```sh
防火墙端口映射80/443到LVS的VIP对应80/443,LVS负载均衡K8S节点IP的80/443端口。ingress-nginx-controller服务暴露方式通过(HostNetwork:80/443)。实现的效果119.x.x.x:80/443-->172.16.100.99:80/443(LVS VIP)--> 172.16.100.100:80/443,172.16.100.101:80/443,172.16.100.102:80/443
```
配置规划
```sh
+----------------+----------------+--------+--------------------------+
| Host | IP | Port | SoftWare |
+----------------+----------------+--------+--------------------------+
| LVS01 | 172.16.100.27 | 80/443 | LVS,Keepalived |
| LVS02 | 172.16.100.28 | 80/443 | LVS,Keepalived |
| RS/k8s-master1 | 172.16.100.100 | 80/443 | ingress-nginx-controller |
| RS/k8s-master2 | 172.16.100.101 | 80/443 | ingress-nginx-controller |
| RS/k8s-node1 | 172.16.100.102 | 80/443 | ingress-nginx-controller |
| VIP | 172.16.100.99 | 80/443 | / |
+----------------+----------------+--------+--------------------------+
```
安装lvs和keepalived(`172.16.100.27/172.16.100.28`)
```sh
$ yum install ipvsadm keepalived -y
$ systemctl enable keepavlied
```
配置keepalived(`172.16.100.27`)
```sh
$ cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
router_id LVS_27 #route id
}
vrrp_instance VI_1 {
state MASTER #主节点
interface ens192 #网卡
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.100.99
}
}
virtual_server 172.16.100.99 443 {
delay_loop 3
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 172.16.100.100 443 {
weight 1
TCP_CHECK {
connect_port 443
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.100.101 443 {
weight 1
TCP_CHECK {
connect_port 443
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.100.102 443 {
weight 1
TCP_CHECK {
connect_port 443
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.16.100.99 80 {
delay_loop 3
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 172.16.100.100 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.100.101 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.100.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
EOF
```
配置keepalived(`172.16.100.28`)
```sh
$ cat /etc/keepalived/keepalived.conf
...
global_defs {
router_id LVS_28 #route id,两台机器配置不一样
}
vrrp_instance VI_1 {
state BACKUP #备份节点
interface ens192 #网卡名
virtual_router_id 51
priority 99 #优先级
...
```
配置RS节点(`172.16.100.100/172.16.100.101/172.16.100.102`)
```sh
$ cat >/etc/init.d/lvs_rs.sh <<EOF
vip=172.16.100.99
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
EOF
```
启动脚本
```sh
$ chmod +x /etc/init.d/lvs_rs.sh
$ /etc/init.d/lvs_rs.sh start
```
```sh
$ ip a #查看lo:1接口VIP是否绑定
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.100.99/32 scope global lo:1
valid_lft forever preferred_lft forever
```
启动keepalived(`172.16.100.27/172.16.100.28`)
```sh
$ systemctl start keepavlied
```
查看VIP是否绑定
```sh
$ ip a
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:93:ed:a4 brd ff:ff:ff:ff:ff:ff
inet 172.16.100.27/24 brd 172.16.100.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 172.16.100.99/32 scope global ens192
valid_lft forever preferred_lft forever
```
查看LVS信息
```sh
$ ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.100.99:80 rr persistent 50
-> 172.16.100.100:80 Route 1 0 0
-> 172.16.100.101:80 Route 1 0 0
-> 172.16.100.102:80 Route 1 0 0
TCP 172.16.100.99:443 rr persistent 50
-> 172.16.100.100:443 Route 1 0 0
-> 172.16.100.101:443 Route 1 0 0
-> 172.16.100.102:443 Route 1 0 0
```