realm welcome login\ Haproxy
stats auth admin:123456
stats hide-version
stats admin if TRUE
listen kube-master
bind 0.0.0.0:8443
mode tcp
option tcplog
balance source
server 192.168.10.161 192.168.10.161:6443 check inter 2000 fall 2 rise 2 weight 1
server 192.168.10.162 192.168.10.162:6443 check inter 2000 fall 2 rise 2 weight 1
EOF
- 说明:
- haproxy 在 10080 端口输出 status 信息
- haproxy 监听所有接口的 8443 端口,该端口与环境变量 ${KUBE_APISERVER} 指定的端口必须一致
- server 字段列出所有 kube-apiserver 监听的 IP 和端口
1.1.4 启动haproxy
systemctl daemon-reload systemctl enable haproxy systemctl restart haproxy systemctl status haproxy
1.2 部署keepalived程序
1.2.1 安装keepalived程序
yum install -y keepalived
1.2.2 配置keepalived程序
1.2.2.1 master节点
cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id k8s-master
}
vrrp_script check-haproxy {
script "killall -0 haproxy"
interval 5
weight -30
}
vrrp_instance VI-kube-master {
state MASTER
priority 150
dont_track_primary
interface eth0
virtual_router_id 68
advert_int 3
track_script {
check-haproxy
}
virtual_ipaddress {
192.168.10.160/24 dev eth0 label eth0:1
}
}
EOF
- 说明:
- VIP 所在的接口(interface ${VIP_IF})为eth0
- 使用killall -0 haproxy 命令检查所在节点的 haproxy 进程是否正常。如果异常则将权重减少(-30),从而触发重新选主过程
- router_id、virtual_router_id 用于标识属于该 HA 的 keepalived 实例,如果有多套 keepalived HA,则必须各不相同
1.2.2.2 slave节点
cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id k8s-slave
}
vrrp_script check-haproxy {
script "killall -0 haproxy"
interval 5
weight -30
}
vrrp_instance VI-kube-master {
state BACKUP
priority 100
dont_track_primary
interface eth0
virtual_router_id 68
advert_int 3
track_script {
check-haproxy
}
virtual_ipaddress {
192.168.10.160/24 dev eth0 label eth0:1
}
}
EOF
- 说明:
- VIP 所在的接口(interface ${VIP_IF})为eth0
- 使用killall -0 haproxy 命令检查所在节点的 haproxy 进程是否正常。如果异常则将权重减少(-30),从而触发重新选主过程
- router_id、virtual_router_id 用于标识属于该 HA 的 keepalived 实例,如果有多套 keepalived HA,则必须各不相同
- priority 的值必须小于 master 的值
1.2.3 启动keepalived
systemctl enable keepalived systemctl restart keepalived systemctl status keepalived
1.2.4 检查高可用程序情况
WEB访问地址:http://192.168.10.160:10080/status
我的微信
如果有技术上的问题可以扫一扫我的微信
