软件介绍
Keeplived
Keepalived是基于vrrp协议的一款高可用软件。Keepailived有一台主服务器和多台备份服务器,在主服务器和备份服务器上面部署相同的服务配置,使用一个VIP地址对外提供服务,当主服务器出现故障时,VIP地址会自动漂移到备份服务器
Haproxy
配置
keepalived 配置
在所有节点安装Keepalived
apt install -y keepalived
编写配置文件,此处展示Master节点配置,backup节点应修改router_id,state以及priority
root@k8s1:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id k8s1 #在一个网络应该是唯一的
}
vrrp_script chk_api {
script "/etc/keepalived/check_apiserver.sh" #定时检查apiserver是否正常运行的脚本
interval 2 #脚本执行间隔,每2s检测一次
weight -5 #脚本结果导致的优先级变更,检测失败(脚本返回非0)则优先级 -5
fall 2 #检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 #检测1次成功就算成功。但不修改优先级
}
vrrp_instance VI_1 {
#指定keepalived的角色,这里指定的不一定就是MASTER,实际会根据优先级调整,另一台为BACKUP
state MASTER
interface ens160 #当前进行vrrp通讯的网卡
virtual_router_id 200 #虚拟路由编号(数字1-255),主从要一致
# mcast_src_ip 192.168.79.191 #
priority 100 #定义优先级,数字越大,优先级越高,MASTER的优先级必须大于BACKUP的优先级
nopreempt
advert_int 1 #设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication {
auth_type PASS
auth_pass 2222
}
#执行监控的服务。注意这个设置不能紧挨着写在vrrp_script配置块的后面(实验中碰过的坑),
#否则nginx监控失效!!
track_script {
chk_api #引用VRRP脚本,即在 vrrp_script 部分指定的名字。
#定期运行它们来改变优先级,并最终引发主备切换。
}
virtual_ipaddress {#VRRP HA 虚拟地址 如果有多个VIP,继续换行填写
10.203.1.85
}
}
在所有节点编写check_apiserver.sh脚本,脚本会检测apiserver,如果apiserver不存在,杀死Keepalived,VIP就会飘到其他节点
#!/bin/sh
errorExit() {
echo "*** $*" 1>&2
exit 1
}
curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
if ip addr | grep -q 10.203.1.85; then
curl --silent --max-time 2 --insecure https://10.203.1.85:6443/ -o /dev/null || errorExit "Error GET https://10.203.1.85:6443/"
fi
增加可执行权限到nginx_check.sh脚本
chmod +x /etc/keepalived/check_apiserver.sh
开启keepalived服务
systemctl daemon-reload
service keepalived start
Haproxy配置
在所有节点安装haproxy
apt install -y haproxy
编辑配置文件/etc/haproxy/haproxy.cfg,3个节点的配置一致
# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the masters
#---------------------------------------------------------------------
frontend apiserver
bind *:8443
mode tcp
option tcplog
default_backend apiserver
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserver
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server node1 10.203.1.71:80 weight 2 rise 2 fall 3
server node2 10.203.1.67:80 weight 1 rise 2 fall 3
server node3 10.203.1.87:80 weight 1 rise 2 fall 3
# [...]
重启服务
systemctl restart haproxy
网友评论