)
二进制基于kubeasz部署 K8s 1.34.x 高可用集群实战指南-第二章:HAProxy + Keepalived负载均衡高可用配置(2-4)
0.部署节点安装 Docker (仅在 160 执行)
# 安装 Docker (用于 kubeasz) cd /usr/local/src tar xvf runtime-docker_24.0.9-containerd_1.7.20-binary-install.tar.gz bash runtime-install.sh docker # 验证 docker version第二章:HAProxy + Keepalived负载均衡高可用配置
目标:在 109 和 110 节点部署 HAProxy + Keepalived,为 Kubernetes API Server 提供高可用访问入口(VIP: 192.168.44.188:6443)。
2.1 架构说明
┌─────────────────┐ │ 客户端访问 │ │ (kubectl) │ └────────┬────────┘ ▼ ┌─────────────────┐ │ VIP: 192.168.44.188:6443 │ └────────┬────────┘ │ ┌──────────────┴──────────────┐ ▼ ▼ ┌─────────────────┐ ┌─────────────────┐ │ HAProxy1 │ │ HAProxy2 │ │ 192.168.44.109 │◄─────────►│ 192.168.44.110 │ │ (Keepalived │ │ (Keepalived │ │ MASTER) │ │ BACKUP) │ └────────┬────────┘ └────────┬────────┘ │ │ └──────────────┬──────────────┘ ▼ ┌─────────────────────────────┐ │ Kubernetes API Server │ │ 192.168.44.101:6443 │ │ 192.168.44.102:6443 │ │ 192.168.44.103:6443 │ └─────────────────────────────┘2.2 安装软件 (两台节点 109 和 110 都执行)
# 登录 192.168.44.109 和 192.168.44.110 ssh root@192.168.44.109 ssh root@192.168.44.110 # 安装 HAProxy 和 Keepalived apt update apt install -y haproxy keepalived # 验证安装 haproxy -v keepalived -v2.3 配置 Keepalived
2.3.1 主节点配置 (192.168.44.109)
cat > /etc/keepalived/keepalived.conf << EOF global_defs { router_id LVS_MASTER } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 150 # 主节点优先级高 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.44.188/24 dev ens33 # 这里必须是 ens33 } } EOF2.3.2 备节点配置 (192.168.44.110)
cat > /etc/keepalived/keepalived.conf << EOF global_defs { router_id LVS_BACKUP } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 100 # 备节点优先级低 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.44.188/24 dev ens33 # 这里必须是 ens33 } } EOF2.3.3 启动 Keepalived
# 两台都执行 systemctl enable keepalived systemctl start keepalived systemctl status keepalived # 验证 VIP (只在主节点显示) ip addr show | grep 192.168.44.1882.4 配置 HAProxy (两台节点配置相同)
cat > /etc/haproxy/haproxy.cfg << 'EOF' global log /dev/log local0 user haproxy group haproxy daemon defaults log global mode tcp option tcplog timeout connect 5s timeout client 50s timeout server 50s frontend k8s-api bind *:6443 mode tcp default_backend k8s-masters backend k8s-masters mode tcp balance roundrobin server master1 192.168.44.101:6443 check inter 3s fall 3 rise 5 server master2 192.168.44.102:6443 check inter 3s fall 3 rise 5 server master3 192.168.44.103:6443 check inter 3s fall 3 rise 5 EOF # 启动 HAProxy systemctl enable haproxy systemctl start haproxy systemctl status haproxy # 验证监听 netstat -tnlp | grep 6443 # 预期输出: tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN xxx/haproxy2.5 验证负载均衡
2.5.1 验证 VIP 漂移
# 在主节点查看 VIP ip addr show | grep 192.168.44.188 # 停止主节点 Keepalived 测试 VIP 漂移 systemctl stop keepalived # 在备节点查看 VIP (应该出现) ip addr show | grep 192.168.44.188 # 恢复主节点 systemctl start keepalived2.5.2 验证 API Server 代理
# 在任意节点测试 (或部署节点) curl -k https://192.168.44.188:6443/version # 预期输出 (虽然还没部署 API Server,但会显示连接被拒绝) # 待 Master 部署完成后可正常访问 # 验证 HAProxy 后端健康检查 echo "show stat" | socat /run/haproxy/admin.sock stdio 2>/dev/null | grep k8s-masters2.6 本章检查清单
检查项 | 验证命令 | 预期结果 |
Keepalived 主节点 |
| 显示 192.168.44.188 |
Keepalived 备节点 |
| 无显示 (VIP 不在备节点) |
HAProxy 监听 |
| 显示 LISTEN |
VIP 漂移 |
| VIP 切换到备节点 |
HAProxy 语法 |
| Configuration file is valid |
2.7 故障模拟测试
# 模拟主节点故障 systemctl stop keepalived # 检查备节点 VIP 是否接管 # 模拟恢复 systemctl start keepalived # 模拟 HAProxy 故障 systemctl stop haproxy # 检查端口是否还在监听 # 模拟恢复 systemctl start haproxy)
