一、环境准备
在进行keepalived与haproxy部署之前,需要先进行环境方面的准备:
节点名称 | ip |
master1 | 192.168.35.12 |
master2 | 192.168.35.13 |
node1 | 192.168.35.14 |
VIP | 192.168.35.15 |
环境配置:
#1、 关闭防火墙 [root@localhost ~]# systemctl stop firewalld # 临时关闭 [root@localhost ~]# systemctl disable firewalld # 永久关闭 #2、 关闭selinux [root@localhost ~]# setenforce 0 # 临时关闭 [root@localhost ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久关闭 # 3、关闭swap [root@localhost ~]# swapoff -a #临时关闭 [root@localhost ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab #永久关闭 #4、为每个节点设置主机名 [root@localhost ~]# hostnamectl set-hostname <hostname> # 例如master节点可以 hostnamectl set-hostname master1 #5、在master节点上添加hosts cat >> /etc/hosts << EOF 192.168.35.15 master.k8s.io k8s-vip 192.168.35.14 master01.k8s.io master1 192.168.35.13 master02.k8s.io master2 192.168.35.12 node01.k8s.io node1 EOF #6、将桥接的IPv4流量传递到iptables的链 cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system # 生效 #7、 时间同步 yum install ntpdate -y ntpdate time.windows.com
二、keepalived安装部署
1、安装相关依赖以及软件包
[root@master1 ~]# yum install -y conntrack-tools libseccomp libtool-ltdl [root@master1 ~]# yum install -y keepalived
2、节点配置
master1节点配置:
cat > /etc/keepalived/keepalived.conf <<EOF ! Configuration File for keepalived global_defs { router_id k8s } vrrp_script check_haproxy { script "killall -0 haproxy" interval 3 weight -2 fall 10 rise 2 } vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 51 priority 250 advert_int 1 authentication { auth_type PASS auth_pass ceb1b3ec013d66163d6ab } virtual_ipaddress { 192.168.35.15 } track_script { check_haproxy } } EOF
注意:
- vrrp_instance VI_1 中的interface是网卡,通过ifconfig进行具体查看各自网卡。
- virtual_ipaddress 虚拟ip这里设置的是 192.168.35.15
master2节点配置:
cat > /etc/keepalived/keepalived.conf <<EOF ! Configuration File for keepalived global_defs { router_id k8s } vrrp_script check_haproxy { script "killall -0 haproxy" interval 3 weight -2 fall 10 rise 2 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 51 priority 200 advert_int 1 authentication { auth_type PASS auth_pass ceb1b3ec013d66163d6ab } virtual_ipaddress { 192.168.35.15 } track_script { check_haproxy } } EOF
2、启动与检查
# 启动 [root@master1 ~]# systemctl start keepalived.service # 检查 [root@master1 ~]# systemctl status keepalived.service # 设置开机启动 [root@master1 ~]# systemctl enable keepalived.service
三、haproxy安装部署
1、安装haproxy软件
[root@master1 ~]# yum install -y haproxy
2、master节点配置
两个master节点后台配置相同,haproxy运行端口为16443,所以16443为集群的入口:
cat > /etc/haproxy/haproxy.cfg << EOF #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # kubernetes apiserver frontend which proxys to the backends #--------------------------------------------------------------------- frontend kubernetes-apiserver mode tcp bind *:16443 option tcplog default_backend kubernetes-apiserver #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend kubernetes-apiserver mode tcp balance roundrobin server master01.k8s.io 192.168.44.155:6443 check server master02.k8s.io 192.168.44.156:6443 check #--------------------------------------------------------------------- # collection haproxy statistics message #--------------------------------------------------------------------- listen stats bind *:1080 stats auth admin:awesomePassword stats refresh 5s stats realm HAProxy\ Statistics stats uri /admin?stats EOF
3、启动与查看
# 启动 [root@master1 ~]# systemctl start haproxy # 查看 [root@master1 ~]# systemctl status haproxy ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled) Active: active (running) since 二 2021-06-29 13:34:50 CST; 8s ago ... # 查看端口 [root@master1 ~]# netstat -lntup|grep haproxy tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 3357/haproxy tcp 0 0 0.0.0.0:16443 0.0.0.0:* LISTEN 3357/haproxy udp 0 0 0.0.0.0:50010 0.0.0.0:* 3356/haproxy
设置开机启动:
[root@master1 ~]# systemctl enable haproxy Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.