Kubernetes学习指南：保姆级实操手册05—

Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡

kubernetes学习指南：保姆级实操手册05配置集群ha负载均衡">五、Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡

简介： Keepalived 提供 VRRP 实现，并允许您配置 Linux 机器使负载均衡，预防单点故障。HAProxy 提供可靠、高性能的负载均衡，能与 Keepalived 完美配合

1、配置Keepalive

官方文档提供了两种运行方式（此案例使用选项1）：

选项1：在操作系统上运行服务
选项2：将服务作为静态pod运行

参考文档：[https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#options-for-software-load-balancing]

1.1、安装keepalived组件

注：三台master节点上安装

yum install -y keepalived

1.2、配置keepalived

### 在k8s-master01上设置：
[root@k8s-m01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back
[root@k8s-master01 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {router_id k8s-master01
}
vrrp_script check_apiserver {script "/etc/keepalived/check_apiserver.sh"interval 3weight -2fall 10rise 2
}vrrp_instance VI_1 {state MASTERinterface ens192virtual_router_id 51priority 100authentication {auth_type PASSauth_pass 123456}virtual_ipaddress {10.255.210.99}track_script {check_apiserver}
}EOF### 在k8s-master02上设置：
$ mkdir /etc/keepalived [root@k8s-master02 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {router_id k8s-master02
}
vrrp_script check_apiserver {script "/etc/keepalived/check_apiserver.sh"interval 3weight -2fall 10rise 2
}vrrp_instance VI_1 {state BACKUPinterface ens192virtual_router_id 51priority 99authentication {auth_type PASSauth_pass 123456}virtual_ipaddress {10.255.210.99}track_script {check_apiserver}
}EOF### 在k8s-master03上设置：
$ mkdir /etc/keepalived[root@k8s-master03 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {router_id k8s-master03
}
vrrp_script check_apiserver {script "/etc/keepalived/check_apiserver.sh"interval 3weight -2fall 10rise 2
}vrrp_instance VI_1 {state BACKUPinterface ens192virtual_router_id 51priority 98authentication {auth_type PASSauth_pass 123456}virtual_ipaddress {10.255.210.99}track_script {check_apiserver}
}EOF

扩展：参数说明

参数说明:router_id:节点ip，master每个节点配置自己的IPmcast_src_ip:节点IP，master每个节点配置自己的IPvirtual_ipaddress:虚拟IP，即VIP。interface:指定接口的名称。virtual_router_id:有效值为0-255，可以理解为一个组ID，只有相同的ID才被确认为一个组。如果每个keepalived实例修改的ID不一致，则会出现各自有一个VIP的现象。

1.3、编写健康检查脚本

[root@k8s-master01 keepalived]# cat > /etc/keepalived/check_apiserver.sh   <<EOF
#!/bin/sh  errorExit() {  echo "*** $*" 1>&2  exit 1  
}  curl --silent --max-time 2 --insecure https://localhost:16443/ -o /dev/null || errorExit "Error GET https://localhost:16443/"  
if ip addr | grep -q 10.255.210.99; then  
curl --silent --max-time 2 --insecure https://10.255.210.99:16443/ -o /dev/null || errorExit "Error GET https://10.255.210.99:16443/"  
fi  EOFchmod +x  /etc/keepalived/check_apiserver.shscp /etc/keepalived/check_apiserver.sh root@k8s-master02:/etc/keepalived/
scp /etc/keepalived/check_apiserver.sh root@k8s-master03:/etc/keepalived/

1.4、启动Keepalived

systemctl enable keepalived --now; systemctl restart keepalived.service ;systemctl status keepalived.service

1.5、测试keepalived

ip a   
#查看VIP在那个节点   systemctl stop keepalived.service   
#VIP所在节点停止服务，观察是否飘移VIP  systemctl restart keepalived.service   
#重启服务后，VIP将迁回

2、配置Haproxy

2.1、安装Haproxy

yum install -y haproxy

2.2、配置haproxy.cfg

globalmaxconn  2000ulimit-n  16384log  127.0.0.1 local0 errstats timeout 30sdefaultslog globalmode  httpoption  httplogtimeout connect 5stimeout client  50stimeout server  50stimeout http-request 15stimeout http-keep-alive 15sfrontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorlisten statsbind    *:8006mode    httpstats   enablestats   hide-versionstats   uri       /statsstats   refresh   30sstats   realm     Haproxy\ Statisticsstats   auth      admin:adminfrontend k8s-masterbind 0.0.0.0:16443bind 127.0.0.1:16443mode tcpoption tcplogtcp-request inspect-delay 5sdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobindefault-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100server k8s-master01 10.255.210.1:6443  checkserver k8s-master02 10.255.210.2:6443  checkserver k8s-master03 10.255.210.3:6443  check

2.3、启动haproxy

systemctl restart haproxy.service;systemctl status haproxy.service

2.4、查看端口

 ss -alnupt |grep 16443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))
[root@k8s-master02 ~]# ss -alnupt |grep 6443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))