From 68e7cdc959a230c3300e53f9d8fe4ab558da7514 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Fri, 30 Nov 2018 23:42:53 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=85=8D=E7=BD=AEingress=20n?= =?UTF-8?q?odeport=20=E8=B4=9F=E8=BD=BD=E8=BD=AC=E5=8F=91=E7=9A=84?= =?UTF-8?q?=E8=84=9A=E6=9C=AC=E4=B8=8E=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/op/loadballance_ingress_nodeport.md | 54 ++++++++++++++++++++++++ docs/op/op-index.md | 1 + roles/lb/defaults/main.yml | 2 + roles/lb/lb.yml | 4 ++ roles/lb/templates/haproxy.cfg.j2 | 14 ++++++ 5 files changed, 75 insertions(+) create mode 100644 docs/op/loadballance_ingress_nodeport.md create mode 100644 roles/lb/lb.yml diff --git a/docs/op/loadballance_ingress_nodeport.md b/docs/op/loadballance_ingress_nodeport.md new file mode 100644 index 0000000..945b2cc --- /dev/null +++ b/docs/op/loadballance_ingress_nodeport.md @@ -0,0 +1,54 @@ +# 配置负载转发 ingress nodeport + +向集群外暴露 ingress-controller 本身的服务端口(80/443/8080)一般有以下三种方法: + +- 1.部署ingress-controller时使用`hostNetwork: true`,这样就可以直接使用上述端口,可能与host已listen端口冲突 +- 2.部署ingress-controller时使用`LoadBalancer`类型服务,需要集群支持`LoadBalancer` +- 3.部署ingress-controller时使用`nodePort`类型服务,然后在集群外使用 haproxy/f5 等配置 virtual server 集群 + +本文档讲解使用 haproxy 配置 ingress的 VS 集群,前提是`多主多节点集群`并且配置了自建`lb`节点 + +## 1.配置 lb 参数开启转发 ingress nodeport + +``` bash +# 编辑 roles/lb/defaults/main.yml,配置如下变量 +INGRESS_NODEPORT_LB: "yes" +INGRESS_TLS_NODEPORT_LB: "yes" +``` + +## 2.重新配置启动LB节点服务 + +``` bash +$ ansible-playbook /etc/ansible/roles/lb/lb.yml +``` + +## 3.验证 lb 节点的 haproxy 服务配置 `/etc/haproxy/haproxy.cfg` 包含如下配置 + +``` bash +... 前文省略 +listen kube-master + bind 0.0.0.0:8443 + mode tcp + option tcplog + balance roundrobin + server 192.168.1.41 192.168.1.41:6443 check inter 2000 fall 2 rise 2 weight 1 + server 192.168.1.42 192.168.1.42:6443 check inter 2000 fall 2 rise 2 weight 1 + +listen ingress-node + bind 0.0.0.0:80 + mode tcp + option tcplog + balance roundrobin + server 192.168.1.43 192.168.1.43:23456 check inter 2000 fall 2 rise 2 weight 1 + server 192.168.1.44 192.168.1.44:23456 check inter 2000 fall 2 rise 2 weight 1 + +listen ingress-node-tls + bind 0.0.0.0:443 + mode tcp + option tcplog + balance roundrobin + server 192.168.1.43 192.168.1.43:23457 check inter 2000 fall 2 rise 2 weight 1 + server 192.168.1.44 192.168.1.44:23457 check inter 2000 fall 2 rise 2 weight 1 +``` + +验证成功后,我们可以方便的去做[配置ingress](../guide/ingress.md)和[配置https ingress](../guide/ingress-tls.md)实验了。 diff --git a/docs/op/op-index.md b/docs/op/op-index.md index 3e09221..b86468e 100644 --- a/docs/op/op-index.md +++ b/docs/op/op-index.md @@ -10,3 +10,4 @@ - [集群备份与恢复](cluster_restore.md) - [设置只读权限 kubeconfig](readonly_kubectl.md) - [修改 APISERVER 证书](ch_apiserver_cert.md) +- [配置负载转发 ingress nodeport](loadballance_ingress_nodeport.md) diff --git a/roles/lb/defaults/main.yml b/roles/lb/defaults/main.yml index f7f7c78..ecef738 100644 --- a/roles/lb/defaults/main.yml +++ b/roles/lb/defaults/main.yml @@ -11,3 +11,5 @@ BALANCE_ALG: "roundrobin" # 启用 ingress NodePort服务的负载均衡 (yes/no) INGRESS_NODEPORT_LB: "no" +# 启用 ingress tls NodePort服务的负载均衡 (yes/no) +INGRESS_TLS_NODEPORT_LB: "no" diff --git a/roles/lb/lb.yml b/roles/lb/lb.yml new file mode 100644 index 0000000..e621f85 --- /dev/null +++ b/roles/lb/lb.yml @@ -0,0 +1,4 @@ +- hosts: lb + roles: + - lb + diff --git a/roles/lb/templates/haproxy.cfg.j2 b/roles/lb/templates/haproxy.cfg.j2 index ebdb5a5..6efe895 100644 --- a/roles/lb/templates/haproxy.cfg.j2 +++ b/roles/lb/templates/haproxy.cfg.j2 @@ -40,3 +40,17 @@ listen ingress-node server {{ host }} {{ host }}:23456 check inter 2000 fall 2 rise 2 weight 1 {% endfor %} {% endif %} +{% if INGRESS_TLS_NODEPORT_LB == "yes" %} + +listen ingress-node-tls + bind 0.0.0.0:443 + mode tcp + option tcplog + balance {{ BALANCE_ALG }} +{% for host in groups['kube-node'] %} + server {{ host }} {{ host }}:23457 check inter 2000 fall 2 rise 2 weight 1 +{% endfor %} +{% for host in groups['new-node'] %} + server {{ host }} {{ host }}:23457 check inter 2000 fall 2 rise 2 weight 1 +{% endfor %} +{% endif %}