kb master 运行如下容器
etcd 是 k8s 的核心, 主要负责k8s的核心数据处理及保存, 需要备份该数据,或者做集群 ,服务端口 2379(客户端服务) 2380(节点通信)
kube-controller-manager 负责节点,副本,端点,服务账号 等控制
kube-scheduler 调度器,选择nodes 给新pod使用
kube-apiserver 服务接口, 接收kubectl 或 其它控制程序 对kube里 svc node pod 查询,控制 8080 6443
coredns dns 服务器 给kube 网内使用
flanneld 给kube 建设一个虚拟网, 也可以用另外的模式
kube-proxy 网络代理, 建立实体机器 与 pods 内部的代理,提供给外部使用
pause 很轻的容器,有多个, 是为了建立其它容器用。 保证其它容器 共享 namespace 和文件
kb node 运行
pause 其数量 = 应用数量 + 2
kube-proxy
flanneld
及 实际应用
etcd 运行参数
"Entrypoint": [ "etcd", "--advertise-client-urls=https://192.168.2.200:2379", "--cert-file=/etc/kubernetes/pki/etcd/server.crt", "--client-cert-auth=true", "--data-dir=/var/lib/etcd", "--initial-advertise-peer-urls=https://192.168.2.200:2380", "--initial-cluster=kube-master=https://192.168.2.200:2380", "--key-file=/etc/kubernetes/pki/etcd/server.key", "--listen-client-urls=https://127.0.0.1:2379,https://192.168.2.200:2379", "--listen-peer-urls=https://192.168.2.200:2380", "--name=kube-master", "--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt", "--peer-client-cert-auth=true", "--peer-key-file=/etc/kubernetes/pki/etcd/peer.key", "--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt", "--snapshot-count=10000", "--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt" ],
kube-apiserver 运行参数
"Entrypoint": [ "kube-apiserver", "--advertise-address=192.168.2.200", "--allow-privileged=true", "--authorization-mode=Node,RBAC", "--client-ca-file=/etc/kubernetes/pki/ca.crt", "--enable-admission-plugins=NodeRestriction", "--enable-bootstrap-token-auth=true", "--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt", "--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt", "--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key", "--etcd-servers=https://127.0.0.1:2379", "--insecure-port=0", "--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt", "--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", "--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt", "--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key", "--requestheader-allowed-names=front-proxy-client", "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt", "--requestheader-extra-headers-prefix=X-Remote-Extra-", "--requestheader-group-headers=X-Remote-Group", "--requestheader-username-headers=X-Remote-User", "--secure-port=6443", "--service-account-key-file=/etc/kubernetes/pki/sa.pub", "--service-cluster-ip-range=10.96.0.0/12", "--tls-cert-file=/etc/kubernetes/pki/apiserver.crt", "--tls-private-key-file=/etc/kubernetes/pki/apiserver.key" ],
kube-controller-manager 参数
"Entrypoint": [ "kube-controller-manager", "--allocate-node-cidrs=true", "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf", "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf", "--bind-address=127.0.0.1", "--client-ca-file=/etc/kubernetes/pki/ca.crt", "--cluster-cidr=10.10.0.0/16", "--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt", "--cluster-signing-key-file=/etc/kubernetes/pki/ca.key", "--controllers=*,bootstrapsigner,tokencleaner", "--kubeconfig=/etc/kubernetes/controller-manager.conf", "--leader-elect=true", "--node-cidr-mask-size=24", "--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt", "--root-ca-file=/etc/kubernetes/pki/ca.crt", "--service-account-private-key-file=/etc/kubernetes/pki/sa.key", "--use-service-account-credentials=true" ],
kube-scheduler 参数
"Entrypoint": [ "kube-scheduler", "--bind-address=127.0.0.1", "--kubeconfig=/etc/kubernetes/scheduler.conf", "--leader-elect=true" ],
coredns 运行参数 无
flanneld 运行参数 无
kube-proxy 运行参数
"Entrypoint": [ "/usr/local/bin/kube-proxy", "--config=/var/lib/kube-proxy/config.conf", "--hostname-override=kube-master" ],