零、目录
一、说明
本文将部署HAProxy和Keepalived服务,以实现kube-apiserver服务的高可用。
二、前提
本文的HAProxy和Keepalived直接使用docker部署,所以需要提前安装好docker服务,详见:【容器化】Docker部署
修改cgroupdriver
1
2
3
4
5
6
7
8
9
10
11
| mkdir -p /etc/docker
cat << EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
|
三、部署HAProxy
创建HAProxy配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
mkdir -p /etc/haproxy
cat << EOF > /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4096
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend kube-apiserver
mode tcp
bind *:9443
option tcplog
default_backend kube-apiserver
listen stats
mode http
bind *:8888
stats auth admin:password
stats refresh 5s
stats realm HAProxy\ Statistics
stats uri /stats
log 127.0.0.1 local3 err
backend kube-apiserver
mode tcp
balance roundrobin
server k8s-master1 192.168.56.105:6443 check
server k8s-master2 192.168.56.106:6443 check
server k8s-master3 192.168.56.107:6443 check
EOF
|
基于docker部署HAProxy服务
1
2
3
4
5
6
|
docker run -d --name k8s-haproxy \
--net=host \
--restart=always \
-v /etc/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro \
haproxytech/haproxy-debian:2.3
|
访问测试
访问:http://192.168.56.105:8888/stats或http://192.168.56.106:8888/stats,可见三个节点的状态都处于UP状态则为正常。
结果截图
四、部署Keepalived服务
创建Keepalived配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
mkdir -p /etc/keepalived
cat << EOF > /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_1
}
vrrp_script checkhaproxy {
script "/usr/bin/check-haproxy.sh"
interval 2
weight -30
}
vrrp_instance VI_1 {
state MASTER
interface enp0s8
virtual_router_id 51
priority 100
advert_int 1
virtual_ipaddress {
192.168.56.250/24 dev enp0s8
}
authentication {
auth_type PASS
auth_pass password
}
track_script {
checkhaproxy
}
}
EOF
cat << EOF > /etc/keepalived/check-haproxy.sh
#!/bin/bash
count=\`netstat -apn | grep 9443 | wc -l\`
if [ $count -gt 0 ]; then
exit 0
else
exit 1
fi
EOF
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
mkdir -p /etc/keepalived
cat << EOF > /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_2
}
vrrp_script checkhaproxy {
script "/usr/bin/check-haproxy.sh"
interval 2
weight -30
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s8
virtual_router_id 51
priority 100
advert_int 1
virtual_ipaddress {
192.168.56.250/24 dev enp0s8
}
authentication {
auth_type PASS
auth_pass password
}
track_script {
checkhaproxy
}
}
EOF
cat << EOF > /etc/keepalived/check-haproxy.sh
#!/bin/bash
count=\`netstat -apn | grep 9443 | wc -l\`
if [ $count -gt 0 ]; then
exit 0
else
exit 1
fi
EOF
|
基于docker部署Keepalived
1
2
3
4
5
6
7
8
|
docker run -d --name k8s-keepalived \
--restart=always \
--net=host \
--cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW \
-v /etc/keepalived/keepalived.conf:/container/service/keepalived/assets/keepalived.conf \
-v /etc/keepalived/check-haproxy.sh:/usr/bin/check-haproxy.sh \
osixia/keepalived:2.0.20 --copy-service
|
五、结果验证
查看vip状态
结果截图
192.168.56.105中的enp0s8网卡获取到vip
192.168.56.106中的enp0s8网卡则没有获取到vip
查看kube-apiserver高可用是否正常
1
2
|
curl -v -k https://192.168.56.250:9443
|
结果截图
(•̀ᴗ•́)و ̑̑