docker swarm 外部负载均衡(Haproxy+keepalived) +ingress

 外部负载均衡(Haproxy+keepalived) +ingress

1.整体拓扑图(其它博客上的)

 2.实例:

localhost7A 192.168.80.100     Haproxy+keepalived
localhost7B 192.168.80.110     Haproxy+keepalived
localhost7C 192.168.80.120     manager
localhost7D 192.168.80.130     manager
localhost7E 192.168.80.140     work


[root@localhost7A ~]# yum install keepalived   haproxy  -y

#keepalived主配置
[root@localhost7A ~]# cat  /etc/keepalived/keepalived.conf 
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from root@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id localhost7A
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 95
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass centos
    }
    virtual_ipaddress {
        192.168.80.222/24 dev eth0 label eth0:1
    }
}

#keepalived次配置
[root@localhost7B ~]# cat  /etc/keepalived/keepalived.conf 
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from root@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id localhost7B
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 80
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass centos
    }
    virtual_ipaddress {
        192.168.80.222/24 dev eth0 label eth0:1
    }
}
#haproxy配置
[root@localhost7A ~]# cat  /etc/haproxy/haproxy.cfg 
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen stats
    mode http
    bind 0.0.0.0:9999
    stats enable
    log global
    stats uri /haproxy-status
    stats auth admin:123456

listen ingress
    bind  192.168.80.222:80
    balance     roundrobin
    server  web1 192.168.80.120:80 check inter 3000 fall 2 rise 5
    server  web2 192.168.80.130:80 check
    server  web3 192.168.80.140:80 check

#haproxy次配置
[root@localhost7B ~]# cat  /etc/haproxy/haproxy.cfg 
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


listen stats
    mode http
    bind 0.0.0.0:9999
    stats enable
    log global
    stats uri /haproxy-status
    stats auth admin:123456

listen ingress
    bind  192.168.80.222:80
    balance     roundrobin
    server  web1 192.168.80.120:80 check inter 3000 fall 2 rise 5
    server  web2 192.168.80.130:80 check
    server  web3 192.168.80.140:80 check





创建服务容器
[root@localhost7D netns]# docker service create  -p 80:80 --replicas 3 --name  nginx  harbor1.abc.com/web/nginx:v1
[root@localhost7D netns]# docker service ps  nginx 
ID                  NAME                IMAGE                          NODE                      DESIRED STATE       CURRENT STATE            ERROR               PORTS
ea2gcepeywot        nginx.1             harbor1.abc.com/web/nginx:v1   localhost7e.localdomain   Running             Running 24 seconds ago                       
13l81vy1orin        nginx.2             harbor1.abc.com/web/nginx:v1   localhost7C.localdomain   Running             Running 24 seconds ago                       
eqqhwcw1l743        nginx.3             harbor1.abc.com/web/nginx:v1   localhost7D.localdomain   Running             Running 24 seconds ago                       



看效果,修改两个容器的内容。
[root@localhost7D netns]# docker exec  -it  nginx.3.eqqhwcw1l743ufrtijdevxvto bash
[root@6b4f8c750eb6 nginx-1.21.0]# echo localhost7D.localdomain--nginx > /usr/local/nginx/html/index.html 
[root@6b4f8c750eb6 nginx-1.21.0]# exit
exit

[root@localhost7e ~]# docker exec   -it nginx.1.ea2gcepeywot493zrza19md97 bash
[root@d6ce971cc5ec nginx-1.21.0]# echo localhost7E.localdomain--nginx > /usr/local/nginx/html/index.html
[root@d6ce971cc5ec nginx-1.21.0]# exit
exit



[root@localhost7F ~]# curl  192.168.80.222
dockerfile nginx test
[root@localhost7F ~]# curl  192.168.80.222
localhost7E.localdomain--nginx
[root@localhost7F ~]# curl  192.168.80.222
dockerfile nginx test
[root@localhost7F ~]# curl  192.168.80.222
localhost7D.localdomain--nginx

 

 


=========================================================================

------------------------------------------------------------------------其它图文说明---------------------------------------

结构图讲解
南北向:主要用于访问外部网络。通过eht1网卡,走veth的docker_gwbridge网络,根据NAT把容器地址转换成主机地址,访问到外部网络。
东西向:用于集群之间的网络访问。192.168.200.10上的容器通过eht0访问overlay的网络mynet,将原始数据加一个VXLAN的头,封装成数据包,这时会原始地址就是192.168.200.10,目标IP地址192.168.200.11,通过这个管道发送到目标机器上,再通过overlay网络的mynet接收解封,发送到192.168.200.11的容器上。

集群的两个节点之间 10.0.1.8 - > 10.0.1.9 转换后两台机器 192.168.200.10 -> 192.168.200.11

 

 

 ------------------------------------------------------------------------其它图文说明-----------------------------------------

 通过ipvs做了负载均衡

 

posted @ 2022-12-01 11:56  yuanbangchen  阅读(564)  评论(0编辑  收藏  举报