增加配置ingress nodeport 负载转发的脚本与文档

2018-11-30 23:42:53 +08:00 · 2018-11-30 23:42:53 +08:00 · 68e7cdc959
parent 989433e4e2
commit 68e7cdc959
5 changed files with 75 additions and 0 deletions
--- a/docs/op/loadballance_ingress_nodeport.md
+++ b/docs/op/loadballance_ingress_nodeport.md
@ -0,0 +1,54 @@
 # 配置负载转发 ingress nodeport
 向集群外暴露 ingress-controller 本身的服务端口（80/443/8080）一般有以下三种方法：
 - 1.部署ingress-controller时使用`hostNetwork: true`，这样就可以直接使用上述端口，可能与host已listen端口冲突
 - 2.部署ingress-controller时使用`LoadBalancer`类型服务，需要集群支持`LoadBalancer`
 - 3.部署ingress-controller时使用`nodePort`类型服务，然后在集群外使用 haproxy/f5 等配置 virtual server 集群
 本文档讲解使用 haproxy 配置 ingress的 VS 集群，前提是`多主多节点集群`并且配置了自建`lb`节点
 ## 1.配置 lb 参数开启转发 ingress nodeport
 ``` bash
 # 编辑 roles/lb/defaults/main.yml，配置如下变量
 INGRESS_NODEPORT_LB: "yes"
 INGRESS_TLS_NODEPORT_LB: "yes"
 ```
 ## 2.重新配置启动LB节点服务
 ``` bash
 $ ansible-playbook /etc/ansible/roles/lb/lb.yml
 ```
 ## 3.验证 lb 节点的 haproxy 服务配置 `/etc/haproxy/haproxy.cfg` 包含如下配置
 ``` bash
 ... 前文省略
 listen kube-master
        bind 0.0.0.0:8443
        mode tcp
        option tcplog
        balance roundrobin
        server 192.168.1.41 192.168.1.41:6443 check inter 2000 fall 2 rise 2 weight 1
        server 192.168.1.42 192.168.1.42:6443 check inter 2000 fall 2 rise 2 weight 1
 listen ingress-node
        bind 0.0.0.0:80
        mode tcp
        option tcplog
        balance roundrobin
        server 192.168.1.43 192.168.1.43:23456 check inter 2000 fall 2 rise 2 weight 1
        server 192.168.1.44 192.168.1.44:23456 check inter 2000 fall 2 rise 2 weight 1
 listen ingress-node-tls
        bind 0.0.0.0:443
        mode tcp
        option tcplog
        balance roundrobin
        server 192.168.1.43 192.168.1.43:23457 check inter 2000 fall 2 rise 2 weight 1
        server 192.168.1.44 192.168.1.44:23457 check inter 2000 fall 2 rise 2 weight 1
 ```
 验证成功后，我们可以方便的去做[配置ingress](../guide/ingress.md)和[配置https ingress](../guide/ingress-tls.md)实验了。
--- a/docs/op/op-index.md
+++ b/docs/op/op-index.md
@ -10,3 +10,4 @@
 - [集群备份与恢复](cluster_restore.md)
 - [设置只读权限 kubeconfig](readonly_kubectl.md)
 - [修改 APISERVER 证书](ch_apiserver_cert.md)
 - [配置负载转发 ingress nodeport](loadballance_ingress_nodeport.md)
--- a/roles/lb/defaults/main.yml
+++ b/roles/lb/defaults/main.yml
@ -11,3 +11,5 @@ BALANCE_ALG: "roundrobin"
 # 启用 ingress NodePort服务的负载均衡 (yes/no)
 INGRESS_NODEPORT_LB: "no"
 # 启用 ingress tls NodePort服务的负载均衡 (yes/no)
 INGRESS_TLS_NODEPORT_LB: "no"
--- a/roles/lb/lb.yml
+++ b/roles/lb/lb.yml
@ -0,0 +1,4 @@
 - hosts: lb
  roles:
  - lb
--- a/roles/lb/templates/haproxy.cfg.j2
+++ b/roles/lb/templates/haproxy.cfg.j2
@ -40,3 +40,17 @@ listen ingress-node
        server {{ host }} {{ host }}:23456 check inter 2000 fall 2 rise 2 weight 1
 {% endfor %}
 {% endif %}
 {% if INGRESS_TLS_NODEPORT_LB == "yes" %}
 listen ingress-node-tls
 	bind 0.0.0.0:443
 	mode tcp
        option tcplog
        balance {{ BALANCE_ALG }}
 {% for host in groups['kube-node'] %}
        server {{ host }} {{ host }}:23457 check inter 2000 fall 2 rise 2 weight 1
 {% endfor %}
 {% for host in groups['new-node'] %}
        server {{ host }} {{ host }}:23457 check inter 2000 fall 2 rise 2 weight 1
 {% endfor %}
 {% endif %}