|NO.Z.00059|——————————|^^ 部署 ^^|—

一、kube-proxy配置

### --- kube-proxy注意事项

~~~     注意，如果不是高可用集群，
~~~     192.168.1.11:8443改为master01的地址，8443改为apiserver的端口，默认是6443

二、创建kube-proxy服务

### --- 创建kube-proxy服务；以下操作在Master01执行

[root@k8s-master01 ~]# cd /root/k8s-ha-install

### --- 创建ServiceAccount

[root@k8s-master01 k8s-ha-install]# kubectl -n kube-system create serviceaccount kube-proxy
ty=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.11:6443     --kubeconfig=${K8S_DIR}/kube-proxy.kubeconfig
kubectl config set-credentials kubernetes     --token=${JWT_TOKEN}     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
kubectl config set-context kubernetes     --cluster=kubernetes     --user=kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
kubectl config use-context kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     输出结果：
serviceaccount/kube-proxy created

### --- 创建ClusterRoleBinding

[root@k8s-master01 k8s-ha-install]# kubectl create clusterrolebinding system:kube-proxy         --clusterrole system:node-proxier         --serviceaccount kube-system:kube-proxy
~~~     输出结果：
clusterrolebinding.rbac.authorization.k8s.io/system:kube-proxy created

### --- 创建cluster

[root@k8s-master01 k8s-ha-install]# SECRET=$(kubectl -n kube-system get sa/kube-proxy \
>     --output=jsonpath='{.secrets[0].name}')
[root@k8s-master01 k8s-ha-install]# JWT_TOKEN=$(kubectl -n kube-system get secret/$SECRET \
> --output=jsonpath='{.data.token}' | base64 -d)
[root@k8s-master01 k8s-ha-install]# PKI_DIR=/etc/kubernetes/pki
[root@k8s-master01 k8s-ha-install]# K8S_DIR=/etc/kubernetes
[root@k8s-master01 k8s-ha-install]# kubectl config set-cluster kubernetes     --certificate-authority=/etc/kubernetes/pki/ca.pem     --embed-certs=true     --server=https://192.168.1.11:6443     --kubeconfig=${K8S_DIR}/kube-proxy.kubeconfig
~~~     输出结果：
Cluster "kubernetes" set.

### --- 创建user

[root@k8s-master01 k8s-ha-install]# kubectl config set-credentials kubernetes     --token=${JWT_TOKEN}     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     输出结果：
User "kubernetes" set.

### --- 创建context

[root@k8s-master01 k8s-ha-install]# kubectl config set-context kubernetes     --cluster=kubernetes     --user=kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     输出结果：
Context "kubernetes" created.

### --- 创建context

[root@k8s-master01 k8s-ha-install]# kubectl config use-context kubernetes     --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
~~~     输出结果：
Switched to context "kubernetes".

三、修改pod的网段

### --- 查看pod的网段
~~~     注：修改pod的网段
~~~     注：如果更改了集群Pod的网段，需要更改kube-proxy/kube-proxy.conf的clusterCIDR: 172.16.0.0/12参数为pod的网段。

[root@k8s-master01 ~]# vim kube-proxy/kube-proxy.conf
clusterCIDR: 172.16.0.0/12

四、在master01将kube-proxy的systemd Service文件发送到其他节点；将配置文件发送到其它节点

### --- 将kube-proxy配置文件发送到k8s-master节点

[root@k8s-master01 k8s-ha-install]# for NODE in k8s-master01; do
>      scp ${K8S_DIR}/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
>      scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
>      scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
>  done
~~~     注：输出结果：
kube-proxy.kubeconfig                                                                                                                                         100% 3120     3.7MB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   288.3KB/s   00:00    
kube-proxy.service

### --- 将kube-proxy配置文件发送到k8s-node节点

[root@k8s-master01 k8s-ha-install]# for NODE in k8s-node01 k8s-node02; do
>      scp /etc/kubernetes/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
>      scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
>      scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
>  done
~~~     注：输出结果：
kube-proxy.kubeconfig                                                                                                                                         100% 3120   652.0KB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   190.3KB/s   00:00    
kube-proxy.service                                                                                                                                            100%  288   118.8KB/s   00:00    
kube-proxy.kubeconfig                                                                                                                                         100% 3120   340.7KB/s   00:00    
kube-proxy.conf                                                                                                                                               100%  813   275.6KB/s   00:00    
kube-proxy.service

五、所有节点启动kube-proxy并设置开机自启动

### --- 所有节点启动kube-proxy

[root@k8s-master01 k8s-ha-install]# systemctl daemon-reload
[root@k8s-master01 k8s-ha-install]# systemctl enable --now kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

### --- 查看kube-proxy状态

[root@k8s-master01 k8s-ha-install]# systemctl status kube-proxy
  Active: active (running) since Wed 2021-05-12 21:10:55 CST; 14s ago

---

---

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart

                                                                                                                                                   ——W.S.Landor

---