- to get netplan file name run the command:
yury@u2004s01:~$ sudo ls -l /etc/netplan
total 4
-rw-r--r-- 1 root root 115 Dec 16 11:14 00-installer-config.yaml
Modify 00-installer-config.yaml
- the content of the file should be as shown below
-
192.168.100.11 is a primary IP
-
192.168.100.9 is a secondary IP (or virtual IP)
- secondary IP can be assigned to more than one host
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses:
- 192.168.100.11/24
- 192.168.100.9/24
gateway4: 192.168.100.1
nameservers:
search: [mydomain, otherdomain]
addresses: [8.8.8.8, 4.4.4.4]
Load balancer with haproxy keepalived
- Pre-installed DHCP in the virtual environment (for example, a hardware implementation of a DHCP server in a modem)
- Go to the page Ubuntu 20.04.3 LTS (Focal Fossa)
- Download ubuntu-20.04.3-live-server-amd64.iso
- Deploy two virtual machines with default settings (i.e. openssh is ON)
- u2004s04 192.168.100.44
- u2004s05 192.168.100.45
- Sudo-enabled User
- we have two Kubernetes Control Plane hosts with default API server port
- u2004s01 192.168.100.41:6443
- u2004s02 192.168.100.42:6443
Install haproxy keepalived binary for u2004s04 u2004s05
sudo apt-get update
sudo apt-get install -y haproxy keepalived
sudo nano /etc/keepalived/keepalived.conf
click to show the content of /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
}
vrrp_script check_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 3
weight -2
fall 10
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 101
authentication {
auth_type PASS
auth_pass 42
}
virtual_ipaddress {
192.168.100.50
}
track_script {
check_apiserver
}
}
sudo nano /etc/keepalived/check_apiserver.sh
click to show the content of /etc/keepalived/check_apiserver.sh
errorExit() {
echo "*** $*" 1>&2
exit 1
}
curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
if ip addr | grep -q 192.168.100.50; then
curl --silent --max-time 2 --insecure https://192.168.100.50:6443/ -o /dev/null || errorExit "Error GET https://192.168.100.50:6443/"
fi
sudo nano /etc/haproxy/haproxy.cfg
click to show the content of /etc/keepalived/check_apiserver.sh
global
log /dev/log local0
log /dev/log local1 notice
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
frontend apiserver
bind *:6443
mode tcp
option tcplog
default_backend apiserver
backend apiserver
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server u2004s01 192.168.100.41:6443 check
server u2004s02 192.168.100.42:6443 check
sudo systemctl enable haproxy --now
sudo systemctl enable keepalived --now
-
ip a returns additional IP= 192.168.100.50/32
click to show the response
yury@u2004s04:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:64:03:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.44/24 brd 192.168.100.255 scope global dynamic eth0
valid_lft 255684sec preferred_lft 255684sec
inet 192.168.100.50/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe64:335/64 scope link
valid_lft forever preferred_lft forever
sudo nano /etc/keepalived/keepalived.conf
click to show the content of /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
}
vrrp_script check_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 3
weight -2
fall 10
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
authentication {
auth_type PASS
auth_pass 42
}
virtual_ipaddress {
192.168.100.50
}
track_script {
check_apiserver
}
}
sudo nano /etc/keepalived/check_apiserver.sh
click to show the content of /etc/keepalived/check_apiserver.sh
errorExit() {
echo "*** $*" 1>&2
exit 1
}
curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
if ip addr | grep -q 192.168.100.50; then
curl --silent --max-time 2 --insecure https://192.168.100.50:6443/ -o /dev/null || errorExit "Error GET https://192.168.100.50:6443/"
fi
sudo nano /etc/haproxy/haproxy.cfg
click to show the content of /etc/keepalived/check_apiserver.sh
global
log /dev/log local0
log /dev/log local1 notice
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
frontend apiserver
bind *:6443
mode tcp
option tcplog
default_backend apiserver
backend apiserver
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server u2004s01 192.168.100.41:6443 check
server u2004s02 192.168.100.42:6443 check
sudo systemctl enable haproxy --now
sudo systemctl enable keepalived --now
-
ip a does not return additional IP=192.168.100.50/32
click to show the response
yury@u2004s05:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:64:03:36 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.45/24 brd 192.168.100.255 scope global dynamic eth0
valid_lft 255430sec preferred_lft 255430sec
inet6 fe80::215:5dff:fe64:336/64 scope link
valid_lft forever preferred_lft forever
- after turning off u2004s04
- for u2004s05: ip a does return additional IP=192.168.100.50/32
click to show the response
yury@u2004s05:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:64:03:36 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.45/24 brd 192.168.100.255 scope global dynamic eth0
valid_lft 255269sec preferred_lft 255269sec
inet 192.168.100.50/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe64:336/64 scope link
valid_lft forever preferred_lft forever
- after restart ** u2004s04 **
- for u2004s05: ip a does not return additional IP=192.168.100.50/32