Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡

五、Kubernetes学习指南：保姆级实操手册05——配置集群HA负载均衡

简介： Keepalived 提供 VRRP 实现，并允许您配置 Linux 机器使负载均衡，预防单点故障。HAProxy 提供可靠、高性能的负载均衡，能与 Keepalived 完美配合

1、配置Keepalive

官方文档提供了两种运行方式（此案例使用选项1）：

• 选项1：在操作系统上运行服务
• 选项2：将服务作为静态pod运行

参考文档：[https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#options-for-software-load-balancing]

1.1、安装keepalived组件

注：三台master节点上安装

yum install -y keepalived

1.2、配置keepalived

### 在k8s-master01上设置：
[root@k8s-m01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back
[root@k8s-master01 keepalived]# 

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master01
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens192
    virtual_router_id 51
    priority 100
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF

### 在k8s-master02上设置：
$ mkdir /etc/keepalived 

[root@k8s-master02 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master02
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 99
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF


### 在k8s-master03上设置：
$ mkdir /etc/keepalived

[root@k8s-master03 keepalived]# cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
    router_id k8s-master03
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 98
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.255.210.99
    }
    track_script {
        check_apiserver
    }
}

EOF

扩展：参数说明

参数说明:
    router_id:
        节点ip，master每个节点配置自己的IP
    mcast_src_ip:
        节点IP，master每个节点配置自己的IP
    virtual_ipaddress:
        虚拟IP，即VIP。
    interface:
        指定接口的名称。
    virtual_router_id:
        有效值为0-255，可以理解为一个组ID，只有相同的ID才被确认为一个组。
        如果每个keepalived实例修改的ID不一致，则会出现各自有一个VIP的现象。

1.3、编写健康检查脚本

[root@k8s-master01 keepalived]# cat > /etc/keepalived/check_apiserver.sh   <<EOF
#!/bin/sh  

errorExit() {  
    echo "*** $*" 1>&2  
    exit 1  
}  

curl --silent --max-time 2 --insecure https://localhost:16443/ -o /dev/null || errorExit "Error GET https://localhost:16443/"  
if ip addr | grep -q 10.255.210.99; then  
curl --silent --max-time 2 --insecure https://10.255.210.99:16443/ -o /dev/null || errorExit "Error GET https://10.255.210.99:16443/"  
fi  

EOF

chmod +x  /etc/keepalived/check_apiserver.sh

scp /etc/keepalived/check_apiserver.sh root@k8s-master02:/etc/keepalived/
scp /etc/keepalived/check_apiserver.sh root@k8s-master03:/etc/keepalived/

1.4、启动Keepalived

systemctl enable keepalived --now; systemctl restart keepalived.service ;systemctl status keepalived.service

1.5、测试keepalived

ip a   
#查看VIP在那个节点   

systemctl stop keepalived.service   
#VIP所在节点停止服务，观察是否飘移VIP  

 systemctl restart keepalived.service   
#重启服务后，VIP将迁回

2、配置Haproxy

2.1、安装Haproxy

yum install -y haproxy

2.2、配置haproxy.cfg

global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5s
  timeout client  50s
  timeout server  50s
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind    *:8006
  mode    http
  stats   enable
  stats   hide-version
  stats   uri       /stats
  stats   refresh   30s
  stats   realm     Haproxy\ Statistics
  stats   auth      admin:admin

frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server k8s-master01 10.255.210.1:6443  check
  server k8s-master02 10.255.210.2:6443  check
  server k8s-master03 10.255.210.3:6443  check

2.3、启动haproxy

systemctl restart haproxy.service;systemctl status haproxy.service

2.4、查看端口

ss -alnupt |grep 16443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))
[root@k8s-master02 ~]# ss -alnupt |grep 6443
tcp    LISTEN     0      2000      *:16443                 *:*                   users:(("haproxy",pid=53056,fd=6))
tcp    LISTEN     0      2000   127.0.0.1:16443                 *:*                   users:(("haproxy",pid=53056,fd=7))