search

osixia / docker-keepalived-confd

A docker image to run Keepalived that get unicast peer from etcd thanks to confd 🐳
MIT License
7 stars 4 forks source link

How to use? #1

Open rafis opened 4 years ago

rafis commented 4 years ago

I have issues with keepalived advertisments using multicast transport. From the description I can see this docker image use unicast transport (direct connection to the peers) which can solve my issue. But how I can configure it?

For example, your original docker image usage is described here https://github.com/kubernetes/kubeadm/blob/master/docs/ha-considerations.md#options-for-software-load-balancing . But I can't find any information about this docker image. I think I need to put some configuration into /etc/conf/conf.d/ and /etc/conf/templates/?

rafis commented 4 years ago

/etc/kubernetes/manifests/keepalived.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  name: keepalived
  namespace: kube-system
spec:
  initContainers:
  - name: copy-certs
    image: busybox
    command: ["/bin/sh", "-c"]
    args:
    - >
      cp /etc/kubernetes/pki/etcd/ca.crt /container/service/confd/assets/certs/
      && cp /etc/kubernetes/pki/apiserver-etcd-client.crt /container/service/confd/assets/certs/
      && cp /etc/kubernetes/pki/apiserver-etcd-client.key /container/service/confd/assets/certs/
    volumeMounts:
    - name: kubernetes-pki
      mountPath: /etc/kubernetes/pki
    - name: osixia-certs
      mountPath: /container/service/confd/assets/certs/
  containers:
  - image: osixia/keepalived-confd:2.0.20
    name: keepalived
    env:
    - name: KEEPALIVED_CONFD_NODES
      value: https://127.0.0.1:2379
    - name: KEEPALIVED_CONFD_CLIENT_TLS
      value: "true"
    - name: KEEPALIVED_CONFD_CLIENT_CAKEYS_FILENAME
      value: ca.crt
    - name: KEEPALIVED_CONFD_CLIENT_CERT_FILENAME
      value: apiserver-etcd-client.crt
    - name: KEEPALIVED_CONFD_CLIENT_KEY_FILENAME
      value: apiserver-etcd-client.key
    - name: KEEPALIVED_INTERFACE
      value: eth0
    - name: KEEPALIVED_PRIORITY
      value: "101"
    - name: KEEPALIVED_CONFD_KUBERNETES_NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName
    - name: KEEPALIVED_CONFD_KUBERNETES_NODE_LABEL_KEY
      value: node-role.kubernetes.io/master
    - name: KEEPALIVED_CONFD_KUBERNETES_NODE_LABEL_VALUE
      value: ""
    - name: KEEPALIVED_VIRTUAL_IPS
      value: "10.10.0.10/24"
    - name: KEEPALIVED_PASSWORD
      value: mysuperstrongpassword
    resources: {}
    securityContext:
      capabilities:
        add:
        - NET_ADMIN
        - NET_BROADCAST
        - NET_RAW
    volumeMounts:
    - mountPath: /etc/keepalived/check_apiserver.sh
      name: check
    - name: osixia-certs
      mountPath: /container/service/confd/assets/certs/
  hostNetwork: true
  volumes:
  - hostPath:
      path: /etc/keepalived/check_apiserver.sh
    name: check
  - hostPath:
      path: /etc/kubernetes/pki
    name: kubernetes-pki
  - name: osixia-certs
    emptyDir: {}
status: {}

logs

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:cron/startup.sh to /container/run/startup/:cron
*** link /container/service/:cron/process.sh to /container/run/process/:cron/run
*** link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core
*** link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run
*** link /container/service/confd/startup.sh to /container/run/startup/confd
*** link /container/service/confd/process.sh to /container/run/process/confd/run
*** link /container/service/keepalived/startup.sh to /container/run/startup/keepalived
*** link /container/service/keepalived/process.sh to /container/run/process/keepalived/run
*** link /container/service/keepalived/finish.sh to /container/run/process/keepalived/finish
*** link /container/service/remove-config/startup.sh to /container/run/startup/remove-config
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/98-default/default.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
/container/tool/run:294: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  env_vars = yaml.load(f)
*** Running /container/run/startup/:cron...
*** Running /container/run/startup/:logrotate...
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/:syslog-ng-core...
*** Running /container/run/startup/confd...
*** Running /container/run/startup/keepalived...
*** Running /container/run/startup/remove-config...
*** Set environment for container process
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/98-default/default.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running runit daemon...
Waiting config file /usr/local/etc/keepalived/keepalived.conf.Aug 26 11:43:30 kbr-mst01 syslog-ng[108]: syslog-ng starting up; version='3.19.1'
2020-08-26T11:43:30Z kbr-mst01 confd[109]: INFO Backend set to etcd
2020-08-26T11:43:30Z kbr-mst01 confd[109]: INFO Starting confd
2020-08-26T11:43:30Z kbr-mst01 confd[109]: INFO Backend source(s) set to https://127.0.0.1:2379
2020-08-26T11:43:30Z kbr-mst01 confd[109]: DEBUG Loading template resources from confdir /etc/confd
2020-08-26T11:43:30Z kbr-mst01 confd[109]: DEBUG Found template: /etc/confd/conf.d/keepalived.toml
2020-08-26T11:43:30Z kbr-mst01 confd[109]: DEBUG Loading template resource from /etc/confd/conf.d/keepalived.toml
2020-08-26T11:43:30Z kbr-mst01 confd[109]: DEBUG Retrieving keys from store
2020-08-26T11:43:30Z kbr-mst01 confd[109]: DEBUG Key prefix set to /
2020-08-26T11:43:30Z kbr-mst01 confd[109]: ERROR client: response is invalid json. The endpoint is probably not valid etcd cluster endpoint.
2020-08-26T11:43:40Z kbr-mst01 confd[109]: DEBUG Loading template resources from confdir /etc/confd
2020-08-26T11:43:40Z kbr-mst01 confd[109]: DEBUG Found template: /etc/confd/conf.d/keepalived.toml
2020-08-26T11:43:40Z kbr-mst01 confd[109]: DEBUG Loading template resource from /etc/confd/conf.d/keepalived.toml
2020-08-26T11:43:40Z kbr-mst01 confd[109]: DEBUG Retrieving keys from store
2020-08-26T11:43:40Z kbr-mst01 confd[109]: DEBUG Key prefix set to /
2020-08-26T11:43:40Z kbr-mst01 confd[109]: ERROR client: response is invalid json. The endpoint is probably not valid etcd cluster endpoint.