1、配置kube-proxy使用LVS(三个节点都装上去)
[root@linux-node1 ssl]# yum install -y ipvsadm ipset conntrack
[root@linux-node2 ssl]# yum install -y ipvsadm ipset conntrack
[root@linux-node3 ssl]# yum install -y ipvsadm ipset conntrack
2、创建kube-proxy证书请求
[root@linux-node1 ssl]# vim kube-proxy-csr.json
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
3、生成证书
[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
> -ca-key=/opt/kubernetes/ssl/ca-key.pem \
> -config=/opt/kubernetes/ssl/ca-config.json \
> -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
4、分发证书到所有Node节点
[root@linux-node1 ssl]# cp kube-proxy*.pem /opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kube-proxy*.pem 192.168.43.22:/opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kube-proxy*.pem 192.168.43.23:/opt/kubernetes/ssl/
5、创建kube-proxy配置文件
[root@linux-node1 ssl]# kubectl config set-cluster kubernetes \
> --certificate-authority=/opt/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=https://192.168.43.21:6443 \
> --kubeconfig=kube-proxy.kubeconfig
Cluster "kubernetes" set.
[root@linux-node1 ssl]# kubectl config set-credentials kube-proxy \
> --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem \
> --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem \
> --embed-certs=true \
> --kubeconfig=kube-proxy.kubeconfig
User "kube-proxy" set.
[root@linux-node1 ssl]# kubectl config set-context default \
> --cluster=kubernetes \
> --user=kube-proxy \
> --kubeconfig=kube-proxy.kubeconfig
Context "default" created.
[root@linux-node1 ssl]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
Switched to context "default".
 
6、分发kubeconfig配置文件
[root@linux-node1 ssl]# cp kube-proxy.kubeconfig /opt/kubernetes/cfg/
[root@linux-node1 ssl]# scp kube-proxy.kubeconfig 192.168.43.22:/opt/kubernetes/cfg/
[root@linux-node1 ssl]# scp kube-proxy.kubeconfig 192.168.43.23:/opt/kubernetes/cfg/
7、创建kube-proxy服务配置
[root@linux-node1 ssl]# mkdir /var/lib/kube-proxy
[root@linux-node2 ssl]# mkdir /var/lib/kube-proxy
[root@linux-node3 ssl]# mkdir /var/lib/kube-proxy
[root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \
--bind-address=192.168.43.21 \
--hostname-override=192.168.43.21 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \
--masquerade-all \
--feature-gates=SupportIPVSProxyMode=true \
--proxy-mode=ipvs \
--ipvs-min-sync-period=5s \
--ipvs-sync-period=5s \
--ipvs-scheduler=rr \
--logtostderr=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
[root@linux-node1 ssl]# scp /usr/lib/systemd/system/kube-proxy.service 192.168.43.22:/usr/lib/systemd/system/kube-proxy.service
[root@linux-node1 ssl]# scp /usr/lib/systemd/system/kube-proxy.service 192.168.43.23:/usr/lib/systemd/system/kube-proxy.service
[root@linux-node2 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \
--bind-address=192.168.43.22 \
--hostname-override=192.168.43.22 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \
--masquerade-all \
--feature-gates=SupportIPVSProxyMode=true \
--proxy-mode=ipvs \
--ipvs-min-sync-period=5s \
--ipvs-sync-period=5s \
--ipvs-scheduler=rr \
--logtostderr=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
[root@linux-node3 ssl]# vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \
--bind-address=192.168.43.23 \
--hostname-override=192.168.43.23 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \
--masquerade-all \
--feature-gates=SupportIPVSProxyMode=true \
--proxy-mode=ipvs \
--ipvs-min-sync-period=5s \
--ipvs-sync-period=5s \
--ipvs-scheduler=rr \
--logtostderr=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
8、启动kubernetes proxy
[root@linux-node2 ssl]# systemctl daemon-reload
[root@linux-node2 ssl]# systemctl enable kube-proxy
[root@linux-node2 ssl]# systemctl start kube-proxy
[root@linux-node3 ssl]# systemctl daemon-reload
[root@linux-node3 ssl]# systemctl enable kube-proxy
[root@linux-node3 ssl]# systemctl start kube-proxy
9、查看服务状态查看kube-proxy服务状态
[root@linux-node2 ssl]# systemctl status kube-proxy
[root@linux-node2 ssl]# ipvsadm -L -n
[root@linux-node3 ssl]# systemctl status kube-proxy
[root@linux-node3 ssl]# ipvsadm -L -n

Centos7部署kubernetes Proxy(七)的更多相关文章

  1. Centos7部署Kubernetes集群(单工作节点)+配置dashboard可视化UI

    目标:docker+kubernetes+cadvosor+dashboard 一:物理硬件 两台虚拟机(centos7):一台做为主节点(master),一台做为工作节点(node) [root@M ...

  2. Centos7部署kubernetes API服务(四)

    1.准备软件包 [root@linux-node1 bin]# pwd /usr/local/src/kubernetes/server/bin [root@linux-node1 bin]# cp ...

  3. [Kubernetes]CentOS7部署Kubernetes集群

    环境介绍及安装前准备 三台机器,用于部署k8s的运行环境: 节点 ip Master 192.168.243.138 Node1 192.168.243.139 Node2 192.168.243.1 ...

  4. Centos7部署Kubernetes集群

    目录贴:Kubernetes学习系列 1.环境介绍及准备: 1.1 物理机操作系统 物理机操作系统采用Centos7.3 64位,细节如下. [root@localhost ~]# uname -a ...

  5. centos7部署kubernetes

    参考:https://www.cnblogs.com/zhenyuyaodidiao/p/6500830.html 1.环境介绍及准备: 1.1 物理机操作系统 物理机操作系统采用Centos7.3 ...

  6. Centos7部署kubernetes准备工作(一)

    一.准备工作: 1.创建三台虚拟机:(在node1配置好环境,然后关机克隆出node2.node3.并修改网卡.主机名即可) linux-node1.example.com 192.168.43.21 ...

  7. Centos7部署kubernetes集群CA证书创建和分发(二)

    1.解压软件包 [root@linux-node1 ~]# cd /usr/local/src/ [root@linux-node1 src]# ls k8s-v1.10.1-manual.zip [ ...

  8. Centos7部署kubernetes测试k8s应用(九)

    1.创建一个deployment [root@linux-node1 ~]# kubectl run net-test --image=alpine --replicas=2 sleep 360000 ...

  9. [转贴]CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群

    CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群 http://blog.51cto.com/10880347/2326146   一.概述 kubernetes 1.13 ...

随机推荐

  1. 使用scrapy-crawlSpider 爬取tencent 招聘

    Tencent 招聘信息网站 创建项目 scrapy startproject Tencent 创建爬虫 scrapy genspider -t crawl tencent 1. 起始url  sta ...

  2. SE-Net要点

    关于SE-Net有些很奇妙的点: 1.首先,所谓的SE module加在了BN层后面,这样的话,SE首先应该是对于BN层输出的feature map求取global average pooling,一 ...

  3. pycharm配置appium 提示unsrsloved reference

    1.如:进入C:\Users\Administrator\PycharmProjects\project\venv 输入:在cmd 下进入 venv  输入   Scripts\activate 回车 ...

  4. CentOS6.8环境下搭建yum网络仓库

    CentOS6.8环境下搭建yum网络仓库 本文利用ftp服务,在CentOS6.8系统下搭建一个yum仓库,然后用另一台虚拟机访问该仓库.并安装程序包 安装ftp服务 查询ftp服务是否安装 [ro ...

  5. First Bad Version leetcode java

    问题描述: You are a product manager and currently leading a team to develop a new product. Unfortunately ...

  6. SQL SERVER 字符拆分列为多行

    注:先学习sql server里的递归CTE. 假设有兴趣表Hobbys Name Hobby 小张 篮球,足球,羽毛球 Name Hobby 小张 篮球 小张 足球 小张 羽毛球 采用[递归cte] ...

  7. 160. Intersection of Two Linked Lists(剑指Offer-两个链表的第一个公共结点)

    题目: Write a program to find the node at which the intersection of two singly linked lists begins. Fo ...

  8. 第二阶段——个人工作总结DAY02

    1.昨天做了什么:昨天学习了Intent跳转的知识. 2.今天打算做什么:来实现这个功能. 3.遇到的困难:不会用隐式跳转,只会用显式跳转.

  9. ​ oracle分区表(附带按照月自动分区、按天自动分区)

    --list_range  示例   drop table list_range_tab purge; create table list_range_tab(n1 number,n2 date)pa ...

  10. SQL Server跨服务器建立视图

    create view View_AppCus as select dwmch,zjm from ksoa.dbo.mchk SQL Server跨服务器操作经常需要用到,下面就为你介绍的是SQL S ...