张 永 一个梦想自由的程序员

——————————————— 让科技和智能使人更便捷 ———————————————
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

Kubernetes 再深入一点点

Posted on 2019-08-20 15:29  hylas  阅读(298)  评论(0编辑  收藏  举报

 

kb master 运行如下容器

etcd     是 k8s 的核心, 主要负责k8s的核心数据处理及保存,  需要备份该数据,或者做集群 ,服务端口 2379(客户端服务)  2380(节点通信)
kube-controller-manager 负责节点,副本,端点,服务账号 等控制
kube-scheduler 调度器,选择nodes 给新pod使用
kube-apiserver 服务接口, 接收kubectl 或 其它控制程序 对kube里 svc node pod 查询,控制 8080 6443
coredns  dns 服务器 给kube 网内使用
flanneld 给kube 建设一个虚拟网, 也可以用另外的模式
kube-proxy 网络代理, 建立实体机器 与 pods 内部的代理,提供给外部使用
pause 很轻的容器,有多个, 是为了建立其它容器用。 保证其它容器 共享 namespace 和文件

 

kb node 运行

pause     其数量 =  应用数量 + 2
kube-proxy
flanneld

及  实际应用

 

 

etcd 运行参数

            "Entrypoint": [
                "etcd",
                "--advertise-client-urls=https://192.168.2.200:2379",
                "--cert-file=/etc/kubernetes/pki/etcd/server.crt",
                "--client-cert-auth=true",
                "--data-dir=/var/lib/etcd",
                "--initial-advertise-peer-urls=https://192.168.2.200:2380",
                "--initial-cluster=kube-master=https://192.168.2.200:2380",
                "--key-file=/etc/kubernetes/pki/etcd/server.key",
                "--listen-client-urls=https://127.0.0.1:2379,https://192.168.2.200:2379",
                "--listen-peer-urls=https://192.168.2.200:2380",
                "--name=kube-master",
                "--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt",
                "--peer-client-cert-auth=true",
                "--peer-key-file=/etc/kubernetes/pki/etcd/peer.key",
                "--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt",
                "--snapshot-count=10000",
                "--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt"
            ],

 

kube-apiserver  运行参数

            "Entrypoint": [
                "kube-apiserver",
                "--advertise-address=192.168.2.200",
                "--allow-privileged=true",
                "--authorization-mode=Node,RBAC",
                "--client-ca-file=/etc/kubernetes/pki/ca.crt",
                "--enable-admission-plugins=NodeRestriction",
                "--enable-bootstrap-token-auth=true",
                "--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt",
                "--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt",
                "--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key",
                "--etcd-servers=https://127.0.0.1:2379",
                "--insecure-port=0",
                "--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt",
                "--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key",
                "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
                "--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt",
                "--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key",
                "--requestheader-allowed-names=front-proxy-client",
                "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
                "--requestheader-extra-headers-prefix=X-Remote-Extra-",
                "--requestheader-group-headers=X-Remote-Group",
                "--requestheader-username-headers=X-Remote-User",
                "--secure-port=6443",
                "--service-account-key-file=/etc/kubernetes/pki/sa.pub",
                "--service-cluster-ip-range=10.96.0.0/12",
                "--tls-cert-file=/etc/kubernetes/pki/apiserver.crt",
                "--tls-private-key-file=/etc/kubernetes/pki/apiserver.key"
            ],

 

kube-controller-manager 参数

            "Entrypoint": [
                "kube-controller-manager",
                "--allocate-node-cidrs=true",
                "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf",
                "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf",
                "--bind-address=127.0.0.1",
                "--client-ca-file=/etc/kubernetes/pki/ca.crt",
                "--cluster-cidr=10.10.0.0/16",
                "--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt",
                "--cluster-signing-key-file=/etc/kubernetes/pki/ca.key",
                "--controllers=*,bootstrapsigner,tokencleaner",
                "--kubeconfig=/etc/kubernetes/controller-manager.conf",
                "--leader-elect=true",
                "--node-cidr-mask-size=24",
                "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
                "--root-ca-file=/etc/kubernetes/pki/ca.crt",
                "--service-account-private-key-file=/etc/kubernetes/pki/sa.key",
                "--use-service-account-credentials=true"
            ],

 

kube-scheduler 参数

            "Entrypoint": [
                "kube-scheduler",
                "--bind-address=127.0.0.1",
                "--kubeconfig=/etc/kubernetes/scheduler.conf",
                "--leader-elect=true"
            ],

coredns 运行参数  无

flanneld 运行参数 无

kube-proxy 运行参数

            "Entrypoint": [
                "/usr/local/bin/kube-proxy",
                "--config=/var/lib/kube-proxy/config.conf",
                "--hostname-override=kube-master"
            ],