7 部署kube-proxy
部署kube-proxy
集群规划
主机名 角色 ip
rstx-203.rongbiz.cn kube-proxy 192.168.1.121
rstx-204.rongbiz.cn kube-proxy 192.168.1.122
注意:这里部署文档以rstx-203.rongbiz.cn主机为例。另外一台运算节点安装部署方法类似
----------
第一台node节点部署完成后,将生成的配置文件拷贝至各个Node节点
[root@rstx-204 cert]
[root@rstx-204 conf]
----------
签发kube-proxy证书
运维主机rstx-53.rongbiz.cn上:
签发生成证书签名请求(CSR)的JSON配置文件
[root@rstx-53 certs]
{
"CN": "system:kube-proxy",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "od",
"OU": "ops"
}
]
}
生成证书
[root@rstx-53 certs]
[root@rstx-53 certs]
-rw-r--r-- 1 root root 1005 12月 12 10:23 kube-proxy-client.csr
-rw------- 1 root root 1679 12月 12 10:23 kube-proxy-client-key.pem
-rw-r--r-- 1 root root 1375 12月 12 10:23 kube-proxy-client.pem
-rw-r--r-- 1 root root 267 12月 12 10:22 kube-proxy-csr.json
----------
分发证书,将证书拷贝到node节点,注意私钥文件属性600
[root@rstx-203 ~]
[root@rstx-203 cert]
[root@rstx-203 cert]
----------
在conf文件夹下创建配置 -- 只做一次,然后将kube-proxy.kubeconfig拷贝至各个node节点
[root@rstx-203 cert]
[root@rstx-203 conf]
--certificate-authority=/opt/kubernetes/server/bin/certs/ca.pem \
--embed-certs=true \
--server=https://192.168.1.200:7443 \
--kubeconfig=kube-proxy.kubeconfig
[root@rstx-203 conf]
audit.yaml k8s-node.yaml kubelet.kubeconfig kube-proxy.kubeconfig
[root@rstx-203 conf]
--client-certificate=/opt/kubernetes/server/bin/certs/kube-proxy-client.pem \
--client-key=/opt/kubernetes/server/bin/certs/kube-proxy-client-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig
[root@rstx-203 conf]
--cluster=myk8s \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
[root@rstx-203 conf]
第一台node节点部署完成后,将生成的配置文件拷贝至各个Node节点
[root@rstx-204 cert]
[root@rstx-204conf]
----------
* 加载ipvs模块 -- 脚本需要设置成开启自动运行
[root@rstx-203 conf]
ipvs_mods_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs"
for i in $(ls $ipvs_mods_dir|grep -o "^[^.]*")
do
/sbin/modinfo -F filename $i &>/dev/null
if [ $? -eq 0 ];then
/sbin/modprobe $i
fi
done
[root@rstx-203 conf]
执行脚本
[root@rstx-203 conf]
查看内核是否加载ipvs模块
[root@rstx-203 conf]
ip_vs_wrr 12697 0
ip_vs_wlc 12519 0
ip_vs_sh 12688 0
ip_vs_sed 12519 0
ip_vs_rr 12600 0
ip_vs_pe_sip 12740 0
nf_conntrack_sip 33860 1 ip_vs_pe_sip
ip_vs_nq 12516 0
ip_vs_lc 12516 0
ip_vs_lblcr 12922 0
ip_vs_lblc 12819 0
ip_vs_ftp 13079 0
ip_vs_dh 12688 0
ip_vs 145497 24 ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_pe_sip,ip_vs_lblcr,ip_vs_lblc
nf_nat 26787 3 ip_vs_ftp,nf_nat_ipv4,nf_nat_masquerade_ipv4
nf_conntrack 133095 8 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_sip,nf_conntrack_ipv4
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
设置开机自动启动
[root@rstx-203 ~]
/root/ipvs.sh
开启开机自启动脚本功能 -- 详见本文件夹内 开启开机自启动脚本文件
[root@rstx-203 ~]
[root@rstx-203 ~]
[root@rstx-203 ~]
[Unit]
Description=/etc/rc.d/rc.local Compatibility
ConditionFileIsExecutable=/etc/rc.d/rc.local
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.d/rc.local start
TimeoutSec=0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
[root@rstx-203 ~]
开启 rc-local.service 服务:
[root@rstx-203 ~]
[root@rstx-203 ~]
----------
创建kube-proxy启动脚本
rstx-203.rongbiz.cn:
[root@rstx-204 ~]
./kube-proxy \
--cluster-cidr 172.7.0.0/16 \
--hostname-override rstx-203.rongbiz.cn \
--proxy-mode=ipvs \
--ipvs-scheduler=nq \
--kubeconfig ./conf/kube-proxy.kubeconfig
[root@rstx-204 ~]
[root@rstx-204 ~]
[root@rstx-204 ~]
[program:kube-proxy-203]
command=/opt/kubernetes/server/bin/kube-proxy.sh ; the program (relative uses PATH, can take args)
numprocs=1 ; number of processes copies to start (def 1)
directory=/opt/kubernetes/server/bin ; directory to cwd to before exec (def no cwd)
autostart=true ; start at supervisord start (default: true)
autorestart=true ; retstart at unexpected quit (default: true)
startsecs=30 ; number of secs prog must stay running (def. 1)
startretries=3 ; max
exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT ; signal used to kill process (default TERM)
stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
user=root ; setuid to this UNIX account to run the program
redirect_stderr=true ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/kubernetes/kube-proxy/proxy.stdout.log ; stderr log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB ; max
stdout_logfile_backups=4 ;
stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false ; emit events on stdout writes (default false)
killasgroup=true
stopasgroup=true
[root@rstx-204 ~]
[root@rstx-204 ~]
kube-proxy-22 RUNNING pid 6873, uptime 0:28:15
[root@rstx-204 ~]
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 7310/./kube-proxy
tcp6 0 0 :::10256 :::* LISTEN 7310/./kube-proxy
----------
查看ipvs是否生效
[root@rstx-203 ~]
[root@rstx-203 ~]
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.254.0.1:443 nq
-> 192.168.153.21:6443 Masq 1 0 0
-> 192.168.153.22:6443 Masq 1 0 0
[root@rstx-203 ~]
验证kuberneters集群
在任意一个运算节点,创建一个资源配置清单
这里我们选择rstx-203.rongbiz.cn主机
[root@rstx-204 ~]
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ds
spec:
template:
metadata:
labels:
app: nginx-ds
spec:
containers:
- name: my-nginx
image: harbor.rongbiz.cn/public/nginx:v1.7.9
ports:
- containerPort: 80
测试完删除
[root@rstx-204 ~]
daemonset.extensions/nginx-ds created
[root@rstx-203 ~]
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-2 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
[root@rstx-203 ~]
NAME STATUS ROLES AGE VERSION
rstx-203.rongbiz.cn Ready master,node 94m v1.15.4
rstx-204.rongbiz.cn Ready master,node 86m v1.15.4
[root@rstx-203 ~]
NAME READY STATUS RESTARTS AGE
nginx-ds-64pxp 1/1 Running 0 4m49s
nginx-ds-q4wd9 1/1 Running 0 4m50s
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Java 中堆内存和栈内存上的数据分布和特点
· 开发中对象命名的一点思考
· .NET Core内存结构体系(Windows环境)底层原理浅谈
· C# 深度学习:对抗生成网络(GAN)训练头像生成模型
· .NET 适配 HarmonyOS 进展
· 本地部署 DeepSeek:小白也能轻松搞定!
· 如何给本地部署的DeepSeek投喂数据,让他更懂你
· 从 Windows Forms 到微服务的经验教训
· 李飞飞的50美金比肩DeepSeek把CEO忽悠瘸了,倒霉的却是程序员
· 超详细,DeepSeek 接入PyCharm实现AI编程!(支持本地部署DeepSeek及官方Dee