前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >部署 HA 环境

部署 HA 环境

作者头像
jwangkun
发布2021-12-23 18:13:26
7490
发布2021-12-23 18:13:26
举报
文章被收录于专栏:John Wong's Blog

部署高可用负载均衡集群

在部署生产可用的 kubernetes 集群之前,需要先部署 LoadBalancer 环境,这里使用 keepalived + haproxy 的方式实现负载均衡和高可用。

环境说明

单独拿两个节点部署 keepalived 和 haproxy 作为后端 kubernetes 控制平面的负载均衡器,拓扑结构如下:

两个节点上面分别部署 keepalived 和 haproxy 组成负载均衡集群,haproxy 的 backend 为后端的 kubernetes control plane node,vip(虚ip) 在这两个节点之间漂移形成高可用。

部署

keepalived 的主要作用是为 haproxy 提供 vip,在2个 haproxy 实例之间提供主备,降低当其中一个haproxy失效的时对服务的影响。

部署配置 keepalived

设置相关的环境变量,根据不同的环境自行配置。

代码语言:javascript
复制
# keepalived vip 地址
export K8SHA_VIP=10.168.222.18

# keepalived auth toke
export K8SHA_KA_AUTH=412f7dc3bfed32194d1600c483e10ad1d

# keepalived network interface
export K8SHA_NETIF=eth0

设置 sysctl 选项

代码语言:javascript
复制
$ cat <<EOF >>/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
EOF

$ sysctl -p

安装 keepalived

代码语言:javascript
复制
$ yum install -y keepalived

添加配置

代码语言:javascript
复制
$ cat <<EOF >/etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id LVS_DEVEL
}

vrrp_script check_haproxy {
    script "pidof haproxy"
    interval 3
    weight -2
    fall 10
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface $K8SHA_NETIF
    virtual_router_id 51
    priority 250
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass $K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        $K8SHA_VIP
    }
    track_script {
        check_haproxy
    }
}
EOF

启动 keepalived

代码语言:javascript
复制
$ systemctl enable --now keepalived
$ ip addr show $K8SHA_NETIF
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:22:ff:95:87:f7 brd ff:ff:ff:ff:ff:ff
    inet 10.168.222.189/24 brd 10.168.222.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.168.222.18/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::222:ffff:fe95:87f7/64 scope link
       valid_lft forever preferred_lft forever

部署配置 haproxy

此处的 haproxy 为 apiserver 提供反向代理,haproxy 将所有请求轮询转发到每个master节点上。

系统配置

代码语言:javascript
复制
export K8S_MASTER0=10.168.222.218
export K8S_MASTER1=10.168.222.197
export K8S_MASTER2=10.168.222.207

安装 haproxy

代码语言:javascript
复制
$ yum install -y haproxy

配置 haproxy

代码语言:javascript
复制
$ cat <<EOF >/etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# kubernetes apiserver frontend which proxys to the backends
#---------------------------------------------------------------------
frontend kubernetes-apiserver
    mode                 tcp
    bind                 *:6443
    option               tcplog
    default_backend      kubernetes-apiserver

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend kubernetes-apiserver
    mode        tcp
    balance     roundrobin
    server  master-0 $K8S_MASTER0:6443 check
    server  master-1 $K8S_MASTER1:6443 check
    server  master-2 $K8S_MASTER2:6443 check

#---------------------------------------------------------------------
# collection haproxy statistics message
#---------------------------------------------------------------------
listen stats
    bind                 *:1080
    stats auth           admin:awesomePassword
    stats refresh        5s
    stats realm          HAProxy\ Statistics
    stats uri            /admin?stats
EOF

启动并检测服务

代码语言:javascript
复制
$ systemctl enable haproxy.service --now
$ systemctl status haproxy.service
$ netstat -tulnp | egrep '6443|1080'
tcp        0      0 0.0.0.0:6443            0.0.0.0:*               LISTEN      10033/haproxy
tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      10033/haproxy

下一篇: kubesphere添加新k8s节点→

本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2021-11-08,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 环境说明
  • 部署
    • 部署配置 keepalived
      • 部署配置 haproxy
      相关产品与服务
      负载均衡
      负载均衡(Cloud Load Balancer,CLB)提供安全快捷的四七层流量分发服务,访问流量经由 CLB 可以自动分配到多台后端服务器上,扩展系统的服务能力并消除单点故障。轻松应对大流量访问场景。 网关负载均衡(Gateway Load Balancer,GWLB)是运行在网络层的负载均衡。通过 GWLB 可以帮助客户部署、扩展和管理第三方虚拟设备,操作简单,安全性强。
      领券
      问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档