zoukankan      html  css  js  c++  java
  • Kubernetes 再深入一点点

    kb master 运行如下容器

    etcd     是 k8s 的核心, 主要负责k8s的核心数据处理及保存,  需要备份该数据,或者做集群 ,服务端口 2379(客户端服务)  2380(节点通信)
    kube-controller-manager 负责节点,副本,端点,服务账号 等控制
    kube-scheduler 调度器,选择nodes 给新pod使用
    kube-apiserver 服务接口, 接收kubectl 或 其它控制程序 对kube里 svc node pod 查询,控制 8080 6443
    coredns  dns 服务器 给kube 网内使用
    flanneld 给kube 建设一个虚拟网, 也可以用另外的模式
    kube-proxy 网络代理, 建立实体机器 与 pods 内部的代理,提供给外部使用
    pause 很轻的容器,有多个, 是为了建立其它容器用。 保证其它容器 共享 namespace 和文件

    kb node 运行

    pause     其数量 =  应用数量 + 2
    kube-proxy
    flanneld

    及  实际应用

    etcd 运行参数

                "Entrypoint": [
                    "etcd",
                    "--advertise-client-urls=https://192.168.2.200:2379",
                    "--cert-file=/etc/kubernetes/pki/etcd/server.crt",
                    "--client-cert-auth=true",
                    "--data-dir=/var/lib/etcd",
                    "--initial-advertise-peer-urls=https://192.168.2.200:2380",
                    "--initial-cluster=kube-master=https://192.168.2.200:2380",
                    "--key-file=/etc/kubernetes/pki/etcd/server.key",
                    "--listen-client-urls=https://127.0.0.1:2379,https://192.168.2.200:2379",
                    "--listen-peer-urls=https://192.168.2.200:2380",
                    "--name=kube-master",
                    "--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt",
                    "--peer-client-cert-auth=true",
                    "--peer-key-file=/etc/kubernetes/pki/etcd/peer.key",
                    "--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt",
                    "--snapshot-count=10000",
                    "--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt"
                ],

    kube-apiserver  运行参数

                "Entrypoint": [
                    "kube-apiserver",
                    "--advertise-address=192.168.2.200",
                    "--allow-privileged=true",
                    "--authorization-mode=Node,RBAC",
                    "--client-ca-file=/etc/kubernetes/pki/ca.crt",
                    "--enable-admission-plugins=NodeRestriction",
                    "--enable-bootstrap-token-auth=true",
                    "--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt",
                    "--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt",
                    "--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key",
                    "--etcd-servers=https://127.0.0.1:2379",
                    "--insecure-port=0",
                    "--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt",
                    "--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key",
                    "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
                    "--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt",
                    "--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key",
                    "--requestheader-allowed-names=front-proxy-client",
                    "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
                    "--requestheader-extra-headers-prefix=X-Remote-Extra-",
                    "--requestheader-group-headers=X-Remote-Group",
                    "--requestheader-username-headers=X-Remote-User",
                    "--secure-port=6443",
                    "--service-account-key-file=/etc/kubernetes/pki/sa.pub",
                    "--service-cluster-ip-range=10.96.0.0/12",
                    "--tls-cert-file=/etc/kubernetes/pki/apiserver.crt",
                    "--tls-private-key-file=/etc/kubernetes/pki/apiserver.key"
                ],

    kube-controller-manager 参数

                "Entrypoint": [
                    "kube-controller-manager",
                    "--allocate-node-cidrs=true",
                    "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf",
                    "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf",
                    "--bind-address=127.0.0.1",
                    "--client-ca-file=/etc/kubernetes/pki/ca.crt",
                    "--cluster-cidr=10.10.0.0/16",
                    "--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt",
                    "--cluster-signing-key-file=/etc/kubernetes/pki/ca.key",
                    "--controllers=*,bootstrapsigner,tokencleaner",
                    "--kubeconfig=/etc/kubernetes/controller-manager.conf",
                    "--leader-elect=true",
                    "--node-cidr-mask-size=24",
                    "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
                    "--root-ca-file=/etc/kubernetes/pki/ca.crt",
                    "--service-account-private-key-file=/etc/kubernetes/pki/sa.key",
                    "--use-service-account-credentials=true"
                ],

    kube-scheduler 参数

                "Entrypoint": [
                    "kube-scheduler",
                    "--bind-address=127.0.0.1",
                    "--kubeconfig=/etc/kubernetes/scheduler.conf",
                    "--leader-elect=true"
                ],

    coredns 运行参数  无

    flanneld 运行参数 无

    kube-proxy 运行参数

                "Entrypoint": [
                    "/usr/local/bin/kube-proxy",
                    "--config=/var/lib/kube-proxy/config.conf",
                    "--hostname-override=kube-master"
                ],
  • 相关阅读:
    深入浅出进程与线程的基本概念
    python中with的用法
    浮点型数据在内存中存储的表示
    自问问题列表以及网络答案整理
    看java源代码
    【设计模式】工厂方法
    SQL实现递归及存储过程中 In() 参数传递解决方案
    app与server联系
    添加service到SystemService硬件服务
    noproguard.classes-with-local.dex
  • 原文地址:https://www.cnblogs.com/xiaoxuebiye/p/11383189.html
Copyright © 2011-2022 走看看