高可用架构配置（haproxy+keepalived）

一、架构

3台 k8s-master主机：192.168.100.6，192.168.100.7， 192.168.100.8

VIP: 192.168.100.100

二、haproxy

1. yum install keepalived haproxy -y

2.vim /etc/haproxy/haproxy.cfg配置如下

global

  maxconn  2000

  ulimit-n  16384

  log  127.0.0.1 local0 err

  stats timeout 30s

defaults

  log global

  mode  http

  option  httplog

  timeout connect 5000

  timeout client  50000

  timeout server  50000

  timeout http-request 15s

  timeout http-keep-alive 15s

frontend k8s-master

  bind 0.0.0.0:8443

  bind 127.0.0.1:8443

  mode tcp

  option tcplog

  tcp-request inspect-delay 5s

  default_backend k8s-master

backend k8s-master

  mode tcp

  option tcplog

  option tcp-check

  balance roundrobin

  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100

  server k8s-master01    192.168.100.6:6443  check

  server k8s-master02    192.168.100.7:6443  check

  server k8s-master03    192.168.100.8:6443  check

三、keepalived

1.keepalived.conf文件主要配置解析

router_id HA_TEST_R1:本路由器(服务器)的名称、主备名称要不一样

vrrp_instance Vl_1∶定义VRRP热备实例

state MASTER:热备状态,MASTER表示主服务器

interface ens33:承载VIP地址的物理接口

virtual_router_id 1 :虚拟路由器的ID号,每个热备组保持一致

priority 100:优先级,数值越大优先级越高

advert_int 1:通告间隔秒数(心跳频率)

auth_type PASS:认证类型

auth_pass 123456:密码字串

virtual_ipaddress { vip}:指定漂移地址(VIP),可以有多个

2. k8s-master01配置如下vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

    router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

    script "/etc/keepalived/check_apiserver.sh"

    interval 5 

    weight -5

    fall 2

    rise 1

}

vrrp_instance VI_1 {

    state MASTER

    interface ens33

    mcast_src_ip 192.168.100.6

    virtual_router_id 51

    priority 101

    nopreempt

    advert_int 2

    authentication {

        auth_type PASS

        auth_pass K8SHA_KA_AUTH

    }

    virtual_ipaddress {

        192.168.100.100

    }

    track_script {      chk_apiserver

} }

3.k8s-master02配置如下vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

    router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

    script "/etc/keepalived/check_apiserver.sh"

    interval 5 

    weight -5

    fall 2

    rise 1

}

vrrp_instance VI_1 {

    state BACKUP

    interface ens33

    mcast_src_ip 192.168.100.7

    virtual_router_id 51

    priority 100

    nopreempt

    advert_int 2

    authentication {

        auth_type PASS

        auth_pass K8SHA_KA_AUTH

    }

    virtual_ipaddress {

        192.168.100.100

    }

    track_script {      chk_apiserver

} }

4.k8s-master03配置如下vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

    router_id LVS_DEVEL

}

vrrp_script chk_apiserver {

    script "/etc/keepalived/check_apiserver.sh"

    interval 5

    weight -5

    fall 2  

    rise 1

}

vrrp_instance VI_1 {

    state BACKUP

    interface ens33

    mcast_src_ip 192.168.100.7

    virtual_router_id 51

    priority 100

    nopreempt

    advert_int 2

    authentication {

        auth_type PASS

        auth_pass K8SHA_KA_AUTH

    }

    virtual_ipaddress {

        192.168.100.100

    }

    track_script {      chk_apiserver

} }

四、健康检查配置（3台主机都需要配置）

vim /etc/keepalived/check_apiserver.sh

#!/bin/bash

err=0

for k in $(seq 1 3)

do

    check_code=$(pgrep haproxy)

    if [[ $check_code == "" ]]; then

        err=$(expr $err + 1)

        sleep 1

        continue

    else

        err=0

        break

    fi

done

if [[ $err != "0" ]]; then

    echo "systemctl stop keepalived"

    /usr/bin/systemctl stop keepalived

    exit 1

else

    exit 0

fi