您好,登錄后才能下訂單哦!
kube-proxy組件是要是為集群內(nèi)pod應(yīng)用提供endpoint服務(wù),當(dāng)我們?yōu)橐粋€(gè)pod定義了svc時(shí),kube-proxy會(huì)自動(dòng)生成pod與svc的映射關(guān)系,并代理到集群內(nèi)部或宿主機(jī)上。
特別說(shuō)明:這里所有的操作都是在devops這臺(tái)機(jī)器上通過(guò)ansible工具執(zhí)行;kube-proxy 需要使用kubeconfig認(rèn)證文件安全訪問(wèn)kube-apiserver:它監(jiān)聽(tīng) apiserver 中 service 和 endpoint 的變化情況,創(chuàng)建路由規(guī)則以提供服務(wù) IP 和負(fù)載均衡功能。
#################### Variable parameter setting ######################
KUBE_NAME=kube-proxy
K8S_INSTALL_PATH=/data/apps/k8s/kubernetes
K8S_BIN_PATH=${K8S_INSTALL_PATH}/sbin
K8S_LOG_DIR=${K8S_INSTALL_PATH}/logs
K8S_CONF_PATH=/etc/k8s/kubernetes
KUBE_CONFIG_PATH=/etc/k8s/kubeconfig
CA_DIR=/etc/k8s/ssl
SOFTWARE=/root/software
HOSTNAME=`hostname`
VERSION=v1.14.2
PACKAGE=kubernetes-server-${VERSION}-linux-amd64.tar.gz
DOWNLOAD_URL=https://github.com/devops-apps/download/raw/master/kubernetes/$PACKAGE
ETH_INTERFACE=eth2
LISTEN_IP=$(ifconfig | grep -A 1 ${ETH_INTERFACE} |grep inet |awk '{print $2}')
CLUSTER_PODS_CIDR=172.16.0.0/20
訪問(wèn)kubernetes github 官方地址下載穩(wěn)定的 realease 包至本機(jī);
wget $DOWNLOAD_URL -P $SOFTWARE
將kubernetes 軟件包分發(fā)到各個(gè)master節(jié)點(diǎn)服務(wù)器;
sudo ansible master_k8s_vgs -m copy -a "src=${SOFTWARE}/$PACKAGE dest=${SOFTWARE}/" -b
### 1.Check if the install directory exists.
if [ ! -d "$K8S_BIN_PATH" ]; then
mkdir -p $K8S_BIN_PATH
fi
if [ ! -d "$K8S_LOG_DIR/$KUBE_NAME" ]; then
mkdir -p $K8S_LOG_DIR/$KUBE_NAME
fi
if [ ! -d "$K8S_CONF_PATH" ]; then
mkdir -p $K8S_CONF_PATH
fi
if [ ! -d "$KUBE_CONFIG_PATH" ]; then
mkdir -p $KUBE_CONFIG_PATH
fi
### 2.Install kube-proxy binary of kubernetes.
if [ ! -f "$SOFTWARE/kubernetes-server-${VERSION}-linux-amd64.tar.gz" ]; then
wget $DOWNLOAD_URL -P $SOFTWARE >>/tmp/install.log 2>&1
fi
cd $SOFTWARE && tar -xzf kubernetes-server-${VERSION}-linux-amd64.tar.gz -C ./
cp -fp kubernetes/server/bin/$KUBE_NAME $K8S_BIN_PATH
ln -sf $K8S_BIN_PATH/${KUBE_NAME} /usr/local/bin
chmod -R 755 $K8S_INSTALL_PATH
cd $CA_DIR
ansible worker_k8s_vgs -m copy -a "src=ca.pem dest=$CA_DIR" -b
kube-proxy使用 kubeconfig文件連接訪問(wèn) apiserver服務(wù),該文件提供了 apiserver 地址、嵌入的 CA 證書(shū)和 kube-proxy服務(wù)器證書(shū)以及私鑰:
cd $KUBE_CONFIG_PATH
ansible worker_k8s_vgs -m copy -a "src= kube-proxy.kubeconfig dest=$KUBE_CONFIG_PATH" -b
備注: 如果在前面小節(jié)已經(jīng)同步過(guò)各組件kubeconfig和證書(shū)文件,此處可以不必執(zhí)行此操作;
cat >${K8S_CONF_PATH}/kube-proxy-config.yaml<<EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
clientConnection:
burst: 200
kubeconfig: "${KUBE_CONFIG_PATH}/kube-proxy.kubeconfig"
qps: 100
bindAddress: ${LISTEN_IP}
healthzBindAddress: ${LISTEN_IP}:10256
metricsBindAddress: ${LISTEN_IP}:10249
clusterCIDR: ${CLUSTER_PODS_CIDR}
hostnameOverride: ${HOSTNAME}
mode: "ipvs"
portRange: ""
kubeProxyIPTablesConfiguration:
masqueradeAll: false
kubeProxyIPVSConfiguration:
scheduler: rr
excludeCIDRs: []
EOF
cat >/usr/lib/systemd/system/${KUBE_NAME}.service <<EOF
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=${K8S_INSTALL_PATH}
ExecStart=${K8S_BIN_PATH}/${KUBE_NAME} \\
--config=${K8S_CONF_PATH}/kube-proxy-config.yaml \\
--alsologtostderr=true \\
--logtostderr=false \\
--log-dir=${K8S_LOG_DIR}/${KUBE_NAME} \\
--v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl status kube-proxy|grep Active
確保狀態(tài)為 active (running),否則查看日志,確認(rèn)原因:
sudo journalctl -u kube-proxy
注意:以下命令在 kube-scheduler 節(jié)點(diǎn)上執(zhí)行。kube-proxy 監(jiān)聽(tīng) 10249 和 10256 端口:兩個(gè)接口都對(duì)外提供 /metrics 和 /healthz 的訪問(wèn)。
sudo netstat -ntlp | grep kube-proxy
tcp 0 0 10.10.10.40:10249 0.0.0.0:* LISTEN 22604/kube-proxy
tcp 0 0 10.10.10.40:10256 0.0.0.0:* LISTEN 22604/kube-proxy
sudo ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.20.40:8400 rr
-> 172.16.3.2:8080 Masq 1 0 0
-> 172.16.3.3:8080 Masq 1 0 0
-> 172.16.3.4:8080 Masq 1 0 0
TCP 192.168.20.40:8497 rr
-> 172.16.3.2:8500 Masq 1 0 0
-> 172.16.3.3:8500 Masq 1 0 0
-> 172.16.3.4:8500 Masq 1 0 0
TCP 10.10.10.40:8400 rr
-> 172.16.3.2:8080 Masq 1 0 0
-> 172.16.3.3:8080 Masq 1 0 0
-> 172.16.3.4:8080 Masq 1 0 0
至此整個(gè)集群基本部署完成,關(guān)于kubernetes集群監(jiān)控請(qǐng)參考:kubernetes集群安裝指南:kubernetes集群插件部署。kube-proxy腳本可以從此處獲取,
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。