K8S安装过程二：安装Keepalived服务

hzwy23

已于 2022-12-01 23:26:55 修改

阅读量724

点赞数

CC 4.0 BY-SA版权

分类专栏：云原生架构实践文章标签： keepalived vip

于 2022-11-28 17:38:48 首次发布

本文为博主原创文章，未经博主允许不得转载。

本文链接：https://blog.csdn.net/hzwy23/article/details/128083626

云原生架构实践专栏收录该内容

18 篇文章

订阅专栏

本文详细介绍了在CentOS 7环境中，如何关闭防火墙、配置SELinux，并部署和启动Keepalived服务，确保VIP负载均衡。涉及节点设置、源代码安装、配置文件编辑和系统服务管理。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

前置条件

完成 K8S安装过程一：Linux升级内核

1. 准备工作

1.1 服务器准备

节点名称	机器IP	OS版本	keepalived版本
node1	192.168.0.145	Centos 7.9	keepalived-2.2.7
node2	192.168.0.200	Centos 7.9	keepalived-2.2.7
node3	192.168.0.233	Centos 7.9	keepalived-2.2.7

1.2 关闭防火墙

关闭上边三台服务器的防火墙功能。主要完成两个操作。

1.2.1 关闭 firewalld 防火墙服务

systemctl stop firewalld
systemctl disable firewalld

1.2.2 修改 /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

将上边配置文件中 SELINUX 设置成 disabled。可通过 getenforce 指令来获取 selinux 的状态。

getenforce

输出信息是：Disabled。表示当前系统 selinux 已经被设置为 disabled。

1.2.3 重启服务器

使用 root 账户执行重启服务器的命令

reboot

重启完成后，服务器防火墙被关闭。可使用命令行查看防火墙状态，

systemctl status firewalld

输出信息如下：

 firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Active 值为 inactive，表示防火墙已经彻底的关闭。

2. keepalived 部署与启动

keepalived 部署过程中所有的节点中都涉及到 vip 信息。如果部署 keepalived 的服务器在云服务厂商购买，请在云服务厂商控制台申请虚拟IP信息。如果在部署 keepalived 过程中随意填写一个 vip，则会造成只有绑定了 vip 的节点才能访问 vip，其他节点无法访问 vip 的情况。

华为云申请虚拟IP介绍

网络控制台选择子网
点击申请虚拟IP地址
将虚拟IP地址绑定到所有的节点上

2.1 部署 keepalived

在每个节点上分别执行下边的操作步骤，安装部署 keepalived 服务

2.1.1 源代码安装 keepalived

安装基础依赖工具包

su - root
yum groupinstall -y "development tools"
yum install -y openssl-devel libnl-devel.x86_64 libnl3-devel.x86_64

获取源代码

su - root
cd /opt
wget https://www.keepalived.org/software/keepalived-2.2.7.tar.gz

编译与安装

su - root
tar -xvf keepalived-2.2.7.tar.gz
cd keepalived-2.2.7
./configure
make
make instal

2.1.2 keepalived 安装配置

复制 keepalived 到 /etc/init.d 目录

su - root
cp /opt/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf

/etc/keepalived/keepalived.conf 配置内容

! Configuration File for keepalived

global_defs {
   smtp_connect_timeout 30
   router_id LVS_DEVEL_01
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass xxxxxxxxxxxx
    }
    virtual_ipaddress {
        192.168.0.110
    }
}

上边配置中的 virtual_ipaddress 是 vip 地址。auth_pass 的值根据需要进行调整。

2.2 启动服务

设置开机启动项

systemctl enable keepalived
systemctl start keepalived

检查服务启动状态

systemctl  status keepalived

在这里插入图片描述