K8s v1.27.1 CentOS7 二进制安装4(高可用配置)2Master 2Node
在每一台master节点操作
安装keepalived和haproxy服务
yum install keepalived haproxy -y
haproxy配置(当然你也可以用nginx)
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
cat >/etc/haproxy/haproxy.cfg<<"EOF"
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
frontend k8s-master
bind 0.0.0.0:8443
bind 127.0.0.1:8443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s.master.01 192.168.230.100:6443 check
server k8s.master.02 192.168.230.101:6443 check
EOF
keepalived配置
健康检查脚本 check_apiserver.sh(在每一台master节点执行)
cat > /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash
err=0
for k in \$(seq 1 3)
do
check_code=\$(pgrep haproxy)
if [[ \$check_code == "" ]]; then
err=\$(expr \$err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ \$err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
EOF
# 别忘了给脚本赋予执行权限
chmod +x /etc/keepalived/check_apiserver.sh
配置keepalived master节点(这个在master1节点操作)
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
# 注意网卡名, 可以通过 ip a 命令查看
interface ens32
mcast_src_ip 192.168.230.100
virtual_router_id 51
priority 100
nopreempt
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
# 这个VIP就是之前网络规划的时候定下
virtual_ipaddress {
192.168.230.66
}
track_script {
chk_apiserver
} }
EOF
配置keepalived backup节点(这个在其他master节点操作, 记得IP得改过来)
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
# 注意网卡名, 可以通过 ip a 命令查看
interface ens32
mcast_src_ip 192.168.230.101
virtual_router_id 51
priority 50
nopreempt
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
# 这个VIP就是之前网络规划的时候定下
virtual_ipaddress {
192.168.230.66
}
track_script {
chk_apiserver
} }
EOF
# 别忘了给脚本赋予执行权限
chmod +x /etc/keepalived/check_apiserver.sh
启动keepalived和haproxy服务(在每一台master节点执行)
systemctl daemon-reload
systemctl enable --now haproxy
systemctl enable --now keepalived
测试是否生效
test ping vip
ping 192.168.230.66
test telnet vip
## 如果没有telnet命令就执行安装
# yum install telnet -y
telnet 192.168.230.66 8443
关闭主节点(即master1节点),看vip是否漂移到备节点
没断网之前, vip落在master1节点上
将master1节点断网, 如下图,vip落在master2节点上,说明keepalived高可用至此配置完毕
service network stop
将master1节点的网打开
service network start
- 感谢你赐予我前进的力量
赞赏者名单
因为你们的支持让我意识到写文章的价值🙏
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 程序员odboy
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果