部署kube-proxy

IT
IT
IT
335
文章
1
评论
2020年9月12日10:48:21 评论 726 3694字阅读12分18秒

创建配置文件---两个node节点一起操作

[root@k8s-node1 ~]# 
cat > /opt/kubernetes/cfg/kube-proxy.conf << EOF
KUBE_PROXY_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--config=/opt/kubernetes/cfg/kube-proxy-config.yml"
EOF

配置参数文件-----node2节点,注意修改hostnameOverride

[root@k8s-node1 ~]# 
cat > /opt/kubernetes/cfg/kube-proxy-config.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node1
clusterCIDR: 10.0.0.0/24
EOF

生成kube-proxy.kubeconfig文件

生成kube-proxy证书:

[root@k8s-master1 k8s]# cd /root/TLS/k8s

cat > kube-proxy-csr.json << EOF
{
  "CN": "system:kube-proxy",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

生成证书

[root@k8s-master1 k8s-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
2020/09/12 10:52:38 [INFO] generate received request
2020/09/12 10:52:38 [INFO] received CSR
2020/09/12 10:52:38 [INFO] generating key: rsa-2048
2020/09/12 10:52:38 [INFO] encoded CSR
2020/09/12 10:52:38 [INFO] signed certificate with serial number 723955282015572391940188006880295334346862480961
2020/09/12 10:52:38 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

生成kubeconfig文件:

[root@k8s-master1 k8s-cert]# 
KUBE_APISERVER="https://10.10.1.37:6443"

kubectl config set-cluster kubernetes \
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy \
  --client-certificate=./kube-proxy.pem \
  --client-key=./kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
  --cluster=kubernetes \
  --user=kube-proxy \
  --kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

替换成证书文件

[root@k8s-master1 k8s-cert]# vim kube-proxy.kubeconfig 
apiVersion: v1
clusters:
- cluster:
certificate-authority: /opt/kubernetes/ssl/ca.pem
server: https://10.10.1.37:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kube-proxy
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kube-proxy
user:
client-certificate: /opt/kubernetes/ssl/kube-proxy.pem
client-key: /opt/kubernetes/ssl/kube-proxy-key.pem

拷贝到配置文件指定路径

[root@k8s-master1 k8s-cert]# scp -r kube-proxy.pem kube-proxy-key.pem 10.10.1.39:/opt/kubernetes/ssl/
kube-proxy.pem 100% 1403 3.6MB/s 00:00 
kube-proxy-key.pem 100% 1675 5.5MB/s 00:00 
[root@k8s-master1 k8s-cert]# scp -r kube-proxy.pem kube-proxy-key.pem 10.10.1.40:/opt/kubernetes/ssl/
kube-proxy.pem 100% 1403 3.8MB/s 00:00 
kube-proxy-key.pem 100% 1675 4.6MB/s 00:00 
[root@k8s-master1 k8s-cert]# scp -r kube-proxy.kubeconfig 10.10.1.39:/opt/kubernetes/cfg/
kube-proxy.kubeconfig 100% 429 1.3MB/s 00:00 
[root@k8s-master1 k8s-cert]# scp -r kube-proxy.kubeconfig 10.10.1.40:/opt/kubernetes/cfg/
kube-proxy.kubeconfig

systemd管理kube-proxy

cat > /usr/lib/systemd/system/kube-proxy.service << EOF
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF

启动并设置开机启动

[root@k8s-node1 ~]# systemctl daemon-reload
[root@k8s-node1 ~]# systemctl start kube-proxy
[root@k8s-node1 ~]# systemctl enable kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年9月12日10:48:21
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Pod Kubernetes

Pod

Pod基本概念 Pod存在的意义 Pod实现机制与设计模式 Pod镜像拉取策略
资源编排【YMAL】 Kubernetes

资源编排【YMAL】

YAML 基础 它的基本语法规则如下: 大小写敏感 使用缩进表示层级关系 缩进时不允许使用Tab键,只允许使用空格。 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可 # 表示注释,从这个字符一直...
部署CoreDNS Kubernetes

部署CoreDNS

CoreDNS用于集群内部Service名称解析 下载配置文件 coredns.yaml 创建dns # kubectl apply -f coredns.yaml 查看pod # kubectl g...