Hi!
Following the indications found here: https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration I defined /etc/haproxy/haproxy.cfg as follows :
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration
# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend apiserver
bind *:6445
mode tcp
option tcplog
default_backend apiserverbackend
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#bootstrap-the-cluster
backend apiserverbackend
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server k8s-eu-1-control-plane-node-1 aa.aaa.aaa.aa:8443 check
server k8s-eu-1-control-plane-node-2 bb.bbb.bbb.bbb:8443 check
server k8s-eu-1-control-plane-node-3 cc.ccc.ccc.ccc:8443 check
root@k8s-eu-1-control-plane-node-1:/etc/keepalived# ls -lah
total 16K
drwxr-xr-x 2 root root 4.0K Nov 27 13:56 .
drwxr-xr-x 87 root root 4.0K Nov 27 11:32 ..
-rw-r--r-- 1 root root 672 Nov 27 13:56 check_apiserver.sh
-rw-r--r-- 1 root root 704 Nov 27 11:43 keepalived.conf
keepalived.conf :
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#keepalived-configuration
# https://www.server-world.info/en/note?os=Ubuntu_22.04&p=keepalived&f=1
! /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
enable_script_security
}
vrrp_script check_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 3
weight -2
fall 10
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 101
authentication {
auth_type PASS
auth_pass 42
}
virtual_ipaddress {
10.0.0.30
}
track_script {
check_apiserver
}
}
check_apiserver.sh :
#!/bin/sh
errorExit() {
echo "*** $*" 1>&2
exit 1
}
APISERVER_DEST_PORT=6445
APISERVER_VIP=10.0.0.30
curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP}; then
curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi
The keepalived service starts without any issues:
root@k8s-eu-1-control-plane-node-1:~# sudo systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-11-27 13:57:14 CET; 10s ago
Main PID: 27918 (keepalived)
Tasks: 2 (limit: 72235)
Memory: 5.1M
CPU: 28ms
CGroup: /system.slice/keepalived.service
├─27918 /usr/sbin/keepalived --dont-fork
└─27919 /usr/sbin/keepalived --dont-fork
Nov 27 13:57:13 k8s-eu-1-control-plane-node-1 Keepalived[27918]: Command line: '/usr/sbin/keepalived' '--dont-fork'
Nov 27 13:57:13 k8s-eu-1-control-plane-node-1 Keepalived[27918]: Configuration file /etc/keepalived/keepalived.conf
Nov 27 13:57:13 k8s-eu-1-control-plane-node-1 Keepalived[27918]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Nov 27 13:57:13 k8s-eu-1-control-plane-node-1 Keepalived[27918]: Starting VRRP child process, pid=27919
Nov 27 13:57:14 k8s-eu-1-control-plane-node-1 systemd[1]: keepalived.service: Got notification message from PID 27919, but reception only permitted for main PID 27918
Nov 27 13:57:14 k8s-eu-1-control-plane-node-1 Keepalived_vrrp[27919]: WARNING - script '/etc/keepalived/check_apiserver.sh' is not executable for uid:gid 998:997 - disabling.
Nov 27 13:57:14 k8s-eu-1-control-plane-node-1 Keepalived[27918]: Startup complete
Nov 27 13:57:14 k8s-eu-1-control-plane-node-1 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
Nov 27 13:57:14 k8s-eu-1-control-plane-node-1 Keepalived_vrrp[27919]: (VI_1) Entering BACKUP STATE (init)
Nov 27 13:57:17 k8s-eu-1-control-plane-node-1 Keepalived_vrrp[27919]: (VI_1) Entering MASTER STATE
while haproxy service gives this error:
root@k8s-eu-1-control-plane-node-1:~# sudo systemctl restart haproxy
root@k8s-eu-1-control-plane-node-1:~#
Broadcast message from systemd-journald@k8s-eu-1-control-plane-node-1 (Mon 2023-11-27 13:57:42 CET):
haproxy[27964]: backend apiserverbackend has no server available!
Broadcast message from systemd-journald@k8s-eu-1-control-plane-node-1 (Mon 2023-11-27 13:57:42 CET):
haproxy[27964]: backend apiserverbackend has no server available!
What am I doing wrong? How to make it work?