freemankevinK零S
master流量都有转发给VIP。
Keep和Haproxy状态均正常。
kk离线安装高可用集群,VIP无法用来访问ks面板,master的IP均可以
- freemankevinK零S
223是主,99是VIP就不行
- freemankevinK零S
VIP绑到了LB1上,也都有转发,各个node上转发情况看着也是正常的。
Forest-LK零S
freemankevin
麻烦提供下config-sample.yaml文件内容。
VIP在那台机器上,ip addr是可以看到吗?
haproxy配置也麻烦提供一下。
- freemankevinK零S
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: config-sample
spec:
hosts:
- {name: master1, address: 10.0.1.223, internalAddress: 10.0.1.223, user: root, password: 123456}
- {name: master2, address: 10.0.1.224, internalAddress: 10.0.1.224, user: root, password: 123456}
- {name: master3, address: 10.0.1.225, internalAddress: 10.0.1.225, user: root, password: 123456}
- {name: node1, address: 10.0.1.209, internalAddress: 10.0.1.209, user: root, password: 123456}
- {name: node2, address: 10.0.1.211, internalAddress: 10.0.1.211, user: root, password: 123456}
- {name: node3, address: 10.0.1.212, internalAddress: 10.0.1.212, user: root, password: 123456}
roleGroups:
etcd:
- master1
- master2
- master3
master:
- master1
- master2
- master3
worker:
- node1
- node2
- node3
controlPlaneEndpoint:
domain: lb.kubesphere.local
# vip
address: "10.0.1.99"
port: "6443"
kubernetes:
version: v1.17.9
imageRepo: kubesphere
clusterName: cluster.local
masqueradeAll: false # masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. [Default: false]
maxPods: 110 # maxPods is the number of pods that can run on this Kubelet. [Default: 110]
nodeCidrMaskSize: 24 # internal network node size allocation. This is the size allocated to each node on your network. [Default: 24]
proxyMode: ipvs # mode specifies which proxy mode to use. [Default: ipvs]
network:
plugin: calico
calico:
ipipMode: Always # IPIP Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, vxlanMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Always]
vxlanMode: Never # VXLAN Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, ipipMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Never]
vethMTU: 1440 # The maximum transmission unit (MTU) setting determines the largest packet size that can be transmitted through your network. [Default: 1440]
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: "harbor.dockerregistry.com"
storage:
defaultStorageClass: localVolume
localVolume:
storageClassName: local
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.0.0
spec:
local_registry: ""
persistence:
storageClass: ""
authentication:
jwtSecret: ""
etcd:
monitoring: true
endpointIps: 10.0.1.223,10.0.1.224,10.0.1.225 # etcd cluster endpointIps
port: 2379
tlsEnable: true
common:
mysqlVolumeSize: 20Gi
minioVolumeSize: 20Gi
etcdVolumeSize: 20Gi
openldapVolumeSize: 2Gi
redisVolumSize: 2Gi
es:
elasticsearchMasterReplicas: 1
elasticsearchDataReplicas: 1
elasticsearchMasterVolumeSize: 4Gi
elasticsearchDataVolumeSize: 20Gi
logMaxAge: 7
elkPrefix: logstash
# externalElasticsearchUrl:
# externalElasticsearchPort:
console:
enableMultiLogin: false
port: 30880
alerting:
enabled: true
auditing:
enabled: false
devops:
enabled: true
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
logging:
enabled: false
logsidecarReplicas: 2
metrics_server:
enabled: false
monitoring:
prometheusReplicas: 1
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
alertmanagerReplicas: 1
multicluster:
clusterRole: none
networkpolicy:
enabled: true
notification:
enabled: true
openpitrix:
enabled: true
servicemesh:
enabled: true# HAProxy Configure /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 5000
timeout server 5000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend kube-apiserver
bind *:6443
mode tcp
option tcplog
default_backend kube-apiserver
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend kube-apiserver
mode tcp
option tcplog
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server kube-apiserver-1 10.0.1.223:6443 check
server kube-apiserver-2 10.0.1.224:6443 check
server kube-apiserver-3 10.0.1.225:6443 check- freemankevinK零S
- Forest-LK零S
freemankevin 虚ip只是对6443做了vip的功能,实际上30880也需要做vip的功能啊,可以参考下论坛里面的这文章https://kubesphere.com.cn/forum/d/1566-kubernetes-keepalived-haproxy
- freemankevinK零S
Forest-L 好的
- freemankevinK零S
Forest-L 目前可以了,非常感谢
freemankevin 更改标题为「【已解决】kk离线安装高可用集群,VIP无法用来访问ks面板,master的IP均可以」
- freemankevinK零S
解决办法:Haproxy添加30880的端口转发配置,重启harproxy
4 年 后
freemankevin 更改标题为「kk离线安装高可用集群,VIP无法用来访问ks面板,master的IP均可以」