编译安装Kubernetes 1.29 高可用集群(2)--haproxy节点配置

1.1 在所有haproxy节点安装haproxy

yum -y install haproxy

1.2 在所有haproxy节点创建haproxy配置文件

cat > /etc/haproxy/haproxy.cfg << EOF
global
     maxconn     3000
     ulimit-n    16384
     log         127.0.0.1 local0 err
     stats       timeout   30s

defaults
     log        global
     mode       http
     option     httplog
     timeout    connect    5000
     timeout    client     50000
     timeout    server     50000
     timeout    http-request    15s
     timeout    http-keep-alive 15s

listen status_page
    bind *:8888
    stats enable
    stats uri /status
    stats auth  admin:admin
    stats hide-version
    stats admin if TRUE

frontend k8s-master
     bind       0.0.0.0:6443
     bind       127.0.0.1:6443
     mode       tcp
     option     tcplog
     tcp-request     inspect-delay 5s
     default_backend k8s-master

backend k8s-master
     mode       tcp
     option     tcplog
     option     tcp-check
     balance    roundrobin
     default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
     server     k8s-master1  192.168.83.210:6443 check
     server     k8s-master2  192.168.83.211:6443 check
	 
EOF

1.3 所有haproxy节点启动haproxy

systemctl daemon-reload
systemctl enable --now haproxy

2.1 在所有haproxy节点安装keepalived

yum -y install keepalived

2.2 在k8s-haproxy01节点创建keepalived配置文件

cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
   router_id LVS_DEVEL
   script_user root
   enable_script_security
}

vrrp_script chk_haproxy {
   script "/etc/keepalived/check_haproxy.sh"
   interval 5
   weight -5
   fall 2 
   rise 1
}

vrrp_instance VI_1 {
   state MASTER
   interface ens33
   mcast_src_ip 192.168.83.201
   virtual_router_id 50
   priority 100
   advert_int 2
   authentication {
       auth_type PASS
       auth_pass k8s666
   }

   virtual_ipaddress {
       192.168.83.200
   }

   track_script {
      chk_haproxy
   }
}
EOF

2.3 在k8s-haproxy02节点创建keepalived配置文件

cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
   router_id LVS_DEVEL
   script_user root
   enable_script_security
}

vrrp_script chk_haproxy {
   script "/etc/keepalived/check_haproxy.sh"
   interval 5
   weight -5
   fall 2 
   rise 1
}

vrrp_instance VI_1 {
   state BACKUP
   interface ens33
   mcast_src_ip 192.168.83.202
   virtual_router_id 50
   priority 80
   advert_int 2
   authentication {
       auth_type PASS
       auth_pass k8s666
   }

   virtual_ipaddress {
       192.168.83.200
   }

   track_script {
      chk_haproxy
   }
}
EOF

2.4 在所有haproxy节点创建keepalived的haproxy检查文件

cat > /etc/keepalived/check_haproxy.sh << EOF
#!/bin/bash
err=0
for k in $(seq 1 3)
do
   check_code=$(pgrep haproxy)
   if [[ $check_code == "" ]]; then
       err=$(expr $err + 1)
       sleep 1
       continue
   else
       err=0
       break
   fi
done

if [[ $err != "0" ]]; then
   echo "systemctl stop keepalived"
   /usr/bin/systemctl stop keepalived
   exit 1
else
   exit 0
fi

EOF

# chmod +x /etc/keepalived/check_haproxy.sh

 2.5 在所有haproxy节点启动keepalived

systemctl enable --now keepalived