本文共 3578 字,大约阅读时间需要 11 分钟。
部署Kubernetes Proxy
[base]
name=CentOS-$releasever - Base#mirrorlist=baseurl=gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-71.配置kube-proxy使用LVS
[root@k8snode1 ~]# yum install -y ipvsadm ipset conntrack[root@k8smaster opt]# cd /usr/local/src/ssl/
[root@k8smaster ssl]# vim kube-proxy-csr.json{
"CN": "system:kube-proxy","hosts": [],"key": { "algo": "rsa","size": 2048},"names": [{ "C": "CN","ST": "BeiJing","L": "BeiJing","O": "k8s","OU": "System"}]}3.生成证书
[root@k8smaster ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \-ca-key=/opt/kubernetes/ssl/ca-key.pem \-config=/opt/kubernetes/ssl/ca-config.json \-profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy4.分发证书到所有节点
[root@k8smaster ssl]# cp kube-proxy.pem /opt/kubernetes/ssl/[root@k8smaster ssl]# scp kube-proxy.pem k8snode1:/opt/kubernetes/ssl/ [root@k8smaster ssl]# scp kube-proxy*.pem k8snode2:/opt/kubernetes/ssl/5.创建kube-proxy配置文件
[root@k8smaster ssl]# kubectl config set-cluster kubernetes \--certificate-authority=/opt/kubernetes/ssl/ca.pem \--embed-certs=true \--server= \--kubeconfig=kube-proxy.kubeconfig[root@k8smaster ssl]# kubectl config set-credentials kube-proxy \
--client-certificate=/opt/kubernetes/ssl/kube-proxy.pem \--client-key=/opt/kubernetes/ssl/kube-proxy-key.pem \--embed-certs=true \--kubeconfig=kube-proxy.kubeconfigUser "kube-proxy" set.[root@k8smaster ssl]# kubectl config set-context default \
--cluster=kubernetes \--user=kube-proxy \--kubeconfig=kube-proxy.kubeconfigContext "default" created.[root@k8smaster ssl]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
Switched to context "default".6.分发kubeconfig配置文件
[root@k8smaster ssl]# cp kube-proxy.kubeconfig /opt/kubernetes/cfg/[root@k8smaster ssl]# scp kube-proxy.kubeconfig k8snode1:/opt/kubernetes/cfg/[root@k8smaster ssl]# scp kube-proxy.kubeconfig k8snode2:/opt/kubernetes/cfg/7.创建kube-proxy服务配置(node节点)
[root@k8snode1 ~]# mkdir /var/lib/kube-proxy[root@k8snode1 ~]# vim /usr/lib/systemd/system/kube-proxy.service[Unit]
Description=Kubernetes Kube-Proxy ServerDocumentation=[Service]
WorkingDirectory=/var/lib/kube-proxyExecStart=/opt/kubernetes/bin/kube-proxy \--bind-address=192.168.137.201 \--hostname-override=192.168.137.201 \--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \--masquerade-all \--feature-gates=SupportIPVSProxyMode=true \--proxy-mode=ipvs \--ipvs-min-sync-period=5s \--ipvs-sync-period=5s \--ipvs-scheduler=rr \--logtostderr=true \--v=2 \--logtostderr=false \--log-dir=/opt/kubernetes/logRestart=on-failure
RestartSec=5LimitNOFILE=65536[Install]
WantedBy=multi-user.target9.查看服务状态 查看kube-proxy服务状态
[root@k8snode1 ~]# systemctl daemon-reload[root@k8snode1 ~]# systemctl enable kube-proxy[root@k8snode1 ~]# systemctl start kube-proxy[root@k8snode1 ~]# systemctl status kube-proxy在node节点查看LVS状态
[root@k8snode1 ~]# ipvsadm -L -nIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.137.201:33246 rrTCP 192.168.137.215:33246 rrTCP 10.1.0.1:443 rr persistent 10800-> 192.168.137.171:6443 Masq 1 0 0 TCP 10.1.0.2:53 rrTCP 10.1.72.67:443 rrTCP 10.1.233.95:80 rrTCP 127.0.0.1:33246 rrTCP 172.17.0.1:33246 rrUDP 10.1.0.2:53 rrmaster节点查看 node状态
[root@k8smaster ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONk8snode1 Ready <none> 1h v1.10.1k8snode2 Ready <none> 1h v1.10.1转载于:https://blog.51cto.com/andyliu/2129075