Keepalived与Haproxy安装配置 1.Keepalived安装 keepalived与k8s系统的master安装在相同服务器,那么根据描述我们可以使用VIP访问master,当master1不可用的时候,VIP漂移到master2上,保障了K8S集群的高可用性
Keepalived主要的功能模块有三大块,分别为:虚拟IP、服务监控、虚拟服务器
Keepalived安装比较简单,根据yum查询在centos7上的安装依赖
解压后使用下面命令依次安装rpm包
1 2 3 4 tar -zxvf keepalived.tar.gz rpm -ivh net-snmp-libs-5.7.2-48.el7_8.1.x86_64.rpm rpm -ivh --nodeps net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64.rpm rpm -ivh keepalived-1.3.5-16.el7.x86_64.rpm
#
注意:以前的教程中有提到rpm解决不了软件依赖关系的弊端,如果安装过程中还有依赖提示,只能慢慢摸索`
yum 安装
1 yum install -y keepalived
配置文件修改
keepalived只有一个配置文件,位置在/etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 vi /etc/keepalived/keepalived.conf cat >/etc/keepalived/keepalived.conf <<EOF # 全局配置 主要是配置故障发生时的通知对象以及机器标识 global_defs { router_id k8s-master1 #修改为自己的hostname } # 自定义VRRP实例健康检查脚本 keepalived只能做到对自身问题和网络故障的监控,Script可以增加其他的监控来判定是否需要切换主备 vrrp_script check_haproxy { script "/etc/keepalived/check_haproxy.sh" #检查脚本 interval 3 fall 10 timeout 9 rise 2 } # VRRP实例 定义对外提供服务的VIP区域及其相关属性 vrrp_instance VI_1 { state MASTER #备服务器上改为BACKUP interface ens33 #改为自己的接口 virtual_router_id 51 priority 100 #优先级,备服务器上改为小于100的数字,90,80 advert_int 1 mcast_src_ip 192.168.150.11 #本机IP nopreempt authentication { auth_type PASS auth_pass 1111 } unicast_peer { 192.168.150.12 #除本机外其余两个master的IP节点 192.168.150.13 } virtual_ipaddress { 192.168.150.10 #虚拟vip,自己设定 } track_script { check_haproxy } } # 监测虚拟IP端口 # 不检测端口可以将此段注释 virtual_server 192.168.11.135 30880 { delay_loop 6 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP # 实际IP端口 real_server 192.168.11.51 30880 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 30880 } } } EOF
生成检查脚本
1 2 3 4 5 6 7 8 9 cat >/etc/keepalived/check_haproxy.sh <<EOF #!/bin/bash # 若检查其他服务 将haproxy替换 A=\`ps -C haproxy --no-header | wc -l\` if [ \$A -eq 0 ];then systemctl stop keepalived fi EOF
给脚本执行权限
1 chmod +x /etc/keepalived/check_haproxy.sh
设置服务
1 2 3 4 5 systemctl start keepalived.service systemctl stop keepalived.service systemctl restart keepalived.service systemctl status keepalived.service systemctl enable keepalived.service
2.Haproxy安装 我们使用keepalvied系统对三台K8S集群的master做了虚拟IP,使得K8S集群的访问具备了高可用性,但是并没有解决服务负载的问题
本章节我们在keepalived和K8S中间加入了haproxy负载均衡系统
①keepalived不再监控K8S的状态,改为监控haproxy的状态
②由haproxy去分配访问业务流到三台K8S的master
③同时haproxy支持后台业务的健康检查,使得业务同时具备高可用性和负载均衡特性
解压依赖
1 tar -zxvf haproxy_deps.tar.gz
rpm安装
1 2 3 4 5 6 rpm -ivh --nodeps libcom_err-devel-1.42.9-17.el7.x86_64.rpm rpm -ivh --nodeps krb5-devel-1.15.1-46.el7.x86_64.rpm rpm -ivh --nodeps pcre-devel-8.32-17.el7.x86_64.rpm rpm -ivh --nodeps zlib-devel-1.2.7-18.el7.x86_64.rpm rpm -ivh --nodeps openssl-devel-1.0.2k-19.el7.x86_64.rpm rpm -ivh --nodeps systemd-devel-219-73.el7_8.9.x86_64.rpm
安装haproxy
1 2 3 4 tar -zxvf haproxy-1.8.26.tar.gz cd haproxy-1.8.26.tar.gzmake ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy make install PREFIX=/usr/local/haproxy
添加haproxy命令到sbin
1 2 cp /usr/local/haproxy/sbin/ /usr/sbinhaproxy -v
软件使用文件夹创建
1 2 3 mkdir /etc/haproxymkdir /etc/haproxy/confmkdir /usr/local/haproxy/run
配置文件修改和说明
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 vim /etc/haproxy/haproxy.cfg # /etc/haproxy/haproxy.cfg global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon defaults mode tcp log global retries 3 timeout connect 10s timeout client 1m timeout server 1m frontend kubernetes bind *:8443 mode tcp option tcplog default_backend kubernetes-apiserver backend kubernetes-apiserver mode tcp balance roundrobin server k8s-master1 192.168.150.11:6443 check maxconn 2000 server k8s-master2 192.168.150.12:6443 check maxconn 2000 server k8s-master3 192.168.150.13:6443 check maxconn 2000
修改内核参数
1 2 3 vi /etc/sysctl.conf # 设置net.ipv4.ip_nonlocal_bind = 1 # 设置net.ipv4.ip_forward = 1
使修改生效
生成service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 cat > /usr/lib/systemd/system/haproxy.service <<EOF [Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] #支持多配置文件读取,类似于从侧面是实现配置文件的include功能。 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -c -q ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -p /run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target EOF
设置服务
1 2 3 4 5 systemctl start haproxy.service systemctl stop haproxy.service systemctl restart haproxy.service systemctl status haproxy.service systemctl enable haproxy.service