migrate from static conf to dynamic

2022-01-03 17:21:52 +01:00 · 2022-01-03 17:21:52 +01:00 · f4b1871f2d
commit f4b1871f2d
parent 8fa595ca1e
5 changed files with 13 additions and 52 deletions
--- a/8
+++ b/8
@ -9,10 +9,8 @@ RUN apk add --no-cache \
    && addgroup -S keepalived_script \
    && adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script
-COPY keepalived.conf /etc/keepalived/keepalived.conf
+COPY check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
-COPY check_apiserver.sh /etc/keepalived/check_apiserver.sh
+
 COPY init.sh /
-
+RUN chmod +x /init.sh
 RUN chmod +x /init.sh && chmod +x /etc/keepalived/check_apiserver.sh
 CMD ["/init.sh"]
--- a/2
+++ b/2
@ -5,7 +5,7 @@ REGISTRY_IP=docker.registry
 # linux/arm/v6
 # linux/arm64
 # linux/amd64
-PLATFORM=linux/arm64
+PLATFORM=linux/amd64
 #OCI_CLI=nerdctl
 OCI_CLI=docker
 #OCI_CLI_BUILD=$(OCI_CLI)
--- a/check_apiserver.sh
+++ b/check_apiserver.sh
@ -1,11 +1,14 @@
 #!/bin/sh
 vip="$1"
 port="$2"
 errorExit() {
    echo "*** $*" 1>&2
    exit 1
 }
-curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
+curl --silent --max-time 2 --insecure https://localhost:"$port"/healthz -o /dev/null || errorExit "Error GET https://localhost:$port/healthz"
-if ip addr | grep -q 100.105.163.74; then
+if ip addr | grep -q "$vip"; then
-    curl --silent --max-time 2 --insecure https://100.105.163.74:6443/ -o /dev/null || errorExit "Error GET https://100.105.163.74:6443/"
+    curl --silent --max-time 2 --insecure "https://$vip:$port/healthz" -o /dev/null || errorExit "Error GET https://$vip:$port/healthz"
 fi
--- a/init.sh
+++ b/init.sh
@ -31,6 +31,7 @@ config_keepalived() {
  {
    echo 'global_defs {'
    echo 'router_id LVS_MAIN'
    echo 'enable_script_security'
    echo '}'
  } > "$KEEPALIVED_CONF"
@ -45,9 +46,10 @@ config_keepalived() {
    KUBE_APISERVER_CHK_WEIGHT=${KUBE_APISERVER_CHK_WEIGHT:-'-50'}
    KUBE_APISERVER_CHK_FALL=${KUBE_APISERVER_CHK_FALL:-'10'}
    KUBE_APISERVER_CHK_RISE=${KUBE_APISERVER_CHK_RISE:-'2'}
    CHECK_SCRIPT_PATH=${CHECK_SCRIPT_PATH:-'/usr/lib/keepalived/scripts/chk_kube_apiserver.sh'}
    {
      echo 'vrrp_script chk_kube_apiserver {'
-      echo "  script \"/usr/lib/keepalived/scripts/chk_kube_apiserver.sh $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
+      echo "  script \"$CHECK_SCRIPT_PATH $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
      echo "  interval $KUBE_APISERVER_CHK_INTERVAL"
      echo "  fall $KUBE_APISERVER_CHK_FALL"
      echo "  rise $KUBE_APISERVER_CHK_RISE"
--- a/keepalived.conf
+++ b/keepalived.conf
@ -1,42 +0,0 @@
 global_defs {
   enable_script_security
 }
 vrrp_script chk_kube {
    script "/etc/keepalived/check_apiserver.sh"
    interval 2                                          # check every 2 seconds
    weight 2                                            # add n points of prio if OK
 }
 vrrp_instance KUBE_VIP {
    state BACKUP
    # keepalived dialog interface
    interface tailscale0
    virtual_router_id 51
    priority 50
    # VRRP Advert interval in seconds (e.g. 0.92) (use default)
    advert_int 1
    preempt
    authentication {
        auth_type PASS
        auth_pass ryuiz54*
    }
    # list of ip affected to public vrrp
    virtual_ipaddress {
        # be careful label should be less than 16 character
        100.105.163.74 dev tailscale0 label tailscale0:vip
    }
    # Unicast specific option, this is the IP of the interface keepalived listens on
    unicast_src_ip 100.105.163.73
    # list of other peer connect to this vrrp instance (all app instance except current host)
    unicast_peer {}
    track_script {
        chk_kube
    }
 }