카이도스의 Tech Blog
Rancher K8s 구성 - 2(HAproxy) 본문
728x90
반응형
2024.02.15 - [Rancher k8s] - Rancher K8s 구성 - 1(DNS)
Rancher K8s 구성 - 1(DNS)
IDC에도 K8s 사용이 필요해서 Rancher K8s 통해 구성진행하였다. 스펙 vm 통해 구성(PROXMOX) jenkins, haproxy, master(8vcore, mem 8G, os 200G) worker(16vcore. mem 32G, os 200G, data 1T) https://rancher-ui.internal.xg.com admin / xgk8stes
djdakf1234.tistory.com
2024.02.20 - [Rancher k8s] - Rancher K8s 구성 - 3(Master, Worker)
HAproxy VIP 구성
# hostname 설정
sudo hostnamectl set-hostname r1-k8s-haproxy
# K8s Master HA 구성을 위해 3대로 구성하며, 앞단에 HAproxy로 구성
# HAproxy 2.8 설치
sudo apt update && sudo apt upgrade -y
sudo apt install --no-install-recommends software-properties-common
sudo add-apt-repository ppa:vbernat/haproxy-2.8 -y
sudo apt install -y haproxy=2.8.\*
# HAproxy 버전 확인
haproxy -v
HAProxy version 2.8.5-1ppa1~jammy 2023/12/09 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.5.html
Running on: Linux 5.15.0-92-generic #102-Ubuntu SMP Wed Jan 10 09:33:48 UTC 2024 x86_64
# HAproxy VIP Config 설정
sudo vi /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
#mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend r1-k8s-master-admin
bind *:9345
mode tcp
option tcplog
default_backend r1-k8s-master-admin-node
backend r1-k8s-master-admin-node
mode tcp
balance roundrobin
option tcp-check
option tcplog
# default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server r1-k8s-master1 r1.k8s.master1.internal.xg.com:9345 check
server r1-k8s-master2 r1.k8s.master2.internal.xg.com:9345 check
server r1-k8s-master3 r1.k8s.master3.internal.xg.com:9345 check
frontend r1-k8s-master
bind *:6443
mode tcp
option tcplog
default_backend r1-k8s-master-node
backend r1-k8s-master-node
mode tcp
balance roundrobin
option tcp-check
option tcplog
# default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server r1-k8s-master1 r1.k8s.master1.internal.xg.com:6443 check
server r1-k8s-master2 r1.k8s.master2.internal.xg.com:6443 check
server r1-k8s-master3 r1.k8s.master3.internal.xg.com:6443 check
listen stats
mode http
bind :8800
stats enable
stats uri /
stats hide-version
stats auth admin:xgk8s$%
# HAproxy Reload
sudo systemctl reload haproxy
# 브라우저에서 HAproxy UI 정보 확인 (amdin / xgk8s$%)
http://10.10.X.200:8800728x90
반응형
'Rancher k8s' 카테고리의 다른 글
| Rancher K8s 구성 - 6(Ceph Storage 구성) (0) | 2024.02.23 |
|---|---|
| Rancher K8s 구성 - 5(Rancher UI 구성) (0) | 2024.02.21 |
| Rancher K8s 구성 - 4(MetalLB & Nginx Ingress 구성) (0) | 2024.02.21 |
| Rancher K8s 구성 - 3(Master, Worker) (0) | 2024.02.20 |
| Rancher K8s 구성 - 1(DNS) (0) | 2024.02.15 |
'Rancher k8s' Related Articles
more
Comments