kubernetes集群之部署kube-proxy组件
创建证书请求文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@master-1 work]# vim kube-proxy-csr.json { "CN": "system:kube-proxy", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "Hubei", "L": "Wuhan", "O": "k8s", "OU": "system" } ]} |
创建证书
1 2 3 4 5 6 7 8 9 10 | [root@master-1 work]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy2022/08/11 23:09:30 [INFO] generate received request2022/08/11 23:09:30 [INFO] received CSR2022/08/11 23:09:30 [INFO] generating key: rsa-20482022/08/11 23:09:30 [INFO] encoded CSR2022/08/11 23:09:30 [INFO] signed certificate with serial number 6513935598662035344446553805013902496203939781842022/08/11 23:09:30 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable forwebsites. For more information see the Baseline Requirements for the Issuance and Managementof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);specifically, section 10.2.3 ("Information Requirements"). |
设置角色绑定
1 2 3 4 5 6 7 8 9 | [root@master-1 work]# kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.10.29:6443 --kubeconfig=kube-proxy.kubeconfigCluster "kubernetes" set.[root@master-1 work]# kubectl config set-credentials kube-proxy --client-certificate=kube-proxy.pem --client-key=kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfigUser "kube-proxy" set.您在 /var/spool/mail/root 中有新邮件[root@master-1 work]# kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfigContext "default" created.[root@master-1 work]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfigSwitched to context "default". |
创建kube-proxy配置文件
1 2 3 4 5 6 7 8 9 10 11 | [root@master-1 work]# vim kube-proxy.yamlapiVersion: kubeproxy.config.k8s.io/v1alpha1bindAddress: 192.168.10.32clientConnection: kubeconfig: /etc/kubernetes/kube-proxy.kubeconfigclusterCIDR: 192.168.10.0/24healthzBindAddress: 192.168.10.32:10256kind: KubeProxyConfigurationmetricsBindAddress: 192.168.10.32:10249mode: "ipvs" |
创建服务启动文件与分发文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [root@master-1 work]# vim kube-proxy.service[Unit]Description=Kubernetes Kube-Proxy ServerDocumentation=https://github.com/kubernetes/kubernetesAfter=network.target[Service]WorkingDirectory=/var/lib/kube-proxyExecStart=/usr/local/bin/kube-proxy \ --config=/etc/kubernetes/kube-proxy.yaml \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=/var/log/kubernetes \ --v=2Restart=on-failureRestartSec=5LimitNOFILE=65536[Install]WantedBy=multi-user.target[root@master-1 work]# scp kube-proxy.kubeconfig kube-proxy.yaml node-1:/etc/kubernetes/kube-proxy.kubeconfig 100% 6237 5.3MB/s 00:00 kube-proxy.yaml 100% 293 300.4KB/s 00:00 [root@master-1 work]# scp kube-proxy.service node-1:/usr/lib/systemd/system/kube-proxy.service 100% 438 639.7KB/s 00:00 |
创建服务运行目录并设置开机自启和启动服务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | [root@master-1 work]# scp kube-proxy.kubeconfig kube-proxy.yaml node-1:/etc/kubernetes/kube-proxy.kubeconfig 100% 6237 5.3MB/s 00:00 kube-proxy.yaml 100% 293 300.4KB/s 00:00 [root@master-1 work]# scp kube-proxy.service node-1:/usr/lib/systemd/system/kube-proxy.service 100% 438 639.7KB/s 00:00 您在 /var/spool/mail/root 中有新邮件[root@master-1 work]# vim kube-proxy.service您在 /var/spool/mail/root 中有新邮件[root@node-1 modules]# systemctl enable kube-proxyCreated symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.[root@node-1 modules]# systemctl start kube-proxy[root@node-1 modules]# systemctl status kube-proxy● kube-proxy.service - Kubernetes Kube-Proxy Server Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled) Active: active (running) since 四 2022-08-11 23:21:35 CST; 4s ago Docs: https://github.com/kubernetes/kubernetes Main PID: 23856 (kube-proxy) Tasks: 6 Memory: 16.7M CGroup: /system.slice/kube-proxy.service └─23856 /usr/local/bin/kube-proxy --config=/etc/kubernetes/kube-proxy.yaml --alsologtostderr=true --logtostderr=false --log-dir=/var/log/kubernetes --v=28月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.479752 23856 shared_informer.go:240] Waiting for caches to sync for service config8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.479767 23856 config.go:224] Starting endpoint slice config controller8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.479770 23856 shared_informer.go:240] Waiting for caches to sync for endpoint slice config8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.479870 23856 reflector.go:219] Starting reflector *v1.Service (15m0s) from k8s.io/client-go/informers/factory.go:1348月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.480231 23856 reflector.go:219] Starting reflector *v1beta1.EndpointSlice (15m0s) from k8s.io/client-go/informers/factory.go:1348月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.491603 23856 service.go:275] Service default/kubernetes updated: 1 ports8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.580498 23856 shared_informer.go:247] Caches are synced for service config8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.580586 23856 proxier.go:1036] Not syncing ipvs rules until Services and Endpoints have been received from master8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.580498 23856 shared_informer.go:247] Caches are synced for endpoint slice config8月 11 23:21:35 node-1 kube-proxy[23856]: I0811 23:21:35.580929 23856 service.go:390] Adding new service port "default/kubernetes:https" at 10.255.0.1:443/TCP |
部署calico组件参考yamle https://support.huaweicloud.com/intl/en-us/fg-kunpengcpfs/kunpengcontainer_06_0033.html 镜像版本 docker.io/calico/node:v3.5.3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | [root@master-1 ~]# mv calico.yaml /tmp/[root@master-1 ~]# curl https://projectcalico.docs.tigera.io/manifests/canal.yaml -O % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 225k 100 225k 0 0 36398 0 0:00:06 0:00:06 --:--:-- 60266[root@master-1 ~]# kubectl apply -f canal.yamlconfigmap/canal-config createdcustomresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org createdclusterrole.rbac.authorization.k8s.io/calico-kube-controllers createdclusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers createdclusterrole.rbac.authorization.k8s.io/calico-node createdclusterrole.rbac.authorization.k8s.io/flannel createdclusterrolebinding.rbac.authorization.k8s.io/canal-flannel createdclusterrolebinding.rbac.authorization.k8s.io/canal-calico createddaemonset.apps/canal createdserviceaccount/canal createddeployment.apps/calico-kube-controllers createdserviceaccount/calico-kube-controllers createderror: unable to recognize "canal.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 25m v1.20.7 下载镜像[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 25m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 25m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 25m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 26m v1.20.7您在 /var/spool/mail/root 中有新邮件[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 26m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 26m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 26m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 26m v1.20.7[root@master-1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 Ready <none> 26m v1.20.7[root@master-1 ~]# |
草都可以从石头缝隙中长出来更可况你呢
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级:DeepSeek 加持,客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏