kube-proxy 部署

kube-proxy 部署

kube-proxy还是由我们统一颁发一个证书。

1. 创建配置文件

cat > /opt/kubernetes/cfg/kube-proxy.conf << EOFKUBE_PROXY_OPTS="--logtostderr=false \\--v=2 \\--log-dir=/opt/kubernetes/logs \\--config=/opt/kubernetes/cfg/kube-proxy-config.yml"EOF

2. 配置参数文件

cat > /opt/kubernetes/cfg/kube-proxy-config.yml << EOFkind: KubeProxyConfigurationapiVersion: kubeproxy.config.k8s.io/v1alpha1bindAddress: 0.0.0.0metricsBindAddress: 0.0.0.0:10249clientConnection: kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfighostnameOverride: k8s-masterclusterCIDR: 10.0.0.0/24EOF

[root@k8s-master ~]# netstat -tpln | grep 10249tcp6 0 0 :::10249 :::* LISTEN 1108/kube-proxy [root@k8s-master ~]# curl 127.0.0.1:10249/metrics

3. 生成kube-proxy.kubeconfig文件 生成kube-proxy证书：

# 切换工作目录cd TLS/k8s# 创建证书请求文件cat > kube-proxy-csr.json << EOF{ "CN": "system:kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "k8s", "OU": "System" } ]}EOF# 生成证书cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxyls kube-proxy*pemkube-proxy-key.pem kube-proxy.pem

生成kubeconfig文件：

集群参数设置

使用kubectl config这条命令生成kubeconfig证书，逐步生成kubeconfig里面的信息

生成证书的格式和家目录的config内容是一样的

[root@k8s-master ~]# cd .kube/[root@k8s-master .kube]# lscache config

这里填充了cluster的信息

KUBE_APISERVER="config set-cluster kubernetes \ --certificate-authority=/opt/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-proxy.kubeconfig[root@localhost k8s]# kubectl config set-cluster kubernetes \> --certificate-authority=/opt/kubernetes/ssl/ca.pem \> --embed-certs=true \> --server=${KUBE_APISERVER} \> --kubeconfig=kube-proxy.kubeconfigCluster "kubernetes" set.[root@localhost k8s]# cat kube-proxy.kubeconfig apiVersion: v1clusters:- cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVY0tqQnBLWnBOWDBvd1FMZlZYYUhHMmlaYXJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEl5TURNeU5URXhOVGd3TUZvWERUSTNNRE15TkRFeE5UZ3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeUNRUlZTWmhHUnJaNEV6TjZVbGQKNE9nVFRGVDhjNU95MW1ka24wbVgxYmxDdFRGckNBZ0VQOGdyRTZGVWI1T0k5SU1na3JlUVVvSlVoTGtrVVBIaApURnBzcXA0cmgyVUlKVjJFZ3FPKzNpbUc4NWJtdjBPNE5hb3B2cThCQXZVREZKdWcxOHJYK2ZYeEx5VFE5V0tRCkpmUWNhVmQ4V2FYbWFrMHJhU0JEeDhtNUZpdjEvekV1YmlEZmVCUTJ0NFRvQllkd1k0MmpyN1k3VW95ZVExZlgKTndxUUpjTVFsS1h0c0ZwZGE5T2pycE5PcWkrZHBISXJXYkVBZGhYTkNJZy9odzBuNFJ4OTRFSU0yUVhTWUJOZApMZHpqamU4UFZPenAyVXpnYTZJZ294L3JXRVcvVnA5MTM0YlZGcU0veTJjajB6TnZzS2xJUEVnbENMUE92cUh5ClB3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVSjYzTXZVSlNPbzNDendOSWdsa3dIL2ozTnM0d0h3WURWUjBqQkJnd0ZvQVVKNjNNdlVKUwpPbzNDendOSWdsa3dIL2ozTnM0d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdG1ha3M4cy9hYnhSc1Z5NHhmClhEVzlaeHNObFp2dzc2YnhxeTYvem56RW5UV0JyMHdpV0tmRXFtbk5xNE8rdnZxT1hVQklSMVBaamVYY3FYNlIKN2dlMWRmRGE3dVNqNFdYU2tONS9xbG5xMkNKVGxteVFKQUdHcTZpdnIzQ2ppQ0FKWlU4Z0FRTkg0Q2hJc0NlcwpXMy9HQjZ4a2xFdkkydm5pS2w4MEFxK0tXcXg2c0xCbmIrTlFiOW1zOStRN250ZDBveFBOK04wcnpOZ0JVUUwvCldsUUw0b1ZLWDN2VElqVzlEVkRrdVh0YjdzbzJkZ2JXM3FxRy9scUhDb1NYZ3c5bjdab2c0MmNqS0VOSUc5R1AKMnlWUmlMUHRjRVlOYStybXJ2SytncTZ0WWc2MTM4OXpIbXBxY0FvQW1kYVZQUTlsQzlSK1IweVNGNkZmenJmaQpJWG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: name: kubernetescontexts: nullcurrent-context: ""kind: Configpreferences: {}users: null

本段设置了所需要访问的集群的信息。

使用set-cluster设置了需要访问的集群，如上为kubernetes，这只是个名称，实际为--server指向的apiserver

--certificate-authority设置了该集群的公钥--embed-certs为true表示将--certificate-authority证书写入到kubeconfig中--server则表示该集群的kube-apiserver地址生成的kubeconfig 被保存到 kube-proxy.kubeconfig文件

用户参数设置

kubectl config set-credentials kube-proxy \ --client-certificate=./kube-proxy.pem \ --client-key=./kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig[root@localhost k8s]# kubectl config set-credentials kube-proxy \> --client-certificate=./kube-proxy.pem \> --client-key=./kube-proxy-key.pem \> --embed-certs=true \> --kubeconfig=kube-proxy.kubeconfigUser "kube-proxy" set.[root@localhost k8s]# cat kube-proxy.kubeconfig apiVersion: v1clusters:- cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVY0tqQnBLWnBOWDBvd1FMZlZYYUhHMmlaYXJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEl5TURNeU5URXhOVGd3TUZvWERUSTNNRE15TkRFeE5UZ3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeUNRUlZTWmhHUnJaNEV6TjZVbGQKNE9nVFRGVDhjNU95MW1ka24wbVgxYmxDdFRGckNBZ0VQOGdyRTZGVWI1T0k5SU1na3JlUVVvSlVoTGtrVVBIaApURnBzcXA0cmgyVUlKVjJFZ3FPKzNpbUc4NWJtdjBPNE5hb3B2cThCQXZVREZKdWcxOHJYK2ZYeEx5VFE5V0tRCkpmUWNhVmQ4V2FYbWFrMHJhU0JEeDhtNUZpdjEvekV1YmlEZmVCUTJ0NFRvQllkd1k0MmpyN1k3VW95ZVExZlgKTndxUUpjTVFsS1h0c0ZwZGE5T2pycE5PcWkrZHBISXJXYkVBZGhYTkNJZy9odzBuNFJ4OTRFSU0yUVhTWUJOZApMZHpqamU4UFZPenAyVXpnYTZJZ294L3JXRVcvVnA5MTM0YlZGcU0veTJjajB6TnZzS2xJUEVnbENMUE92cUh5ClB3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVSjYzTXZVSlNPbzNDendOSWdsa3dIL2ozTnM0d0h3WURWUjBqQkJnd0ZvQVVKNjNNdlVKUwpPbzNDendOSWdsa3dIL2ozTnM0d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdG1ha3M4cy9hYnhSc1Z5NHhmClhEVzlaeHNObFp2dzc2YnhxeTYvem56RW5UV0JyMHdpV0tmRXFtbk5xNE8rdnZxT1hVQklSMVBaamVYY3FYNlIKN2dlMWRmRGE3dVNqNFdYU2tONS9xbG5xMkNKVGxteVFKQUdHcTZpdnIzQ2ppQ0FKWlU4Z0FRTkg0Q2hJc0NlcwpXMy9HQjZ4a2xFdkkydm5pS2w4MEFxK0tXcXg2c0xCbmIrTlFiOW1zOStRN250ZDBveFBOK04wcnpOZ0JVUUwvCldsUUw0b1ZLWDN2VElqVzlEVkRrdVh0YjdzbzJkZ2JXM3FxRy9scUhDb1NYZ3c5bjdab2c0MmNqS0VOSUc5R1AKMnlWUmlMUHRjRVlOYStybXJ2SytncTZ0WWc2MTM4OXpIbXBxY0FvQW1kYVZQUTlsQzlSK1IweVNGNkZmenJmaQpJWG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: name: kubernetescontexts: nullcurrent-context: ""kind: Configpreferences: {}users:- name: kube-proxy user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lVTEpkekRDNFJKcDF6Y3haRTJmaUNWSkJ0elowd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEl5TURNeU5URXpORE13TUZvWERUTXlNRE15TWpFek5ETXdNRm93YkRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUm93R0FZRFZRUURFeEZ6ZVhOMFpXMDZhM1ZpClpTMXdjbTk0ZVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHVsamJ1TDF6VTMKdmZPbmhjWERwWFpRRVpvY1Z5Y2NYTVdRWkg1RHJYRlpwR29NSmFBTjRhMm9YUnFsVWVWSGZpeWlBVU1zZm03cwp3bmFyOTFtS0d2NUEvZzlZRm5IV2h1MnUyNWRUUElRRVVpK0JkWU02aUZwV2w0UzdYT1RrYmdqUmdnTUQyckduCld6bHlyM0w0K1pCT3U2OUcydzFTdnlQaG84cU9mU0cxZTZCR1RNRUxuL0h6cUJENWVXcUlDNjdHdDU3V1h4RFIKVWErdzZTaUVrSTlCVTA5MlI2eVJRd3puamxDSGo3TVJJTXBSZzdDSmpERmdtZFRscndpZFNIOENnZnQyVkZ5NQpLejR1RU5sTER5NkdDK0hPaG5qRklRSjVXanVLRHRMSkMxc3pKRG01L0JvajZsVWIzM294V3Z4eGFvRTJPN01YCjhSdXNCRWtpY2RrQ0F3RUFBYU4vTUgwd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0cKQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCU1lRYktiNHlHRgo1dTRlamh4eldKUDVSakxtckRBZkJnTlZIU01FR0RBV2dCUW5yY3k5UWxJNmpjTFBBMGlDV1RBZitQYzJ6akFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWFsWXNDZlFheEJOZU11ckRrZFZMNjk4VmxlZGRpQ2FjRGhlQWIyeGkKeW1QVUtTY3d2UEk0WW1oTVFDemhrRjd2N1BVdlVkKzFBTFNmOHRpM212Y25rREp0WFB3cXM1b3VYRE94OCs0UwpVbzVEZzd6MkcvTkU0SWpjQUtWbHNrbGdPU3V4eDBFbCtWbU1DUllMWG9yZjAyRTlIYUlHbk9rUEJBa0hrMEljCnY5YmR2YjNsalJJWndQT25tT2M4eml5YjVkZTlTNm4zaG5kRGdpR1l4SUVmNEpFQjFMME90RU9wSEl4bTQzWW4KaVA2MnVVclhuS3RxcWdNT201YWFHUEY2VGQ2RGlNSndBR2hYNUdZdERZSkc2OGhtN3ZHWmNrektTRVpVTng4ego4WDFJMC8wWkRiVWxZcWlqblF1Z3JFSXMzaVNoeU5NLzE3N2ZkRlFmTkFBWE5BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdTZXTnU0dlhOVGU5ODZlRnhjT2xkbEFSbWh4WEp4eGN4WkJrZmtPdGNWbWthZ3dsCm9BM2hyYWhkR3FWUjVVZCtMS0lCUXl4K2J1ekNkcXYzV1lvYS9rRCtEMWdXY2RhRzdhN2JsMU04aEFSU0w0RjEKZ3pxSVdsYVhoTHRjNU9SdUNOR0NBd1Bhc2FkYk9YS3Zjdmo1a0U2N3IwYmJEVksvSStHanlvNTlJYlY3b0VaTQp3UXVmOGZPb0VQbDVhb2dMcnNhM250WmZFTkZScjdEcEtJU1FqMEZUVDNaSHJKRkRET2VPVUllUHN4RWd5bEdECnNJbU1NV0NaMU9XdkNKMUlmd0tCKzNaVVhMa3JQaTRRMlVzUExvWUw0YzZHZU1VaEFubGFPNG9PMHNrTFd6TWsKT2JuOEdpUHFWUnZmZWpGYS9IRnFnVFk3c3hmeEc2d0VTU0p4MlFJREFRQUJBb0lCQVFDajA5eTBlMWovUzVWNgpIeTU2QldCMnRWMUkwYWw5cWhPTklZMjdkMWI4ZWFsRU5TcThYS0pHUFpKYjZ5NWZJVllWbmJQQWRCNUd0a3JwCjFTWDFkTkF3WDRudzE1VncrajEvVW9UQno1Z3NJcUdtZkQ2ZXZnSEI3WXdJQkpVTCtpdmZZeHRCaXFIckxSUkcKU2N6SWNudGc5SHlFZ1RaS29ZM2p3K0ordkh5ZmFoWmk1SDlxZWNBTFY2SlV3cldYa1dYTEhvVzdnYTIyU2RkTQpvZ0Z6MThNemlyNmlmYUhYQ1pGOUtTeWJLQXkxcXNSY2psNFVhZlgyR3R1c3o4OE1PZkJHRDFvWlM1WlhBMWFHClpON0krWmNESlFtRVBZeXNLZVgvZHZ4RG56clV6N1ZjL0RFdUpXVEJmS1BrOTliSy9QZHJjdFc4WUZrUVBuNlkKR1ZVbG1mSEpBb0dCQU9TTDQwczYvYTRvNnduK0o1YWk5UHo0NzFXdlpta2xCc1R6RmJlWXhqdDBPeC9WZmRlUgp4a1lnc3FXbEZacTRjdzd2OHFWa2VXdGhZZHc4V0ZRQ0YzSjVOSzVsNUVrYTFPRkx3L0ZYeVpqMEJ4dFk2dUtxCm05a1lVSTY5dHFtZ25rRE5LNk5GcXJmNUFzZTlmMnJZZGp3eThhRTEyOE5QRDFRWG5kN1BjSmxUQW9HQkFOSXYKOFg4SlFkZUd1b3VzbHpGY21sT0hZNy9ySUg2dm5jaVpLbGFOM2l5dU9RL2lRSUZvVlA2RmFsU3pRMUhCYWV0WAp4SkkwOE1vdk1SRURSN0czUHZrRTYzaW1RRnR3bUJIakwvYVdHQXJ4NFhjekxhTStMRFROMmdpa0dZQ3ZTLzBIClY2M2M3MUVnazh6eEJlbGQ0S2dCbzZWQklBeTlxVCtPenBCSlI2YWpBb0dBVDlMMEhsQ0tUZ3dJbThMalBOL0oKeFptRXJsN0czQzZNZ0xtT2VrT242UmdkbG03UXR6dzVEa0ZaWkRXV3FDV0lPazFnYUpnQk9Kb1l2ZjF0dEZuTwpxckxlelpMVSt4dWVBdHFkbzJ2UUE5WW5yVXVQTG4vOFV3VUZEZllCR0puNjdCTTlESmZHbXQ4a00zTmlUNFV2Ck5yTnNaYXdVQjlGVFAwSElhQXYzL2ZVQ2dZRUFvMktoVng3YkQ2NnJVK2ZWbjRsY2JaSFErRjdONDZ5ZitrOFYKbWpLdGdnM3NUV3lTdUFWaURIZXBNQzRwSm1ReThiNUlEMThYemhMaEVWaDdZcW9QU1lPSmh6KzB4MSsrMWlqRQpIK3FNeGZWQVRtaDZFV3RDOGNrU3M2VGNMaXdWNVpyUGpWY3dzTitpQksxVzZ4RU9rWXEwcXNEMUtQSkZuaUprCmI4U0c3Z0VDZ1lFQXRGUDRaSXhSbWRreXUycDJveDVHQUlITWZKOERjMXZwUGhXcFhCeHZINWZvTmpMdW9SaHEKeForbEplMndBZytKUVBXUklTbnpyditMeHMyc2Q1cGcvRFZ3SElGb0o1ZUQrcFpqZUNlY29qcFhFWENIZXVHRAphcWMwSk9reXBkVFQvVTJRVjQ4aUdGYlhQT2ZZdEVDejlTRjVCdEd3M0gwUjJXckJUQ2hXRlBVPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

本段主要设置用户的相关信息，主要是用户证书。如上的用户名为kube-proxy，证书为：kube-proxy.pem，私钥为：kube-proxy-key.pem。注意客户端的证书首先要经过集群CA的签署，否则不会被集群认可。此处使用的是ca认证方式，也可以使用token认证，如kubelet的 TLS Boostrap机制下的bootstrapping使用的就是token认证方式。上述kubectl使用的是ca认证，不需要token字段。

上下文参数

kubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig[root@localhost k8s]# kubectl config set-context default \> --cluster=kubernetes \> --user=kube-proxy \> --kubeconfig=kube-proxy.kubeconfigContext "default" created.

集群参数和用户参数可以同时设置多对，在上下文参数中将集群参数和用户参数关联起来。上面的上下文名称为kubenetes，集群为kubenetes，用户为kube-proxy。

[root@localhost k8s]# cat kube-proxy.kubeconfig apiVersion: v1clusters:- cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVY0tqQnBLWnBOWDBvd1FMZlZYYUhHMmlaYXJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEl5TURNeU5URXhOVGd3TUZvWERUSTNNRE15TkRFeE5UZ3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeUNRUlZTWmhHUnJaNEV6TjZVbGQKNE9nVFRGVDhjNU95MW1ka24wbVgxYmxDdFRGckNBZ0VQOGdyRTZGVWI1T0k5SU1na3JlUVVvSlVoTGtrVVBIaApURnBzcXA0cmgyVUlKVjJFZ3FPKzNpbUc4NWJtdjBPNE5hb3B2cThCQXZVREZKdWcxOHJYK2ZYeEx5VFE5V0tRCkpmUWNhVmQ4V2FYbWFrMHJhU0JEeDhtNUZpdjEvekV1YmlEZmVCUTJ0NFRvQllkd1k0MmpyN1k3VW95ZVExZlgKTndxUUpjTVFsS1h0c0ZwZGE5T2pycE5PcWkrZHBISXJXYkVBZGhYTkNJZy9odzBuNFJ4OTRFSU0yUVhTWUJOZApMZHpqamU4UFZPenAyVXpnYTZJZ294L3JXRVcvVnA5MTM0YlZGcU0veTJjajB6TnZzS2xJUEVnbENMUE92cUh5ClB3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVSjYzTXZVSlNPbzNDendOSWdsa3dIL2ozTnM0d0h3WURWUjBqQkJnd0ZvQVVKNjNNdlVKUwpPbzNDendOSWdsa3dIL2ozTnM0d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJdG1ha3M4cy9hYnhSc1Z5NHhmClhEVzlaeHNObFp2dzc2YnhxeTYvem56RW5UV0JyMHdpV0tmRXFtbk5xNE8rdnZxT1hVQklSMVBaamVYY3FYNlIKN2dlMWRmRGE3dVNqNFdYU2tONS9xbG5xMkNKVGxteVFKQUdHcTZpdnIzQ2ppQ0FKWlU4Z0FRTkg0Q2hJc0NlcwpXMy9HQjZ4a2xFdkkydm5pS2w4MEFxK0tXcXg2c0xCbmIrTlFiOW1zOStRN250ZDBveFBOK04wcnpOZ0JVUUwvCldsUUw0b1ZLWDN2VElqVzlEVkRrdVh0YjdzbzJkZ2JXM3FxRy9scUhDb1NYZ3c5bjdab2c0MmNqS0VOSUc5R1AKMnlWUmlMUHRjRVlOYStybXJ2SytncTZ0WWc2MTM4OXpIbXBxY0FvQW1kYVZQUTlsQzlSK1IweVNGNkZmenJmaQpJWG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: name: kubernetescontexts:- context: cluster: kubernetes user: kube-proxy name: defaultcurrent-context: ""kind: Configpreferences: {}users:- name: kube-proxy user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lVTEpkekRDNFJKcDF6Y3haRTJmaUNWSkJ0elowd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEl5TURNeU5URXpORE13TUZvWERUTXlNRE15TWpFek5ETXdNRm93YkRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUm93R0FZRFZRUURFeEZ6ZVhOMFpXMDZhM1ZpClpTMXdjbTk0ZVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHVsamJ1TDF6VTMKdmZPbmhjWERwWFpRRVpvY1Z5Y2NYTVdRWkg1RHJYRlpwR29NSmFBTjRhMm9YUnFsVWVWSGZpeWlBVU1zZm03cwp3bmFyOTFtS0d2NUEvZzlZRm5IV2h1MnUyNWRUUElRRVVpK0JkWU02aUZwV2w0UzdYT1RrYmdqUmdnTUQyckduCld6bHlyM0w0K1pCT3U2OUcydzFTdnlQaG84cU9mU0cxZTZCR1RNRUxuL0h6cUJENWVXcUlDNjdHdDU3V1h4RFIKVWErdzZTaUVrSTlCVTA5MlI2eVJRd3puamxDSGo3TVJJTXBSZzdDSmpERmdtZFRscndpZFNIOENnZnQyVkZ5NQpLejR1RU5sTER5NkdDK0hPaG5qRklRSjVXanVLRHRMSkMxc3pKRG01L0JvajZsVWIzM294V3Z4eGFvRTJPN01YCjhSdXNCRWtpY2RrQ0F3RUFBYU4vTUgwd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0cKQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCU1lRYktiNHlHRgo1dTRlamh4eldKUDVSakxtckRBZkJnTlZIU01FR0RBV2dCUW5yY3k5UWxJNmpjTFBBMGlDV1RBZitQYzJ6akFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWFsWXNDZlFheEJOZU11ckRrZFZMNjk4VmxlZGRpQ2FjRGhlQWIyeGkKeW1QVUtTY3d2UEk0WW1oTVFDemhrRjd2N1BVdlVkKzFBTFNmOHRpM212Y25rREp0WFB3cXM1b3VYRE94OCs0UwpVbzVEZzd6MkcvTkU0SWpjQUtWbHNrbGdPU3V4eDBFbCtWbU1DUllMWG9yZjAyRTlIYUlHbk9rUEJBa0hrMEljCnY5YmR2YjNsalJJWndQT25tT2M4eml5YjVkZTlTNm4zaG5kRGdpR1l4SUVmNEpFQjFMME90RU9wSEl4bTQzWW4KaVA2MnVVclhuS3RxcWdNT201YWFHUEY2VGQ2RGlNSndBR2hYNUdZdERZSkc2OGhtN3ZHWmNrektTRVpVTng4ego4WDFJMC8wWkRiVWxZcWlqblF1Z3JFSXMzaVNoeU5NLzE3N2ZkRlFmTkFBWE5BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdTZXTnU0dlhOVGU5ODZlRnhjT2xkbEFSbWh4WEp4eGN4WkJrZmtPdGNWbWthZ3dsCm9BM2hyYWhkR3FWUjVVZCtMS0lCUXl4K2J1ekNkcXYzV1lvYS9rRCtEMWdXY2RhRzdhN2JsMU04aEFSU0w0RjEKZ3pxSVdsYVhoTHRjNU9SdUNOR0NBd1Bhc2FkYk9YS3Zjdmo1a0U2N3IwYmJEVksvSStHanlvNTlJYlY3b0VaTQp3UXVmOGZPb0VQbDVhb2dMcnNhM250WmZFTkZScjdEcEtJU1FqMEZUVDNaSHJKRkRET2VPVUllUHN4RWd5bEdECnNJbU1NV0NaMU9XdkNKMUlmd0tCKzNaVVhMa3JQaTRRMlVzUExvWUw0YzZHZU1VaEFubGFPNG9PMHNrTFd6TWsKT2JuOEdpUHFWUnZmZWpGYS9IRnFnVFk3c3hmeEc2d0VTU0p4MlFJREFRQUJBb0lCQVFDajA5eTBlMWovUzVWNgpIeTU2QldCMnRWMUkwYWw5cWhPTklZMjdkMWI4ZWFsRU5TcThYS0pHUFpKYjZ5NWZJVllWbmJQQWRCNUd0a3JwCjFTWDFkTkF3WDRudzE1VncrajEvVW9UQno1Z3NJcUdtZkQ2ZXZnSEI3WXdJQkpVTCtpdmZZeHRCaXFIckxSUkcKU2N6SWNudGc5SHlFZ1RaS29ZM2p3K0ordkh5ZmFoWmk1SDlxZWNBTFY2SlV3cldYa1dYTEhvVzdnYTIyU2RkTQpvZ0Z6MThNemlyNmlmYUhYQ1pGOUtTeWJLQXkxcXNSY2psNFVhZlgyR3R1c3o4OE1PZkJHRDFvWlM1WlhBMWFHClpON0krWmNESlFtRVBZeXNLZVgvZHZ4RG56clV6N1ZjL0RFdUpXVEJmS1BrOTliSy9QZHJjdFc4WUZrUVBuNlkKR1ZVbG1mSEpBb0dCQU9TTDQwczYvYTRvNnduK0o1YWk5UHo0NzFXdlpta2xCc1R6RmJlWXhqdDBPeC9WZmRlUgp4a1lnc3FXbEZacTRjdzd2OHFWa2VXdGhZZHc4V0ZRQ0YzSjVOSzVsNUVrYTFPRkx3L0ZYeVpqMEJ4dFk2dUtxCm05a1lVSTY5dHFtZ25rRE5LNk5GcXJmNUFzZTlmMnJZZGp3eThhRTEyOE5QRDFRWG5kN1BjSmxUQW9HQkFOSXYKOFg4SlFkZUd1b3VzbHpGY21sT0hZNy9ySUg2dm5jaVpLbGFOM2l5dU9RL2lRSUZvVlA2RmFsU3pRMUhCYWV0WAp4SkkwOE1vdk1SRURSN0czUHZrRTYzaW1RRnR3bUJIakwvYVdHQXJ4NFhjekxhTStMRFROMmdpa0dZQ3ZTLzBIClY2M2M3MUVnazh6eEJlbGQ0S2dCbzZWQklBeTlxVCtPenBCSlI2YWpBb0dBVDlMMEhsQ0tUZ3dJbThMalBOL0oKeFptRXJsN0czQzZNZ0xtT2VrT242UmdkbG03UXR6dzVEa0ZaWkRXV3FDV0lPazFnYUpnQk9Kb1l2ZjF0dEZuTwpxckxlelpMVSt4dWVBdHFkbzJ2UUE5WW5yVXVQTG4vOFV3VUZEZllCR0puNjdCTTlESmZHbXQ4a00zTmlUNFV2Ck5yTnNaYXdVQjlGVFAwSElhQXYzL2ZVQ2dZRUFvMktoVng3YkQ2NnJVK2ZWbjRsY2JaSFErRjdONDZ5ZitrOFYKbWpLdGdnM3NUV3lTdUFWaURIZXBNQzRwSm1ReThiNUlEMThYemhMaEVWaDdZcW9QU1lPSmh6KzB4MSsrMWlqRQpIK3FNeGZWQVRtaDZFV3RDOGNrU3M2VGNMaXdWNVpyUGpWY3dzTitpQksxVzZ4RU9rWXEwcXNEMUtQSkZuaUprCmI4U0c3Z0VDZ1lFQXRGUDRaSXhSbWRreXUycDJveDVHQUlITWZKOERjMXZwUGhXcFhCeHZINWZvTmpMdW9SaHEKeForbEplMndBZytKUVBXUklTbnpyditMeHMyc2Q1cGcvRFZ3SElGb0o1ZUQrcFpqZUNlY29qcFhFWENIZXVHRAphcWMwSk9reXBkVFQvVTJRVjQ4aUdGYlhQT2ZZdEVDejlTRjVCdEd3M0gwUjJXckJUQ2hXRlBVPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

最后使用kubectl config use-context default来使用名为kubenetes的环境项来作为配置。如果配置了多个环境项，可以通过切换不同的环境项名字来访问到不同的集群环境。

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig[root@localhost k8s]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfigSwitched to context "default".

拷贝到配置文件指定路径：

cp kube-proxy.kubeconfig /opt/kubernetes/cfg/

4. systemd管理kube-proxy

cat > /usr/lib/systemd/system/kube-proxy.service << EOF[Unit]Description=Kubernetes ProxyAfter=network.target[Service]EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.confExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOF

5. 启动并设置开机启动

systemctl daemon-reloadsystemctl start kube-proxysystemctl enable kube-proxy

k8s的node节点服务器重启后，启动kube-proxy发现报错

6月 19 09:57:07 node1 kube-proxy[17770]: E0619 09:57:07.022125   17770 proxier.go:1319] Failed to delete stale service IP 10.254.0.2 connections, error: error deleting connection tracking state for UDP service IP: 10.254.0.2, error: error looking for path of conntrack: exec: "conntrack": executable file not found in $PATH

yum -y install conntrack 后重启kube-proxy，问题解决

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。