负载均衡方案
使用 HAProxy + keepalived 实现 Master 节点的负载均衡和高可用。keepalived 通过 VRRP 协议管理虚拟 IP(VIP),HAProxy 将请求分发到后端 Master 节点。
其他可选方案
| 方案 | 特点 |
|---|---|
| HAProxy + keepalived | 课程演示方案,成熟稳定 |
| Nginx + keepalived | 类似方案,配置略有不同 |
| kube-vip | K8s 原生 VIP 管理方案 |
安装
在两台负载均衡节点上执行:
sudo apt update
sudo apt install -y haproxy keepalived
bash
HAProxy 配置
配置文件 /etc/haproxy/haproxy.cfg,在末尾添加:
# 健康检查
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
# 监听 6443 转发到后端 Master
frontend kubernetes-frontend
bind *:6443
option tcplog
mode tcp
default_backend kubernetes-backend
# 后端 Master 节点
backend kubernetes-backend
mode tcp
balance roundrobin
option tcp-check
default-server inter 10s downinter 5s rise 2 fall 3 slowstart 60s maxconn 250 maxqueue 256 weight 100
server master1 192.168.4.205:6443 check
server master2 192.168.4.206:6443 check
server master3 192.168.4.207:6443 check
haproxy
参数说明:
inter 10s:每 10 秒进行一次健康检查downinter 5s:不可用时检查间隔缩短为 5 秒rise 2:连续 2 次成功后标记为可用fall 3:连续 3 次失败后标记为不可用slowstart 60s:恢复后 60 秒内逐渐增加负载maxconn 250:每个服务器最大 250 连接maxqueue 256:最大队列数 256weight 100:权重 100
keepalived 配置
Master 节点配置
配置文件 /etc/keepalived/keepalived.conf:
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script check_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens32 # 根据实际网卡名称修改
mcast_src_ip 192.168.4.211 # 本机 IP
virtual_router_id 51
priority 101 # Master 比 Backup 高
advert_int 2
authentication {
auth_type PASS
auth_pass your_password
}
virtual_ipaddress {
192.168.4.213 # VIP 地址
}
task_script {
check_apiserver
}
}
keepalived
Backup 节点配置
与 Master 配置基本相同,修改以下项:
state MASTER改为state BACKUPmcast_src_ip改为 Backup 节点的 IPpriority改为100(低于 Master)
健康检查脚本
创建 /etc/keepalived/check_apiserver.sh:
#!/bin/bash
err=0
for k in $(seq 1 3)
do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
bash
chmod +x /etc/keepalived/check_apiserver.sh
bash
脚本逻辑:循环 3 次检测 HAProxy 进程是否存在,如果 3 次都没找到,则停止 keepalived 释放 VIP。
启动服务
systemctl restart haproxy
systemctl restart keepalived
systemctl enable haproxy keepalived
bash
验证
# 查看 VIP 是否绑定成功
ip a
# 应看到 VIP(如 192.168.4.213)绑定在网卡上
# 测试负载均衡
curl -k https://192.168.4.213:6443/healthz
bash
查看网卡名称:
ip a # 或 ifconfig
# 找到主网卡名称(如 ens32、eth0 等)
bash
↑