container/docker-keepalived-k8s
2
0
Fork 0
Code Issues 1 Pull Requests Actions Releases Activity

feature: version 1.0.0 of working keepalived as static pod

Browse Source
This commit is contained in:
RouxAntoine 2023-07-03 21:47:20 +02:00
parent 61550610ab
commit f34707a8ad
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
4 changed files with 85 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Dockerfile
View File

@ -1,16 +1,39 @@
FROM alpine:latest FROM alpine:3.18
LABEL architecture="$TARGETPLATFORM" \
license="beerware" \
name="keepalived" \
summary="Alpine based keepalived container" \
mantainer="antoinroux@hotmail.fr"
RUN apk add --no-cache \ RUN apk add --no-cache \
bash \ bash \
curl \ curl \
ipvsadm \
iproute2 \
keepalived \ keepalived \
gettext \
&& addgroup -S keepalived_script \ && addgroup -S keepalived_script \
&& adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script && adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script
COPY check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh ENV STATE BACKUP
ENV INTERFACE enp3s0
ENV PRIORITY 200
ENV PASSWORD ""
ENV SRC_IP ""
ENV PEER_IP_0 ""
ENV PEER_IP_1 ""
COPY init.sh / COPY --chmod=750 --chown=keepalived_script:keepalived_script check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
RUN chmod +x /init.sh COPY keepalived.template.conf /etc/keepalived/keepalived.template.conf
CMD ["/init.sh"]
COPY --chmod=750 init.sh /
ENTRYPOINT ["/init.sh"]
CMD ["/usr/sbin/keepalived", "--dont-fork", "--log-console"]
# Customise keepalived with:
# args: # override options in the Dockerfile
# - --vrrp
# - --log-detail
# - --dump-conf
# - --use-file=/etc/keepalived/keepalived.conf
# CMD ["--vrrp","--log-detail","--dump-conf"]

3
Makefile
View File

@ -12,7 +12,8 @@ VERBOSITY=debug
## build ## build
imageKeepalived: imageKeepalived:
$(shell docker-multi-arch-builder build -n keepalived-k8s --platforms $(PLATFORM) -v $(VERBOSITY)) docker manifest rm $(REGISTRY_IP):5000/keepalived-k8s:latest || true
docker-multi-arch-builder build -n keepalived-k8s --platforms $(PLATFORM) -v $(VERBOSITY)
## management ## management

147
init.sh
View File

@ -1,146 +1,5 @@
#!/bin/bash #!/bin/sh
set -e envsubst < /etc/keepalived/keepalived.template.conf > /etc/keepalived/keepalived.conf
set -o pipefail
config_keepalived() { exec "$@"
if ! compgen -A variable | grep -q -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}'; then
echo "[$(date)][KEEPALIVED] No KEEPALIVED_VIRTUAL_IPADDRESS_ varibles detected."
return 1
fi
KEEPALIVED_STATE=${KEEPALIVED_STATE:-MASTER}
if [[ "${KEEPALIVED_STATE^^}" == 'MASTER' ]]; then
KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY:-200}
elif [[ "${KEEPALIVED_STATE^^}" == 'BACKUP' ]]; then
KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY:-100}
fi
KEEPALIVED_INTERFACE=${KEEPALIVED_INTERFACE:-eth0}
KEEPALIVED_VIRTUAL_ROUTER_ID=${KEEPALIVED_VIRTUAL_ROUTER_ID:-1}
KEEPALIVED_ADVERT_INT=${KEEPALIVED_ADVERT_INT:-1}
KEEPALIVED_AUTH_PASS=${KEEPALIVED_AUTH_PASS:-"pwd$KEEPALIVED_VIRTUAL_ROUTER_ID"}
if [[ ! $KEEPALIVED_UNICAST_SRC_IP ]]; then
bind_target="$(ip addr show "$KEEPALIVED_INTERFACE" | \
grep -m 1 -E -o 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}')"
KEEPALIVED_UNICAST_SRC_IP="$bind_target"
fi
{
echo 'global_defs {'
echo 'router_id LVS_MAIN'
echo 'enable_script_security'
echo '}'
} > "$KEEPALIVED_CONF"
if [[ ${KEEPALIVED_KUBE_APISERVER_CHECK,,} == 'true' ]]; then
# if no address supplied, assume its the first (or only) VIP
if [[ ! $KUBE_APISERVER_ADDRESS ]]; then
kube_api_vip="$(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}' | head -1)"
KUBE_APISERVER_ADDRESS="$(echo "${!kube_api_vip}" | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
fi
KUBE_APISERVER_PORT=${KUBE_APISERVER_PORT:-6443}
KUBE_APISERVER_CHK_INTERVAL=${KUBE_APISERVER_CHK_INTERVAL:-'3'}
KUBE_APISERVER_CHK_WEIGHT=${KUBE_APISERVER_CHK_WEIGHT:-'-50'}
KUBE_APISERVER_CHK_FALL=${KUBE_APISERVER_CHK_FALL:-'10'}
KUBE_APISERVER_CHK_RISE=${KUBE_APISERVER_CHK_RISE:-'2'}
CHECK_SCRIPT_PATH=${CHECK_SCRIPT_PATH:-'/usr/lib/keepalived/scripts/chk_kube_apiserver.sh'}
chmod +x $CHECK_SCRIPT_PATH
{
echo 'vrrp_script chk_kube_apiserver {'
echo " script \"$CHECK_SCRIPT_PATH $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
echo " interval $KUBE_APISERVER_CHK_INTERVAL"
echo " fall $KUBE_APISERVER_CHK_FALL"
echo " rise $KUBE_APISERVER_CHK_RISE"
echo " weight $KUBE_APISERVER_CHK_WEIGHT"
echo '}'
} >> "$KEEPALIVED_CONF"
fi
{
echo 'vrrp_instance MAIN {'
echo " state $KEEPALIVED_STATE"
echo " interface $KEEPALIVED_INTERFACE"
echo " virtual_router_id $KEEPALIVED_VIRTUAL_ROUTER_ID"
echo " priority $KEEPALIVED_PRIORITY"
echo " advert_int $KEEPALIVED_ADVERT_INT"
echo " unicast_src_ip $KEEPALIVED_UNICAST_SRC_IP"
echo ' unicast_peer {'
} >> "$KEEPALIVED_CONF"
for peer in $(compgen -A variable | grep -E "KEEPALIVED_UNICAST_PEER_[0-9]{1,3}"); do
echo " ${!peer}" >> "$KEEPALIVED_CONF"
done
{
echo ' }'
echo ' authentication {'
echo ' auth_type PASS'
echo " auth_pass $KEEPALIVED_AUTH_PASS"
echo ' }'
echo ' virtual_ipaddress {'
} >> "$KEEPALIVED_CONF"
for vip in $(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}'); do
echo " ${!vip}" >> "$KEEPALIVED_CONF"
done
echo ' }' >> "$KEEPALIVED_CONF"
if compgen -A variable | grep -q -E 'KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_[0-9]{1,3}'; then
echo ' virtual_ipaddress_excluded {' >> "$KEEPALIVED_CONF"
for evip in $(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_[0-9]{1,3}'); do
echo " ${!evip}" >> "$KEEPALIVED_CONF"
done
echo ' }' >> "$KEEPALIVED_CONF"
fi
if compgen -A variable | grep -q -E 'KEEPALIVED_TRACK_INTERFACE_[0-9]{1,3}'; then
echo ' track_interface {' >> "$KEEPALIVED_CONF"
for interface in $(compgen -A variable | grep -E 'KEEPALIVED_TRACK_INTERFACE_[0-9]{1,3}'); do
echo " ${!interface}" >> "$KEEPALIVED_CONF"
done
echo ' }' >> "$KEEPALIVED_CONF"
else
{
echo ' track_interface {'
echo " $KEEPALIVED_INTERFACE"
echo '}'
} >> "$KEEPALIVED_CONF"
fi
if [[ ${KEEPALIVED_KUBE_APISERVER_CHECK,,} == 'true' ]]; then
{
echo ' track_script {'
echo ' chk_kube_apiserver'
echo ' }'
} >> "$KEEPALIVED_CONF"
fi
echo '}' >> "$KEEPALIVED_CONF"
return 0
}
init_vars() {
KEEPALIVED_AUTOCONF=${KEEPALIVED_AUTOCONF:-true}
KEEPALIVED_DEBUG=${KEEPALIVED_DEBUG:-false}
KEEPALIVED_KUBE_APISERVER_CHECK=${KEEPALIVED_KUBE_APISERVER_CHECK:-false}
KEEPALIVED_CONF=${KEEPALIVED_CONF:-/etc/keepalived/keepalived.conf}
KEEPALIVED_VAR_RUN=${KEEPALIVED_VAR_RUN:-/var/run/keepalived}
if [[ ${KEEPALIVED_DEBUG,,} == 'true' ]]; then
local kd_cmd="/usr/sbin/keepalived -n -l -D -f $KEEPALIVED_CONF"
else
local kd_cmd="/usr/sbin/keepalived -n -l -f $KEEPALIVED_CONF"
fi
KEEPALIVED_CMD=${KEEPALIVED_CMD:-"$kd_cmd"}
}
main() {
init_vars
if [[ ${KEEPALIVED_AUTOCONF,,} == 'true' ]]; then
config_keepalived
fi
rm -fr "$KEEPALIVED_VAR_RUN"
# shellcheck disable=SC2086
exec $KEEPALIVED_CMD
}
main

50
keepalived.template.conf Normal file
View File

@ -0,0 +1,50 @@
global_defs {
vrrp_version 2
vrrp_garp_master_delay 1
vrrp_garp_master_refresh 60
enable_script_security
}
vrrp_script haproxy-check {
# -0 checks if the process is running
script "/usr/lib/keepalived/scripts/chk_kube_apiserver.sh 192.168.2.4 6443"
interval 2
weight 20
user keepalived_script
}
vrrp_instance haproxy-virtual-ip {
state $STATE
# Make sure the interface is aligned with your server's network interface
interface $INTERFACE
# The virtual router ID must be unique to each VRRP instance that you define
virtual_router_id 55
# Make sure the priority is higher on the master server than on backup servers
priority $PRIORITY
# advertisement interval, 1 second
advert_int 1
authentication {
auth_type PASS
auth_pass $PASSWORD
}
unicast_src_ip $SRC_IP
unicast_peer {
$PEER_IP_0
$PEER_IP_1
}
virtual_ipaddress {
192.168.2.4/32
}
track_script {
haproxy-check weight 20
}
}