更改 keepalived 为支持 lvs

2024-01-30 10:26:56 +08:00 · 2024-01-30 10:26:56 +08:00 · bcdfe273cc
commit bcdfe273cc
parent ae7e5fe0fc
3 changed files with 158 additions and 74 deletions
--- a/keepalived/keepalived1.conf
+++ b/keepalived/keepalived1.conf
@ -1,35 +1,63 @@
 global_defs {
-    script_user root            # 脚本执行者
+   router_id LVS_APISERVER
    enable_script_security      # 标记脚本安全
 }
-
+vrrp_instance VI_1 {
-vrrp_script check {
+    state BACKUP
-    script "killall -0 kube-apiserver"      # 脚本路径
+    nopreempt
    interval 2                              # 脚本执行间隔，单位s
    weight -20                              # -254-254之间，检测失败权重减少
 }
 vrrp_instance VI_1 {                        # 实例名
    state  BACKUP                           # 3个实例，1个配置MASTER，另外2个配置BACKUP, 非抢占式配置BACKUP
    interface __NETWORK_NIC__
-    virtual_router_id 251                   # ID主备需一致
+    virtual_router_id 80
-    priority 100                            # 默认权重，3个节点保持不一致，并且MASTER最大，priority之间的差值要小于weight
+    priority 100
-    nopreempt                               # 非抢占式
+    advert_int 1
    authentication {
-        auth_type PASS                      # 主备验证信息，需一致
+        auth_type PASS
-        auth_pass 123456
+        auth_pass LVS_APISERVER
    }
    track_script {
        check
    }
    unicast_src_ip __MASTER1__
    unicast_peer {
        __MASTER2__ 
        __MASTER3__
    }
    virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
    }
 }
 virtual_server __VIP__ 6443 {
    delay_loop 6
    lb_algo loadbalance
    lb_kind DR
    net_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP
    real_server __MASTER1__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER2__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER3__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 }
--- a/keepalived/keepalived2.conf
+++ b/keepalived/keepalived2.conf
@ -1,35 +1,63 @@
 global_defs {
-    script_user root
+   router_id LVS_APISERVER
    enable_script_security
 }
 vrrp_script check {
    script "killall -0 kube-apiserver"
    interval 2
    weight -20
 }
 vrrp_instance VI_1 {
-    state  BACKUP
+    state BACKUP
    interface __NETWORK_NIC__
    virtual_router_id 251
    priority 99
    nopreempt
-
+    interface __NETWORK_NIC__
    virtual_router_id 80
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
-        auth_pass 123456
+        auth_pass LVS_APISERVER
    }
    track_script {
        check
    }
    unicast_src_ip __MASTER2__
    unicast_peer {
        __MASTER1__
        __MASTER3__
    }
    virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
    }
 }
 virtual_server __VIP__ 6443 {
    delay_loop 6
    lb_algo loadbalance
    lb_kind DR
    net_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP
    real_server __MASTER1__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER2__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER3__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 }
--- a/keepalived/keepalived3.conf
+++ b/keepalived/keepalived3.conf
@ -1,35 +1,63 @@
 global_defs {
-    script_user root
+   router_id LVS_APISERVER
    enable_script_security
 }
 vrrp_script check {
    script "killall -0 kube-apiserver"
    interval 2
    weight -20
 }
 vrrp_instance VI_1 {
-    state  BACKUP
+    state BACKUP
    interface __NETWORK_NIC__
    virtual_router_id 251
    priority 98
    nopreempt
-
+    interface __NETWORK_NIC__
    virtual_router_id 80
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
-        auth_pass 123456
+        auth_pass LVS_APISERVER
    }
    track_script {
        check
    }
    unicast_src_ip __MASTER3__
    unicast_peer {
        __MASTER1__
        __MASTER2__
    }
    virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
    }
 }
 virtual_server __VIP__ 6443 {
    delay_loop 6
    lb_algo loadbalance
    lb_kind DR
    net_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP
    real_server __MASTER1__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER2__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server __MASTER3__ 6443 {
        weight 1
        SSL_GET {
            url {
              path /healthz
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 }