|NO.Z.00059|——————————|^^ 部署 ^^|——|KuberNetes&二進位制部署.V12|3臺Server|---------------------------------------|kube-node|kube-proxy配置|

一、kube-proxy配置

### --- kube-proxy注意事項

~~~     注意，如果不是高可用叢集，
~~~     192.168.1.11:8443改為master01的地址，8443改為apiserver的埠，預設是6443

二、建立kube-proxy服務

### --- 建立kube-proxy服務；以下操作在Master01執行

[root@k8s-master01 ~]# cd /root/k8s-ha-install

### --- 建立ServiceAccount

[root@k8s-master01 k8s-ha-install]# kubectl -n kube-system create serviceaccount kube-proxy
ty=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.11:6443     --kubeconfig=${K8S_DIR}/kube-proxy.kubeconfig
kubectl config set-credentials kubernetes     --token=${JWT_TOKEN}     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
kubectl config set-context kubernetes     --cluster=kubernetes     --user=kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
kubectl config use-context kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     輸出結果：
serviceaccount/kube-proxy created

### --- 建立ClusterRoleBinding

[root@k8s-master01 k8s-ha-install]# kubectl create clusterrolebinding system:kube-proxy         --clusterrole system:node-proxier         --serviceaccount kube-system:kube-proxy
~~~     輸出結果：
clusterrolebinding.rbac.authorization.k8s.io/system:kube-proxy created

### --- 建立cluster

[root@k8s-master01 k8s-ha-install]# SECRET=$(kubectl -n kube-system get sa/kube-proxy \
>     --output=jsonpath='{.secrets[0].name}')
[root@k8s-master01 k8s-ha-install]# JWT_TOKEN=$(kubectl -n kube-system get secret/$SECRET \
> --output=jsonpath='{.data.token}' | base64 -d)
[root@k8s-master01 k8s-ha-install]# PKI_DIR=/etc/kubernetes/pki
[root@k8s-master01 k8s-ha-install]# K8S_DIR=/etc/kubernetes
[root@k8s-master01 k8s-ha-install]# kubectl config set-cluster kubernetes     --certificate-authority=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.11:6443     --kubeconfig=${K8S_DIR}/kube-proxy.kubeconfig
~~~     輸出結果：
Cluster "kubernetes" set.

### --- 建立user

[root@k8s-master01 k8s-ha-install]# kubectl config set-credentials kubernetes     --token=${JWT_TOKEN}     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     輸出結果：
User "kubernetes" set.

### --- 建立context

[root@k8s-master01 k8s-ha-install]# kubectl config set-context kubernetes     --cluster=kubernetes     --user=kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     輸出結果：
Context "kubernetes" created.

### --- 建立context

[root@k8s-master01 k8s-ha-install]# kubectl config use-context kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     輸出結果：
Switched to context "kubernetes".

三、修改pod的網段

### --- 檢視pod的網段
~~~     注：修改pod的網段
~~~     注：如果更改了叢集Pod的網段，需要更改kube-proxy/kube-proxy.conf的clusterCIDR: 172.16.0.0/12引數為pod的網段。

[root@k8s-master01 ~]# vim kube-proxy/kube-proxy.conf
clusterCIDR: 172.16.0.0/12

四、在master01將kube-proxy的systemd Service檔案傳送到其他節點；將配置檔案傳送到其它節點

### --- 將kube-proxy配置檔案傳送到k8s-master節點

[root@k8s-master01 k8s-ha-install]# for NODE in k8s-master01; do
>      scp ${K8S_DIR}/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
>      scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
>      scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
>  done
~~~     注：輸出結果：
kube-proxy.kubeconfig                                                                                                                                         100% 3120     3.7MB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   288.3KB/s   00:00    
kube-proxy.service

### --- 將kube-proxy配置檔案傳送到k8s-node節點

[root@k8s-master01 k8s-ha-install]# for NODE in k8s-node01 k8s-node02; do
>      scp /etc/kubernetes/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
>      scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
>      scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
>  done
~~~     注：輸出結果：
kube-proxy.kubeconfig                                                                                                                                         100% 3120   652.0KB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   190.3KB/s   00:00    
kube-proxy.service                                                                                                                                            100%  288   118.8KB/s   00:00    
kube-proxy.kubeconfig                                                                                                                                         100% 3120   340.7KB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   275.6KB/s   00:00    
kube-proxy.service

五、所有節點啟動kube-proxy並設定開機自啟動

### --- 所有節點啟動kube-proxy

[root@k8s-master01 k8s-ha-install]# systemctl daemon-reload
[root@k8s-master01 k8s-ha-install]# systemctl enable --now kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

### --- 檢視kube-proxy狀態

[root@k8s-master01 k8s-ha-install]# systemctl status kube-proxy
  Active: active (running) since Wed 2021-05-12 21:10:55 CST; 14s ago

===============================END===============================

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart ——W.S.Landor

來自為知筆記(Wiz)

|NO.Z.00059|——————————|^^ 部署 ^^|——|KuberNetes&二進位制部署.V12|3臺Server|---------------------------------------|kube-node|kube-proxy配置|

相關推薦