Keepalived与Haproxy安装配置

Keepalived与Haproxy安装配置

1.Keepalived安装

keepalived与k8s系统的master安装在相同服务器,那么根据描述我们可以使用VIP访问master,当master1不可用的时候,VIP漂移到master2上,保障了K8S集群的高可用性
Keepalived主要的功能模块有三大块,分别为:虚拟IP、服务监控、虚拟服务器
①虚拟IP:即为上面架构中提到的核心功能

②服务监控:当本服务器的相应服务出现问题的时候降低keepalived优先级,实现IP漂移

③虚拟服务器:keepalived可以为其他服务器做代理,实现负载均衡

# Keepalived安装比较简单,根据yum查询在centos7上的安装依赖如下图,访问look at me段落下载rpm包
# 解压后使用下面命令依次安装rpm包
tar -zxvf keepalived.tar.gz
rpm -ivh net-snmp-libs-5.7.2-48.el7_8.1.x86_64.rpm
rpm -ivh --nodeps  net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64.rpm
rpm -ivh keepalived-1.3.5-16.el7.x86_64.rpm
# 注意:以前的教程中有提到rpm解决不了软件依赖关系的弊端,如果安装过程中还有依赖提示,只能慢慢摸索
# yum 安装
yum install -y keepalived
# 配置文件修改
# keepalived只有一个配置文件,位置在/etc/keepalived/keepalived.conf
vi /etc/keepalived/keepalived.conf
cat >/etc/keepalived/keepalived.conf <<EOF
global_defs {
  router_id k8s-master1  #修改为自己的hostname
}

vrrp_script check_haproxy {
  script "/etc/keepalived/check_haproxy.sh"  #检查脚本
  interval 3
  fall 10
  timeout 9
  rise 2
}
vrrp_instance VI_1 {
  # 主服务器为MASTER 备服务器上改为BACKUP
  state MASTER     
  # 改为自己网络接口名称
  interface ens33    
  virtual_router_id 51
  # 优先级,备服务器上改为小于100的数字,90,80
  priority 100     
  advert_int 1
  # 本机IP
  mcast_src_ip 192.168.150.11  
  nopreempt
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  unicast_peer {
    # 除本机外其余两个master的IP节点
    192.168.150.12    
    192.168.150.13
  }
  virtual_ipaddress {
    # 虚拟vip,自己设定
    192.168.150.10
  }
  track_script {
    check_haproxy
  }
}
EOF
# 生成检查脚本
cat >/etc/keepalived/check_haproxy.sh <<EOF
#!/bin/bash

A=\`ps -C haproxy --no-header | wc -l\`
if [ \$A -eq 0 ];then
  systemctl stop keepalived
fi
EOF
# 设置服务
systemctl start keepalived.service
systemctl stop keepalived.service
systemctl restart keepalived.service
systemctl status keepalived.service
systemctl enable keepalived.service

2.Haproxy安装

我们使用keepalvied系统对三台K8S集群的master做了虚拟IP,使得K8S集群的访问具备了高可用性,但是并没有解决服务负载的问题

本章节我们在keepalived和K8S中间加入了haproxy负载均衡系统

①keepalived不再监控K8S的状态,改为监控haproxy的状态

②由haproxy去分配访问业务流到三台K8S的master

③同时haproxy支持后台业务的健康检查,使得业务同时具备高可用性和负载均衡特性
# 解压依赖
tar -zxvf haproxy_deps.tar.gz
# 安装
rpm -ivh --nodeps libcom_err-devel-1.42.9-17.el7.x86_64.rpm
rpm -ivh --nodeps krb5-devel-1.15.1-46.el7.x86_64.rpm
rpm -ivh --nodeps pcre-devel-8.32-17.el7.x86_64.rpm
rpm -ivh --nodeps zlib-devel-1.2.7-18.el7.x86_64.rpm
rpm -ivh --nodeps openssl-devel-1.0.2k-19.el7.x86_64.rpm
rpm -ivh --nodeps systemd-devel-219-73.el7_8.9.x86_64.rpm
# 安装haproxy
tar -zxvf haproxy-1.8.26.tar.gz
cd haproxy-1.8.26.tar.gz
make  ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1  USE_CPU_AFFINITY=1  PREFIX=/usr/local/haproxy
make install PREFIX=/usr/local/haproxy
# 添加haproxy命令到sbin
cp /usr/local/haproxy/sbin/ /usr/sbin
haproxy -v
# 软件使用文件夹创建
mkdir  /etc/haproxy
mkdir  /etc/haproxy/conf
mkdir  /usr/local/haproxy/run
setsebool -P haproxy_connect_any=1
# 配置文件修改和说明
vim /etc/haproxy/haproxy.cfg
# /etc/haproxy/haproxy.cfg
global
  log     127.0.0.1 local2
  chroot   /var/lib/haproxy
  pidfile   /var/run/haproxy.pid
  maxconn   4000
  user    haproxy
  group    haproxy
  daemon

defaults
  mode          tcp
  log           global
  retries         3
  timeout connect     10s
  timeout client     1m
  timeout server     1m

frontend kubernetes
  bind *:8443
  mode tcp
  option tcplog
  default_backend kubernetes-apiserver

backend kubernetes-apiserver
  mode tcp
  balance roundrobin
  server k8s-master1 192.168.150.11:6443 check maxconn 2000
  server k8s-master2 192.168.150.12:6443 check maxconn 2000
  server k8s-master3 192.168.150.13:6443 check maxconn 2000
# 修改内核参数
vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# 使修改生效
sysctl -p   
# 生成service
cat > /usr/lib/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
# 支持多配置文件读取,类似于从侧面是实现配置文件的include功能。
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target
EOF
# 设置服务
systemctl start haproxy.service
systemctl stop haproxy.service
systemctl restart haproxy.service
systemctl status haproxy.service
systemctl enable haproxy.service

留下评论