arcts/keepalived Docker Image Overview

arcts/keepalived

自动构建

arcts

基于Alpine的Docker容器，通过keepalived提供IP高可用性（VRRP故障转移），支持自动配置和可选的Kubernetes API Server监控，可实现IP地址的主备切换与高可用管理。

14 次收藏下载次数: 0状态：自动构建维护者：arcts仓库类型：镜像最近更新：7 年前

轩辕镜像，加速的不只是镜像。点击查看

中文简介版本下载

轩辕镜像，加速的不只是镜像。点击查看

arcts/keepalived

基于Alpine的轻量级Docker容器，通过keepalived（VRRP故障转移）提供IP高可用性，并支持可选的Kubernetes API Server监控。默认情况下启用自动配置功能，只需提供少量用户信息即可自动生成基于单播的故障转移配置。

有关keepalived的详细信息，请参阅keepalived.conf手册页或Keepalived用户指南。

前提条件

部署keepalived容器前，主机必须允许非本地绑定IPv4地址。需配置sysctl参数：net.ipv4.ip_nonlocal_bind=1。

此外，容器必须以主机网络模式（--net=host）运行，并添加CAP_NET_ADMIN权限（--cap-add NET_ADMIN）。这些设置使容器能够管理主机的网络配置，是keepalived功能正常运行的必要条件。

配置

执行控制

变量名	默认值
`KEEPALIVED_AUTOCONF`	`true`
`KEEPALIVED_CONF`	`/etc/keepalived/keepalived.conf`
`KEEPALIVED_CMD`	`/usr/sbin/keepalived -n -l -f $KEEPALIVED_CONF`
`KEEPALIVED_DEBUG`	`false`

KEEPALIVED_AUTOCONF - 启用或禁用keepalived的自动配置。
KEEPALIVED_CONF - keepalived配置文件的路径。
KEEPALIVED_CMD - 执行keepalived的命令。
KEEPALIVED_DEBUG - 启用或禁用keepalived的调试级别日志（在KEEPALIVED_CMD中添加-D）。

自动配置选项

变量名	默认值
`KEEPALIVED_ADVERT_INT`	`1`
`KEEPALIVED_AUTH_PASS`	`pwd$KEEPALIVED_VIRTUAL_ROUTER_ID`
`KEEPALIVED_INTERFACE`	`eth0`
`KEEPALIVED_PRIORITY`	`200`
`KEEPALIVED_STATE`	`MASTER`
`KEEPALIVED_TRACK_INTERFACE_###`	无
`KEEPALIVED_UNICAST_SRC_IP`	无
`KEEPALIVED_UNICAST_PEER_###`	无
`KEEPALIVED_VIRTUAL_IPADDRESS_###`	无
`KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_###`	无
`KEEPALIVED_VIRTUAL_ROUTER_ID`	`1`
`KEEPALIVED_KUBE_APISERVER_CHECK`	`false`

KEEPALIVED_ADVERT_INT - VRRP通告间隔（秒）。
KEEPALIVED_AUTH_PASS - VRRP组中各节点的认证密码（注意：若密码超过8个字符，仅使用前8个字符）。
KEEPALIVED_INTERFACE - keepalived监控并用于VRRP流量的主机接口。
KEEPALIVED_PRIORITY - 选举优先级，配置值最高的服务器将成为主节点。
KEEPALIVED_STATE - 定义服务器角色（选项：MASTER或BACKUP）。
KEEPALIVED_TRACK_INTERFACE_### - 需要监控状态的接口（如eth0）。可通过在变量名末尾添加0-999的数字来指定多个接口。
KEEPALIVED_UNICAST_SRC_IP - keepalived守护进程绑定的主机IP。注意：若未指定，将使用KEEPALIVED_INTERFACE接口绑定的第一个IP。
KEEPALIVED_UNICAST_PEER_### - VRRP组中参与节点的IP。可通过在变量名末尾添加0-999的数字来指定多个节点。
KEEPALIVED_VIRTUAL_IPADDRESS_### - 需监控并在主机间故障转移的IP地址。格式为带引号的字符串：<IP地址>/<掩码> brd <广播IP> dev <设备> scope <作用域> label <标签>。至少需指定IP地址、掩码和设备，例如KEEPALIVED_VIRTUAL_IPADDRESS_1="10.10.0.2/24 dev eth0"。可通过在变量名末尾添加0-999的数字来指定多个地址。注意：keepalived最多可监控20个地址，更多地址可通过KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_###随监控地址一起故障转移。
KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_### - 随KEEPALIVED_VIRTUAL_IPADDRESS_###指定的监控地址一起故障转移的IP地址。格式同上，例如KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_1="172.16.1.20/24 dev eth1"。可通过在变量名末尾添加0-999的数字来指定多个地址。
KEEPALIVED_VIRTUAL_ROUTER_ID - VRRP组的唯一标识（0-255）。主节点和备节点需使用相同值。同一主机上可运行多个keepalived实例，但每个实例对必须使用唯一的虚拟路由器ID。
KEEPALIVED_KUBE_APISERVER_CHECK - 启用时配置Kubernetes API Server的简单检查脚本。有关此功能的更多信息，请参见Kubernetes选项部分。

Kubernetes选项

变量名	默认值
`KUBE_APISERVER_ADDRESS`	从`KEEPALIVED_VIRTUAL_IPADDRESS_###`解析
`KUBE_APISERVER_PORT`	`6443`
`KUBE_APISERVER_CHK_INTERVAL`	`3`
`KUBE_APISERVER_CHK_FALL`	`10`
`KUBE_APISERVER_CHK_RISE`	`2`
`KUBE_APISERVER_CHK_WEIGHT`	`-50`

KUBE_APISERVER_ADDRESS - Kube API Server使用的虚拟IP。若未指定，将使用KEEPALIVED_VIRTUAL_IPADDRESS_###变量中编号最小的IP。
KUBE_APISERVER_PORT - 与KUBE_APISERVER_ADDRESS配合使用的端口。
KUBE_APISERVER_CHK_INTERVAL - 脚本调用间隔（秒）。
KUBE_APISERVER_CHK_FALL - 连续脚本退出非零状态的次数，达到后状态设为FAULT。
KUBE_APISERVER_CHK_RISE - 连续脚本退出零状态的次数，达到后退出FAULT状态。
KUBE_APISERVER_CHK_WEIGHT - 服务进入FAULT状态时应用于优先级的权重。

建议的Kubernetes设置

假设有三个节点运行kube-apiserver，仅通过KEEPALIVED_STATE参数无法可靠管理节点间的故障转移。

要管理kube-apiserver故障转移，需启用健康检查选项KEEPALIVED_KUBE_APISERVER_CHECK，并为三个实例手动设置KEEPALIVED_PRIORITY：

节点	优先级
node-01	200
node-02	190
node-03	180

默认权重为-50，若node-01出现问题，其优先级将降至150，允许node-02接管；若node-02故障，优先级降至140，由node-03接管。恢复时，优先级最高的节点将重新成为主节点。

keepalived配置示例

自动生成的Master配置示例

vrrp_instance MAIN {
  state MASTER
  interface eth0
  virtual_router_id 2
  priority 200
  advert_int 1
  unicast_src_ip 10.10.0.21
  unicast_peer {
    10.10.0.22
  }
  authentication {
    auth_type PASS
    auth_pass pwd1
  }
  virtual_ipaddress {
    10.10.0.2/24 dev eth0
  }
  virtual_ipaddress_excluded {
    172.16.1.20/24 dev eth1
  }
  track_interface {
    eth0
    eth1
  }
}

自动生成的Backup配置示例

vrrp_instance MAIN {
  state BACKUP
  interface eth0
  virtual_router_id 2
  priority 100
  advert_int 1
  unicast_src_ip 10.10.0.22
  unicast_peer {
    10.10.0.21
  }
  authentication {
    auth_type PASS
    auth_pass pwd1
  }
  virtual_ipaddress {
    10.10.0.2/24 dev eth0
  }
  virtual_ipaddress_excluded {
    172.16.1.20/24 dev eth1
  }
  track_interface {
    eth0
    eth1
  }
}

运行命令示例

Master节点运行命令

bash
docker run -d --net=host --cap-add NET_ADMIN \
-e KEEPALIVED_AUTOCONF=true                  \
-e KEEPALIVED_STATE=MASTER                   \
-e KEEPALIVED_INTERFACE=eth0                 \
-e KEEPALIVED_VIRTUAL_ROUTER_ID=2            \
-e KEEPALIVED_UNICAST_SRC_IP=10.10.0.21      \
-e KEEPALIVED_UNICAST_PEER_0=10.10.0.22      \
-e KEEPALIVED_TRACK_INTERFACE_1=eth0         \
-e KEEPALIVED_TRACK_INTERFACE_2=eth1         \
-e KEEPALIVED_VIRTUAL_IPADDRESS_1="10.10.0.3/24 dev eth0" \
-e KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_1="172.16.1.20/24 dev eth1" \
arcts/keepalived

Backup节点运行命令

bash
docker run -d --net=host --cap-add NET_ADMIN \
-e KEEPALIVED_AUTOCONF=true                  \
-e KEEPALIVED_STATE=BACKUP                   \
-e KEEPALIVED_INTERFACE=eth0                 \
-e KEEPALIVED_VIRTUAL_ROUTER_ID=2            \
-e KEEPALIVED_UNICAST_SRC_IP=10.10.0.22      \
-e KEEPALIVED_UNICAST_PEER_0=10.10.0.21      \
-e KEEPALIVED_TRACK_INTERFACE_1=eth0         \
-e KEEPALIVED_TRACK_INTERFACE_2=eth1         \
-e KEEPALIVED_VIRTUAL_IPADDRESS_1="10.10.0.3/24 dev eth0" \
-e KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_1="172.16.1.20/24 dev eth1" \
arcts/keepalived

查看更多 keepalived 相关镜像 →