部署完master节点后,实现三节点的高可用。
一、安装haproxy keepalived
yum -y install haproxy keepalived
二、配置haproxy
##备份原文件
mv /etc/haproxy/haproxy.cfg{,.bak}
##指定新文件
cat > /etc/haproxy/haproxy.cfg << EOF
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
listen stats
bind *:8006
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy\ Statistics
stats auth admin:admin
frontend k8s-master
bind 0.0.0.0:8443 #此端口地址建议修改大点,以免和prometheu+grafana的端口产生冲突
bind 127.0.0.1:8443 #此端口地址建议修改大点,以免和prometheu+grafana的端口产生冲突
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
#如下内容的主机名和IP地址请按你实际环境的来填写
server master01 10.13.33.38:6443 check
server master02 10.13.33.40:6443 check
server master03 10.13.33.29:6443 check
EOF
三、修改keepalived配置文件
##备份原文件
mv /etc/keepalived/keepalived.conf{,.bak}
##指定新文件
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id 10.13.33.38
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh 8443"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 10.13.33.38 #此处请填写相对应的本地的IP地址,IP不能相同,每个master节点的请另行修改
virtual_router_id 51
priority 102 #优先级高的能优先获得vip地址,优先级不能相同,每个master节点的请另行修改
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
10.13.33.241 #此处填写你要设定的VIP地址
}
# track_script {
# chk_apiserver
# }
}
EOF
##新建检测简本
cat > /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash
function check_apiserver() {
for ((i=0;i<5;i++));do
apiserver_job_id=$(pgrep kube-apiserver)
if [[ ! -z $apiserver_job_id ]];then
return
else
sleep 2
fi
apiserver_job_id=0
done
}
# 1: running 0: stopped
check_apiserver
if [[ $apiserver_job_id -eq 0 ]]; then
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
EOF
#对检测脚本添加执行权限
chmod a+x /etc/keepalived/check_apiserver.sh
四、启动haproxy和keepalived服务
systemctl enable --now haproxy && systemctl enable --now keepalived
#查看haproxy和keepalived的服务状态
systemctl status haproxy keepalived