更改 keepalived 为支持 lvs

keepalived/keepalived1.conf

@@ -1,35 +1,63 @@
 global_defs {
-    script_user root            # 脚本执行者
-    enable_script_security      # 标记脚本安全
+   router_id LVS_APISERVER
 }
-
-vrrp_script check {
-    script "killall -0 kube-apiserver"      # 脚本路径
-    interval 2                              # 脚本执行间隔，单位s
-    weight -20                              # -254-254之间，检测失败权重减少
-}
-
-vrrp_instance VI_1 {                        # 实例名
-    state  BACKUP                           # 3个实例，1个配置MASTER，另外2个配置BACKUP, 非抢占式配置BACKUP
+vrrp_instance VI_1 {
+    state BACKUP
+    nopreempt
     interface __NETWORK_NIC__
-    virtual_router_id 251                   # ID主备需一致
-    priority 100                            # 默认权重，3个节点保持不一致，并且MASTER最大，priority之间的差值要小于weight
-    nopreempt                               # 非抢占式
-
+    virtual_router_id 80
+    priority 100
+    advert_int 1
     authentication {
-        auth_type PASS                      # 主备验证信息，需一致
-        auth_pass 123456
-    }
-    track_script {
-        check
-    }
-    unicast_src_ip __MASTER1__
-    unicast_peer {
-        __MASTER2__ 
-        __MASTER3__
+        auth_type PASS
+        auth_pass LVS_APISERVER
     }
     virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
     }
 }
+virtual_server __VIP__ 6443 {
+    delay_loop 6
+    lb_algo loadbalance
+    lb_kind DR
+    net_mask 255.255.255.0
+    persistence_timeout 0
+    protocol TCP
+    real_server __MASTER1__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER2__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER3__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
 
+}

keepalived/keepalived2.conf

@@ -1,35 +1,63 @@
 global_defs {
-    script_user root
-    enable_script_security
+   router_id LVS_APISERVER
 }
-
-vrrp_script check {
-    script "killall -0 kube-apiserver"
-    interval 2
-    weight -20
-}
-
 vrrp_instance VI_1 {
-    state  BACKUP
-    interface __NETWORK_NIC__
-    virtual_router_id 251
-    priority 99
+    state BACKUP
     nopreempt
-
+    interface __NETWORK_NIC__
+    virtual_router_id 80
+    priority 99
+    advert_int 1
     authentication {
         auth_type PASS
-        auth_pass 123456
-    }
-    track_script {
-        check
-    }
-    unicast_src_ip __MASTER2__
-    unicast_peer {
-        __MASTER1__
-        __MASTER3__
+        auth_pass LVS_APISERVER
     }
     virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
     }
 }
+virtual_server __VIP__ 6443 {
+    delay_loop 6
+    lb_algo loadbalance
+    lb_kind DR
+    net_mask 255.255.255.0
+    persistence_timeout 0
+    protocol TCP
+    real_server __MASTER1__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER2__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER3__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
 
+}

keepalived/keepalived3.conf

@@ -1,35 +1,63 @@
 global_defs {
-    script_user root
-    enable_script_security
+   router_id LVS_APISERVER
 }
-
-vrrp_script check {
-    script "killall -0 kube-apiserver"
-    interval 2
-    weight -20
-}
-
 vrrp_instance VI_1 {
-    state  BACKUP
-    interface __NETWORK_NIC__
-    virtual_router_id 251
-    priority 98
+    state BACKUP
     nopreempt
-
+    interface __NETWORK_NIC__
+    virtual_router_id 80
+    priority 98
+    advert_int 1
     authentication {
         auth_type PASS
-        auth_pass 123456
-    }
-    track_script {
-        check
-    }
-    unicast_src_ip __MASTER3__
-    unicast_peer {
-        __MASTER1__
-        __MASTER2__
+        auth_pass LVS_APISERVER
     }
     virtual_ipaddress {
-        __VIP__ dev __NETWORK_NIC__
+        __VIP__
     }
 }
+virtual_server __VIP__ 6443 {
+    delay_loop 6
+    lb_algo loadbalance
+    lb_kind DR
+    net_mask 255.255.255.0
+    persistence_timeout 0
+    protocol TCP
+    real_server __MASTER1__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER2__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
+    real_server __MASTER3__ 6443 {
+        weight 1
+        SSL_GET {
+            url {
+              path /healthz
+              status_code 200
+            }
+            connect_timeout 3
+            nb_get_retry 3
+            delay_before_retry 3
+        }
+    }
 
+}