您好,登錄后才能下訂單哦!
小編給大家分享一下Kubernetes 1.8.4中如何安裝Kube-proxy和Kube-dns,希望大家閱讀完這篇文章之后都有所收獲,下面讓我們一起去探討吧!
Kube-proxy 是實現 Service 的關鍵組件,kube-proxy 會在每臺節點上執行,然后監聽 API Server 的 Service 與 Endpoint 資源對象的改變,然后來依據變化執行 iptables 來實現網絡的轉發。這邊我們會需要建議一個 DaemonSet 來執行,并且創建一些需要的certificate。Kubernetes 1.8 kube-proxy 開啟 ipvs。
在master生成kube-proxy-csr.json文件,并產生 kube-proxy certificate 證書
生成kube-proxy-csr.json文件
cd /etc/kubernetes/pki
cat <<EOF > kube-proxy-csr.json { "CN": "system:kube-proxy", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "SC", "ST": "ChengDu", "L": "ChengDu", "O": "system:kube-proxy", "OU": "Kubernetes-manual" } ] } EOF
生成證書
cfssl gencert \ -ca=ca.pem \ -ca-key=ca-key.pem \ -config=ca-config.json \ -profile=kubernetes \ kube-proxy-csr.json | cfssljson -bare kube-proxy
生成名稱為 kube-proxy.conf 的 kubeconfig文件
# kube-proxy set-cluster kubectl config set-cluster kubernetes \ --certificate-authority=ca.pem \ --embed-certs=true \ --server="https://10.0.0.162:6443" \ --kubeconfig=../kube-proxy.conf # kube-proxy set-credentials kubectl config set-credentials system:kube-proxy \ --client-key=kube-proxy-key.pem \ --client-certificate=kube-proxy.pem \ --embed-certs=true \ --kubeconfig=../kube-proxy.conf # kube-proxy set-context kubectl config set-context system:kube-proxy@kubernetes \ --cluster=kubernetes \ --user=system:kube-proxy \ --kubeconfig=../kube-proxy.conf # kube-proxy set default context kubectl config use-context system:kube-proxy@kubernetes \ --kubeconfig=../kube-proxy.conf
在master將kube-proxy相關文件復制到 Node 節點上
cd /etc/kubernetes
for NODE in node163 node164; do for FILE in pki/kube-proxy.pem pki/kube-proxy-key.pem kube-proxy.conf; do scp /etc/kubernetes/${FILE} ${NODE}:/etc/kubernetes/${FILE} done done
完成后,在master通過 kubectl 來創建 kube-proxy daemon
mkdir -p /etc/kubernetes/addons && cd /etc/kubernetes/addons
生成kube-proxy.yml
cat <<EOF > kube-proxy.yml apiVersion: v1 kind: ServiceAccount metadata: name: kube-proxy labels: k8s-app: kube-proxy kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile namespace: kube-system --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-proxy labels: k8s-app: kube-proxy kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile namespace: kube-system spec: selector: matchLabels: k8s-app: kube-proxy templateGeneration: 1 updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: labels: k8s-app: kube-proxy annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: serviceAccountName: kube-proxy hostNetwork: true containers: - name: kube-proxy image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.8.4 command: - kube-proxy - --v=0 - --logtostderr=true - --kubeconfig=/run/kube-proxy.conf - --cluster-cidr=10.244.0.0/16 - --proxy-mode=iptables imagePullPolicy: IfNotPresent securityContext: privileged: true volumeMounts: - mountPath: /run/kube-proxy.conf name: kubeconfig readOnly: true - mountPath: /etc/kubernetes/pki name: k8s-certs readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /etc/kubernetes/kube-proxy.conf type: FileOrCreate name: kubeconfig - hostPath: path: /etc/kubernetes/pki type: DirectoryOrCreate name: k8s-certs EOF
kubectl apply -f kube-proxy.yml
查看狀態
kubectl -n kube-system get po -l k8s-app=kube-proxy
Kube DNS 是 Kubernetes 集群內部 Pod 之間互相溝通的重要 Addon,它允許 Pod 可以通過 Domain Name 方式來連接 Service,其主要由 Kube DNS 與 Sky DNS 組合而成,通過 Kube DNS 監聽 Service 與 Endpoint 變化,來提供給 Sky DNS 信息,已更新解析地址。
只需要在master通過 kubectl 來創建 kube-dns deployment 即可
cat <<EOF > kube-dns.yml apiVersion: v1 kind: ServiceAccount metadata: name: kube-dns labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile namespace: kube-system --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: selector: k8s-app: kube-dns clusterIP: 10.96.0.10 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: strategy: rollingUpdate: maxSurge: 10% maxUnavailable: 0 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: dnsPolicy: Default serviceAccountName: kube-dns tolerations: - key: "CriticalAddonsOnly" operator: "Exists" - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: kube-dns-config configMap: name: kube-dns optional: true containers: - name: kubedns image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64:1.14.7 resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi livenessProbe: httpGet: path: /healthcheck/kubedns port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /readiness port: 8081 scheme: HTTP initialDelaySeconds: 3 timeoutSeconds: 5 args: - "--domain=cluster.local" - --dns-port=10053 - --v=2 env: - name: PROMETHEUS_PORT value: "10055" ports: - containerPort: 10053 name: dns-local protocol: UDP - containerPort: 10053 name: dns-tcp-local protocol: TCP - containerPort: 10055 name: metrics protocol: TCP volumeMounts: - name: kube-dns-config mountPath: /kube-dns-config - name: dnsmasq image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7 livenessProbe: httpGet: path: /healthcheck/dnsmasq port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - "-v=2" - "-logtostderr" - "-configDir=/etc/k8s/dns/dnsmasq-nanny" - "-restartDnsmasq=true" - "--" - "-k" - "--cache-size=1000" - "--log-facility=-" - "--server=/cluster.local/127.0.0.1#10053" - "--server=/in-addr.arpa/127.0.0.1#10053" - "--server=/ip6.arpa/127.0.0.1#10053" ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP resources: requests: cpu: 150m memory: 20Mi volumeMounts: - name: kube-dns-config mountPath: /etc/k8s/dns/dnsmasq-nanny - name: sidecar image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.7 livenessProbe: httpGet: path: /metrics port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - "--v=2" - "--logtostderr" - "--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A" - "--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A" ports: - containerPort: 10054 name: metrics protocol: TCP resources: requests: memory: 20Mi cpu: 10m EOF
kubectl apply -f kube-dns.yml
查看狀態
kubectl -n kube-system get po -l k8s-app=kube-dns
看完了這篇文章,相信你對“Kubernetes 1.8.4中如何安裝Kube-proxy和Kube-dns”有了一定的了解,如果想了解更多相關知識,歡迎關注億速云行業資訊頻道,感謝各位的閱讀!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。