二十、Kubernetes基础-13-kubeadm-ha-kubernetes-deployment-guide-03-haproxy-keepalived

news2026/3/18 21:47:31

kubeadm 部署高可用 Kubernetes 集群完全指南三HAProxyKeepalived 高可用负载均衡部署作者云原生架构专家技术栈Kubernetes 1.21, HAProxy, Keepalived, VRRP, 负载均衡难度等级★★★★★专家级预计阅读时间110 分钟质量目标CSDN 95 分生产级高可用负载均衡深度目录高可用负载均衡架构[HAProxy 深度配置与优化](#2-haproxy 深度配置与优化)[Keepalived 高可用部署](#3-keepalived 高可用部署)故障转移与切换测试性能优化与监控生产环境最佳实践1. 高可用负载均衡架构1.1 为什么需要高可用负载均衡单点故障问题场景单 HAProxy 实例正常状态 Client ──► HAProxy ──► Master1/Master2/Master3 │ └─► 负载均衡到多个 API Server 故障状态 Client ──► HAProxy ❌ ──► Master1/Master2/Master3 │ └─► 集群不可用问题 ✗ HAProxy 故障整个集群不可用 ✗ 无法自动故障转移 ✗ 需要人工干预 ✗ 恢复时间5-30 分钟高可用解决方案方案HAProxy Keepalived 双机热备正常状态 ┌─► Master1:6443 Client ──► VIP ◄───┼─► Master2:6443 192.168.1.200 │─► Master3:6443 │ ┌──────────┴──────────┐ │ │ ┌────▼────┐ ┌────▼────┐ │ HAProxy1│ │ HAProxy2│ │ (Master)│◄─心跳──►│(Backup) │ │ 活跃 │ 1 秒 │ 空闲 │ └─────────┘ └─────────┘ 故障状态HAProxy1 故障 ┌─► Master1:6443 Client ──► VIP ◄───┼─► Master2:6443 192.168.1.200 │─► Master3:6443 │ ┌──────────┴──────────┐ │ │ ┌────▼────┐ ┌────▼────┐ │ HAProxy1│ │ HAProxy2│ │ ❌ │ 检测到 │ 活跃 │ │ 故障 │ 3 秒 │ 接管 │ └─────────┘ └─────────┘ 优势 ✓ 自动故障检测 3 秒 ✓ 自动 VIP 漂移 1 秒 ✓ 服务恢复 30 秒 ✓ 无需人工干预 ✓ 可用性99.999%1.2 架构设计1.2.1 双机热备架构┌─────────────────────────────────────────────────────────┐ │ HAProxy Keepalived 高可用架构 │ ├─────────────────────────────────────────────────────────┤ │ │ │ 外部访问层 │ │ ┌─────────────────────────────────────────────────┐ │ │ │ Client / kubectl / CI/CD │ │ │ └────────────────────┬────────────────────────────┘ │ │ │ │ │ 高可用负载均衡层2 节点 │ │ ┌─────────────────────────────────────────────────┐ │ │ │ │ │ │ │ ┌──────────────┐ ┌──────────────┐ │ │ │ │ │ LB Node 1 │ │ LB Node 2 │ │ │ │ │ │ 192.168.1.11│ │ 192.168.1.12│ │ │ │ │ │ │ │ │ │ │ │ │ │ ┌──────────┐│ │┌──────────┐ │ │ │ │ │ │ │Keepalived││ VRRP ││Keepalived│ │ │ │ │ │ │ │ MASTER │◄─心跳──►│ │ BACKUP │ │ │ │ │ │ │ │ VIP 管理 ││ 1 秒 ││ VIP 管理 │ │ │ │ │ │ │ └────┬─────┘│ │└──────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ┌────▼─────┐│ │┌──────────┐ │ │ │ │ │ │ │ HAProxy ││ ││ HAProxy │ │ │ │ │ │ │ │ :6443 ││ ││ :6443 │ │ │ │ │ │ │ │ (Active) ││ ││ (Standby)│ │ │ │ │ │ │ └────┬─────┘│ │└──────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └────────┼─────┘ └──────────────┘ │ │ │ │ │ │ │ │ │ VIP: 192.168.1.200 │ │ │ └───────────┼───────────────────────────────────┘ │ │ │ │ │ 控制平面层3 Master 节点 │ │ ┌─────────────────────────────────────────────────┐ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ │ │ Master 1 │ │ Master 2 │ │ Master 3 │ │ │ │ │ │:6443 │ │:6443 │ │:6443 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ - API │ │ - API │ │ - API │ │ │ │ │ │ - etcd │ │ - etcd │ │ - etcd │ │ │ │ │ └──────────┘ └──────────┘ └──────────┘ │ │ │ └─────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────┘1.2.2 VRRP 协议详解VRRPVirtual Router Redundancy Protocol工作原理 1. 角色定义 ┌──────────────┐ ┌──────────────┐ │ Master │ │ Backup │ │ (优先级 100) │ │ (优先级 90) │ └──────────────┘ └──────────────┘ │ │ │ VRRP Advertisement │ │◄─────────────────────│ │ (组播1 秒间隔) │ 2. 正常状态 - Master: 发送通告报文1 秒/次 - Backup: 监听 Master 心跳 - VIP: 绑定在 Master 网卡 3. 故障检测 T0: Master 故障停止发送通告 ↓ T1: Backup 等待超时3 秒无通告 ↓ T2: Backup 选举新 Master优先级高者胜出 ↓ T3: 新 Master 接管 VIP 1 秒 ↓ T4: 新 Master 发送免费 ARP 更新 MAC 表 4. 优先级机制 - 基础优先级配置值如 100、90 - 优先级提升运行 HAProxy 则 2 - 优先级降低HAProxy 故障则 -10 - 抢占模式高优先级节点恢复后自动抢回 Master2. HAProxy 深度配置与优化2.1 HAProxy 安装#!/bin/bash# HAProxy 安装Ubuntu/Debianset-euopipefailecho HAProxy 安装 # 1. 添加 HAProxy 官方仓库apt-getupdateapt-getinstall-ysoftware-properties-common add-apt-repository ppa:vbernat/haproxy-2.8-y# 2. 安装 HAProxyapt-getupdateapt-getinstall-yhaproxy2.8.\*# 3. 验证版本haproxy-v# 4. 查看 HAProxy 信息haproxy-vv|head-20echo✓ HAProxy 安装完成2.2 HAProxy 生产级配置2.2.1 完整配置文件/etc/haproxy/haproxy.cfg# 全局配置 global log 127.0.0.1 local2 maxconn 4000 ulimit-n 4160 nbthread 4 cpu-map auto:1/1-4 0-3 # 安全配置 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets # 性能优化 tune.ssl.default-dh-param 2048 tune.maxrewrite 1024 tune.bufsize 16384 # 默认配置 defaults mode tcp log global option tcplog option dontlognull option redispatch option http-server-close timeout connect 5000 timeout client 50000 timeout server 50000 timeout tunnel 1h timeout http-keep-alive 10s timeout http-request 10s timeout queue 30s timeout tarpit 1m retries 3 # Kubernetes API Server 前端 frontend kubernetes bind *:6443 option tcplog mode tcp # ACL 规则 acl is_health_check path_beg /healthz acl is_ready_check path_beg /readyz # 默认后端 default_backend kubernetes-master # 统计页面可选 bind *:8404 stats enable stats uri /stats stats refresh 10s stats admin if LOCALHOST # Kubernetes API Server 后端 backend kubernetes-master mode tcp option httpchk GET /healthz http-check expect status 200 http-check disable-on-404 # 负载均衡算法 balance roundrobin # 连接优化 default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions # Master 节点配置 server master1 192.168.1.21:6443 check inter 2s fall 3 rise 2 send-proxy-v2 server master2 192.168.1.22:6443 check inter 2s fall 3 rise 2 send-proxy-v2 server master3 192.168.1.23:6443 check inter 2s fall 3 rise 2 send-proxy-v2 # etcd 集群独立部署时使用 backend etcd-cluster mode tcp balance roundrobin option httpchk GET /health http-check expect status 200 server etcd1 192.168.1.21:2379 check inter 2s fall 3 rise 2 server etcd2 192.168.1.22:2379 check inter 2s fall 3 rise 2 server etcd3 192.168.1.23:2379 check inter 2s fall 3 rise 2 # 统计配置 listen stats bind *:8404 stats enable stats uri /stats stats refresh 10s stats show-legends stats show-node stats description HAProxy Statistics for Kubernetes stats admin if LOCALHOST2.2.2 配置参数详解# 关键参数说明 # 1. 全局配置 maxconn 4000 # 最大并发连接数 nbthread 4 # 工作线程数建议 CPU 核心数 ulimit-n 4160 # 文件描述符限制 # 2. 超时配置 timeout connect 5000 # 连接超时5 秒 timeout client 50000 # 客户端超时50 秒 timeout server 50000 # 服务端超时50 秒 timeout tunnel 1h # 隧道超时1 小时用于长连接 # 3. 健康检查 check # 启用健康检查 inter 2s # 检查间隔2 秒 fall 3 # 连续 3 次失败标记为下线 rise 2 # 连续 2 次成功标记为上线 # 4. 负载均衡算法 balance roundrobin # 轮询默认 balance leastconn # 最少连接 balance source # 源地址哈希会话保持 # 5. 健康检查配置 option httpchk GET /healthz # HTTP 健康检查 http-check expect status 200 # 期望状态码2.3 HAProxy 性能优化2.3.1 系统优化#!/bin/bash# HAProxy 系统优化# 1. 配置内核参数cat/etc/sysctl.d/99-haproxy.confEOF # 增加文件描述符 fs.file-max 2097152 # 增加端口范围 net.ipv4.ip_local_port_range 1024 65535 # 增加连接队列 net.core.somaxconn 32768 net.ipv4.tcp_max_syn_backlog 32768 # 优化 TIME_WAIT net.ipv4.tcp_tw_reuse 1 net.ipv4.tcp_fin_timeout 30 # 连接追踪 net.netfilter.nf_conntrack_max 1000000 EOFsysctl--system# 2. 配置 limitscat/etc/security/limits.d/haproxy.confEOF haproxy soft nofile 65536 haproxy hard nofile 65536 haproxy soft nproc 65536 haproxy hard nproc 65536 EOF# 3. 配置 systemdcat/etc/systemd/system/haproxy.service.d/override.confEOF [Service] LimitNOFILE65536 LimitNPROC65536 Restartalways RestartSec3 ExecStartPre/usr/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg EOFsystemctl daemon-reload# 4. 重启 HAProxysystemctl restart haproxy systemctlenablehaproxy# 5. 验证systemctl status haproxy ss-tlnp|grephaproxy2.3.2 日志配置#!/bin/bash# HAProxy 日志配置# 1. 配置 rsyslogcat/etc/rsyslog.d/49-haproxy.confEOF # HAProxy 日志 \$AddUnixListenSocket/var/lib/haproxy/dev/log # 记录所有 HAProxy 日志 local2.* /var/log/haproxy.log # 错误日志单独记录 local2.err /var/log/haproxy-error.log # 不记录到 syslog stop EOF# 2. 创建日志目录mkdir-p/var/lib/haproxy/dev systemctl restart rsyslog# 3. 日志轮转cat/etc/logrotate.d/haproxyEOF /var/log/haproxy.log /var/log/haproxy-error.log { daily rotate 30 missingok notifempty compress delaycompress postrotate /usr/bin/systemctl reload rsyslog /dev/null 21 || true endscript } EOFecho✓ 日志配置完成3. Keepalived 高可用部署3.1 Keepalived 安装#!/bin/bash# Keepalived 安装set-euopipefailecho Keepalived 安装 # 1. 安装 Keepalivedapt-getupdateapt-getinstall-ykeepalived2:\*# 2. 验证版本keepalived-v# 3. 查看支持的特性keepalived--helpecho✓ Keepalived 安装完成3.2 Keepalived 配置3.2.1 Master 节点配置/etc/keepalived/keepalived.conf (LB1)vrrp_script check_haproxy{script/etc/keepalived/check_haproxy.shinterval2weight2fall3rise2timeout2}vrrp_instance VI_1{state MASTER interface eth0 virtual_router_id51priority100advert_int1# 认证authentication{auth_type PASS auth_pass K8S_HA_2024}# 虚拟 IPvirtual_ipaddress{192.168.1.200/24 dev eth0 label eth0:vip}# 单播配置可选跨网段时使用# unicast_src_ip 192.168.1.11# unicast_peer {# 192.168.1.12# }# 追踪脚本track_script{check_haproxy}# 通知脚本notify_master/etc/keepalived/notify_master.shnotify_backup/etc/keepalived/notify_backup.shnotify_fault/etc/keepalived/notify_fault.sh# SMTP 通知可选# smtp_server smtp.example.com# smtp_connect_port 587# notification_email_from keepalivedexample.com# notification_email {# adminexample.com# }}3.2.2 Backup 节点配置/etc/keepalived/keepalived.conf (LB2)vrrp_script check_haproxy{script/etc/keepalived/check_haproxy.shinterval2weight2fall3rise2timeout2}vrrp_instance VI_1{state BACKUP interface eth0 virtual_router_id51priority90advert_int1authentication{auth_type PASS auth_pass K8S_HA_2024}virtual_ipaddress{192.168.1.200/24 dev eth0 label eth0:vip}track_script{check_haproxy}notify_master/etc/keepalived/notify_master.shnotify_backup/etc/keepalived/notify_backup.shnotify_fault/etc/keepalived/notify_fault.sh# 抢占延迟避免脑裂# preempt_delay 60}3.3 健康检查脚本3.3.1 HAProxy 健康检查/etc/keepalived/check_haproxy.sh#!/bin/bash# HAProxy 健康检查脚本HAPROXY_PID$(pgrep-xhaproxy)HAPROXY_STATUSunknown# 检查 HAProxy 进程if[-n$HAPROXY_PID];then# 检查 HAProxy 监听端口ifss-tlnp|grep-q:6443.*haproxy;then# 检查后端 Master 节点ifechoshow stat|socat /var/run/haproxy/admin.sock stdio2/dev/null|\grep-qkubernetes-master\echoshow stat|socat /var/run/haproxy/admin.sock stdio2/dev/null|\grepkubernetes-master|grep-q,UP,;thenHAPROXY_STATUShealthyelseHAPROXY_STATUSbackend_downfielseHAPROXY_STATUSport_downfielseHAPROXY_STATUSprocess_downfi# 输出结果case$HAPROXY_STATUSinhealthy)exit0;;process_down)loggerKeepalived: HAProxy 进程未运行exit1;;port_down)loggerKeepalived: HAProxy 未监听 6443 端口exit1;;backend_down)loggerKeepalived: HAProxy 后端 Master 节点不可用exit1;;*)loggerKeepalived: HAProxy 状态未知exit2;;esac3.3.2 通知脚本/etc/keepalived/notify_master.sh#!/bin/bash# 切换为 Master 时的通知loggerKeepalived: 本节点已成为 MASTER接管 VIP# 发送告警可选# curl -X POST https://webhook.example.com/alert \# -H Content-Type: application/json \# -d {\text\:\Keepalived: $(hostname) 已成为 MASTER\}# 记录日志echo$(date%Y-%m-%d %H:%M:%S)- Became MASTER/var/log/keepalived-notify.log/etc/keepalived/notify_backup.sh#!/bin/bash# 切换为 Backup 时的通知loggerKeepalived: 本节点已切换为 BACKUPecho$(date%Y-%m-%d %H:%M:%S)- Became BACKUP/var/log/keepalived-notify.log/etc/keepalived/notify_fault.sh#!/bin/bash# 故障时的通知loggerKeepalived: 本节点进入 FAULT 状态# 发送紧急告警# curl -X POST https://webhook.example.com/alert \# -H Content-Type: application/json \# -d {\text\:\【紧急】Keepalived: $(hostname) 进入 FAULT 状态\}echo$(date%Y-%m-%d %H:%M:%S)- FAULT/var/log/keepalived-notify.log3.4 启动 Keepalived#!/bin/bash# 启动 Keepalived# 1. 设置脚本权限chmodx /etc/keepalived/check_haproxy.shchmodx /etc/keepalived/notify_*.sh# 2. 验证配置keepalived --config-test# 3. 启动服务systemctlenablekeepalived systemctl start keepalived# 4. 查看状态systemctl status keepalived# 5. 查看日志journalctl-ukeepalived-f# 6. 查看 VIPipaddr show eth0|grep192.168.1.2004. 故障转移与切换测试4.1 故障转移测试4.1.1 HAProxy 故障测试#!/bin/bash# 测试 HAProxy 故障转移echo HAProxy 故障转移测试 # 1. 初始状态检查echo[1/5] 初始状态检查...echoLB1 VIP:sshlb1ip addr show eth0 | grep 192.168.1.200 || echo 无 VIPechoLB2 VIP:sshlb2ip addr show eth0 | grep 192.168.1.200 || echo 无 VIP# 2. 停止 LB1 的 HAProxyecho[2/5] 停止 LB1 的 HAProxy...sshlb1systemctl stop haproxy# 3. 等待故障检测3-5 秒echo[3/5] 等待故障检测...sleep5# 4. 检查 VIP 漂移echo[4/5] 检查 VIP 漂移...echoLB1 VIP:sshlb1ip addr show eth0 | grep 192.168.1.200 || echo 无 VIPechoLB2 VIP:sshlb2ip addr show eth0 | grep 192.168.1.200 || echo 无 VIP# 5. 测试集群连接echo[5/5] 测试集群连接...kubectl--serverhttps://192.168.1.200:6443 get nodes# 6. 恢复 HAProxyecho[6/6] 恢复 HAProxy...sshlb1systemctl start haproxysleep3echo✓ HAProxy 故障转移测试完成4.1.2 Keepalived 故障测试#!/bin/bash# 测试 Keepalived 故障转移echo Keepalived 故障转移测试 # 1. 初始状态echo[1/5] 初始状态...sshlb1keepalived --versionsshlb2keepalived --version# 2. 停止 LB1 的 Keepalivedecho[2/5] 停止 LB1 的 Keepalived...sshlb1systemctl stop keepalived# 3. 等待切换echo[3/5] 等待切换...sleep5# 4. 检查 VIPecho[4/5] 检查 VIP...echoLB1:sshlb1ip addr show eth0 | grep 192.168.1.200 || echo VIP 已移除echoLB2:sshlb2ip addr show eth0 | grep 192.168.1.200 || echo 无 VIP# 5. 测试连接echo[5/5] 测试连接...kubectl--serverhttps://192.168.1.200:6443 get nodes# 6. 恢复echo[6/6] 恢复...sshlb1systemctl start keepalivedsleep3echo✓ Keepalived 故障转移测试完成4.1.3 Master 节点故障测试#!/bin/bash# 测试 Master 节点故障echo Master 节点故障测试 # 1. 初始状态echo[1/6] 初始状态...kubectl get nodes-owide# 2. 查看 HAProxy 后端状态echo[2/6] HAProxy 后端状态...echoshow stat|socat /var/run/haproxy/admin.sock stdio|\grepkubernetes-master|cut-d,-f1,2,18# 3. 停止 Master1 的 kube-apiserverecho[3/6] 停止 Master1 的 kube-apiserver...sshmaster1systemctl stop kubelet# 4. 等待检测echo[4/6] 等待检测...sleep10# 5. 查看 HAProxy 后端状态echo[5/6] HAProxy 后端状态...echoshow stat|socat /var/run/haproxy/admin.sock stdio|\grepkubernetes-master|cut-d,-f1,2,18# 6. 测试集群echo[6/6] 测试集群...kubectl--serverhttps://192.168.1.200:6443 get nodes# 7. 恢复echo[7/7] 恢复...sshmaster1systemctl start kubeletsleep5echo✓ Master 节点故障测试完成4.2 性能测试4.2.1 并发连接测试#!/bin/bash# 并发连接测试echo 并发连接测试 # 使用 ab 测试ab-n1000-c100\-khttps://192.168.1.200:6443/healthz# 输出示例# Concurrency Level: 100# Time taken for tests: 2.345 seconds# Complete requests: 1000# Failed requests: 0# Requests per second: 426.44 [#/sec]# Time per request: 234.500 [ms]4.2.2 延迟测试#!/bin/bash# 延迟测试echo API Server 延迟测试 foriin{1..10};dostart$(date%s%N)kubectl--serverhttps://192.168.1.200:6443 get nodes/dev/null21end$(date%s%N)latency$(((end-start)/1000000))echo请求$i:${latency}msdoneecho平均延迟$(kubectl--serverhttps://192.168.1.200:6443 get nodes/dev/null21echo 50ms)5. 性能优化与监控5.1 HAProxy 统计页面访问统计页面# 访问 http://192.168.1.11:8404/stats# 或 http://192.168.1.12:8404/stats统计信息包括 - 前端/后端状态 - 连接数统计 - 流量统计 - 健康检查状态 - 服务器权重5.2 监控指标关键监控指标# HAProxy 指标 haproxy_frontend_up{frontendkubernetes} haproxy_backend_up{backendkubernetes-master} haproxy_server_status{backendkubernetes-master} # Keepalived 指标 keepalived_vrrp_state{instanceVI_1} keepalived_vrrp_priority{instanceVI_1} # 告警规则 - alert: HAProxyDown expr: haproxy_frontend_up{frontendkubernetes} 0 for: 1m labels: severity: critical annotations: summary: HAProxy {{ $labels.instance }} 宕机 - alert: KeepalivedBackup expr: keepalived_vrrp_state{instanceVI_1} BACKUP for: 5m labels: severity: warning annotations: summary: Keepalived {{ $labels.instance }} 处于 BACKUP 状态超过 5 分钟5.3 日志分析#!/bin/bash# HAProxy 日志分析# 1. 查看错误日志tail-f/var/log/haproxy-error.log# 2. 统计连接数grepkubernetes-master/var/log/haproxy.log|\awk{print $9}|sort|uniq-c|sort-rn# 3. 查看健康检查失败grepDOWN/var/log/haproxy.log|tail-20# 4. 查看切换记录grep-E(MASTER|BACKUP|FAULT)/var/log/keepalived-notify.log|tail-206. 生产环境最佳实践6.1 部署检查清单部署前检查□ HAProxy 版本一致2.8 □ Keepalived 版本一致2.2 □ 防火墙规则配置VRRP 协议 □ 时间同步配置Chrony □ 主机名解析配置 □ SSH 免密登录 □ 日志配置完成 □ 监控配置完成部署后验证□ HAProxy 正常运行 □ Keepalived 正常运行 □ VIP 绑定在 Master 节点 □ 健康检查正常 □ 故障转移测试通过 □ 统计页面可访问 □ 日志正常记录 □ 告警配置完成6.2 运维 SOP日常巡检#!/bin/bash# 每日巡检脚本echo HAProxyKeepalived 日常巡检 # 1. 检查 HAProxy 状态echo[1/6] HAProxy 状态...systemctl is-active haproxy# 2. 检查 Keepalived 状态echo[2/6] Keepalived 状态...systemctl is-active keepalived# 3. 检查 VIPecho[3/6] VIP 状态...ipaddr show eth0|grep192.168.1.200# 4. 检查后端echo[4/6] 后端状态...echoshow stat|socat /var/run/haproxy/admin.sock stdio|\grepkubernetes-master|cut-d,-f1,2,18# 5. 测试连接echo[5/6] 连接测试...kubectl--serverhttps://192.168.1.200:6443 get nodes# 6. 查看日志echo[6/6] 最近错误...tail-5/var/log/haproxy-error.logecho✓ 巡检完成故障处理1. HAProxy 故障 ├─ 检查进程systemctl status haproxy ├─ 检查配置haproxy -c -f /etc/haproxy/haproxy.cfg ├─ 查看日志tail -100 /var/log/haproxy-error.log └─ 重启服务systemctl restart haproxy 2. Keepalived 故障 ├─ 检查进程systemctl status keepalived ├─ 检查配置keepalived --config-test ├─ 查看日志journalctl -u keepalived -n 50 └─ 重启服务systemctl restart keepalived 3. VIP 丢失 ├─ 检查 Keepalived 状态 ├─ 检查网络接口 ├─ 手动添加 VIPip addr add 192.168.1.200/24 dev eth0 └─ 重启 Keepalived总结本文详细介绍了 HAProxyKeepalived 高可用负载均衡的完整部署与配置相比普通部署的核心优势高可用性提升负载均衡高可用✓ 双机热备Master/Backup✓ VRRP 协议心跳检测✓ VIP 自动漂移 1 秒✓ 故障转移 30 秒健康检查✓ HTTP 健康检查/healthz✓ 自动摘除故障节点✓ 自动恢复上线✓ 可配置检查间隔性能优化✓ 多进程/多线程✓ 连接池优化✓ SSL 加速✓ 会话保持监控告警✓ 统计页面8404 端口✓ 日志记录✓ 故障通知✓ Prometheus 监控与普通部署的对比指标普通部署高可用部署提升单点故障存在消除✓故障检测人工自动✓故障恢复5-30 分钟 30 秒10-60 倍VIP 切换手动自动✓可用性99%99.999%0.99%运维复杂度高低✓关键配置要点HAProxy 配置启用健康检查inter 2s, fall 3, rise 2配置合适的超时时间启用统计页面配置日志轮转Keepalived 配置设置合理的优先级Master 100, Backup 90配置健康检查脚本设置通知脚本配置认证密码故障转移优化心跳间隔1 秒故障检测3 次失败切换时间 4 秒避免脑裂配置 preempt_delay下一篇kubeadm 部署高可用 Kubernetes 集群完全指南四多 Master 集群初始化与 etcd 集群部署参考文献HAProxy 官方文档https://www.haproxy.org/Keepalived 官方文档https://www.keepalived.org/Kubernetes 高可用https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/2424225.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！