Çok Node’lu Kubernetes ortamı için HAProxy Kurulumu ve Yapılandırılması (Centos)

HAProxy Kurulumu

#Update packages yum update -y #Install haproxy yum install haproxy -y #Print haproxy version haproxy -h #HA-Proxy version 1.8.23 2019/11/25 #Get default zone export FIREWALLD_DEFAULT_ZONE=`firewall-cmd –get-default-zone` #Print default zone echo ${FIREWALLD_DEFAULT_ZONE} #Set firewall rules in default zone firewall-cmd –add-port 22623/tcp –permanent –zone=${FIREWALLD_DEFAULT_ZONE} firewall-cmd –add-port 6443/tcp –permanent –zone=${FIREWALLD_DEFAULT_ZONE} firewall-cmd –add-port 9000/tcp –permanent –zone=${FIREWALLD_DEFAULT_ZONE} firewall-cmd –add-service https –permanent –zone=${FIREWALLD_DEFAULT_ZONE} firewall-cmd –add-service http –permanent –zone=${FIREWALLD_DEFAULT_ZONE} #Reload firewall daemon amd list allowed services firewall-cmd –reload firewall-cmd –list-ports #OUTPUT#> 22623/tcp 6443/tcp 9000/tcp firewall-cmd –list-services #OUTPUT#> cockpit dhcpv6-client http https ssh #find the package that provides semanage yum whatprovides /usr/sbin/semanage #install package from previous command for semanage yum install policycoreutils-python-utils -y #selinux settings for haproxy ports semanage port -a -t http_port_t -p tcp 6443 semanage port -a -t http_port_t -p tcp 22623 #check selinux configuration for haproxy ports semanage port -l | grep http_port #http_port_t tcp 22623, 6443, 80, 81, 443, 488, 8008, 8009, 8443, 9000 #pegasus_http_port_t tcp 5988 #Enable and start haproxy service systemctl enable –now haproxy.service systemctl start haproxy #Check the status of haproxy [active (running)] systemctl status haproxy -l #Stop haproxy service systemctl stop haproxy #Backup haproxy.conf file mv -f /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

HAProxy Yapılandırması (haproxy.cfg)

cat << EOF >/etc/haproxy/haproxy.cfg #——————————————————————— # Global settings #——————————————————————— global maxconn 20000 log /dev/log local0 info chroot /var/lib/haproxy pidfile /var/run/haproxy.pid user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats #——————————————————————— # common defaults that all the ‘listen’ and ‘backend’ sections will # use if not designated in their block #——————————————————————— defaults mode http log global option httplog option dontlognull option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 300s timeout server 300s timeout http-keep-alive 300s timeout check 10s timeout tunnel 1h maxconn 20000 listen stats bind :9000 mode http stats enable stats uri / stats refresh 10s frontend https-frontend-443 bind *:443 default_backend https-backend-443 mode tcp option tcplog backend https-backend-443 balance source mode tcp server k8s-master01 k8s-master01.kadirkozan.com:443 check inter 5000ms server k8s-master02 k8s-master02.kadirkozan.com:443 check inter 5000ms server k8s-master03 k8s-master03.kadirkozan.com:443 check inter 5000ms server k8s-worker01 k8s-worker01.kadirkozan.com:443 check inter 5000ms server k8s-worker02 k8s-worker02.kadirkozan.com:443 check inter 5000ms server k8s-worker03 k8s-worker03.kadirkozan.com:443 check inter 5000ms server k8s-worker04 k8s-worker03.kadirkozan.com:443 check inter 5000ms frontend http-frontend-80 bind *:80 default_backend http-backend-80 mode tcp option tcplog backend http-backend-80 balance source mode tcp server k8s-master01 k8s-master01.kadirkozan.com:80 check server k8s-master02 k8s-master02.kadirkozan.com:80 check server k8s-master03 k8s-master03.kadirkozan.com:80 check server k8s-worker01 k8s-worker01.kadirkozan.com:80 check server k8s-worker02 k8s-worker02.kadirkozan.com:80 check server k8s-worker03 k8s-worker03.kadirkozan.com:80 check server k8s-worker04 k8s-worker04.kadirkozan.com:80 check frontend api-frontend-6443 bind *:6443 default_backend api-backend-6443 mode tcp option tcplog backend api-backend-6443 balance roundrobin mode tcp server k8s-master01 k8s-master01.kadirkozan.com:6443 check server k8s-master02 k8s-master02.kadirkozan.com:6443 check server k8s-master03 k8s-master03.kadirkozan.com:6443 check frontend mcs-frontend-22623 bind *:22623 default_backend mcs-backend-22623 mode tcp option tcplog backend mcs-backend-22623 balance roundrobin mode tcp server k8s-master01 k8s-master01.kadirkozan.com:22623 check server k8s-master02 k8s-master02.kadirkozan.com:22623 check server k8s-master03 k8s-master03.kadirkozan.com:22623 check EOF

Start haproxy service

systemctl restart haproxy

Check status of haproxy

systemctl status haproxy -l ### SAMPLE OUTPUT ### ########################### [root@k8s-haproxy ~]# systemctl status haproxy -l ● haproxy.service – HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-10-07 10:15:35 +03; 2s ago Main PID: 1963 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─1963 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─1964 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─1965 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy-systemd-wrapper[1963]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy stats started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy https-frontend-443 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy https-backend-443 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy http-frontend-80 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy http-backend-80 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy api-frontend-6443 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy api-backend-6443 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy mcs-frontend-22623 started. Now 07 10:15:35 k8s-haproxy.kadirkozan.com haproxy[1964]: Proxy mcs-backend-22623 started.