中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Kubernetes 1.8.4中如何安裝Kube-proxy和Kube-dns

發布時間:2021-11-12 11:35:36 來源:億速云 閱讀:287 作者:小新 欄目:云計算

小編給大家分享一下Kubernetes 1.8.4中如何安裝Kube-proxy和Kube-dns,希望大家閱讀完這篇文章之后都有所收獲,下面讓我們一起去探討吧!

Kube-proxy

      Kube-proxy 是實現 Service 的關鍵組件,kube-proxy 會在每臺節點上執行,然后監聽 API Server 的 Service 與 Endpoint 資源對象的改變,然后來依據變化執行 iptables 來實現網絡的轉發。這邊我們會需要建議一個 DaemonSet 來執行,并且創建一些需要的certificate。Kubernetes 1.8 kube-proxy 開啟 ipvs。

  • 在master生成kube-proxy-csr.json文件,并產生 kube-proxy certificate 證書
    生成kube-proxy-csr.json文件

    cd /etc/kubernetes/pki


    cat <<EOF > kube-proxy-csr.json
    {
        "CN": "system:kube-proxy",
        "key": {
            "algo": "rsa",
            "size": 2048
        },
        "names": [
            {
                "C": "SC",
                "ST": "ChengDu",
                "L": "ChengDu",
                "O": "system:kube-proxy",
                "OU": "Kubernetes-manual"
            }
        ]
    }
    EOF


    生成證書

    cfssl gencert \
      -ca=ca.pem \
      -ca-key=ca-key.pem \
      -config=ca-config.json \
      -profile=kubernetes \
      kube-proxy-csr.json | cfssljson -bare kube-proxy


    生成名稱為 kube-proxy.conf 的 kubeconfig文件

    # kube-proxy set-cluster
    kubectl config set-cluster kubernetes \
        --certificate-authority=ca.pem \
        --embed-certs=true \
        --server="https://10.0.0.162:6443" \
        --kubeconfig=../kube-proxy.conf
    
    # kube-proxy set-credentials
     kubectl config set-credentials system:kube-proxy \
        --client-key=kube-proxy-key.pem \
        --client-certificate=kube-proxy.pem \
        --embed-certs=true \
        --kubeconfig=../kube-proxy.conf
    
    # kube-proxy set-context
    kubectl config set-context system:kube-proxy@kubernetes \
        --cluster=kubernetes \
        --user=system:kube-proxy \
        --kubeconfig=../kube-proxy.conf
    
    # kube-proxy set default context
    kubectl config use-context system:kube-proxy@kubernetes \
        --kubeconfig=../kube-proxy.conf


    在master將kube-proxy相關文件復制到 Node 節點上

    cd /etc/kubernetes


    for NODE in node163 node164; do
        for FILE in pki/kube-proxy.pem pki/kube-proxy-key.pem kube-proxy.conf; do
          scp /etc/kubernetes/${FILE} ${NODE}:/etc/kubernetes/${FILE}
        done
      done


    完成后,在master通過 kubectl 來創建 kube-proxy daemon

    mkdir -p /etc/kubernetes/addons && cd /etc/kubernetes/addons


    生成kube-proxy.yml

    cat <<EOF > kube-proxy.yml
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: kube-proxy
      labels:
        k8s-app: kube-proxy
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile
      namespace: kube-system
    ---
    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
      name: kube-proxy
      labels:
        k8s-app: kube-proxy
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile
      namespace: kube-system
    spec:
      selector:
        matchLabels:
          k8s-app: kube-proxy
      templateGeneration: 1
      updateStrategy:
        rollingUpdate:
          maxUnavailable: 1
        type: RollingUpdate
      template:
        metadata:
          labels:
            k8s-app: kube-proxy
          annotations:
            scheduler.alpha.kubernetes.io/critical-pod: ''
        spec:
          serviceAccountName: kube-proxy
          hostNetwork: true
          containers:
          - name: kube-proxy
            image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.8.4
            command:
            - kube-proxy
            - --v=0
            - --logtostderr=true
            - --kubeconfig=/run/kube-proxy.conf
            - --cluster-cidr=10.244.0.0/16
            - --proxy-mode=iptables
            imagePullPolicy: IfNotPresent
            securityContext:
              privileged: true
            volumeMounts:
            - mountPath: /run/kube-proxy.conf
              name: kubeconfig
              readOnly: true
            - mountPath: /etc/kubernetes/pki
              name: k8s-certs
              readOnly: true
          dnsPolicy: ClusterFirst
          restartPolicy: Always
          terminationGracePeriodSeconds: 30
          volumes:
          - hostPath:
              path: /etc/kubernetes/kube-proxy.conf
              type: FileOrCreate
            name: kubeconfig
          - hostPath:
              path: /etc/kubernetes/pki
              type: DirectoryOrCreate
            name: k8s-certs
    EOF


    kubectl apply -f kube-proxy.yml


    查看狀態

    kubectl -n kube-system get po -l k8s-app=kube-proxy


     

Kube-dns 

      Kube DNS 是 Kubernetes 集群內部 Pod 之間互相溝通的重要 Addon,它允許 Pod 可以通過 Domain Name 方式來連接 Service,其主要由 Kube DNS 與 Sky DNS 組合而成,通過 Kube DNS 監聽 Service 與 Endpoint 變化,來提供給 Sky DNS 信息,已更新解析地址。

       只需要在master通過 kubectl 來創建 kube-dns deployment 即可

cat <<EOF > kube-dns.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kube-dns
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: 10.96.0.10
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  strategy:
    rollingUpdate:
      maxSurge: 10%
      maxUnavailable: 0
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      dnsPolicy: Default
      serviceAccountName: kube-dns
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      volumes:
      - name: kube-dns-config
        configMap:
          name: kube-dns
          optional: true
      containers:
      - name: kubedns
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64:1.14.7
        resources:
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        livenessProbe:
          httpGet:
            path: /healthcheck/kubedns
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 3
          timeoutSeconds: 5
        args:
        - "--domain=cluster.local"
        - --dns-port=10053
        - --v=2
        env:
        - name: PROMETHEUS_PORT
          value: "10055"
        ports:
        - containerPort: 10053
          name: dns-local
          protocol: UDP
        - containerPort: 10053
          name: dns-tcp-local
          protocol: TCP
        - containerPort: 10055
          name: metrics
          protocol: TCP
        volumeMounts:
        - name: kube-dns-config
          mountPath: /kube-dns-config
      - name: dnsmasq
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7
        livenessProbe:
          httpGet:
            path: /healthcheck/dnsmasq
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - "-v=2"
        - "-logtostderr"
        - "-configDir=/etc/k8s/dns/dnsmasq-nanny"
        - "-restartDnsmasq=true"
        - "--"
        - "-k"
        - "--cache-size=1000"
        - "--log-facility=-"
        - "--server=/cluster.local/127.0.0.1#10053"
        - "--server=/in-addr.arpa/127.0.0.1#10053"
        - "--server=/ip6.arpa/127.0.0.1#10053"
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        resources:
          requests:
            cpu: 150m
            memory: 20Mi
        volumeMounts:
        - name: kube-dns-config
          mountPath: /etc/k8s/dns/dnsmasq-nanny
      - name: sidecar
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.7
        livenessProbe:
          httpGet:
            path: /metrics
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - "--v=2"
        - "--logtostderr"
        - "--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A"
        - "--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A"
        ports:
        - containerPort: 10054
          name: metrics
          protocol: TCP
        resources:
          requests:
            memory: 20Mi
            cpu: 10m
EOF
kubectl apply -f kube-dns.yml

查看狀態

kubectl -n kube-system get po -l k8s-app=kube-dns

看完了這篇文章,相信你對“Kubernetes 1.8.4中如何安裝Kube-proxy和Kube-dns”有了一定的了解,如果想了解更多相關知識,歡迎關注億速云行業資訊頻道,感謝各位的閱讀!

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

阿巴嘎旗| 旌德县| 阿图什市| 永新县| 平舆县| 上高县| 寿光市| 梓潼县| 德清县| 酉阳| 巩义市| 荔波县| 武城县| 城固县| 资兴市| 井研县| 鹤庆县| 马公市| 买车| 辽源市| 白城市| 邹平县| 沂水县| 漳州市| 南皮县| 米泉市| 江孜县| 樟树市| 长岭县| 邢台县| 洛南县| 揭西县| 稷山县| 南涧| 上林县| 肥东县| 伊吾县| 池州市| 哈巴河县| 华容县| 泸水县|