Route作为TCP负载均衡器的部署

  1. 获取当前Route的haproxy-template配置
1
2
3
4
5
# oc project default
# oc get pod
NAME              READY     STATUS    RESTARTS   AGE
router-16-5rv4q    2/2         Running   2            18h
# oc rsh router-16-5rv4q cat haproxy-config.template > haproxy-config.template
  1. 编辑导出的haproxy-config.template文件
    在内容{{- end }}{{/*end tls==passthrough*/}}下一行,添加以下内容:
1
2
3
4
5
6
7
8
9
10
11
{{/*TCP support*/}}
{{- if eq "tcp" (index $cfg.Annotations "haproxy.router.openshift.io/proxy-type") }}
  {{- if (isInteger (index $cfg.Annotations "haproxy.router.openshift.io/external-tcp-port")) }} 
frontend tcp-{{ (index $cfg.Annotations "haproxy.router.openshift.io/external-tcp-port") }}
  bind :{{ (index $cfg.Annotations "haproxy.router.openshift.io/external-tcp-port") }}
  mode tcp
  option tcplog
  default_backend {{genBackendNamePrefix $cfg.TLSTermination}}:{{$cfgIdx}}
  {{- end}}{{/* end haproxy.router.openshift.io */}}
{{- end}}{{/* end */}}
{{/*end TCP support*/}}
  1. 创建configmap模板保存新的haproxy-template文件
1
2
# oc project default
# oc create configmap customrouter --from-file=haproxy-config.template
  1. 部署新的专门为TCP负载服务的Router节点,将HTTP、HTTPS默认端口换成别的端口不要产生冲突。
1
2
3
4
5
# oc adm router router-tcp --replicas=0 --selector=router=true --image=registry.example.com/openshfit3/ose-haproxy-router:v3.11 --stats=port=1937 -o yaml
# oc set env dc/router-tcp ROUTER_LABELS=router=tcp ROUTER_SERVICE_HTTP_PORT=81 ROUTER_SERVICE_HTTPS_PORT=444
# oc set volume dc/router --add --overwrite --name=config-volume --mount-path=/var/lib/haproxy/conf/custom --source='{"configMap": { "name": "customrouter"}}'
# oc set env dc/router-tcp TEMPLATE_FILE=/var/lib/haproxy/conf/custom/haproxy-config.template
# oc scale dc/router-tcp --replicas=2
  1. 为Route节点添加防火墙
1
2
3
# vi /etc/sysconfig/iptables
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 11000:29999 -j ACCEPT
# systemctl restart iptables

使用Route作为TCP负载均衡器

创建Route资源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#  cat << EOF | oc create -f -
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  annotations:
    haproxy.router.openshift.io/external-tcp-port: '16379'
    haproxy.router.openshift.io/proxy-type: tcp
  labels:
    router: tcp
  name: myredis
spec:
  port:
    targetPort: redis
  tls:
    insecureEdgeTerminationPolicy: None
    termination: passthrough
  to:
    kind: Service
    name: myredis
EOF

参考文章

灵魂拷问x10:OpenShift 4层Ingress实现方式大全