From bcdfe273cc702d2ddee22be1cd72174d65a79ec5 Mon Sep 17 00:00:00 2001 From: zhanglikun Date: Tue, 30 Jan 2024 10:26:56 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=94=B9=20keepalived=20=E4=B8=BA?= =?UTF-8?q?=E6=94=AF=E6=8C=81=20lvs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- keepalived/keepalived1.conf | 80 +++++++++++++++++++++++++------------ keepalived/keepalived2.conf | 76 ++++++++++++++++++++++++----------- keepalived/keepalived3.conf | 76 ++++++++++++++++++++++++----------- 3 files changed, 158 insertions(+), 74 deletions(-) diff --git a/keepalived/keepalived1.conf b/keepalived/keepalived1.conf index b3025f9..546b695 100644 --- a/keepalived/keepalived1.conf +++ b/keepalived/keepalived1.conf @@ -1,35 +1,63 @@ global_defs { - script_user root # 脚本执行者 - enable_script_security # 标记脚本安全 + router_id LVS_APISERVER } - -vrrp_script check { - script "killall -0 kube-apiserver" # 脚本路径 - interval 2 # 脚本执行间隔,单位s - weight -20 # -254-254之间,检测失败权重减少 -} - -vrrp_instance VI_1 { # 实例名 - state BACKUP # 3个实例,1个配置MASTER,另外2个配置BACKUP, 非抢占式配置BACKUP +vrrp_instance VI_1 { + state BACKUP + nopreempt interface __NETWORK_NIC__ - virtual_router_id 251 # ID主备需一致 - priority 100 # 默认权重,3个节点保持不一致,并且MASTER最大,priority之间的差值要小于weight - nopreempt # 非抢占式 - + virtual_router_id 80 + priority 100 + advert_int 1 authentication { - auth_type PASS # 主备验证信息,需一致 - auth_pass 123456 - } - track_script { - check - } - unicast_src_ip __MASTER1__ - unicast_peer { - __MASTER2__ - __MASTER3__ + auth_type PASS + auth_pass LVS_APISERVER } virtual_ipaddress { - __VIP__ dev __NETWORK_NIC__ + __VIP__ } } +virtual_server __VIP__ 6443 { + delay_loop 6 + lb_algo loadbalance + lb_kind DR + net_mask 255.255.255.0 + persistence_timeout 0 + protocol TCP + real_server __MASTER1__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER2__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER3__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } +} \ No newline at end of file diff --git a/keepalived/keepalived2.conf b/keepalived/keepalived2.conf index 4da5ecd..e744be0 100644 --- a/keepalived/keepalived2.conf +++ b/keepalived/keepalived2.conf @@ -1,35 +1,63 @@ global_defs { - script_user root - enable_script_security + router_id LVS_APISERVER } - -vrrp_script check { - script "killall -0 kube-apiserver" - interval 2 - weight -20 -} - vrrp_instance VI_1 { - state BACKUP - interface __NETWORK_NIC__ - virtual_router_id 251 - priority 99 + state BACKUP nopreempt - + interface __NETWORK_NIC__ + virtual_router_id 80 + priority 99 + advert_int 1 authentication { auth_type PASS - auth_pass 123456 - } - track_script { - check - } - unicast_src_ip __MASTER2__ - unicast_peer { - __MASTER1__ - __MASTER3__ + auth_pass LVS_APISERVER } virtual_ipaddress { - __VIP__ dev __NETWORK_NIC__ + __VIP__ } } +virtual_server __VIP__ 6443 { + delay_loop 6 + lb_algo loadbalance + lb_kind DR + net_mask 255.255.255.0 + persistence_timeout 0 + protocol TCP + real_server __MASTER1__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER2__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER3__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } +} \ No newline at end of file diff --git a/keepalived/keepalived3.conf b/keepalived/keepalived3.conf index 9472ef4..aa518b1 100644 --- a/keepalived/keepalived3.conf +++ b/keepalived/keepalived3.conf @@ -1,35 +1,63 @@ global_defs { - script_user root - enable_script_security + router_id LVS_APISERVER } - -vrrp_script check { - script "killall -0 kube-apiserver" - interval 2 - weight -20 -} - vrrp_instance VI_1 { - state BACKUP - interface __NETWORK_NIC__ - virtual_router_id 251 - priority 98 + state BACKUP nopreempt - + interface __NETWORK_NIC__ + virtual_router_id 80 + priority 98 + advert_int 1 authentication { auth_type PASS - auth_pass 123456 - } - track_script { - check - } - unicast_src_ip __MASTER3__ - unicast_peer { - __MASTER1__ - __MASTER2__ + auth_pass LVS_APISERVER } virtual_ipaddress { - __VIP__ dev __NETWORK_NIC__ + __VIP__ } } +virtual_server __VIP__ 6443 { + delay_loop 6 + lb_algo loadbalance + lb_kind DR + net_mask 255.255.255.0 + persistence_timeout 0 + protocol TCP + real_server __MASTER1__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER2__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } + real_server __MASTER3__ 6443 { + weight 1 + SSL_GET { + url { + path /healthz + status_code 200 + } + connect_timeout 3 + nb_get_retry 3 + delay_before_retry 3 + } + } +} \ No newline at end of file