一 环境说明:
需要单独拿出三台机器安装keep+haproxy,我这里为了方便,就和k8s一起共用了三台机器
master01 192.168.1.200
master02 192.168.1.210
master03 192.168.1.211
vip:192.168.1.222
1.1 安装keepalived(3台都安装)
yum install keepalived
1.2 编辑keepalived配置文件
global_defs {
script_user root
enable_script_security
}
vrrp_script chk_haproxy {
script "/bin/bash -c 'if [[ $(netstat -nlp | grep 9443) ]]; then exit 0; else exit 1; fi'" # haproxy 检测
interval 2 # 每2秒执行一次检测
weight 11 # 权重变化}
vrrp_instance VI_1 {interface eth0
state MASTER # backup节点设为BACKUP
virtual_router_id 51 # id设为相同,表示是同一个虚拟路由组
priority 100 #初始权重
nopreempt #可抢占
unicast_peer {}
virtual_ipaddress {
192.168.1.222 #vip
}
authentication {
auth_type PASS
auth_pass password
}
track_script {
chk_haproxy
}
notify "/container/service/keepalived/assets/notify.sh"}
二 安装haproxy(3台都安装)
2.1编辑haproxy配置文件(三台机器配置一样)
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode tcp #支持https
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#use_backend static if url_static
#default_backend app
listen stats #网页形式
mode http
bind *:9443
stats uri /admin/stats
monitor-uri /monitoruri
frontend showDoc
bind *:8000
use_backend app #必须和下面的名称一致
backend app
balance roundrobin
server app1 192.168.1.210:6443 check
server app2 192.168.1.211:6443 check
server app3 192.168.1.200:6443 check
三网页访问
vip+9443
四 安装k8s
省略,在加入集群的时候,ip地址是vip+8000
五 测试
在/root/.kube/config 这个文件里可以改成haproxy的ip和端口看是否可以正常查看,也可以改成vip测试一下
如图所示:
然后在运行kubectl get nodes,如果可以正常访问,代表是成功的
六 集群访问流程
node节点---vip(keepalived)--master(根据haproxy负载选中指定的master)