主机名 | IP |
---|---|
keepalive-haproxy-1 | 10.6.126.132 |
keepalive-haproxy-2 | 10.6.126.142 |
keepalive-haproxy-3 | 10.6.126.152 |
vip | 10.6.126.150 |
前置工作
1. 关闭firewalld
systemctl stop firewalld
systemctl disable firewalld
2. 关闭selinux
setenforce 0
编辑/etc/selinux/config修改如图配置
源码安装haproxy
1. 下载https://src.fedoraproject.org/repo/pkgs/haproxy/,解压并安装,这里使用版本1.8.25(2.0以上版本需要配置lua)
# 安装依赖包
yum install gcc openssl-devel readline-devel systemd-devel make pcre-devel psmisc -y
mkdir -p /opt/{softwares,installers}
cd /opt/softwares/
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.8.25.tar.gz/sha512/655eb4056989a3fee321ea9278a2085b0a999e522293f1f6229ebb8d17f3d33cb78abb4fd55a06d0218082e632b2d42de105575d0acd0c1b49996d4b45aa78e8/haproxy-1.8.25.tar.gz
tar xzf haproxy-1.8.25.tar.gz
cd haproxy-1.8.25
#将haproxy安装到/opt/installers/haproxy-1.8.25目录,注意:TARGET=Linux31 是通过uname -a来查看Linux内核版本的
make TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/opt/installers/haproxy-1.8.25
make install PREFIX=/opt/installers/haproxy-1.8.25
cp /opt/installers/haproxy-1.8.25/sbin/haproxy /usr/sbin/
#安装完成之后,默认安装目录是没有配置文件的,需要创建配置文件目录同时将源码包的配置文件拷贝到配置文件目录
mkdir /opt/installers/haproxy-1.8.25/conf
2. 配置HAProxy的systemd守护进程服务启动文件
tee /etc/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy
After=syslog.target network.target
[Service]
ExecStart=/opt/installers/haproxy-1.8.25/sbin/haproxy -f /opt/installers/haproxy-1.8.25/conf/haproxy.cfg -p /opt/installers/haproxy-1.8.25/haproxy.pid -Ws
ExecReload=/bin/kill -USR2 \$MAINPID
ExecStop=/bin/kill -USR1 \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
# 重新加载systemd配置文件
systemctl daemon-reload
配置配置文件
# 创建一个不可登录系统,且没有家目录的用户
useradd -s /sbin/nologin -M haproxy
cat /opt/installers/haproxy-1.8.25/conf/haproxy.cfg
global
maxconn 4000
user haproxy
group haproxy
daemon
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend kube-apiserver
bind *:6443
mode tcp
option tcplog
default_backend kube-apiserver
backend kube-apiserver
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s-master-1 10.6.126.133:6443 check
server k8s-master-2 10.6.126.143:6443 check
server k8s-master-3 10.6.126.153:6443 check
启动haproxy
systemctl start haproxy
systemctl enable haproxy
systemctl status haproxy
源码安装keepalive
1. 官网下载最新版本https://www.keepalived.org/download.html,解压并安装
mkdir -p /opt/{softwares,installers}
cd /opt/softwares/
wget https://www.keepalived.org/software/keepalived-2.2.2.tar.gz
tar xf keepalived-2.2.2.tar.gz
cd /opt/softwares/keepalived-2.2.2
./configure --prefix=/opt/installers/keepalived-2.2.2
make && make install
2. 初始化
cp /opt/installers/keepalived-2.2.2/etc/sysconfig/keepalived /etc/sysconfig/keepalived
cp /opt/installers/keepalived-2.2.2/sbin/keepalived /usr/sbin/keepalived
# 此文件在源码目录中
cp /opt/softwares/keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/keepalived
3. 配置文件
mkdir -p /etc/keepalived/
vim /etc/keepalived/keepalived.conf
keepalive-haproxy-1
global_defs {
notification_email {
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# haproxy验证
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 5
}
vrrp_instance haproxy-vip {
state MASTER
interface eth0 # 网卡
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.6.126.132 #本机IP
unicast_peer {
#10.6.126.142 # 其它节点IP
#10.6.126.152
}
virtual_ipaddress {
10.6.126.150 # vip地址池
}
track_script {
chk_haproxy
}
}
keepalive-haproxy-2
global_defs {
notification_email {
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# haproxy验证
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 5
}
vrrp_instance haproxy-vip {
state BACKUP
interface eth0 # 网卡
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.6.126.142 #本机IP
unicast_peer {
#10.6.126.132 # 其它节点IP
#10.6.126.152
}
virtual_ipaddress {
10.6.126.150 # vip地址池
}
track_script {
chk_haproxy
}
}
keepalive-haproxy-3
global_defs {
notification_email {
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# haproxy验证
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 5
}
vrrp_instance haproxy-vip {
state BACKUP
interface eth0 # 网卡
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.6.126.152 #本机IP
unicast_peer {
#10.6.126.132 # 其它节点IP
#10.6.126.142
}
virtual_ipaddress {
10.6.126.150 # vip地址池
}
track_script {
chk_haproxy
}
}
4. 启动keepalive
systemctl start keepalived
systemctl enable keepalived
systemctl status keepalived