LVS实现Kubernetes集群高可用

服务器规划：

三台k8s-master                                                     两台lvs                                      

k8s01：10.20.31.157                                            lb01：10.20.31.184

k8s02：10.20.31.167                                            lb02：10.20.31.185

k8s03：10.20.31.186                                            vipIP：10.20.31.187

从构图中可以看到，所有节点都需要通过负载均衡器和API Server进行通信，负载均衡器就非常重要了。这里考虑负载均衡器的性能与高可用，我们选择了LVS + keepalived（LVS当然也可以部署在k8s的节点机器上，为了保证集群高可用，建议还是部署在单独的机器上。）。

lvs-master(10.20.31.184)

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

# 安装依赖 $ yum install -y ipvsadm wget curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel # 安装keepalived，centos7通过yum下载的版本有问题，会报一个叫【TCP socket bind failed. Rescheduling】的错误 $ wget http://www.keepalived.org/software/keepalived-1.4.5.tar.gz && tar -zxvf keepalived-1.4.5.tar.gz && cd keepalived-1.4.5 && ./configure && make && make install && cd .. && rm -f keepalived-1.4.5.tar.gz && rm -rf keepalived-1.4.5 ################ keepalived负载均衡配置 ################ # 生成keepalived配置 $ cd /etc/keepalived && cat <<E0F > /etc/keepalived/keepalived.conf global_defs {    router_id keepalived-master }   vrrp_instance vip_1 {   state MASTER   ! 注意这是网卡名称，使用ip a命令查看自己的局域网网卡名称   interface ens192   ! keepalived主备router_id必须一致   virtual_router_id 88   ! 优先级，keepalived主节点优先级要比备节点高   priority 100   advert_int 3   ! 配置虚拟ip地址   virtual_ipaddress {     10.20.31.187   } }   virtual_server 10.20.31.187 6443 {   delay_loop 6   lb_algo rr   lb_kind DR   persistence_timeout 0   protocol TCP         real_server 10.20.31.157 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   }   real_server 10.20.31.167 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   }   real_server 10.20.31.186 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   } } E0F   # 启动keepalived $ systemctl enable keepalived && service keepalived start   # 检查keepalived状态 $ service keepalived status   # 查看日志 $ journalctl -f -u keepalived   # 查看虚拟ip $ ip a

lvs-backup(10.20.31.185)

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

# 安装依赖 $ yum install -y ipvsadm wget curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel # 安装keepalived，centos7通过yum下载的版本有问题，会报一个叫【TCP socket bind failed. Rescheduling】的错误 $ wget http://www.keepalived.org/software/keepalived-1.4.5.tar.gz && tar -zxvf keepalived-1.4.5.tar.gz && cd keepalived-1.4.5 && ./configure && make && make install && cd .. && rm -f keepalived-1.4.5.tar.gz && rm -rf keepalived-1.4.5 ################ keepalived负载均衡配置 ################ # 生成keepalived配置 $ mkdir -p /etc/keepalived && cd /etc/keepalived && cat <<E0F > /etc/keepalived/keepalived.conf global_defs {    router_id keepalived-backup }   vrrp_instance vip_1 {   state BACKUP   ! 注意这是网卡名称，使用ip a命令查看自己的局域网网卡名称   interface ens192   ! keepalived主备router_id必须一致   virtual_router_id 88   ! 优先级，keepalived主节点优先级要比备节点高   priority 99   advert_int 3   ! 配置虚拟ip地址   virtual_ipaddress {     10.20.31.187   } }   virtual_server 10.20.31.187 6443 {   delay_loop 6   lb_algo rr   lb_kind DR   persistence_timeout 0   protocol TCP         real_server 10.20.31.157 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   }   real_server 10.20.31.167 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   }   real_server 10.20.31.186 6443 {     weight 1     TCP_CHECK {       connect_timeout 10       nb_get_retry 3       delay_before_retry 3       connect_port 6443     }   } } E0F   # 启动keepalived $ systemctl enable keepalived && service keepalived start   # 检查keepalived状态 $ service keepalived status   # 查看日志 $ journalctl -f -u keepalived   # 查看虚拟ip $ ip a

　

real_server配置，也就是每个k8s Master节点机器

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

# 创建rs脚本 $ mkdir -p /opt/rs/ && cd /opt/rs && cat <<E0F > /opt/rs/rs.sh #!/bin/bash # 虚拟ip vip=10.20.31.187 # 停止以前的lo:0 ifconfig lo:0 down echo "1" > /proc/sys/net/ipv4/ip_forward echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce # 启动一个回环地址并绑定给vip ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce # ens33是主网卡名 echo "1" >/proc/sys/net/ipv4/conf/ens192/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/ens192/arp_announce E0F   # 添加执行权限 $ chmod +x /opt/rs/rs.sh   # 执行rs脚本（如果出现错误，重新执行一遍即可） $ ./rs.sh   # 添加到开机启动 $ echo '/opt/rs/rs.sh'  >> /etc/rc.d/rc.local # 在centos7中，/etc/rc.d/rc.local的权限被降低了，所以需要执行如下命令赋予其可执行权限 $ chmod +x /etc/rc.d/rc.local