K8S安装过程二：安装Keepalived服务

前置条件

完成 K8S安装过程一：Linux升级内核

---

1. 准备工作

1.1 服务器准备

1.2 关闭防火墙

关闭上边三台服务器的防火墙功能。主要完成两个操作。

1.2.1 关闭 firewalld 防火墙服务

systemctl stop firewalld
systemctl disable firewalld
1
2

1.2.2 修改 /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
1
2
3
4
5
6
7
8
9
10
11

将上边配置文件中 SELINUX 设置成 disabled。可通过 getenforce 指令来获取 selinux 的状态。

getenforce
1

输出信息是：Disabled。表示当前系统 selinux 已经被设置为 disabled。

1.2.3 重启服务器

使用 root 账户执行重启服务器的命令

reboot
1

重启完成后，服务器防火墙被关闭。可使用命令行查看防火墙状态，

systemctl status firewalld
1

输出信息如下：

 firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
1
2
3
4

Active 值为 inactive，表示防火墙已经彻底的关闭。

2. keepalived 部署与启动

keepalived 部署过程中所有的节点中都涉及到 vip 信息。如果部署 keepalived 的服务器在云服务厂商购买，请在云服务厂商控制台申请虚拟IP信息。如果在部署 keepalived 过程中随意填写一个 vip，则会造成只有绑定了 vip 的节点才能访问 vip，其他节点无法访问 vip 的情况。

华为云申请虚拟IP介绍

• 网络控制台选择子网
  
• 点击申请虚拟IP地址
  
• 将虚拟IP地址绑定到所有的节点上
  

2.1 部署 keepalived

在每个节点上分别执行下边的操作步骤，安装部署 keepalived 服务

2.1.1 源代码安装 keepalived

• 安装基础依赖工具包

su - root
yum groupinstall -y "development tools"
yum install -y openssl-devel libnl-devel.x86_64 libnl3-devel.x86_64
1
2
3

• 获取源代码

su - root
cd /opt
wget https://www.keepalived.org/software/keepalived-2.2.7.tar.gz
1
2
3

• 编译与安装

su - root
tar -xvf keepalived-2.2.7.tar.gz
cd keepalived-2.2.7
./configure
make
make instal
1
2
3
4
5
6

2.1.2 keepalived 安装配置

• 复制 keepalived 到 /etc/init.d 目录

su - root
cp /opt/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf
1
2
3
4
5

• /etc/keepalived/keepalived.conf 配置内容

! Configuration File for keepalived

global_defs {
   smtp_connect_timeout 30
   router_id LVS_DEVEL_01
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass xxxxxxxxxxxx
    }
    virtual_ipaddress {
        192.168.0.110
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

上边配置中的 virtual_ipaddress 是 vip 地址。auth_pass 的值根据需要进行调整。

2.2 启动服务

• 设置开机启动项

systemctl enable keepalived
systemctl start keepalived
1
2

• 检查服务启动状态

systemctl  status keepalived
1