• LVS实现Kubernetes集群高可用

    服务器规划:

    三台k8s-master                                                     两台lvs                                      

    k8s01:10.20.31.157                                            lb01:10.20.31.184

    k8s02:10.20.31.167                                            lb02:10.20.31.185

    k8s03:10.20.31.186                                            vipIP:10.20.31.187


    从构图中可以看到,所有节点都需要通过负载均衡器和API Server进行通信,负载均衡器就非常重要了。这里考虑负载均衡器的性能与高可用,我们选择了LVS + keepalived(LVS当然也可以部署在k8s的节点机器上,为了保证集群高可用,建议还是部署在单独的机器上。)。

    lvs-master(10.20.31.184)

    # 安装依赖
$ yum install -y ipvsadm wget curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel
# 安装keepalived,centos7通过yum下载的版本有问题,会报一个叫【TCP socket bind failed. Rescheduling】的错误
$ wget http://www.keepalived.org/software/keepalived-1.4.5.tar.gz && tar -zxvf keepalived-1.4.5.tar.gz && cd keepalived-1.4.5 && ./configure && make && make install && cd .. && rm -f keepalived-1.4.5.tar.gz && rm -rf keepalived-1.4.5
################ keepalived负载均衡配置 ################
# 生成keepalived配置
$ cd /etc/keepalived && cat <<E0F > /etc/keepalived/keepalived.conf
global_defs {
   router_id keepalived-master
}

vrrp_instance vip_1 {
  state MASTER
  ! 注意这是网卡名称,使用ip a命令查看自己的局域网网卡名称
  interface ens192
  ! keepalived主备router_id必须一致
  virtual_router_id 88
  ! 优先级,keepalived主节点优先级要比备节点高
  priority 100
  advert_int 3
  ! 配置虚拟ip地址
  virtual_ipaddress {
    10.20.31.187
  }
}

virtual_server 10.20.31.187 6443 {
  delay_loop 6
  lb_algo rr
  lb_kind DR
  persistence_timeout 0
  protocol TCP
    
  real_server 10.20.31.157 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
  real_server 10.20.31.167 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
  real_server 10.20.31.186 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
}
E0F

# 启动keepalived
$ systemctl enable keepalived && service keepalived start

# 检查keepalived状态
$ service keepalived status

# 查看日志
$ journalctl -f -u keepalived

# 查看虚拟ip
$ ip a

    lvs-backup(10.20.31.185)

    # 安装依赖
$ yum install -y ipvsadm wget curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel
# 安装keepalived,centos7通过yum下载的版本有问题,会报一个叫【TCP socket bind failed. Rescheduling】的错误
$ wget http://www.keepalived.org/software/keepalived-1.4.5.tar.gz && tar -zxvf keepalived-1.4.5.tar.gz && cd keepalived-1.4.5 && ./configure && make && make install && cd .. && rm -f keepalived-1.4.5.tar.gz && rm -rf keepalived-1.4.5
################ keepalived负载均衡配置 ################
# 生成keepalived配置
$ mkdir -p /etc/keepalived && cd /etc/keepalived && cat <<E0F > /etc/keepalived/keepalived.conf
global_defs {
   router_id keepalived-backup
}

vrrp_instance vip_1 {
  state BACKUP
  ! 注意这是网卡名称,使用ip a命令查看自己的局域网网卡名称
  interface ens192
  ! keepalived主备router_id必须一致
  virtual_router_id 88
  ! 优先级,keepalived主节点优先级要比备节点高
  priority 99
  advert_int 3
  ! 配置虚拟ip地址
  virtual_ipaddress {
    10.20.31.187
  }
}

virtual_server 10.20.31.187 6443 {
  delay_loop 6
  lb_algo rr
  lb_kind DR
  persistence_timeout 0
  protocol TCP
    
  real_server 10.20.31.157 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
  real_server 10.20.31.167 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
  real_server 10.20.31.186 6443 {
    weight 1
    TCP_CHECK {
      connect_timeout 10
      nb_get_retry 3
      delay_before_retry 3
      connect_port 6443
    }
  }
}
E0F

# 启动keepalived
$ systemctl enable keepalived && service keepalived start

# 检查keepalived状态
$ service keepalived status

# 查看日志
$ journalctl -f -u keepalived

# 查看虚拟ip
$ ip a

     

    real_server配置,也就是每个k8s Master节点机器

    # 创建rs脚本
$ mkdir -p /opt/rs/ && cd /opt/rs && cat <<E0F > /opt/rs/rs.sh
#!/bin/bash
# 虚拟ip
vip=10.20.31.187
# 停止以前的lo:0
ifconfig lo:0 down
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
# 启动一个回环地址并绑定给vip
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
# ens33是主网卡名
echo "1" >/proc/sys/net/ipv4/conf/ens192/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/ens192/arp_announce
E0F

# 添加执行权限
$ chmod +x /opt/rs/rs.sh

# 执行rs脚本(如果出现错误,重新执行一遍即可)
$ ./rs.sh

# 添加到开机启动
$ echo '/opt/rs/rs.sh'  >> /etc/rc.d/rc.local
# 在centos7中,/etc/rc.d/rc.local的权限被降低了,所以需要执行如下命令赋予其可执行权限
$ chmod +x /etc/rc.d/rc.local
  • 相关阅读:
    关于命题“网络规划中一个VLAN要对应一个网段”的证明
    详谈为何两台主机网络掩码不一致可能导致ping不通
    为什么电脑的ip地址要和网关的ip同一个子网才可以上网?
    快速理解VirtualBox的四种网络连接方式(最详细)
    Ubuntu 16.04下安装OpenStack(juno)之add the compute service报错分析
    Ubuntu 16.04下安装OpenStack(juno) 之add the image service报错分析
    曲线
    Best Cow Fences
    愤怒的牛
    斐波那契数
  • 原文地址:https://www.cnblogs.com/zhangmingcheng/p/12698010.html
Copyright © 2020-2023  润新知