kubernetes Cluster Installation Guide: kube-proxy Component Deployment

The kube-proxy component is to provide endpoint services for pod applications within a cluster. When we define an svc for a pod, the kube-proxy automatically generates a mapping relationship between the pod and the svc and proxies it to the cluster or hosts.

1 Installation preparation

Specific note: All operations here are performed on devops machine using ansible tools; kube-proxy requires secure access to kube-apiserver using a kubeconfig certification file: it monitors service and endpoint changes in apiserver and creates routing rules to provide service IP and load balancing capabilities.

1.1 Environment Variable Definition

#################### Variable parameter setting ######################
KUBE_NAME=kube-proxy
K8S_INSTALL_PATH=/data/apps/k8s/kubernetes
K8S_BIN_PATH=${K8S_INSTALL_PATH}/sbin
K8S_LOG_DIR=${K8S_INSTALL_PATH}/logs
K8S_CONF_PATH=/etc/k8s/kubernetes
KUBE_CONFIG_PATH=/etc/k8s/kubeconfig
CA_DIR=/etc/k8s/ssl
SOFTWARE=/root/software
HOSTNAME=`hostname`
VERSION=v1.14.2
PACKAGE=kubernetes-server-${VERSION}-linux-amd64.tar.gz
DOWNLOAD_URL=https://github.com/devops-apps/download/raw/master/kubernetes/$PACKAGE
ETH_INTERFACE=eth1
LISTEN_IP=$(ifconfig | grep -A 1 ${ETH_INTERFACE} |grep inet |awk '{print $2}')
CLUSTER_PODS_CIDR=172.16.0.0/20

1.2 Download and distribute kubernetes binaries

Visit kubernetes github Official Address Download a stable realease package to this machine;

wget  $DOWNLOAD_URL -P $SOFTWARE

Distribute the kubernetes package to master node servers;

sudo ansible master_k8s_vgs -m copy -a "src=${SOFTWARE}/$PACKAGE dest=${SOFTWARE}/" -b

2 Deploy a kube-proxy cluster

2.1 Install the kube-proxy binary

### 1.Check if the install directory exists.
if [ ! -d "$K8S_BIN_PATH" ]; then
     mkdir -p $K8S_BIN_PATH
fi

if [ ! -d "$K8S_LOG_DIR/$KUBE_NAME" ]; then
     mkdir -p $K8S_LOG_DIR/$KUBE_NAME
fi

if [ ! -d "$K8S_CONF_PATH" ]; then
     mkdir -p $K8S_CONF_PATH
fi

if [ ! -d "$KUBE_CONFIG_PATH" ]; then
     mkdir -p $KUBE_CONFIG_PATH
fi

### 2.Install kube-proxy binary of kubernetes.
if [ ! -f "$SOFTWARE/kubernetes-server-${VERSION}-linux-amd64.tar.gz" ]; then
     wget $DOWNLOAD_URL -P $SOFTWARE >>/tmp/install.log  2>&1
fi
cd $SOFTWARE && tar -xzf kubernetes-server-${VERSION}-linux-amd64.tar.gz -C ./
cp -fp kubernetes/server/bin/$KUBE_NAME $K8S_BIN_PATH
ln -sf  $K8S_BIN_PATH/${KUBE_NAME} /usr/local/bin
chmod -R 755 $K8S_INSTALL_PATH

2.2 Distribute kubeconfig and certificate files

Distribute CA Root Certificate
cd $CA_DIR
ansible worker_k8s_vgs -m copy -a "src=ca.pem  dest=$CA_DIR" -b
Distribute the kubeconfig certification file

Kube-proxy uses a kubeconfig file connection to access the apiserver service, which provides the apiserver address, embedded CA certificates, kube-proxy server certificates, and private keys:

cd $KUBE_CONFIG_PATH
ansible worker_k8s_vgs -m copy -a "src= kube-proxy.kubeconfig dest=$KUBE_CONFIG_PATH" -b

Note: If the components kubeconfig and certificate files have been synchronized in the previous section, you do not have to do this here;

2.3 Create a kube-proxy configuration file

cat >${K8S_CONF_PATH}/kube-proxy-config.yaml<<EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
clientConnection:
  burst: 200
  kubeconfig: "${KUBE_CONFIG_PATH}/kube-proxy.kubeconfig"
  qps: 100
bindAddress: ${LISTEN_IP}
healthzBindAddress: ${LISTEN_IP}:10256
metricsBindAddress: ${LISTEN_IP}:10249
clusterCIDR: ${CLUSTER_PODS_CIDR}
hostnameOverride: ${HOSTNAME}
mode: "ipvs"
portRange: ""
kubeProxyIPTablesConfiguration:
  masqueradeAll: false
kubeProxyIPVSConfiguration:
  scheduler: rr
  excludeCIDRs: []
EOF
  • bindAddress: listening address;
  • clientConnection.kubeconfig: Connect the kubeconfig file of apiserver;
  • Cluster CIDR: Kube-proxy judges the internal and external traffic of the cluster based on--cluster-cidr. When--cluster-cidr or--masquerade-all option is specified, kube-proxy will SNAT the request to access the Service IP.
  • hostnameOverride: The parameter value must be the same as the value of kubelet, otherwise the Node will not be found after kube-proxy starts and no ipvs rules will be created.
  • Mode: use ipvs mode;

2.4 Create a kube-proxy startup service

cat >/usr/lib/systemd/system/${KUBE_NAME}.service <<EOF
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=${K8S_INSTALL_PATH}
ExecStart=${K8S_BIN_PATH}/${KUBE_NAME} \\
  --config=${K8S_CONF_PATH}/kube-proxy-config.yaml \\
  --alsologtostderr=true \\
  --logtostderr=false \\
  --log-dir=${K8S_LOG_DIR}/${KUBE_NAME} \\
  --v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF

2.5 Check service status

systemctl status kube-proxy|grep Active

Make sure the status is active, otherwise check the log to confirm the reason:

sudo journalctl -u kube-proxy

2.6 View metrics of output

Note: The following commands are executed on the kube-scheduler node.kube-proxy listens on ports 10249 and 10256: both interfaces provide external access to/metrics and/healthz.

sudo netstat -ntlp | grep kube-proxy
tcp   0  0 10.10.10.40:10249   0.0.0.0:*    LISTEN      22604/kube-proxy
tcp   0  0 10.10.10.40:10256   0.0.0.0:*    LISTEN      22604/kube-proxy

2.7 View ipvs routing rules

sudo ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.20.40:8400 rr
  -> 172.16.3.2:8080              Masq    1      0          0         
  -> 172.16.3.3:8080              Masq    1      0          0         
  -> 172.16.3.4:8080              Masq    1      0          0         
TCP  192.168.20.40:8497 rr
  -> 172.16.3.2:8500              Masq    1      0          0         
  -> 172.16.3.3:8500              Masq    1      0          0         
  -> 172.16.3.4:8500              Masq    1      0          0         
TCP  10.10.10.40:8400 rr
  -> 172.16.3.2:8080              Masq    1      0          0         
  -> 172.16.3.3:8080              Masq    1      0          0         
  -> 172.16.3.4:8080              Masq    1      0          0   

At this point, the basic deployment of the entire cluster has been completed. For kubernetes cluster monitoring, refer to: Kubernetes Cluster Installation Guide: Kubernetes Cluster Plug-in Deployment.kube-proxy scripts can be created from here Obtain,

Tags: Kubernetes ansible sudo Linux

Posted on Sat, 04 Apr 2020 02:00:08 -0700 by jakeruston