Keepalived-VIP
最后更新于
最后更新于
Kubernetes presents as a tool to create a Virtual IP address (VIP).
In this discussion, we will unravel how to effectively use to configure a VIP for Kubernetes.
The v1.6 version of Kubernetes provides three modes to expose a Service:
L4 LoadBalancer : This can only be utilized on like GCE or AWS.
NodePort : allows the opening of a port on each node. This port then routes the request to a randomly selected pod.
L7 Ingress : serves as a LoadBalancer (for instance, nginx, HAProxy, traefik, vulcand) which directs HTTP/HTTPS requests to the corresponding service endpoint.
So if we've got all these ways, why do we need keepalived?
Let's suppose that the Ingress operates on 3 Kubernetes nodes, exposing the 10.4.0.x IP for load balancing purposes.
If the DNS Round Robin (RR) cycles the requests corresponding to example.com to these 3 nodes and 10.4.0.3 crashes, a third of the traffic will still be directed towards 10.4.0.3. This causes a downtime, until the DNS identifies the failure and corrects the direction.
Strictly speaking, this doesn't truly offer High Availability (HA).
Here, IPVS comes to our rescue by associating each service with a VIP and exposing the VIP outside the Kubernetes cluster.
Looking at the diagram below,
Only one node (selected by VRRP) is chosen as the Master, and the VIP is 10.4.0.50. If 10.4.0.3 fails, another node from the remaining ones becomes Master and takes on the VIP, ensuring the true implementation of HA.
vip-rbac.yaml
clusterrolebinding.yaml
Firstly, create a simple service.
nginx-deployment.yaml
The primary task is to get the pod to listen to port 80, then open the service NodePort monitoring 30320.
Next, we focus on the config map.
Do make a note, 10.87.2.50 must be replaced with an unused IP from your own network segment, e.g., 10.87.2.X. nginx is the service name, and this can be changed accordingly.
Following the confirmation,
The next step is to set up keepalived-vip.
Establish the daemonset
Check the configuration status
You can randomly select a pod to inspect its configuration
Finally, test the feature
10.87.2.50:80 (our hypothetical VIP, as no node actually uses this IP) can now help us direct this service.
All that's needed is to ensure that the Kubernetes cluster running keepalived-vip has a normal feature.
As Kubernetes introduced the concept of RBAC post version 1.6, we first need to set the rule. For detailed information regarding RBAC, please refer to .
All the codes mentioned above can be found .