- keepalived 提供 kube-apiserver 对外服务的 VIP;
- haproxy 监听 VIP,后端连接所有 kube-apiserver 实例,提供健康检查和负载均衡功能
- 所有组件(如 kubeclt、apiserver、controller-manager、scheduler 等)都通过 VIP 和 haproxy 监听的 8443 端口访问 kube-apiserver 服务。
1.1 部署haproxy程序
1.1.1 安装haproxy程序
yum install -y haproxy
1.1.2 准备haproxy程序环境
mkdir -p /run/haproxy # 必须将此命令开机执行,否则服务器重启后服务无法自启动 echo 'mkdir -p /run/haproxy' >> /etc/rc.local
1.1.3 配置haproxy程序
cat > /etc/haproxy/haproxy.cfg <<EOF global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon nbproc 1 defaults log global timeout connect 5000 timeout client 10m timeout server 10m listen admin_stats bind 0.0.0.0:10080 mode http log 127.0.0.1 local0 err stats refresh 30s stats uri /status stats realm welcome login\ Haproxy stats auth admin:123456 stats hide-version stats admin if TRUE listen kube-master bind 0.0.0.0:8443 mode tcp option tcplog balance source server 192.168.10.161 192.168.10.161:6443 check inter 2000 fall 2 rise 2 weight 1 server 192.168.10.162 192.168.10.162:6443 check inter 2000 fall 2 rise 2 weight 1 EOF
- 说明:
- haproxy 在 10080 端口输出 status 信息
- haproxy 监听所有接口的 8443 端口,该端口与环境变量 ${KUBE_APISERVER} 指定的端口必须一致
- server 字段列出所有 kube-apiserver 监听的 IP 和端口
1.1.4 启动haproxy
systemctl daemon-reload systemctl enable haproxy systemctl restart haproxy systemctl status haproxy
1.2 部署keepalived程序
1.2.1 安装keepalived程序
yum install -y keepalived
1.2.2 配置keepalived程序
1.2.2.1 master节点
cat > /etc/keepalived/keepalived.conf <<EOF global_defs { router_id k8s-master } vrrp_script check-haproxy { script "killall -0 haproxy" interval 5 weight -30 } vrrp_instance VI-kube-master { state MASTER priority 150 dont_track_primary interface eth0 virtual_router_id 68 advert_int 3 track_script { check-haproxy } virtual_ipaddress { 192.168.10.160/24 dev eth0 label eth0:1 } } EOF
- 说明:
- VIP 所在的接口(interface ${VIP_IF})为eth0
- 使用killall -0 haproxy 命令检查所在节点的 haproxy 进程是否正常。如果异常则将权重减少(-30),从而触发重新选主过程
- router_id、virtual_router_id 用于标识属于该 HA 的 keepalived 实例,如果有多套 keepalived HA,则必须各不相同
1.2.2.2 slave节点
cat > /etc/keepalived/keepalived.conf <<EOF global_defs { router_id k8s-slave } vrrp_script check-haproxy { script "killall -0 haproxy" interval 5 weight -30 } vrrp_instance VI-kube-master { state BACKUP priority 100 dont_track_primary interface eth0 virtual_router_id 68 advert_int 3 track_script { check-haproxy } virtual_ipaddress { 192.168.10.160/24 dev eth0 label eth0:1 } } EOF
- 说明:
- VIP 所在的接口(interface ${VIP_IF})为eth0
- 使用killall -0 haproxy 命令检查所在节点的 haproxy 进程是否正常。如果异常则将权重减少(-30),从而触发重新选主过程
- router_id、virtual_router_id 用于标识属于该 HA 的 keepalived 实例,如果有多套 keepalived HA,则必须各不相同
- priority 的值必须小于 master 的值
1.2.3 启动keepalived
systemctl enable keepalived systemctl restart keepalived systemctl status keepalived
1.2.4 检查高可用程序情况
WEB访问地址:http://192.168.10.160:10080/status

我的微信
如果有技术上的问题可以扫一扫我的微信