haproxy+keepalived
# keepalived + haproxy部署
安装killall命令
yum install psmisc -y
1
# 1. haproxy安装
tar zxf haproxy-1.8.19.tar.gz
cd haproxy-1.8.19
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
1
2
3
2
3
cp二进制文件
cp -rfa /usr/local/haproxy/sbin/haproxy /usr/sbin/
1
修改haproxy配置文件
vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /usr/local/haproxy
user root
group root
daemon
nbproc 1
pidfile /var/run/haproxy.pid
log 127.0.0.1 local3 info
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
defaults
option redispatch
option httplog
option httpclose
retries 3
option dontlognull
maxconn 100000
mode http
log global
timeout http-request 30000
timeout http-keep-alive 30000
timeout connect 30000
timeout client 50000
timeout server 50000
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:111111Ab
##################### L4 #################################################
#kube-apiserver
frontend configcenter_api
bind 0.0.0.0:8443 #bind vip
mode tcp
default_backend kube-apiserver
backend kube-apiserver
mode tcp
balance source
server 10.50.182.65 10.50.182.65:6443 check inter 2000 rise 15 fall 3
server 10.50.182.66 10.50.182.66:6443 check inter 2000 rise 15 fall 3
server 10.50.182.67 10.50.182.67:6443 check inter 2000 rise 15 fall 3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
创建为系统服务
cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=network.target
[Service]
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/var/run/haproxy.pid"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify
# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.
# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# 2. keepalived安装
tar zxf keepalived-2.0.4.tar.gz
cd keepalived-2.0.4
./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
1
2
3
2
3
修改keepalived配置文件(master)
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id k8s-ha-test
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
! lvs_sync_daemon_interface eth0
virtual_router_id 123
priority 150
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.50.182.69
}
notify_master "/etc/keepalived/notify.sh master"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
向私有云进行VIP注册脚本(master,脚本注意修改vip及服务器的mac地址)
vim notify.sh
#!/bin/bash
vip=10.50.182.69
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
}
case "$1" in
master)
notify master
curl 'http://169.254.169.254/latest/meta-data/vip-takeover?vip=10.50.182.69&mac=d0:0d:6a:9e:15:41'
exit 0
;;
esac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
修改keepalived配置文件(backup)
脚本注意修改vip及服务器的mac地址
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id k8s-ha-test
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
! lvs_sync_daemon_interface eth0
virtual_router_id 123
priority 100
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.50.182.69
}
notify_master "/etc/keepalived/notify.sh master"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
向私有云进行VIP注册(backup)
vim notify.sh
#!/bin/bash
vip=10.50.182.69
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
}
case "$1" in
master)
notify master
curl 'http://169.254.169.254/latest/meta-data/vip-takeover?vip=10.50.182.69&mac=d0:0d:83:8e:d9:0c'
exit 0
;;
esac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
开机自启动
systemctl enable haproxy.service
systemctl enable keepalived.service
1
2
2
启动
systemctl start haproxy.service
systemctl start keepalived.service
1
2
2
上次更新: 2022/10/05, 15:47:59