二进制基于kubeasz部署 K8s 1.34.x 高可用集群实战指南-第二章:HAProxy + Keepalived负载均衡高可用配置(2-4)
0.部署节点安装 Docker (仅在 160 执行)
# 安装 Docker (用于 kubeasz)
cd /usr/local/src
tar xvf runtime-docker_24.0.9-containerd_1.7.20-binary-install.tar.gz
bash runtime-install.sh docker
# 验证
docker version第二章:HAProxy + Keepalived负载均衡高可用配置
目标:在 109 和 110 节点部署 HAProxy + Keepalived,为 Kubernetes API Server 提供高可用访问入口(VIP: 192.168.44.188:6443)。
2.1 架构说明
┌─────────────────┐
│ 客户端访问 │
│ (kubectl) │
└────────┬────────┘
▼
┌─────────────────┐
│ VIP: 192.168.44.188:6443 │
└────────┬────────┘
│
┌──────────────┴──────────────┐
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ HAProxy1 │ │ HAProxy2 │
│ 192.168.44.109 │◄─────────►│ 192.168.44.110 │
│ (Keepalived │ │ (Keepalived │
│ MASTER) │ │ BACKUP) │
└────────┬────────┘ └────────┬────────┘
│ │
└──────────────┬──────────────┘
▼
┌─────────────────────────────┐
│ Kubernetes API Server │
│ 192.168.44.101:6443 │
│ 192.168.44.102:6443 │
│ 192.168.44.103:6443 │
└─────────────────────────────┘2.2 安装软件 (两台节点 109 和 110 都执行)
# 登录 192.168.44.109 和 192.168.44.110
ssh root@192.168.44.109
ssh root@192.168.44.110
# 安装 HAProxy 和 Keepalived
apt update
apt install -y haproxy keepalived
# 验证安装
haproxy -v
keepalived -v2.3 配置 Keepalived
2.3.1 主节点配置 (192.168.44.109)
cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
router_id LVS_MASTER
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 150 # 主节点优先级高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.44.188/24 dev ens33 # 这里必须是 ens33
}
}
EOF2.3.2 备节点配置 (192.168.44.110)
cat > /etc/keepalived/keepalived.conf << EOF
global_defs {
router_id LVS_BACKUP
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100 # 备节点优先级低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.44.188/24 dev ens33 # 这里必须是 ens33
}
}
EOF2.3.3 启动 Keepalived
# 两台都执行
systemctl enable keepalived
systemctl start keepalived
systemctl status keepalived
# 验证 VIP (只在主节点显示)
ip addr show | grep 192.168.44.1882.4 配置 HAProxy (两台节点配置相同)
cat > /etc/haproxy/haproxy.cfg << 'EOF'
global
log /dev/log local0
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
timeout connect 5s
timeout client 50s
timeout server 50s
frontend k8s-api
bind *:6443
mode tcp
default_backend k8s-masters
backend k8s-masters
mode tcp
balance roundrobin
server master1 192.168.44.101:6443 check inter 3s fall 3 rise 5
server master2 192.168.44.102:6443 check inter 3s fall 3 rise 5
server master3 192.168.44.103:6443 check inter 3s fall 3 rise 5
EOF
# 启动 HAProxy
systemctl enable haproxy
systemctl start haproxy
systemctl status haproxy
# 验证监听
netstat -tnlp | grep 6443
# 预期输出: tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN xxx/haproxy2.5 验证负载均衡
2.5.1 验证 VIP 漂移
# 在主节点查看 VIP
ip addr show | grep 192.168.44.188
# 停止主节点 Keepalived 测试 VIP 漂移
systemctl stop keepalived
# 在备节点查看 VIP (应该出现)
ip addr show | grep 192.168.44.188
# 恢复主节点
systemctl start keepalived2.5.2 验证 API Server 代理
# 在任意节点测试 (或部署节点)
curl -k https://192.168.44.188:6443/version
# 预期输出 (虽然还没部署 API Server,但会显示连接被拒绝)
# 待 Master 部署完成后可正常访问
# 验证 HAProxy 后端健康检查
echo "show stat" | socat /run/haproxy/admin.sock stdio 2>/dev/null | grep k8s-masters2.6 本章检查清单
|----------------|------------------------------------------|-----------------------------|
| 检查项 | 验证命令 | 预期结果 |
| Keepalived 主节点 | ip addr show | grep 188 | 显示 192.168.44.188 |
| Keepalived 备节点 | ip addr show | grep 188 | 无显示 (VIP 不在备节点) |
| HAProxy 监听 | netstat -tnlp | grep 6443 | 显示 LISTEN |
| VIP 漂移 | systemctl stop keepalived | VIP 切换到备节点 |
| HAProxy 语法 | haproxy -f /etc/haproxy/haproxy.cfg -c | Configuration file is valid |
2.7 故障模拟测试
# 模拟主节点故障
systemctl stop keepalived
# 检查备节点 VIP 是否接管
# 模拟恢复
systemctl start keepalived
# 模拟 HAProxy 故障
systemctl stop haproxy
# 检查端口是否还在监听
# 模拟恢复
systemctl start haproxy