2.3 安装并配置 haproxy

在所有节点安装和配置 haproxy

2.3.1 安装 haproxy

yum -y install haproxy

2.3.2 配置 haproxy

tee /etc/haproxy/haproxy.cfg <<EOF
global
log         127.0.0.1 local2
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon

stats socket /var/lib/haproxy/stats

defaults
mode                    http
log                     global
option                  httplog
option                  dontlognull
option  http-server-close
option                  redispatch
retries                 3
timeout http-request    10s
timeout queue           1m
timeout connect         10s
timeout client          1m
timeout server          1m
timeout http-keep-alive 10s
timeout check           10s
maxconn                 3000

listen  k8s-apiserver 
  bind *:8443
  mode tcp
  timeout client 1h
  timeout connect 1h

  log global
  option tcplog
  balance     roundrobin
  server  k8s-m1 192.168.122.10:6443 check
  server  k8s-m2 192.168.122.20:6443 check
  server  k8s-m3 192.168.122.30:6443 check
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws
EOF

2.3.3 运行 haproxy

systemctl enable --now haproxy

2.3.4 安装 keepalived

yum -y install keepalived

2.3.5 配置 keepalived

tee > /etc/keepalived/keepalived.conf <<EOF
global_defs {
    router_id 100
    vrrp_version 2
    vrrp_garp_master_delay 1
    vrrp_mcast_group4 224.0.0.18
}   

vrrp_script chk_haproxy {
    script       "/usr/bin/nc -nvz -w 2 127.0.0.1 8443"
    timeout 1
    interval 1   # check every 1 second
    fall 2       # require 2 failures for KO
    rise 2       # require 2 successes for OK
}   

vrrp_instance lb-vips {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 150
    advert_int 1
    nopreempt
    track_script {
        chk_haproxy
    }
    authentication {
        auth_type PASS
        auth_pass blahblah
    }
    virtual_ipaddress {
        192.168.122.100/24 dev eth0
    }
}
EOF

2.3.6 运行 keepalived

systemctl enable --now keepalived

2.3.7 检查 vip 的情况

ip a
journalctl -fu keepalived

观察到 k8s-m3 节点已经成为 MASTER 节点,分配了 192.168.122.100 这个 VIP, 其他节点进入 BACKUP 状态。

Copyright © huangzhongde.cn 2021 all right reserved,powered by Gitbook该文件修订时间: 2022-01-28 21:41:24

results matching ""

    No results matching ""