From 381ffe71129b7e0c7e08214104039b90acb48251 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 22 Jul 2025 09:00:53 -0500 Subject: [PATCH] kubernetes: Configure keepalived on control plane Control plane nodes will now run _keepalived_, to provide a "floating" IP address that is assigned to one of the nodes at a time. This address (172.30.0.169) is now the target of the DNS A record for _kubernetes.pyrocufflink.blue_, so clients will always communicate with the server that currently holds the floating address, whichever that may be. I was originally inspired by the official Kubernetes [High Availability Considerations][0] document when designing this. At first, I planned to deploy _keepalived_ and HAProxy as DaemonSets on the control plane nodes, but this ended up being somewhat problematic whenever all of the control plane nodes would go down at once, as the _keepalived_ and HAProxy pods would not get scheduled and thus no clients communicate with the API servers. [0]: https://github.com/kubernetes/kubeadm/blob/9d7cfab6fef3f1c478a76919324d55eaaf4c1ee6/docs/ha-considerations.md --- group_vars/k8s-controller.yml | 21 +++++++++++++++++++++ kubernetes.yml | 3 +++ 2 files changed, 24 insertions(+) diff --git a/group_vars/k8s-controller.yml b/group_vars/k8s-controller.yml index d8888bd..c048893 100644 --- a/group_vars/k8s-controller.yml +++ b/group_vars/k8s-controller.yml @@ -1,2 +1,23 @@ collectd_processes: '{{ collectd_processes_kubelet + collectd_processes_controller}}' dnf_automatic_reboot: never + +keepalived_global_defs: |- + max_auto_priority 79 + +vrrp_track_process: + kube-apiserver: |- + process kube-apiserver + weight 90 + +vrrp_instance: + kube-apiserver: |- + state BACKUP + priority ${_RANDOM 1 100} + interface {{ ansible_default_ipv4.interface }} + virtual_router_id 49 + virtual_ipaddress { + 172.30.0.169/27 + } + track_process { + kube-apiserver + } diff --git a/kubernetes.yml b/kubernetes.yml index 2bea3a2..d658f9e 100644 --- a/kubernetes.yml +++ b/kubernetes.yml @@ -1,5 +1,8 @@ - hosts: k8s-controller roles: + - role: keepalived + tags: + - keepalived - role: kubelet - hosts: k8s-node