OpenTofu – Virtuelle IP-Adresse
Eine virtuelle IP-Adresse (VIP) ermöglicht Hochverfügbarkeit ohne einen einzelnen Load-Balancer als Single Point of Failure. Das Protokoll dahinter ist VRRP, implementiert durch keepalived.
Konzept
- MASTER-LB hält die virtuelle IP und sendet regelmäßig Heartbeats.
- BACKUP-LB übernimmt die VIP automatisch, wenn der Master ausfällt (Failover).
main.tf (Auszug)
# 2 keepalived Server
resource "hcloud_server" "lb" {
for_each = { for server in range(0, 2) : server => "keepalived-lb-${server}" }
name = "${each.value}"
image = "debian-13"
server_type = "cx23"
location = "nbg1"
# ...
provisioner "remote-exec" {
inline = [
"apt update",
"apt install -y keepalived tcpdump",
]
}
}
Befehle
cd ~/kubernetes-tutorial/src/opentofu/k3s-installation/k3s-keepalived
tofu init
tofu plan
tofu apply
tofu state list
# IPs der Load Balancer ermitteln
tofu state show 'hcloud_server.lb["0"]' | grep "ipv4_address"
tofu state show 'hcloud_server.lb["1"]' | grep "ipv4_address"
# MASTER konfigurieren (lb-0)
scp -i ../../schulung keepalived-master.conf root@[ip-lb-0]:/etc/keepalived/keepalived.conf
ssh -i ../../schulung root@[ip-lb-0]
vim /etc/keepalived/keepalived.conf # [ip-lb-0] und [ip-lb-1] eintragen
systemctl restart keepalived
systemctl status keepalived
tcpdump proto 112 # VRRP-Heartbeats beobachten
exit
# BACKUP konfigurieren (lb-1)
scp -i ../../schulung keepalived-backup.conf root@[ip-lb-1]:/etc/keepalived/keepalived.conf
ssh -i ../../schulung root@[ip-lb-1]
vim /etc/keepalived/keepalived.conf
systemctl restart keepalived
exit
Failover testen
# lb-0: VIP prüfen
ip -4 addr show eth0
# lb-1: noch keine VIP
ip -4 addr show eth0
# keepalived auf lb-0 stoppen → Failover auf lb-1
systemctl stop keepalived
# lb-1: übernimmt die VIP
ip -4 addr show eth0
tofu destroy