haproxy keepalived

发表于   |   更新于 | 分类于 | | 阅读次数: | 总览

本文主要是代理kubernetes master的高可用。

安装haproxy和keepalived

1
2
# yum -y install keepalived
# yum -y install haproxy

2、配置haproxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# cat /etc/haproxy/haproxy.cfg
global
  log 127.0.0.1 local0 err
  maxconn 50000
  uid 99
  gid 99
  #daemon
  nbproc 1
  pidfile haproxy.pid

defaults
  mode tcp
  log 127.0.0.1 local0 err
  maxconn 50000
  retries 3
  timeout connect 5s
  timeout client 30s
  timeout server 30s
  timeout check 2s

listen admin_stats
  mode http
  bind 0.0.0.0:1080
  log 127.0.0.1 local0 err
  stats refresh 30s
  stats uri     /haproxy-status
  stats realm   Haproxy\ Statistics
  stats auth    admin:admin1
  stats hide-version
  stats admin if TRUE

frontend k8s-https
  bind 0.0.0.0:8443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-http

backend k8s-http
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  server k8s-master-01 172.21.17.31:6443 check check-ssl verify none
  server k8s-master-02 172.21.16.110:6443 check check-ssl verify none
  server k8s-master-03 172.21.17.30:6443 check check-ssl verify none

3、keepalived配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# cat keepalived.conf 
! Configuration File for keepalived
global_defs {
  notification_email {
    cq_xxlaila@163.com
    }
  notification_email_from cq_xxlaila@163.com
  smtp_server 127.0.0.1
  smtp_connect_timeout 30
  router_id haproxy-01
}
vrrp_script chk_haproxy {
  script "/etc/keepalived/haproxy_check.sh"
  interval 2
  weight -5
  fall 3
  rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    dont_track_primary
    nopreempt
    authentication {
      auth_type PASS
      auth_pass 1111
    }
    virtual_ipaddress {
      172.21.16.45
    }
    track_script {
      chk_haproxy
    }
}
  • 监测脚本
1
2
3
4
5
6
7
8
9
10
11
12
# cat haproxy_check.sh 
#!/bin/bash
VIP="172.21.16.45"

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

if ip addr | grep -q $VIP ; then
    curl -s --max-time 2 --insecure https://${VIP}:8443/healthz  -o /dev/null || errorExit "Error GET https://${VIP}:8443/healthz"
fi
  • 启动服务
1
2
# systemctl enable haproxy &&systemctl enable keepalived
# systemctl start keepalived &&systemctl start haproxy
坚持原创技术分享,您的支持将鼓励我继续创作!
0%