K8S搭建之高可用配置(PART 6)

October 28, 2022Comments1Read

K8S搭建之高可用配置(PART 6)

一、高可用组件安装

[root@k8s-master03 ~]# dnf install keepalived haproxy -y

0	[root@k8s-master03 ~]# dnf install keepalived haproxy -y

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/Kubernetes/k8s-apiserver-haproxy/

二、高可用组件haproxy配置

三台master配置一样

[root@k8s-master01 ~]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_$(date +%F)
[root@k8s-master03 ~]# cat /etc/haproxy/haproxy.cfg
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend k8s-master
  bind 0.0.0.0:8443
  bind 127.0.0.1:8443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server k8s-master01    192.168.31.11:6443  check
  server k8s-master02    192.168.31.12:6443  check
  server k8s-master03    192.168.31.13:6443  check

[root@k8s-master01 ~]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_$(date +%F)

[root@k8s-master03 ~]# cat /etc/haproxy/haproxy.cfg

global

maxconn 2000

ulimit-n 16384

log 127.0.0.1 local0 err

stats timeout 30s

defaults

log global

mode http

option httplog

timeout connect 5000

timeout client 50000

timeout server 50000

timeout http-request 15s

timeout http-keep-alive 15s

frontend k8s-master

bind 0.0.0.0:8443

bind 127.0.0.1:8443

mode tcp

option tcplog

tcp-request inspect-delay 5s

default_backend k8s-master

backend k8s-master

mode tcp

option tcplog

option tcp-check

balance roundrobin

default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100

server k8s-master01 192.168.31.11:6443 check

server k8s-master02 192.168.31.12:6443 check

server k8s-master03 192.168.31.13:6443 check

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/kubernetes/k8s-apiserver-haproxy/

三、高可用组件keepalived配置

[root@k8s-master01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_$(date +%F)
[root@k8s-master01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -5
    fall 2
    rise 1
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    mcast_src_ip 192.168.31.11
    virtual_router_id 51
    priority 101
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.31.100
    }
    track_script {
      chk_apiserver 
    }
}

[root@k8s-master02 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5 
    weight -5
    fall 2
    rise 1
 
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    mcast_src_ip 192.168.31.12
    virtual_router_id 51
    priority 100
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.31.100
    }
    track_script {
      chk_apiserver 
    }
}

[root@k8s-master03 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2  
    rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    mcast_src_ip 192.168.31.13
    virtual_router_id 51
    priority 100
    nopreempt
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.31.100
    }
    track_script {
      chk_apiserver 
    
}

[root@k8s-master01 ~]# cat /etc/keepalived/check_apiserver.sh
#!/bin/bash

err=0
for k in $(seq 1 3)
do
    check_code=$(pgrep haproxy)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi

[root@k8s-master01 ~]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
[root@k8s-master01 ~]#  
[root@k8s-master01 ~]# systemctl enable --now keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

[root@k8s-master01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_$(date +%F)

[root@k8s-master01 ~]# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

script "/etc/keepalived/check_apiserver.sh"

interval 5

weight -5

fall 2

rise 1

}

vrrp_instance VI_1 {

state MASTER

interface ens33

mcast_src_ip 192.168.31.11

virtual_router_id 51

priority 101

nopreempt

advert_int 2

authentication {

auth_type PASS

auth_pass K8SHA_KA_AUTH

}

virtual_ipaddress {

192.168.31.100

}

track_script {

chk_apiserver

}

[root@k8s-master02 ~]# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

script "/etc/keepalived/check_apiserver.sh"

interval 5

weight -5

fall 2

rise 1

}

vrrp_instance VI_1 {

state BACKUP

interface ens33

mcast_src_ip 192.168.31.12

virtual_router_id 51

priority 100

nopreempt

advert_int 2

authentication {

auth_type PASS

auth_pass K8SHA_KA_AUTH

}

virtual_ipaddress {

192.168.31.100

}

track_script {

chk_apiserver

}

[root@k8s-master03 ~]# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

script "/etc/keepalived/check_apiserver.sh"

interval 5

weight -5

fall 2

rise 1

}

vrrp_instance VI_1 {

state BACKUP

interface ens33

mcast_src_ip 192.168.31.13

virtual_router_id 51

priority 100

nopreempt

advert_int 2

authentication {

auth_type PASS

auth_pass K8SHA_KA_AUTH

}

virtual_ipaddress {

192.168.31.100

}

track_script {

chk_apiserver

}

[root@k8s-master01 ~]# cat /etc/keepalived/check_apiserver.sh

#!/bin/bash

err=0

for k in $(seq 1 3)

check_code=$(pgrep haproxy)

if [[ $check_code == "" ]]; then

err=$(expr $err + 1)

sleep 1

continue

else

err=0

break

done

if [[ $err != "0" ]]; then

echo "systemctl stop keepalived"

/usr/bin/systemctl stop keepalived

exit 1

else

exit 0

[root@k8s-master01 ~]# systemctl enable --now haproxy

Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

[root@k8s-master01 ~]#

[root@k8s-master01 ~]# systemctl enable --now keepalived

Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/kubernetes/k8s-apiserver-haproxy/

四、高可用组件验证

[root@k8s-master03 ~]# ping 192.168.31.100
PING 192.168.31.100 (192.168.31.100) 56(84) bytes of data.
64 bytes from 192.168.31.100: icmp_seq=1 ttl=64 time=0.198 ms
64 bytes from 192.168.31.100: icmp_seq=2 ttl=64 time=0.156 ms
^C
--- 192.168.31.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 0.156/0.177/0.198/0.021 ms
[root@k8s-master03 ~]# telnet 192.168.31.100 8443
Trying 192.168.31.100...
Connected to 192.168.31.100.
Escape character is '^]'.
Connection closed by foreign host.

[root@k8s-master03 ~]# ping 192.168.31.100

PING 192.168.31.100 (192.168.31.100) 56(84) bytes of data.

64 bytes from 192.168.31.100: icmp_seq=1 ttl=64 time=0.198 ms

64 bytes from 192.168.31.100: icmp_seq=2 ttl=64 time=0.156 ms

--- 192.168.31.100 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1024ms

rtt min/avg/max/mdev = 0.156/0.177/0.198/0.021 ms

[root@k8s-master03 ~]# telnet 192.168.31.100 8443

Trying 192.168.31.100...

Connected to 192.168.31.100.

Escape character is '^]'.

Connection closed by foreign host.

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/kubernetes/k8s-apiserver-haproxy/

到此，高可用组件配置完成。文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/kubernetes/k8s-apiserver-haproxy/ 文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/kubernetes/k8s-apiserver-haproxy/

申明：除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!