1. 先运行以下命令安装 Keepalived 和 HAproxy。
yum install keepalived haproxy psmisc -y

HAproxy:
1. 在两台用于负载均衡的机器上运行以下命令以配置 Proxy(两台机器的 Proxy 配置相同):
vi /etc/haproxy/haproxy.cfg
2. 以下是示例配置,供您参考(请注意 server 字段。请记住 6443 是 apiserver 端口):

global
    log /dev/log  local0 warning
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
   
   stats socket /var/lib/haproxy/stats
   
defaults
  log global
  option  httplog
  option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
   
frontend kube-apiserver
  bind *:6443
  mode tcp
  option tcplog
  default_backend kube-apiserver
   
backend kube-apiserver
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server kube-apiserver-1 192.168.159.217:6443 check # Replace the IP address with your own.
    server kube-apiserver-2 192.168.159.152:6443 check # Replace the IP address with your own.
    server kube-apiserver-3 192.168.159.134:6443 check # Replace the IP address with your own.
  
3.保存文件并运行以下命令以重启 HAproxy。
systemctl restart haproxy
4.使 HAproxy 在开机后自动运行:
systemctl enable haproxy
5.确保您在另一台机器 (lb2) 上也配置了 HAproxy。


Keepalived
1.两台机器上必须都安装 Keepalived,但在配置上略有不同。

1.运行以下命令以配置 Keepalived。

vi /etc/keepalived/keepalived.conf

2. 以下是示例配置 (lb1),供您参考:

global_defs {
  notification_email {
  }
  router_id LVS_DEVEL
  vrrp_skip_check_adv_addr
  vrrp_garp_interval 0
  vrrp_gna_interval 0
}
   
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
   
vrrp_instance haproxy-vip {
  state BACKUP
  priority 100
  interface eth0                       # Network card
  virtual_router_id 60
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  unicast_src_ip 192.168.159.238      # The IP address of this machine
  unicast_peer {
    192.168.159.169                         # The IP address of peer machines
  }
   
  virtual_ipaddress {
    192.168.159.11/24                  # The VIP address
  }
   
  track_script {
    chk_haproxy
  }
}
备注

对于 interface 字段,您必须提供自己的网卡信息。您可以在机器上运行 ifconfig 以获取该值。

为 unicast_src_ip 提供的 IP 地址是您当前机器的 IP 地址。对于也安装了 HAproxy 和 Keepalived 进行负载均衡的其他机器,必须在字段 unicast_peer 中输入其 IP 地址。

3.保存文件并运行以下命令以重启 Keepalived。

4.systemctl restart keepalived
使 Keepalived 在开机后自动运行:

systemctl enable haproxy
确保您在另一台机器 (lb2) 上也配置了 Keepalived。
### 华为云配置虚拟ip 关联服务器
按照如下图示操作 并最后在任意node节点
telnet 192.168.159.11 6443 测试
验证高可用:
在开始创建 Kubernetes 集群之前,请确保已经测试了高可用。

在机器 lb1 上,运行以下命令:

[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 73334sec preferred_lft 73334sec
    inet 172.16.0.10/24 scope global secondary eth0 # The VIP address
       valid_lft forever preferred_lft forever
    inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
如上图所示,虚拟 IP 地址已经成功添加。模拟此节点上的故障:

systemctl stop haproxy
再次检查浮动 IP 地址,您可以看到该地址在 lb1 上消失了。

[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 72802sec preferred_lft 72802sec
    inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
理论上讲,若配置成功,该虚拟 IP 会漂移到另一台机器 (lb2) 上。在 lb2 上运行以下命令,这是预期的输出:

[root@lb2 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:3f:51:ba brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.3/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 72690sec preferred_lft 72690sec
    inet 172.16.0.10/24 scope global secondary eth0   # The VIP address
       valid_lft forever preferred_lft forever
    inet6 fe80::f67c:bd4f:d6d5:1d9b/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
如上所示,高可用已经配置成功。
Last modification:April 6, 2021
© Allow specification reprint
If you think my article is useful to you, please feel free to appreciate