相關内容:
Kubernetes部署(一):架構及功能說明
Kubernetes部署(二):系統環境初始化
Kubernetes部署(三):CA憑證制作
Kubernetes部署(四):ETCD叢集部署
Kubernetes部署(五):Haproxy、Keppalived部署
Kubernetes部署(六):Master節點部署
Kubernetes部署(七):Node節點部署
Kubernetes部署(八):Flannel網絡部署
Kubernetes部署(九):CoreDNS、Dashboard、Ingress部署
Kubernetes部署(十):儲存之glusterfs和heketi部署
Kubernetes部署(十一):管理之Helm和Rancher部署
Kubernetes部署(十二):helm部署harbor企業級鏡像倉庫
部署haproxy
1. 安裝haproxy
[root@node-01 ~]# yum install haproxy -y
2. 配置核心轉發
基于NAT模式的負載均衡器都需要打開系統轉發功能
[root@node-01 ~]# cat >>/etc/sysctl.conf<<EOF
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
EOF
[root@node-01 ~]# sysctl -p
3. 日志配置
編輯/etc/rsyslog.conf增加如下配置
cat >>/etc/rsyslog.conf <<EOF
#Haproxy
local0.* /var/log/haproxy.log
EOF
vim /etc/rsyslog.conf +15 #取消配置檔案注釋
$ModLoad imudp
$UDPServerRun 514
編輯/etc/sysconfig/rsyslog
[root@node-01 ~]# tail -1 /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-c 2 -m 0 -r -x"
#重新開機rsyslog服務
systemctl restart rsyslog
在node-01和node-02執行相同操作,注意修改部配置設定置的ip位址
4. haproxy配置
node-01配置和node-2配置一樣
[root@node-01 ~]# vim /etc/haproxy/haproxy.cfg
global
chroot /var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local0 warning
pidfile /var/lib/haproxy.pid
maxconn 20000
spread-checks 3
nbproc 8
defaults
log global
mode tcp
retries 3
option redispatch
listen https-apiserver
bind 10.31.90.200:6443
mode tcp
balance roundrobin
timeout server 15s
timeout connect 15s
server apiserver01 10.31.90.201:6443 check port 6443 inter 5000 fall 5
server apiserver02 10.31.90.202:6443 check port 6443 inter 5000 fall 5
server apiserver03 10.31.90.203:6443 check port 6443 inter 5000 fall 5
listen http-apiserver
bind 10.31.90.200:8080
mode tcp
balance roundrobin
timeout server 15s
timeout connect 15s
server apiserver01 10.31.90.201:8080 check port 8080 inter 5000 fall 5
server apiserver02 10.31.90.202:8080 check port 8080 inter 5000 fall 5
server apiserver03 10.31.90.203:8080 check port 8080 inter 5000 fall 5
5. 啟動服務
[root@node-01 ~]# systemctl start haproxy.service
[root@node-01 ~]# systemctl status haproxy.service
部署Keepalived
1. 安裝keepalived
[root@node-01 k8s]# tar zxf keepalived-2.0.10.tar.gz
[root@node-01 k8s]# cd keepalived-2.0.10/
[root@node-01 keepalived-2.0.10]# ./configure
[root@node-01 keepalived-2.0.10]# make -j2 && make install
[root@node-01 keepalived-2.0.10]#mkdir /etc/keepalived
[root@node-01 keepalived-2.0.10]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@node-01 keepalived-2.0.10]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
2. 日志配置
[root@node-01 keepalived-2.0.10]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 1"
cat >>/etc/rsyslog.conf <<EOF
#keepalived
local1.* /var/log/keepalived.log
EOF
#重新開機rsyslog服務
systemctl restart rsyslog
3. keepalived配置檔案
node-01配置檔案
[root@node-01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 50
advert_int 1
priority 100
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.31.90.200/24
}
}
node-02配置檔案
[root@node-02 keepalived-2.0.10]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 50
advert_int 1
priority 90
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.31.90.200/24
}
}
#node-01
[root@node-01 ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:82:64:70 brd ff:ff:ff:ff:ff:ff
inet 10.31.90.201/24 brd 10.31.90.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.31.90.200/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe82:6470/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#node-02
[root@node-02 ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:82:dd:7d brd ff:ff:ff:ff:ff:ff
inet 10.31.90.202/24 brd 10.31.90.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe82:dd7d/64 scope link noprefixroute
valid_lft forever preferred_lft forever