구성내용
- kubernetes master Node에 설정
- deploy 서버가 별도로 존재하며 설정파일은 ansible을 사용하여 배포
서버 환경
| Node | IP | VIP |
| deploy | xx.xx.0.10 | |
| master001 | xx.xx.0.31 | xx.xx.0.30 |
| master002 | xx.xx.0.32 | |
| master003 | xx.xx.0.33 |
1. install haproxy, keepalived
# ansible -m shell -a 'yum -y install haproxy keepalived' -i inventory/k8s/inventory.ini kube_control_plane
2. backup config
# ansible -m shell -a 'mv -f /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.original' -i inventory/k8s/inventory.ini kube_control_plane
# ansible -m shell -a 'mv -f /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.original' -i inventory/k8s/inventory.ini kube_control_plane
3. Create haproxy & keepalived config on Deploy Node
| keepalied.j2 |
| cat << EOF > keepalived.j2 global_defs { notification_email { root@localnet } notification_email_from {{ inventory_hostname }}@localnet smtp_server localhost smtp_connect_timeout 30 } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance VI_{{ inventory_hostname }} { state MASTER interface eth0 virtual_router_id 150 priority {{ 102 - (inventory_hostname | regex_replace('test-master(\\\\d{2})', '\\\\1')) | int }} advert_int 1 authentication { auth_type PASS auth_pass p@ssw0rd } virtual_ipaddress { xx.xx.0.30 } track_script { chk_haproxy } } EOF |
| haproxy.j2 |
| cat << EOF > haproxy.j2 global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 1 timeout http-request 10s timeout queue 20s timeout connect 5s timeout client 20s timeout server 20s timeout http-keep-alive 10s timeout check 10s frontend apiserver bind *:8443 mode tcp option tcplog default_backend apiserver backend apiserver option httpchk GET /healthz http-check expect status 200 mode tcp option ssl-hello-chk balance roundrobin server test-master001 xx.xx.0.31:6443 check server test-master002 xx.xx.0.32:6443 check server test-master003 xx.xx.0.33:6443 check EOF |
*샘플 파일 위치 참고.
/usr/local/etc/keepalived/samples
/usr/share/doc/keepalived-1.3.5/samples
4. Copy config to Master Node
# ansible -m template -a "src=keepalived.j2 dest=/etc/keepalived/keepalived.conf" -i inventory/k8s/inventory.ini kube_control_plane
# ansible -m template -a "src=haproxy.j2 dest=/etc/haproxy/haproxy.cfg" -i inventory/k8s/inventory.ini kube_control_plane
5. start haproxy, keepalived
# ansible -m shell -a "systemctl start haproxy" -i inventory/k8s/inventory.ini kube_control_plane
# ansible -m shell -a "systemctl start keepalived" -i inventory/k8s/inventory.ini kube_control_plane
# ansible -m shell -a "systemctl enable haproxy" -i inventory/k8s/inventory.ini kube_control_plane
# ansible -m shell -a "systemctl enable keepalived" -i inventory/k8s/inventory.ini kube_control_plane
6. Check
6-1 Check keepalived
(1) check vip on test-master1
(k8s-env) [root@test-deploy kubespray]# ansible -m shell -a "ip a | grep 20.21.0.30" -i inventory/k8s/inventory.ini kube_control_plane
test-master002 | FAILED | rc=1 >>
non-zero return code
test-master001 | CHANGED | rc=0 >>
inet xx.xx.0.30/32 scope global eth0
test-master003 | FAILED | rc=1 >>
non-zero return code
(2) stop keepalived on test-master001
(k8s-env) [root@test-deploy kubespray]# ansible -m shell -a "systemctl stop keepalived" -i inventory/k8s/inventory.ini test-master001
test-master001 | CHANGED | rc=0 >>
(3) move vip to test-master002
(k8s-env) [root@test-deploy kubespray]# ansible -m shell -a "ip a | grep xx.xx.0.30" -i inventory/k8s/inventory.ini kube_control_plane
test-master002 | CHANGED | rc=0 >>
inet xx.xx.0.30/32 scope global eth0
test-master003 | FAILED | rc=1 >>
non-zero return code
test-master001 | FAILED | rc=1 >>
non-zero return code
'Linux' 카테고리의 다른 글
| [sed] 파일 내 문자열 변경1 (0) | 2021.10.26 |
|---|---|
| [tee 명령어] 문자열 저장 (0) | 2021.07.02 |
| sshpass로 한 번에 key 복사, 로그인없이 사용 (0) | 2021.06.02 |
| [CentOS] yum repository 구성 (0) | 2021.05.27 |
| 쉘 스크립트에서 sed 명령에 변수 사용하여 파일내 문자열 치환 (0) | 2021.05.06 |