zoukankan      html  css  js  c++  java

  • Centos7部署kubernetes Proxy(七)

    1、配置kube-proxy使用LVS(三个节点都装上去)
    [root@linux-node1 ssl]# yum install -y ipvsadm ipset conntrack
    [root@linux-node2 ssl]# yum install -y ipvsadm ipset conntrack
    [root@linux-node3 ssl]# yum install -y ipvsadm ipset conntrack
    2、创建kube-proxy证书请求
    [root@linux-node1 ssl]# vim kube-proxy-csr.json
    {
    "CN": "system:kube-proxy",
    "hosts": [],
    "key": {
    "algo": "rsa",
    "size": 2048
    },
    "names": [
    {
    "C": "CN",
    "ST": "BeiJing",
    "L": "BeiJing",
    "O": "k8s",
    "OU": "System"
    }
    ]
    }
    3、生成证书
    [root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem
    > -ca-key=/opt/kubernetes/ssl/ca-key.pem
    > -config=/opt/kubernetes/ssl/ca-config.json
    > -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
    4、分发证书到所有Node节点
    [root@linux-node1 ssl]# cp kube-proxy*.pem /opt/kubernetes/ssl/
    [root@linux-node1 ssl]# scp kube-proxy*.pem 192.168.43.22:/opt/kubernetes/ssl/
    [root@linux-node1 ssl]# scp kube-proxy*.pem 192.168.43.23:/opt/kubernetes/ssl/
    5、创建kube-proxy配置文件
    [root@linux-node1 ssl]# kubectl config set-cluster kubernetes
    > --certificate-authority=/opt/kubernetes/ssl/ca.pem
    > --embed-certs=true
    > --server=https://192.168.43.21:6443
    > --kubeconfig=kube-proxy.kubeconfig
    Cluster "kubernetes" set.
    [root@linux-node1 ssl]# kubectl config set-credentials kube-proxy
    > --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem
    > --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem
    > --embed-certs=true
    > --kubeconfig=kube-proxy.kubeconfig
    User "kube-proxy" set.
    [root@linux-node1 ssl]# kubectl config set-context default
    > --cluster=kubernetes
    > --user=kube-proxy
    > --kubeconfig=kube-proxy.kubeconfig
    Context "default" created.
    [root@linux-node1 ssl]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
    Switched to context "default".
     
    6、分发kubeconfig配置文件
    [root@linux-node1 ssl]# cp kube-proxy.kubeconfig /opt/kubernetes/cfg/
    [root@linux-node1 ssl]# scp kube-proxy.kubeconfig 192.168.43.22:/opt/kubernetes/cfg/
    [root@linux-node1 ssl]# scp kube-proxy.kubeconfig 192.168.43.23:/opt/kubernetes/cfg/
    7、创建kube-proxy服务配置
    [root@linux-node1 ssl]# mkdir /var/lib/kube-proxy
    [root@linux-node2 ssl]# mkdir /var/lib/kube-proxy
    [root@linux-node3 ssl]# mkdir /var/lib/kube-proxy
    [root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
    [Unit]
    Description=Kubernetes Kube-Proxy Server
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    After=network.target
    [Service]
    WorkingDirectory=/var/lib/kube-proxy
    ExecStart=/opt/kubernetes/bin/kube-proxy
    --bind-address=192.168.43.21
    --hostname-override=192.168.43.21
    --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
    --masquerade-all
    --feature-gates=SupportIPVSProxyMode=true
    --proxy-mode=ipvs
    --ipvs-min-sync-period=5s
    --ipvs-sync-period=5s
    --ipvs-scheduler=rr
    --logtostderr=true
    --v=2
    --logtostderr=false
    --log-dir=/opt/kubernetes/log
    Restart=on-failure
    RestartSec=5
    LimitNOFILE=65536
    [Install]
    WantedBy=multi-user.target
    [root@linux-node1 ssl]# scp /usr/lib/systemd/system/kube-proxy.service 192.168.43.22:/usr/lib/systemd/system/kube-proxy.service
    [root@linux-node1 ssl]# scp /usr/lib/systemd/system/kube-proxy.service 192.168.43.23:/usr/lib/systemd/system/kube-proxy.service
    [root@linux-node2 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
    [Unit]
    Description=Kubernetes Kube-Proxy Server
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    After=network.target
    [Service]
    WorkingDirectory=/var/lib/kube-proxy
    ExecStart=/opt/kubernetes/bin/kube-proxy
    --bind-address=192.168.43.22
    --hostname-override=192.168.43.22
    --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
    --masquerade-all
    --feature-gates=SupportIPVSProxyMode=true
    --proxy-mode=ipvs
    --ipvs-min-sync-period=5s
    --ipvs-sync-period=5s
    --ipvs-scheduler=rr
    --logtostderr=true
    --v=2
    --logtostderr=false
    --log-dir=/opt/kubernetes/log
    Restart=on-failure
    RestartSec=5
    LimitNOFILE=65536
    [Install]
    WantedBy=multi-user.target
    [root@linux-node3 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
    [Unit]
    Description=Kubernetes Kube-Proxy Server
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    After=network.target
    [Service]
    WorkingDirectory=/var/lib/kube-proxy
    ExecStart=/opt/kubernetes/bin/kube-proxy
    --bind-address=192.168.43.23
    --hostname-override=192.168.43.23
    --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
    --masquerade-all
    --feature-gates=SupportIPVSProxyMode=true
    --proxy-mode=ipvs
    --ipvs-min-sync-period=5s
    --ipvs-sync-period=5s
    --ipvs-scheduler=rr
    --logtostderr=true
    --v=2
    --logtostderr=false
    --log-dir=/opt/kubernetes/log
    Restart=on-failure
    RestartSec=5
    LimitNOFILE=65536
    [Install]
    WantedBy=multi-user.target
    8、启动kubernetes proxy
    [root@linux-node2 ssl]# systemctl daemon-reload
    [root@linux-node2 ssl]# systemctl enable kube-proxy
    [root@linux-node2 ssl]# systemctl start kube-proxy
    [root@linux-node3 ssl]# systemctl daemon-reload
    [root@linux-node3 ssl]# systemctl enable kube-proxy
    [root@linux-node3 ssl]# systemctl start kube-proxy
    9、查看服务状态查看kube-proxy服务状态
    [root@linux-node2 ssl]# systemctl status kube-proxy
    [root@linux-node2 ssl]# ipvsadm -L -n
    [root@linux-node3 ssl]# systemctl status kube-proxy
    [root@linux-node3 ssl]# ipvsadm -L -n
  • 相关阅读:
    VM VirtualBox安装Centos6.5
    桥接
    程序员工作心法
    策略模式-鸭子怎么飞-实例
    策略模式-用什么方式去上班呢 实例
    观察者模式-订报纸,语音呼叫系统实例
    门面(Facade)模式--医院,保安系统实例
    Promise实例的resolve方法
    Promise实例的any方法
    Promise实例的race方法
  • 原文地址:https://www.cnblogs.com/xiaoliangxianshen/p/9165535.html
Copyright © 2011-2022 走看看