migrate from static conf to dynamic

2022-01-03 17:21:52 +01:00 · 2022-01-03 17:21:52 +01:00 · f4b1871f2d
parent 8fa595ca1e
commit f4b1871f2d
5 changed files with 13 additions and 52 deletions
--- a/8
+++ b/8
@ -9,10 +9,8 @@ RUN apk add --no-cache \
    && addgroup -S keepalived_script \
    && adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script

-COPY keepalived.conf /etc/keepalived/keepalived.conf
-COPY check_apiserver.sh /etc/keepalived/check_apiserver.sh
+COPY check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
+
 COPY init.sh /
-
-RUN chmod +x /init.sh && chmod +x /etc/keepalived/check_apiserver.sh
-
+RUN chmod +x /init.sh
 CMD ["/init.sh"]
--- a/2
+++ b/2
@ -5,7 +5,7 @@ REGISTRY_IP=docker.registry
 # linux/arm/v6
 # linux/arm64
 # linux/amd64
-PLATFORM=linux/arm64
+PLATFORM=linux/amd64
 #OCI_CLI=nerdctl
 OCI_CLI=docker
 #OCI_CLI_BUILD=$(OCI_CLI)
--- a/check_apiserver.sh
+++ b/check_apiserver.sh
@ -1,11 +1,14 @@
 #!/bin/sh

+vip="$1"
+port="$2"
+
 errorExit() {
    echo "*** $*" 1>&2
    exit 1
 }

-curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
-if ip addr | grep -q 100.105.163.74; then
-    curl --silent --max-time 2 --insecure https://100.105.163.74:6443/ -o /dev/null || errorExit "Error GET https://100.105.163.74:6443/"
+curl --silent --max-time 2 --insecure https://localhost:"$port"/healthz -o /dev/null || errorExit "Error GET https://localhost:$port/healthz"
+if ip addr | grep -q "$vip"; then
+    curl --silent --max-time 2 --insecure "https://$vip:$port/healthz" -o /dev/null || errorExit "Error GET https://$vip:$port/healthz"
 fi
--- a/init.sh
+++ b/init.sh
@ -31,6 +31,7 @@ config_keepalived() {
  {
    echo 'global_defs {'
    echo 'router_id LVS_MAIN'
+    echo 'enable_script_security'
    echo '}'
  } > "$KEEPALIVED_CONF"

@ -45,9 +46,10 @@ config_keepalived() {
    KUBE_APISERVER_CHK_WEIGHT=${KUBE_APISERVER_CHK_WEIGHT:-'-50'}
    KUBE_APISERVER_CHK_FALL=${KUBE_APISERVER_CHK_FALL:-'10'}
    KUBE_APISERVER_CHK_RISE=${KUBE_APISERVER_CHK_RISE:-'2'}
+    CHECK_SCRIPT_PATH=${CHECK_SCRIPT_PATH:-'/usr/lib/keepalived/scripts/chk_kube_apiserver.sh'}
    {
      echo 'vrrp_script chk_kube_apiserver {'
-      echo "  script \"/usr/lib/keepalived/scripts/chk_kube_apiserver.sh $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
+      echo "  script \"$CHECK_SCRIPT_PATH $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
      echo "  interval $KUBE_APISERVER_CHK_INTERVAL"
      echo "  fall $KUBE_APISERVER_CHK_FALL"
      echo "  rise $KUBE_APISERVER_CHK_RISE"
--- a/keepalived.conf
+++ b/keepalived.conf
@ -1,42 +0,0 @@
-global_defs {
-   enable_script_security
-}
-
-vrrp_script chk_kube {
-    script "/etc/keepalived/check_apiserver.sh"
-    interval 2                                          # check every 2 seconds
-    weight 2                                            # add n points of prio if OK
-}
-
-vrrp_instance KUBE_VIP {
-    state BACKUP
-
-    # keepalived dialog interface
-    interface tailscale0
-
-    virtual_router_id 51
-    priority 50
-    # VRRP Advert interval in seconds (e.g. 0.92) (use default)
-    advert_int 1
-    preempt
-
-    authentication {
-        auth_type PASS
-        auth_pass ryuiz54*
-    }
-
-    # list of ip affected to public vrrp
-    virtual_ipaddress {
-        # be careful label should be less than 16 character
-        100.105.163.74 dev tailscale0 label tailscale0:vip
-    }
-
-    # Unicast specific option, this is the IP of the interface keepalived listens on
-    unicast_src_ip 100.105.163.73
-    # list of other peer connect to this vrrp instance (all app instance except current host)
-    unicast_peer {}
-
-    track_script {
-        chk_kube
-    }
-}