编译安装Kubernetes 1.29 高可用集群(2)--haproxy节点配置

1.1 在所有haproxy节点安装haproxy

yum -y install haproxy psmisc

1.2 在所有haproxy节点创建haproxy配置文件

cat > /etc/haproxy/haproxy.cfg << EOF
# HAProxy Configure /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats       timeout   30s

#---------------------------------------------------------------------
# Check the haproxy running and load balancing status
#---------------------------------------------------------------------
listen status_page
    bind *:8888
    mode http
    option httpchk
    timeout connect 5s
    timeout client 50s
    timeout server 50s
    stats enable
    stats uri /status
    stats auth  admin:admin
    stats hide-version
    stats admin if TRUE

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    log                     global
    option                  httplog
    option                  dontlognull
    timeout connect         5000
    timeout client          5000
    timeout server          5000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  kube-apiserver
    bind *:6443
    mode tcp
    option tcplog
    default_backend kube-apiserver

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend kube-apiserver
    mode tcp
    balance     roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server kube-apiserver-1 192.168.83.210:6443 check
    server kube-apiserver-2 192.168.83.211:6443 check 
EOF

# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid

1.3 所有haproxy节点启动haproxy

systemctl daemon-reload
systemctl enable --now haproxy

2.1 在所有haproxy节点安装keepalived

yum -y install keepalived

2.2 在k8s-haproxy01节点创建keepalived配置文件

cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
   router_id LVS_DEVEL
   script_user root
   enable_script_security
}

vrrp_script chk_haproxy {
   script "/etc/keepalived/check_haproxy.sh"
   interval 5
   weight -5
   fall 2 
   rise 1
}

vrrp_instance VI_1 {
   state MASTER
   interface ens33
   mcast_src_ip 192.168.83.201
   virtual_router_id 50
   priority 100
   advert_int 2
   authentication {
       auth_type PASS
       auth_pass k8s666
   }

   virtual_ipaddress {
       192.168.83.200
   }

   track_script {
      chk_haproxy
   }
}
EOF

2.3 在k8s-haproxy02节点创建keepalived配置文件

cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
   router_id LVS_DEVEL
   script_user root
   enable_script_security
}

vrrp_script chk_haproxy {
   script "/etc/keepalived/check_haproxy.sh"
   interval 5
   weight -5
   fall 2 
   rise 1
}

vrrp_instance VI_1 {
   state BACKUP
   interface ens33
   mcast_src_ip 192.168.83.202
   virtual_router_id 50
   priority 80
   advert_int 2
   authentication {
       auth_type PASS
       auth_pass k8s666
   }

   virtual_ipaddress {
       192.168.83.200
   }

   track_script {
      chk_haproxy
   }
}
EOF

2.4 在所有haproxy节点创建keepalived的haproxy检查文件

cat > /etc/keepalived/check_haproxy.sh << EOF
#!/bin/bash
err=0
for k in $(seq 1 3)
do
   check_code=$(pgrep haproxy)
   if [[ $check_code == "" ]]; then
       err=$(expr $err + 1)
       sleep 1
       continue
   else
       err=0
       break
   fi
done

if [[ $err != "0" ]]; then
   echo "systemctl stop keepalived"
   /usr/bin/systemctl stop keepalived
   exit 1
else
   exit 0
fi

EOF

# chmod +x /etc/keepalived/check_haproxy.sh

 2.5 在所有haproxy节点启动keepalived

systemctl enable --now keepalived