kb master 运行如下容器
etcd 是 k8s 的核心, 主要负责k8s的核心数据处理及保存, 需要备份该数据,或者做集群 ,服务端口 2379(客户端服务) 2380(节点通信)kube-controller-manager 负责节点,副本,端点,服务账号 等控制kube-scheduler 调度器,选择nodes 给新pod使用kube-apiserver 服务接口, 接收kubectl 或 其它控制程序 对kube里 svc node pod 查询,控制 8080 6443coredns dns 服务器 给kube 网内使用flanneld 给kube 建设一个虚拟网, 也可以用另外的模式kube-proxy 网络代理, 建立实体机器 与 pods 内部的代理,提供给外部使用pause 很轻的容器,有多个, 是为了建立其它容器用。 保证其它容器 共享 namespace 和文件
kb node 运行
pause 其数量 = 应用数量 + 2
kube-proxy
flanneld
及 实际应用
etcd 运行参数
"Entrypoint": [
"etcd",
"--advertise-client-urls=https://192.168.2.200:2379",
"--cert-file=/etc/kubernetes/pki/etcd/server.crt",
"--client-cert-auth=true",
"--data-dir=/var/lib/etcd",
"--initial-advertise-peer-urls=https://192.168.2.200:2380",
"--initial-cluster=kube-master=https://192.168.2.200:2380",
"--key-file=/etc/kubernetes/pki/etcd/server.key",
"--listen-client-urls=https://127.0.0.1:2379,https://192.168.2.200:2379",
"--listen-peer-urls=https://192.168.2.200:2380",
"--name=kube-master",
"--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt",
"--peer-client-cert-auth=true",
"--peer-key-file=/etc/kubernetes/pki/etcd/peer.key",
"--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt",
"--snapshot-count=10000",
"--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt"
],
kube-apiserver 运行参数
"Entrypoint": [
"kube-apiserver",
"--advertise-address=192.168.2.200",
"--allow-privileged=true",
"--authorization-mode=Node,RBAC",
"--client-ca-file=/etc/kubernetes/pki/ca.crt",
"--enable-admission-plugins=NodeRestriction",
"--enable-bootstrap-token-auth=true",
"--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt",
"--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt",
"--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key",
"--etcd-servers=https://127.0.0.1:2379",
"--insecure-port=0",
"--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt",
"--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt",
"--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key",
"--requestheader-allowed-names=front-proxy-client",
"--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-username-headers=X-Remote-User",
"--secure-port=6443",
"--service-account-key-file=/etc/kubernetes/pki/sa.pub",
"--service-cluster-ip-range=10.96.0.0/12",
"--tls-cert-file=/etc/kubernetes/pki/apiserver.crt",
"--tls-private-key-file=/etc/kubernetes/pki/apiserver.key"
],
kube-controller-manager 参数
"Entrypoint": [
"kube-controller-manager",
"--allocate-node-cidrs=true",
"--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf",
"--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf",
"--bind-address=127.0.0.1",
"--client-ca-file=/etc/kubernetes/pki/ca.crt",
"--cluster-cidr=10.10.0.0/16",
"--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt",
"--cluster-signing-key-file=/etc/kubernetes/pki/ca.key",
"--controllers=*,bootstrapsigner,tokencleaner",
"--kubeconfig=/etc/kubernetes/controller-manager.conf",
"--leader-elect=true",
"--node-cidr-mask-size=24",
"--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt",
"--root-ca-file=/etc/kubernetes/pki/ca.crt",
"--service-account-private-key-file=/etc/kubernetes/pki/sa.key",
"--use-service-account-credentials=true"
],
kube-scheduler 参数
"Entrypoint": [
"kube-scheduler",
"--bind-address=127.0.0.1",
"--kubeconfig=/etc/kubernetes/scheduler.conf",
"--leader-elect=true"
],
coredns 运行参数 无
flanneld 运行参数 无
kube-proxy 运行参数
"Entrypoint": [
"/usr/local/bin/kube-proxy",
"--config=/var/lib/kube-proxy/config.conf",
"--hostname-override=kube-master"
],