\u4eca\u5e74\u3082\u672b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u306a\u3093\u3060\u304b\u6700\u5f8c\u306e\uff13\u30f6\u6708\u304f\u3089\u3044\u304c\u968f\u5206\u30c9\u30bf\u30d0\u30bf\u3057\u3066\u305f\u306a\u3041\u3063\u3066\u304f\u3089\u3044\u3057\u304b\u3001\u73fe\u5834\u3067\u306e\u8a18\u61b6\u304c\u306a\u3044\u306e\u306f\u3069\u3046\u3057\u305f\u3053\u3068\u304b\u30fb\u30fb\u30fb\u3002<\/p>\n
\u4eca\u306e\u73fe\u5834\u3067\u306f\u3001\u3069\u3061\u3089\u304b\u3068\u8a00\u3046\u3068\u30ec\u30ac\u30b7\u30fc\u3088\u308a\u306e\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\uff0bAWS\u3082\u81ea\u7531\u304c\u306a\u3044\u3001\u3068\u3044\u3046\u3068\u3053\u308d\u3067\u3001\u4e2d\u3005\u65b0\u3057\u3044\u3053\u3068\u3092\u5b9f\u9a13\u3057\u305f\u308a\u3059\u308b\u306e\u304c\u96e3\u3057\u3044\u3067\u3059\u3002
\n\u3057\u304b\u3057\u3001\u306a\u3093\u304b\u65b0\u3057\u3044\u3053\u3068\uff08\u81ea\u5206\u306b\u3068\u3063\u3066\uff09\u3092\u3084\u308a\u305f\u3044\u306a\u30fc\u3063\u3066\u601d\u3063\u3066\u3044\u305f\u3068\u3053\u308d\u3001\u4eca\u5e74\u306eRe:Invent\u3067 AWS\u4e0a\u3067\u306eManaged Kubernetes \u304c\u767a\u8868\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n
Google Cloud Platform\u306eGKE\u306f\u524d\u304b\u3089\u77e5\u3063\u3066\u3044\u305f\u3057\u3001Kubernetes\u3068\u3044\u3046\u306e\u304c\u30b3\u30f3\u30c6\u30ca\u30af\u30e9\u30b9\u30bf\u7ba1\u7406\u306e\u30c7\u30d5\u30a1\u30af\u30c8\u306b\u306a\u3063\u305f\u3068\u3044\u3046\u3053\u3068\u3082\u805e\u3044\u3066\u3044\u307e\u3057\u305f\u3002\u8208\u5473\u306f\u3042\u3063\u305f\u3093\u3067\u3059\u304c\u3001\u3069\u3046\u306b\u3082\u98df\u6307\u304c\u52d5\u304b\u305a\u30fb\u30fb\u30fb\u3002<\/p>\n
\u3057\u304b\u3057\u3001AWS\u4e0a\u3067 Kubernetes\u306eManaged Service \u304c\u51fa\u6765\u305f\u3053\u3068\u3067\u3001\u4ed5\u4e8b\u3067\u5229\u7528\u3059\u308b\u53ef\u80fd\u6027\u3082\u4e0a\u304c\u308a\u3001\u304b\u3064\u6700\u8fd1Docker\u3092\u7d50\u69cb\u89e6\u3063\u3066\u3044\u308b\u3053\u3068\u3082\u3042\u308a\u3001\u30b3\u30f3\u30c6\u30ca\u306e\u7ba1\u7406\u306b\u8208\u5473\u304c\u3067\u305f\u3068\u3053\u308d\u3060\u3063\u305f\u306e\u3067\u3001kubernetes\u3092\u89e6\u3063\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n
\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u8fd9\u79cd\u7ba1\u7406\u5de5\u5177\u7684\u6784\u5efa\u662f\u56f0\u96be\u7684\uff08\u5b89\u88c5\u65f6\u95f4\u5f88\u957f\uff09\uff0c\u4f46\u5f53\u6211\u770b\u5230 Kubernetes \u7684\u8bbe\u7f6e\u65f6\u611f\u5230\u60ca\u8bb6\u3002<\/p>\n
\u4f55\u304c\u9a5a\u3044\u305f\u304b\u3063\u3066\u3001\u307e\u305a\u6700\u521d\u3063\u304b\u3089\u624b\u52d5\u3067\u306e\u69cb\u7bc9\u306f\u3084\u3081\u3068\u3051\u3068\u8a00\u308f\u3093\u3070\u304b\u308a\u306b\u3001Managed Service\u3084\u69cb\u7bc9\u6e08\u307f\u306e\u74b0\u5883https:\/\/github.com\/kubernetes\/minikube \u3092\u52e7\u3081\u3066\u304d\u307e\u3059\u3002<\/p>\n
\u3057\u304b\u3057\u3001\u500b\u4eba\u7684\u306b\u306f\u3053\u3046\u3044\u3046\u3082\u306e\u306f\u4f5c\u308a\u306a\u304c\u3089\u4ed5\u7d44\u307f\u3092\u77e5\u308a\u305f\u3044\u6d3e\u95a5\u306a\u306e\u3068\u3001\u52c9\u5f37\u306b\u306a\u308b\u3060\u308d\u30fc\u3063\u3066\u3053\u3068\u3067\u3001 \u30b9\u30af\u30e9\u30c3\u30c1\u3067\u69cb\u7bc9\u3057\u3066\u307f\u308b \u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n
\u3053\u3053\u304b\u3089\u306f\u3001\u5b9f\u969b\u306b\u624b\u3092\u52d5\u304b\u3057\u3066Kubernetes\u3092\u69cb\u7bc9\u3057\u3066\u307f\u305f\u5c65\u6b74\u3067\u3059\u3002<\/p>\n
\u987a\u4fbf\u4e00\u63d0\uff0c\u6211\u540e\u6765\u67e5\u4e86\u4e00\u4e0b\uff0c\u53d1\u73b0\u6709\u4eba\u4e5f\u5728\u505a\u7c7b\u4f3c\u7684\u4e8b\u60c5\uff0c\u79f0\u4e4b\u4e3a\u201cHard Way\u201d\u3002\u5b9e\u9645\u4f53\u9a8c\u540e\uff0c\u6211\u771f\u7684\u6df1\u523b\u5730\u610f\u8bc6\u5230\u4e86\u5b83\u6709\u591a\u4e48\u8270\u8f9b\u2026\u2026\u6bcf\u4e2a\u4eba\u90fd\u6e34\u671b\u62e5\u6709\u6258\u7ba1\u670d\u52a1\u3002<\/p><\/blockquote>\n
\u624b\u52a8\u8bbe\u7f6e\u8bb0\u5f55<\/h2>\n
\u6211\u5011\u5c07\u9032\u884c\u7684\u8a2d\u7f6e\u524d\u63d0\u5982\u4e0b\u3002<\/p>\n
\n
- \n
Ubuntu 16.04\u4e0a<\/ul>\n<\/li>\n<\/ul>\n
\u5358\u7d14\u306b\u56f0\u3063\u305f\u6642\u306b\u60c5\u5831\u91cf\u304c\u591a\u3044\u3063\u3066\u3060\u3051\u3067\u3059<\/p>\n
Kubernetes 1.7<\/p>\n
\u3084\u3063\u3066\u308b\u9593\u306b1.8\u304c\u6b63\u5f0f\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u3088\u3046\u3067\u3059<\/p>\n
\u4e3a\u4e86\u6682\u65f6\u80fd\u591f\u6b63\u5e38\u8fd0\u884c\uff0c\u6211\u4eec\u9009\u62e9\u4f7f\u7528Vagrant + Virtualbox\u7684\u7ec4\u5408\u6765\u8fdb\u884c\u64cd\u4f5c\u3002<\/p>\n
\u3067\u306f\u884c\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n
1. \u4f7f\u7528Virtualbox\u521b\u5efa\u865a\u62df\u673a<\/h3>\n
\u53ea\u9700\u8981\u4e00\u4e2a\u9009\u9879\uff1a\u521b\u5efa\u4e0a\u8ff0\u865a\u62df\u673a\u3002\u5728Vagrant\u7684\u6761\u4ef6\u4e0b\uff0c\u5982\u679c\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\u5c31\u53ef\u4ee5\u4e86\u3002<\/p>\n
\n
- \n
2core\/2GB<\/ul>\n<\/li>\n<\/ul>\n
etcd\/kube-proxy\u306e\u52d5\u4f5c\u306b1core\/1GB\u306e\u30e1\u30e2\u30ea\u304c\u5fc5\u8981
\n\u3053\u308c\u304f\u3089\u3044\u306730\u500b\u304f\u3089\u3044\u306e\u30b3\u30f3\u30c6\u30ca\u3092\u5236\u5fa1\u3067\u304d\u308b\u3089\u3057\u3044\u3067\u3059<\/p>\nhost only network<\/p>\n
\u5f8c\u8ff0\u3059\u308bmaster node\u306e\u8a2d\u5b9a\u306e\u305f\u3081\u306b\u5fc5\u8981\u3067\u3059\u3002\u7121\u3044\u3068\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\u304c\u3082\u306e\u3059\u3054\u304f\u9762\u5012\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
2. \u6700\u57fa\u672c\u7684\u7684\u7f51\u7edc\u8bbe\u7f6e (Zu\u00ec de<\/h3>\n
\u9700\u8981\u786e\u5b9a\u96c6\u7fa4\u7684 IP \u8303\u56f4\u3002\u8fd9\u6b21\u6211\u4eec\u8bbe\u5b9a\u4e3a 10.1.0.0\/16\u3002<\/p>\n
\u6b64\u5916\uff0c\u8fd8\u9700\u8981\u5c31\u4ee5\u4e0b\u4e8b\u9879\u505a\u51fa\u51b3\u5b9a\u3002<\/p>\n
\n
- \n
kubectl\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3059\u308bmaster node\u306eIP<\/ul>\n<\/li>\n<\/ul>\n
\u4eca\u56de\u306fVagrant\u81ea\u8eab\u306a\u306e\u3067\u3059\u304c\u3001\u3053\u308c\u3092host only network\u306eIP\u306b\u3057\u3066\u304a\u304d\u307e\u3059
\nMASTERIP\u306f\u30ed\u30fc\u30ab\u30eb\u30db\u30b9\u30c8\u4ee5\u5916\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308b\u306e\u3067<\/p>\n80\/443\u304c\u958b\u3044\u3066\u3044\u308b
\nsysctl\u3067net.ipv4.ipforward = 1<\/p>\n\u5728\u4e4b\u540e\u7684\u6b65\u9aa4\u4e2d\uff0c\u5047\u5b9a\u5c06master\u8282\u70b9\u7684IP\u5730\u5740\u5b58\u50a8\u5728\u540d\u4e3aMASTER_IP\u7684\u73af\u5883\u53d8\u91cf\u4e2d\u3002\u5982\u679c\u5728\u6587\u4ef6\u4e2d\u6216\u5176\u4ed6\u5730\u65b9\u51fa\u73b0\u4e86MASTER_IP\uff0c\u90a3\u4e48\u5c31\u8868\u793a\u6307\u7684\u662fmaster\u8282\u70b9\u7684IP\u5730\u5740\u3002<\/p>\n
3.\u6700\u57fa\u672c\u7684\u7684\u9884\u8bbe<\/h3>\n
\u5728\u4e4b\u524d\u63d0\u5230\u7684\u53c2\u8003\u9875\u9762\u4e2d\uff0c\u4f7f\u7528\u4e86\/srv\/kubernetes\uff0c\u4f46\u662f\u901a\u8fc7\u4e00\u4e2a\u540d\u4e3akubeadm\u7684\u5de5\u5177\u521b\u5efa\u7684\u4e1c\u897f\u4f1a\u88ab\u653e\u5728\/etc\/kubernetes\u4e2d\u3002\u901a\u5e38\/etc\u662f\u7528\u4e8e\u5b58\u653e\u914d\u7f6e\u6587\u4ef6\u7684\u4f4d\u7f6e\uff0c\u6240\u4ee5\u5c06\u5176\u521b\u5efa\u5728\u8fd9\u91cc\u3002<\/p>\n
\\# mkdir -p \/etc\/kubernetes\r\n<\/code><\/pre>\n\u5b89\u88c5\u8f6f\u4ef6\u5728\u4e3b\u8282\u70b9\u4e0a\u3002<\/h3>\n
\u4ece\u8fd9\u91cc\u5f00\u59cb\u5c31\u662f\u771f\u6b63\u7684\u6f14\u51fa\u4e86\u3002Kubernetes\u7684\u4e3b\u8282\u70b9\u9700\u8981\u4ee5\u4e0b\u8f6f\u4ef6\u3002<\/p>\n
\n
- \n
etcd<\/ul>\n<\/li>\n<\/ul>\n
\u305f\u3060\u3057\u3001container runner\u4e0a\u3067\u52d5\u304b\u3059\u306e\u304c\u5968\u52b1\u3055\u308c\u3066\u3044\u305f\u306e\u3067\u3001apt\u3068\u304b\u3067\u306f\u5165\u308c\u307e\u305b\u3093<\/p>\n
container runner<\/p>\n
docker\/rkt\u3068\u3044\u3063\u305f\u3082\u306e\u3092\u5c0e\u5165\u3067\u304d\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306fdocker\u306b\u3057\u3066\u304a\u304d\u307e\u3059<\/p>\n
Kubernetes\u306e\u5404\u7a2e\u30c4\u30fc\u30eb
\n\u5168\u90e8\u307e\u3068\u3081\u3066github\u306brelease\u304b\u3089\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002\u4eca\u56de\u306fv1.7.11\u3092\u4f7f\u3044\u307e\u3059\u3002
\nhttps:\/\/github.com\/kubernetes\/kubernetes\/releases\/tag<\/p>\n\u5b9f\u969b\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u30c4\u30fc\u30eb\u3092\u5229\u7528\u3057\u307e\u3059\u3002\u5168\u90e8\u307e\u3068\u3081\u3066\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u3066\u304f\u308b\u306e\u3067\u5fc3\u914d\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n
kube-apiserver
\nkubelet
\nkube-proxy
\nkube-controller-manager
\nkube-scheduler<\/p>\n\u5728\u4e2d\u6587\u4e2d\uff0c\u53ef\u4ee5\u8fd9\u6837\u8868\u8fbe\uff1a\u4ee5\u4e0b\u662f\u4e00\u79cd\u65b9\u6cd5\u8fdb\u884c\u6574\u5408\u3002\u6b64\u5916\uff0c\u5efa\u8bae\u5728\u6b64\u4e4b\u540e\u57fa\u672c\u4e0a\u4f7f\u7528root\u8fdb\u884c\u64cd\u4f5c\u3002<\/p>\n
# Docker\u306e\u5c0e\u5165\u306fhttps:\/\/docs.docker.com\/engine\/installation\/linux\/docker-ce\/ubuntu\/#set-up-the-repository\u3092\u53c2\u8003\r\n# Kubernetes\u306e\u30d0\u30a4\u30ca\u30ea\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3002450MB(!)\u304f\u3089\u3044\u3042\u308a\u307e\u3059\r\n$ curl -LO https:\/\/github.com\/kubernetes\/kubernetes\/releases\/tag\/v1.17.11\r\n$ tar xf kubernetes.tar.gz\r\n$ .\/kubernetes\/cluster\/get-kube-binaries.sh\r\n\r\n$ tar xf kubernetes\/client\/kubernetes-client-linux-amd64.tar.gz\r\n$ tar xf kubernetes\/server\/kubernetes-server-linux-amd64.tar.gz\r\n\r\n# \u3053\u308c\u3067\u3001 kubernetes\/client\/bin \u3068 kubernetes\/server\/bin \u306b\u305d\u308c\u305e\u308c\u30d0\u30a4\u30ca\u30ea\u304c\u5165\u308a\u307e\u3059\r\n<\/code><\/pre>\n\u521b\u5efa\u4e00\u4e2a\u4e2d\u95f4\u4ef6\u7684Docker\u955c\u50cf\u3002<\/h3>\n
\u5173\u4e8ekube-apiserver\/kube-controller-manager\/kube-scheduler\/etcd\uff0c\u636e\u8bf4\u53ef\u4ee5\u5728docker pull\u6216kubernetes\u8fd0\u884c\u65f6\u83b7\u53d6\u6216\u521b\u5efa\uff0c\u4f46\u4e5f\u53ef\u4ee5\u81ea\u884c\u521b\u5efa\u3002\u672c\u6b21\u5c06\u81ea\u884c\u521b\u5efa\u3002<\/p>\n
$ docker image load -i kubernetes\/server\/bin\/kube-apiserver.tar\r\n$ docker image load -i kubernetes\/server\/bin\/kube-scheduler.tar\r\n$ docker image load -i kubernetes\/server\/bin\/kube-controller-manager.tar\r\n$ cd kubernetes\/cluster\/image\/etcd; make\r\n# v1.17.11\u3067\u306f\u3053\u308c\u304c\u666e\u901a\u306b\u52d5\u304b\u306a\u3044\u30fb\u30fb\u30fb\u3068\u3044\u3046\u3053\u3068\u3067\u8ae6\u3081\u3066\u666e\u901a\u306bpull\u3057\u307e\u3057\u305f\r\n$ docker image pull gcr.io\/google-containers\/etcd:3.0.17\r\n<\/code><\/pre>\n6. \u5b89\u5168\u6a21\u578b\u548c\u9884\u8bbe\u8bbe\u7f6e<\/h3>\n
\u867d\u7136\u4f3c\u4e4e\u53ef\u4ee5\u4f7f\u7528HTTP\u8fdb\u884c\u8fde\u63a5\uff0c\u4f46\u57fa\u672c\u4e0a\u63a8\u8350\u5168\u90e8\u4f7f\u7528HTTPS\uff0c\u867d\u7136\u9ebb\u70e6\uff0c\u4f46\u6211\u4f1a\u505a\u5404\u79cd\u8c03\u6574\u3002\u6700\u7ec8\u5fc5\u987b\u901a\u8fc7HTTPS\u8fdb\u884c\u8fde\u63a5\uff0c\u867d\u7136\u9ebb\u70e6\uff0c\u4f46\u6211\u4eec\u5047\u8bbe\u4ee5HTTPS\u4e3a\u524d\u63d0\u3002<\/p>\n
CA\u3092\u4f5c\u308b<\/p>\n
\u4f5c\u308b\u5834\u6240\u306f \/etc\/kubernetes\/pki \u306b\u3057\u307e\u3059\u3002\u307e\u305a\u306f\u5fc5\u8981\u306aprivate key\u3068crt\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
# ca.key\u3092\u751f\u6210
\n$ openssl genrsa -out ca.key 2048
\n# ca.crt\u3092\u751f\u6210
\n$ openssl req -x509 -new -nodes -key ca.key -subj “\/CN=${MASTER_IP}” -days 10000 -out ca.crt
\n# server.key\u3092\u751f\u6210
\n$ openssl genrsa -out server.key 2048<\/p>\nCertificate Signed Request(CSR)\u306e\u8a2d\u5b9a\u3092\u4f5c\u6210\u3059\u308b<\/p>\n
\u4ee5\u4e0b\u306e\u5185\u5bb9\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u3001 \/etc\/kubernetes\/pki\/csr.conf \u3068\u3057\u3066\u4f5c\u6210\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u5185\u306eMASTERCLUSTERIP\u306f\u3001\u6700\u521d\u306b\u6c7a\u3081\u305f\u30af\u30e9\u30b9\u30bf\u306eIP\u30ec\u30f3\u30b8\u306b\u304a\u3051\u308b\u3001\u6700\u521d\u306e\u30a2\u30c9\u30ec\u30b9\u3067\u3059\u3002\u4eca\u56de\u306e\u5834\u5408\u3067\u3042\u308c\u3070 10.1.0.1\/32 \u306b\u306a\u308a\u307e\u3059\u3002
\n\u2013service-cluster-ip-range\u306e\u6700\u521d\u306eIP\u30a2\u30c9\u30ec\u30b9\u3002\u2013service-cluster-ip-range\u306fapiserver\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3002<\/p>\n[ req ]
\ndefault_bits = 2048
\nprompt = no
\ndefault_md = sha256
\nreq_extensions = req_ext
\ndistinguished_name = dn<\/p>\n[ dn ]
\nC =
\nST =
\nL =
\nO =
\nOU =
\nCN =<\/p>\n[ req_ext ]
\nsubjectAltName = @alt_names<\/p>\n[ alt_names ]
\nDNS.1 = kubernetes
\nDNS.2 = kubernetes.default
\nDNS.3 = kubernetes.default.svc
\nDNS.4 = kubernetes.default.svc.cluster
\nDNS.5 = kubernetes.default.svc.cluster.local
\nIP.1 =
\nIP.2 =<\/p>\n[ v3_ext ]
\nauthorityKeyIdentifier=keyid,issuer:always
\nbasicConstraints=CA:FALSE
\nkeyUsage=keyEncipherment,dataEncipherment
\nextendedKeyUsage=serverAuth,clientAuth
\nsubjectAltName=@alt_names<\/p>\nserver.key\u306bCSR\u3092\u9069\u7528\u3057\u3066x509\u3092\u751f\u6210\u3059\u308b<\/p>\n
\u4f5c\u6210\u3057\u305fCSR\u3092\u9069\u7528\u3057\u307e\u3059\u3002\u6b63\u76f4\u3053\u306e\u8fba\u306f\u77e5\u8b58\u304c\u7121\u304f\u3066\u4f55\u3092\u3084\u3063\u3066\u3044\u308b\u304b\u3088\u304f\u308f\u304b\u3089\u306a\u304b\u3063\u305f\u3067\u3059\u30fb\u30fb\u30fb\u3002<\/p>\n
$ openssl req -new -key server.key -out server.csr -config csr.conf
\n# Server certificate\u3092\u751f\u6210\u3059\u308b
\n$ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \\
\n-CAcreateserial -out server.crt -days 10000 \\
\n-extensions v3_ext -extfile csr.conf
\n# server certificate\u3092\u8868\u793a\u3059\u308b\u3002\u3053\u308c\u3092\u305d\u308c\u305e\u308c\u306e\u8a2d\u5b9a\u306b\u304a\u3051\u308bcertificate\u3068\u3057\u3066\u5229\u7528\u3059\u308b
\n$ openssl x509 -noout -text -in .\/server.crt<\/p>\nkubernetes\u81ea\u4f53\u306e\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\u3092\u914d\u7f6e\u3059\u308b<\/p>\n
\u6700\u5f8c\u306b\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u3057\u3066kubernetes\u306eroot\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u81ea\u5df1\u7f72\u540d\u306a\u306e\u3067\u3001\u3053\u3046\u3057\u306a\u3044\u3068\u8272\u3005\u554f\u984c\u304c\u51fa\u307e\u3059\uff08\u591a\u5206\uff09<\/p>\n
$ cp ca.crt \/usr\/local\/share\/ca-certificates\/kubernetes.crt
\n$ update-ca-certificates<\/p>\nCredential\u3092\u8a2d\u5b9a\u3059\u308b<\/p>\n
Kubernetes\u3067\u306f\u3001Production ready\u3068\u3044\u3046\u3053\u3068\u3082\u3042\u308a\u3001\u69d8\u3005\u306a\u8a8d\u8a3c\u65b9\u5f0f\u304c\u5229\u7528\u3067\u304d\u307e\u3059\u3002user\/password\u3084\u3001\u5404\u30e6\u30fc\u30b6\u30fc\u3054\u3068\u306b\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u3066\u767b\u9332\u3001\u3068\u304b\u3082\u51fa\u6765\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n
\u3053\u3053\u3067\u306f\u7c21\u5358\u306b\u3084\u308b\u305f\u3081\u306btoken\u3092\u4f7f\u3044\u307e\u3059\u3002<\/p>\n
\u4f5c\u3063\u305ftoken\u306f\u3001 \/etc\/kube-apiserver\/known_tokens.csv \u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002knowntokens.csv\u306e\u4e2d\u8eab\u306f\u6b21\u306e\u3088\u3046\u306a\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3067\u3059\u3002<\/p>\n
token,user,uid,”group1,group2,group3″<\/p>\n
$ TOKEN=$(dd if=\/dev\/urandom bs=128 count=1 2>\/dev\/null | base64 | tr -d “=+\/” | dd bs=32 count=1 2>\/dev\/null)
\n$ echo “$TOKEN,admin,admin,\\”system:masters\\”” > \/etc\/kube-apiserver\/known_tokens.csv<\/p>\n\u3053\u3053\u3067\u6307\u5b9asystem:masters\u3068\u3044\u3046\u306e\u306f\u3001Kubernetes\u306b\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u3001\u7ba1\u7406\u7528\u306egroup\u306e\u3088\u3046\u3067\u3059\u3002\u3053\u306egroup\u306b\u3044\u306a\u3044\u3068\u4f55\u3082\u51fa\u6765\u307e\u305b\u3093\u30fb\u30fb\u30fb<\/p>\n
credential\u3092client\u306b\u516c\u958b\u3059\u308b<\/p>\n
credential\u306f\u3001kubeconfig\u3068\u3057\u3066client\u304b\u3089\u5229\u7528\u3067\u304d\u308b\u5f62\u5f0f\u306b\u3057\u306a\u3044\u3068\u3001kubectl\u304b\u3089\u5236\u5fa1\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n
kubectl\u306eset-credentials\u30b3\u30de\u30f3\u30c9\u3092\u5229\u7528\u3057\u307e\u3059\u3002kubectl\u306f\u3069\u3053\u304b\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n
export CLUSTER_NAME=scratch
\nexport CA_CERT=\/etc\/kubernetes\/pki\/ca.crt
\nexport MASTER_IP=
\nexport TOKEN=<\u751f\u6210\u3057\u3066known_tokens.csv\u306b\u5165\u308c\u305ftoken>
\nexport USER=admin
\nexport CONTEXT_NAME=scratch<\/p>\nkubectl config set-cluster $CLUSTER_NAME –certificate-authority=$CA_CERT –embed-certs=true –server=https:\/\/$MASTER_IP
\nkubectl config set-credentials $USER –client-certificate=$CLI_CERT –client-key=$CLI_KEY –embed-certs=true –token=$TOKEN<\/p>\n# Set your cluster as the default cluster to use:
\nkubectl config set-context $CONTEXT_NAME –cluster=$CLUSTER_NAME –user=$USER
\nkubectl config use-context $CONTEXT_NAME<\/p>\nkubelet\/kube-proxy\u306ekubeconfig\u3092\u4f5c\u308b<\/p>\n
kubelet\u306f\u5404node\u306b\u304a\u3044\u3066\u3001container\u306e\u52d5\u4f5c\u3092\u7ba1\u7406\u3059\u308b\u30df\u30c9\u30eb\u30a6\u30a7\u30a2\u3067\u3001kube-proxy\u306f\u3001kubernetes\u5185\u3067\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092proxy\u3059\u308b\u3082\u306e\uff08\u3089\u3057\u3044\uff09\u3067\u3059\u3002\u3053\u308c\u3089\u306e\u30c4\u30fc\u30eb\u3082kubernetes\u306eAPI\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u305f\u3081\u3001kubeconfig\u304c\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
\u4f5c\u308b\u65b9\u6cd5\u306f\u5927\u304d\u304f3\u3064\u3042\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n
admin\u306ecredential\u3092\u305d\u306e\u307e\u307e\u5229\u7528\u3059\u308b
\nkubelet\u7528\u306etoken\/kubeconfig\u3092\u5168kubelet\u306b\u5229\u7528\u3059\u308b
\n\u5404kubelet\u3054\u3068\u306b\u4f5c\u6210\u3059\u308b\uff08\u73fe\u72b6\u3059\u3054\u3044\u3081\u3093\u3069\u304f\u3055\u3044<\/p>\n\u4eca\u56de\u306fsimplest\u306a1.\u3092\u5229\u7528\u3057\u307e\u3059\u3002\u306a\u304a\u3001MASTERIP\u306e\u5f8c\u306b\u3064\u3044\u3066\u3044\u308b6443\u30dd\u30fc\u30c8\u306f\u3001kube-apiserver\u306e\u30dd\u30fc\u30c8\u3067\u3059\u3002\u5f8c\u3067\u51fa\u3066\u304d\u307e\u3059\u3002<\/p>\n
apiVersion: v1
\nkind: Config
\nusers:
\n– name: kubelet
\nuser:
\ntoken:
\nclusters:
\n– name: local
\ncluster:
\ncertificate-authority: \/etc\/kubernetes\/pki\/ca.crt
\nserver: ${MASTER_IP}:6443
\ncontexts:
\n– context:
\ncluster: local
\nuser: kubelet
\nname: service-account-context
\ncurrent-context: service-account-context<\/p>\n\u3053\u3093\u306a\u611f\u3058\u306ekubeconfig\u3092\u3001 \/etc\/kubernetes \u306b\u3001 kube-proxy.conf \u3068 kubelet.conf \u3068\u3057\u3066\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n
7. \u7f51\u7edc\u8bbe\u7f6e<\/h3>\n
\u5728Kubernetes\u4e2d\uff0c\u6211\u4eec\u4f7f\u7528\u6865\u63a5\u6765\u8fde\u63a5\u3002\u5b89\u88c5Docker\u65f6\uff0c\u5c06\u81ea\u52a8\u521b\u5efa\u4e00\u4e2a\u540d\u4e3adocker0\u7684\u6865\u63a5\uff0c\u4f46\u662f\u4e3a\u4e86\u907f\u514d\u5e72\u6270\uff0c\u6211\u4eec\u9700\u8981\u5220\u9664\u5b83\u3002\u8bf7\u5220\u9664docker0\u6865\u63a5\u3002<\/p>\n
\u4e3a\u4e86\u521b\u5efa\u540d\u4e3acbr0\u7684\u6865\u63a5\uff0c\u9700\u8981\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u64cd\u4f5c\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8bbe\u7f6e\u6865\u63a5\u5730\u5740\u65f6\uff0c\u5fc5\u987b\u9009\u62e9cluster\u5730\u5740\u7a7a\u95f4\u4e2d\u7684\u7b2c\u4e00\u4e2a\u5730\u5740\u3002<\/p>\n
# \u30d6\u30ea\u30c3\u30b8\u3092\u4f5c\u6210\u3059\u308b\r\n$ ip link add name cbr0 type bridge\r\n# MTU\u3092\u8a2d\u5b9a\u3059\u308b\r\n$ ip link set dev cbr0 mtu 1460\r\n# bridge\u306e\u30a2\u30c9\u30ec\u30b9\u3092\u4f5c\u6210\u3059\u308b\r\n$ ip addr add 10.1.0.1\/16 dev cbr0\r\n# \u6709\u52b9\u306b\u3059\u308b\r\n$ ip link set dev cbr0 up\r\n<\/code><\/pre>\n8. \u5728\u4e3b\u8282\u70b9\u4e0a\u8bbe\u7f6e\u548c\u542f\u52a8\u6240\u9700\u7684\u4e2d\u95f4\u4ef6<\/h3>\n
\u53ea\u6709\u5728\u542f\u52a8\u8fd9\u4e2a\u4e4b\u540e\u624d\u80fd\u8fdb\u884c\u6700\u4f4e\u9650\u7684\u64cd\u4f5c\u3002\u6240\u6709\u64cd\u4f5c\u90fd\u9700\u8981\u4ee5root\u6743\u9650\u8fdb\u884c\uff08docker\u4f7f\u7528systemctl\uff09\u3002<\/p>\n
docker<\/p>\n
\u4eca\u56de\u306e\u3088\u3046\u306b\u5358\u4f53\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u5f53\u7136\u3067\u3059\u304ckubernetes\u7279\u6709\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u8a2d\u5b9a\u306a\u3069\u306f\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002docker0\u3068\u3044\u3046\u30d6\u30ea\u30c3\u30b8\u304c\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u5148\u306b\u524a\u9664\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
$ iptables -t nat -F
\n$ ip link set docker0 down
\n$ ip link delete docker0<\/p>\nDocker\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3068\u3057\u3066\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002systemctl\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u4ee5\u4e0b\u3068\u7b49\u4fa1\u306a\u5185\u5bb9\u3092 \/etc\/docker\/daemon.json \u306b\u66f8\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
- `--bridge=cbr0`\r\n- `--iptables=false`\r\n- `--ip-masq=false`\r\n - \u74b0\u5883\u306b\u4f9d\u5b58\u3059\u308b\u306e\u3067\u8981\u6ce8\u610f\r\n- `--mtu=`\r\n - Flannel\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u5fc5\u8981\r\n- `--insecure-registry $CLUSTER_SUBNET`\r\n - private registry\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u3067\u3001\u3059\u3067\u306b\u3042\u308bregistry\u304chttp\u306e\u5834\u5408\r\n\r\nsystemctl\u304b\u3089Docker\u3092\u518d\u8d77\u52d5\u3057\u3066\u3001\u666e\u901a\u306b\u8d77\u52d5\u3057\u305f\u3089OK\u3067\u3059\u3002\r\n<\/code><\/pre>\nkubelet<\/p>\n
kubelet\u306f\u3001kubernetes\u30af\u30e9\u30b9\u30bf\u306e\u5404node\u4e0a\u3067\u52d5\u3044\u3066\u3044\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u4eca\u56de\u306f\u5168\u90e8\u540c\u3058node\u306b\u8f09\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u308c\u3082\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\u4ee5\u4e0b\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u8a2d\u5b9a\u3057\u3066\u8d77\u52d5\u3057\u307e\u3059\u3002\u3061\u306a\u307f\u306b\u30d0\u30a4\u30ca\u30ea\u306f kubernetes\/server\/bin\/kubelet \u306b\u3042\u308a\u307e\u3059\u3002<\/p>\n
- –kubeconfig=\/etc\/kubernetes\/kubelet.conf\r\n- –pod-manifest-path=\/etc\/kubernetes\/manifests\r\n<\/code><\/pre>\nkube-proxy<\/p>\n
kube-proxy\u306f\u3001v1.17.1\u7248\u3067\u306f \u2013config, \u2013config-write-to\u3001 \u2013cleanup-iptables\u4ee5\u5916\u306fdeprecated\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u53c2\u8003\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3068\u306f\u5168\u304f\u7570\u306a\u308b\u5f62\u3067\u8d77\u52d5\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u306a\u3044\u3068\u3044\u3051\u306a\u3044\u306e\u3067\u3059\u304c\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u306f kubernetes\/server\/bin\/kube-proxy –write-config-to <\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9> \u3092\u5b9f\u884c\u3059\u308b\u3068\u751f\u6210\u3067\u304d\u307e\u3059\u306e\u3067\u3001\u3053\u308c\u3092\u3044\u3058\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002
\n\u751f\u6210\u3055\u308c\u308b\u30d5\u30a1\u30a4\u30eb\u5f62\u5f0f\u306fyaml\u3067\u3059\u3002version\u304calpha1\u3068\u304b\u66f8\u3044\u3066\u3044\u308b\u306e\u304c\u306a\u3093\u3068\u3082\u8a00\u3048\u306a\u3044\u611f\u3058\u304c\u3042\u308a\u307e\u3059\u304c\u30fb\u30fb\u30fb\u3002<\/p>\napiVersion: componentconfig\/v1alpha1
\nbindAddress: 0.0.0.0
\nclientConnection:
\nacceptContentTypes: “”
\nburst: 10
\ncontentType: application\/vnd.kubernetes.protobuf
\nkubeconfig: \/etc\/kubernetes\/kube-proxy.conf
\nqps: 5
\nclusterCIDR: 10.1.0.0\/16
\nconfigSyncPeriod: 15m0s
\nconntrack:
\nmax: 0
\nmaxPerCore: 32768
\nmin: 131072
\ntcpCloseWaitTimeout: 1h0m0s
\ntcpEstablishedTimeout: 24h0m0s
\nenableProfiling: false
\nfeatureGates: “”
\nhealthzBindAddress: 0.0.0.0:10256
\nhostnameOverride: “”
\niptables:
\nmasqueradeAll: false
\nmasqueradeBit: 14
\nminSyncPeriod: 0s
\nsyncPeriod: 30s
\nkind: KubeProxyConfiguration
\nmetricsBindAddress: 127.0.0.1:10249
\nmode: “”
\noomScoreAdj: -999
\nportRange: “”
\nresourceContainer: \/kube-proxy
\nudpTimeoutMilliseconds: 250ms<\/p>\n\u3053\u306e\u8a2d\u5b9a\u306e\u4e2d\u3067\u3001 kubeconfig \u306e\u8a2d\u5b9a\u304c\u5fc5\u9808\u3067\u3059\u3002\u5f8c\u306f clusterCIDR \u3082\u8a2d\u5b9a\u3057\u306a\u3044\u3068\u57fa\u672c\u52d5\u304d\u307e\u305b\u3093\u3002kube-proxy\u306e\u8d77\u52d5\u6642\u306f\u3001 –config \u30aa\u30d7\u30b7\u30e7\u30f3\u3060\u3051\u3067OK\u3067\u3059\u3002<\/p>\n
$ kubernetes\/server\/bin\/kube-proxy –config \/etc\/kubernetes\/kube-proxy.yml<\/p>\n
9. \u670d\u52a1\u7684\u542f\u52a8 \u52a0\u901f+<\/h3>\n
\u7531\u4e8e\u6bcf\u4e2a\u670d\u52a1\u7684manifest\u6587\u4ef6\u5728\u53c2\u8003\u6587\u6863\u4e2d\u6839\u672c\u6ca1\u6709\u63d0\u5230\u8def\u5f84\uff0c\u6240\u4ee5\u53d1\u751f\u4e86\u8fd9\u79cd\u60c5\u51b5……\u65e0\u53ef\u5948\u4f55\uff0c\u53ea\u80fd\u4f7f\u7528 kubeadm init \u6765\u521b\u5efa\u521d\u59cb\u6587\u4ef6\u3002<\/p>\n
\u6bcf\u4e2a\u8bbe\u7f6e\u90fd\u5c06\u4fdd\u5b58\u4e3a\/etc\/kubernetes\/manifests\/<\u670d\u52a1\u540d\u79f0>.yaml\u3002
\n\u8fd9\u4e9b\u8bbe\u7f6e\u4f1a\u5728kubelet\u542f\u52a8\u65f6\u81ea\u52a8\u6267\u884c\u3002<\/p>\n1.etcd<\/p>\n
apiVersion: v1
\nkind: Pod
\nmetadata:
\nannotations:
\nscheduler.alpha.kubernetes.io\/critical-pod: “”
\ncreationTimestamp: null
\nlabels:
\ncomponent: etcd
\ntier: control-plane
\nname: etcd
\nnamespace: kube-system
\nspec:
\ncontainers:
\n– command:
\n– etcd
\n– –listen-client-urls=http:\/\/127.0.0.1:2379
\n– –advertise-client-urls=http:\/\/127.0.0.1:2379
\n– –data-dir=\/var\/lib\/etcd
\nimage: gcr.io\/google_containers\/etcd-amd64:3.0.17
\nlivenessProbe:
\nfailureThreshold: 8
\nhttpGet:
\nhost: 127.0.0.1
\npath: \/health
\nport: 2379
\nscheme: HTTP
\ninitialDelaySeconds: 15
\ntimeoutSeconds: 15
\nname: etcd
\nresources: {}
\nvolumeMounts:
\n– mountPath: \/etc\/ssl\/certs
\nname: certs
\n– mountPath: \/var\/lib\/etcd
\nname: etcd
\n– mountPath: \/etc\/kubernetes
\nname: k8s
\nreadOnly: true
\nhostNetwork: true
\nvolumes:
\n– hostPath:
\npath: \/etc\/ssl\/certs
\nname: certs
\n– hostPath:
\npath: \/var\/lib\/etcd
\nname: etcd
\n– hostPath:
\npath: \/etc\/kubernetes
\nname: k8s
\nstatus: {}<\/p>\n2.apiserver<\/p>\n
kubeadm\u3067\u4f5c\u6210\u3057\u305fapiserver.yaml\u306f\u3001client cert\u3068\u304bservice account cert\u3068\u304b\u3082\u5168\u90e8\u5165\u308a\u306e\u3084\u3064\u306a\u306e\u3067\u3001\u4e00\u65e6\u5fc5\u8981\u6700\u5c0f\u9650\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n
\u7279\u306b –advertise-address \u3068 –service-cluster-ip-range \u306f\u5fc5\u9808\u3067\u3059\u3002<\/p>\n
apiVersion: v1
\nkind: Pod
\nmetadata:
\nannotations:
\nscheduler.alpha.kubernetes.io\/critical-pod: “”
\ncreationTimestamp: null
\nlabels:
\ncomponent: kube-apiserver
\ntier: control-plane
\nname: kube-apiserver
\nnamespace: kube-system
\nspec:
\ncontainers:
\n– command:
\n– kube-apiserver
\n– –secure-port=6443
\n– –experimental-bootstrap-token-auth=true
\n– –requestheader-allowed-names=front-proxy-client
\n– –token-auth-file=\/etc\/kubernetes\/known_tokens.csv
\n– –insecure-port=0
\n– –admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota
\n– –kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
\n– –requestheader-extra-headers-prefix=X-Remote-Extra-
\n– –requestheader-username-headers=X-Remote-User
\n– –tls-cert-file=\/etc\/kubernetes\/pki\/server.crt
\n– –tls-private-key-file=\/etc\/kubernetes\/pki\/server.key
\n– –tls-ca-file=\/etc\/kubernetes\/pki\/ca.crt
\n– –allow-privileged=true
\n– –requestheader-group-headers=X-Remote-Group
\n– –service-cluster-ip-range=10.1.0.0\/16
\n– –authorization-mode=Node,RBAC
\n– –advertise-address=192.168.33.10
\n– –etcd-servers=http:\/\/127.0.0.1:2379
\nimage: gcr.io\/google_containers\/kube-apiserver-amd64:v1.7.11
\nlivenessProbe:
\nfailureThreshold: 8
\nhttpGet:
\nhost: 127.0.0.1
\npath: \/healthz
\nport: 6443
\nscheme: HTTPS
\ninitialDelaySeconds: 15
\ntimeoutSeconds: 15
\nname: kube-apiserver
\nresources:
\nrequests:
\ncpu: 250m
\nvolumeMounts:
\n– mountPath: \/etc\/kubernetes
\nname: k8s
\nreadOnly: true
\n– mountPath: \/etc\/ssl\/certs
\nname: certs
\nhostNetwork: true
\nvolumes:
\n– hostPath:
\npath: \/etc\/kubernetes
\nname: k8s
\n– hostPath:
\npath: \/etc\/ssl\/certs
\nname: certs
\nstatus: {}<\/p>\n3.scheduler<\/p>\n
\u30c7\u30d5\u30a9\u30eb\u30c8\u3067OK\u306e\u3088\u3046\u3067\u3059\u3002<\/p>\n
apiVersion: v1
\nkind: Pod
\nmetadata:
\nannotations:
\nscheduler.alpha.kubernetes.io\/critical-pod: “”
\ncreationTimestamp: null
\nlabels:
\ncomponent: kube-scheduler
\ntier: control-plane
\nname: kube-scheduler
\nnamespace: kube-system
\nspec:
\ncontainers:
\n– command:
\n– kube-scheduler
\n– –address=127.0.0.1
\n– –leader-elect=true
\n– –kubeconfig=\/etc\/kubernetes\/scheduler.conf
\nimage: gcr.io\/google_containers\/kube-scheduler-amd64:v1.7.11
\nlivenessProbe:
\nfailureThreshold: 8
\nhttpGet:
\nhost: 127.0.0.1
\npath: \/healthz
\nport: 10251
\nscheme: HTTP
\ninitialDelaySeconds: 15
\ntimeoutSeconds: 15
\nname: kube-scheduler
\nresources:
\nrequests:
\ncpu: 100m
\nvolumeMounts:
\n– mountPath: \/etc\/kubernetes
\nname: k8s
\nreadOnly: true
\nhostNetwork: true
\nvolumes:
\n– hostPath:
\npath: \/etc\/kubernetes
\nname: k8s
\nstatus: {}<\/p>\n4.controller-manager<\/p>\n
\u8a8d\u8a3c\u60c5\u5831\u306e\u90e8\u5206\u4ee5\u5916\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u826f\u3055\u305d\u3046\u3067\u3059\u3002<\/p>\n
apiVersion: v1
\nkind: Pod
\nmetadata:
\nannotations:
\nscheduler.alpha.kubernetes.io\/critical-pod: “”
\ncreationTimestamp: null
\nlabels:
\ncomponent: kube-controller-manager
\ntier: control-plane
\nname: kube-controller-manager
\nnamespace: kube-system
\nspec:
\ncontainers:
\n– command:
\n– kube-controller-manager
\n– –leader-elect=true
\n– –kubeconfig=\/etc\/kubernetes\/controller-manager.conf
\n– –cluster-signing-key-file=\/etc\/kubernetes\/pki\/ca.key
\n– –address=127.0.0.1
\n– –controllers=*,bootstrapsigner,tokencleaner
\n– –root-ca-file=\/etc\/kubernetes\/pki\/ca.crt
\n– –service-account-private-key-file=\/etc\/kubernetes\/pki\/sa.key
\n– –cluster-signing-cert-file=\/etc\/kubernetes\/pki\/ca.crt
\n– –use-service-account-credentials=true
\nimage: gcr.io\/google_containers\/kube-controller-manager-amd64:v1.7.11
\nlivenessProbe:
\nfailureThreshold: 8
\nhttpGet:
\nhost: 127.0.0.1
\npath: \/healthz
\nport: 10252
\nscheme: HTTP
\ninitialDelaySeconds: 15
\ntimeoutSeconds: 15
\nname: kube-controller-manager
\nresources:
\nrequests:
\ncpu: 200m
\nvolumeMounts:
\n– mountPath: \/etc\/kubernetes
\nname: k8s
\nreadOnly: true
\n– mountPath: \/etc\/ssl\/certs
\nname: certs
\nhostNetwork: true
\nvolumes:
\n– hostPath:
\npath: \/etc\/kubernetes
\nname: k8s
\n– hostPath:
\npath: \/etc\/ssl\/certs
\nname: certs
\nstatus: {}<\/p>\n\u786e\u8ba4API\u670d\u52a1\u5668\u662f\u5426\u6b63\u5728\u8fd0\u884c\u3002<\/h3>\n
curl -s https:\/\/$MASTER_IP:6443\/healthz\r\n<\/code><\/pre>\n\u6240\u4ee5\uff0c\u5982\u679c\u6536\u5230OK\u7684\u56de\u8986\u7684\u8bdd\uff0c\u6682\u65f6\u5c31\u53ef\u4ee5\u4e86\u3002<\/p>\n
curl -s https:\/\/$MASTER_IP:6443\/api\r\n<\/code><\/pre>\n\u5982\u679c\u8fd4\u56de\u7684\u662fJSON\uff0c\u90a3\u4e48kubectl\u5c31\u5904\u4e8e\u53ef\u7528\u72b6\u6001\u3002\u5982\u679c\u6267\u884ckubectl get nodes\u4e4b\u7c7b\u7684\u547d\u4ee4\u65f6\uff0c\u8282\u70b9\u5217\u8868\u4e2d\u6ca1\u6709\u51fa\u73b0\u81ea\u5df1\uff0c\u90a3\u4e48\u5e94\u8be5\u662f\u67d0\u5904\u51fa\u73b0\u4e86\u9519\u8bef\uff0c\u9700\u8981\u8fb9\u67e5\u770b\u5404\u79cd\u65e5\u5fd7\u8fb9\u52aa\u529b\u89e3\u51b3\u3002<\/p>\n
\u624b\u52a8\u8bbe\u7f6e\u7684\u70e6\u607c<\/h2>\n
\u6211\u4e22\u5f03\u4e86\u5197\u957f\u7684\u90e8\u5206\uff0c\u53ea\u5199\u4e86\u6700\u4f4e\u9650\u5ea6\u7684\u64cd\u4f5c\u3002\u5b9e\u9645\u4e0a\uff0c\u6211\u6b63\u5728\u68c0\u67e5\u4ee3\u7406\/ DNS\u7684\u8fd0\u4f5c\u60c5\u51b5\uff0c\u4f46\u8fd9\u5c06\u5728\u540e\u7eed\u65e5\u671f\u8fdb\u884c\u786e\u8ba4\u3002<\/p>\n
\u624b\u52d5\u3067\u3084\u3063\u3066\u307f\u3066\u308f\u304b\u308a\u307e\u3057\u305f\u304c\u3001Kubernetes\u306f\u8907\u6570\u306e\u30df\u30c9\u30eb\u30a6\u30a7\u30a2\u3092\u3046\u307e\u304f\u7d44\u307f\u5408\u308f\u305b\u3066\u69cb\u6210\u3057\u3066\u3044\u308b\u3068\u3044\u3046\u69cb\u6210\u306e\u305f\u3081\u3001\u305d\u308c\u305e\u308c\u306e\u69cb\u6210\u306b\u3064\u3044\u3066\u5197\u9577\u6027\u3092\u78ba\u4fdd\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u3068\u8003\u3048\u308b\u3068\u3001\u975e\u5e38\u306b\u8f9b\u3044\u3053\u3068\u306f\u60f3\u50cf\u306b\u5bb9\u6613\u3044\u3067\u3059\u3002
\n\u3053\u308c\u306f\u78ba\u304b\u306bManagement service\u304c\u6b32\u3057\u304f\u306a\u308a\u307e\u3059\u3002\u305f\u3060\u3001\u3084\u306f\u308a\u624b\u52d5\u3067\u4f5c\u6210\u3059\u308b\u3068\u3001\u30df\u30c9\u30eb\u30a6\u30a7\u30a2\u306e\u69cb\u6210\u3067\u3042\u3063\u305f\u308a\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u69cb\u6210\u3067\u3042\u3063\u305f\u308a\u3068\u3044\u3063\u305f\u3082\u306e\u306f\uff08\u3044\u3084\u3067\u3082\uff09\u7406\u89e3\u304c\u9032\u307f\u307e\u3059\u3002<\/p>\n\u4e0d\u7ba1\u662f\u901a\u8fc7\u56f0\u96be\u7684\u65b9\u5f0f\uff0c\u8fd8\u662f\u5728\u4f7f\u7528\u4e4b\u524d\u6216\u4e4b\u540e\uff0c\u5982\u679c\u6709\u65f6\u95f4\uff0c\u624b\u52a8\u5c1d\u8bd5\u5236\u4f5c\u4e00\u6b21\u5982\u4f55\uff1f<\/p>\n
\u5982\u679c\u6709\u65f6\u95f4\u7684\u8bdd\uff0c\u6211\u4e5f\u4f1a\u8bb0\u5f55\u6709\u5173DNS\u914d\u7f6e\u7b49\u7684\u5185\u5bb9\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4eca\u5e74\u3082\u672b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u306a\u3093\u3060\u304b\u6700\u5f8c\u306e\uff13\u30f6\u6708\u304f\u3089\u3044\u304c\u968f\u5206\u30c9\u30bf\u30d0\u30bf\u3057\u3066\u305f\u306a\u3041\u3063\u3066\u304f\u3089\u3044\u3057\u304b\u3001\u73fe\u5834\u3067\u306e\u8a18\u61b6\u304c\u306a\u3044\u306e\u306f […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-35752","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa-kubernetes-\u96c6\u7fa4\uff081-7-\u7248\uff09\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09\" \/>\n<meta property=\"og:description\" content=\"\u4eca\u5e74\u3082\u672b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u306a\u3093\u3060\u304b\u6700\u5f8c\u306e\uff13\u30f6\u6708\u304f\u3089\u3044\u304c\u968f\u5206\u30c9\u30bf\u30d0\u30bf\u3057\u3066\u305f\u306a\u3041\u3063\u3066\u304f\u3089\u3044\u3057\u304b\u3001\u73fe\u5834\u3067\u306e\u8a18\u61b6\u304c\u306a\u3044\u306e\u306f […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa-kubernetes-\u96c6\u7fa4\uff081-7-\u7248\uff09\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-29T17:04:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-03T18:19:50+00:00\" \/>\n<meta name=\"author\" content=\"\u5b87, \u534e\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u5b87, \u534e\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/\",\"name\":\"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-11-29T17:04:12+00:00\",\"dateModified\":\"2024-05-03T18:19:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458\",\"name\":\"\u5b87, \u534e\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g\",\"caption\":\"\u5b87, \u534e\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yuhua\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa-kubernetes-\u96c6\u7fa4\uff081-7-\u7248\uff09\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09","og_description":"\u4eca\u5e74\u3082\u672b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u306a\u3093\u3060\u304b\u6700\u5f8c\u306e\uff13\u30f6\u6708\u304f\u3089\u3044\u304c\u968f\u5206\u30c9\u30bf\u30d0\u30bf\u3057\u3066\u305f\u306a\u3041\u3063\u3066\u304f\u3089\u3044\u3057\u304b\u3001\u73fe\u5834\u3067\u306e\u8a18\u61b6\u304c\u306a\u3044\u306e\u306f […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa-kubernetes-\u96c6\u7fa4\uff081-7-\u7248\uff09\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-11-29T17:04:12+00:00","article_modified_time":"2024-05-03T18:19:50+00:00","author":"\u5b87, \u534e","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u5b87, \u534e","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"7 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/","name":"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-11-29T17:04:12+00:00","dateModified":"2024-05-03T18:19:50+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5c1d\u8bd5\u624b\u52a8\u642d\u5efa Kubernetes \u96c6\u7fa4\uff081.7 \u7248\uff09"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458","name":"\u5b87, \u534e","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g","caption":"\u5b87, \u534e"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yuhua\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%b0%9d%e8%af%95%e6%89%8b%e5%8a%a8%e6%90%ad%e5%bb%ba-kubernetes-%e9%9b%86%e7%be%a4%ef%bc%881-7-%e7%89%88%ef%bc%89%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=35752"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35752\/revisions"}],"predecessor-version":[{"id":95523,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35752\/revisions\/95523"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=35752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=35752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=35752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}