diff --git "a/04.\351\203\250\347\275\262etcd\351\233\206\347\276\244.md" "b/04.\351\203\250\347\275\262etcd\351\233\206\347\276\244.md" index 1715ed90..20da4884 100644 --- "a/04.\351\203\250\347\275\262etcd\351\233\206\347\276\244.md" +++ "b/04.\351\203\250\347\275\262etcd\351\233\206\347\276\244.md" @@ -218,8 +218,10 @@ for node_ip in ${NODE_IPS[@]} 预期输出: - https://172.27.129.105:2379 is healthy: successfully committed proposal: took = 2.192932ms - https://172.27.129.111:2379 is healthy: successfully committed proposal: took = 3.546896ms - https://172.27.129.112:2379 is healthy: successfully committed proposal: took = 3.013667ms +``` bash +https://172.27.129.105:2379 is healthy: successfully committed proposal: took = 2.192932ms +https://172.27.129.111:2379 is healthy: successfully committed proposal: took = 3.546896ms +https://172.27.129.112:2379 is healthy: successfully committed proposal: took = 3.013667ms +``` 输出均为 `healthy` 时表示集群服务正常。 \ No newline at end of file diff --git a/07-1.docker.md b/07-1.docker.md index f323707f..bc8fa07c 100644 --- a/07-1.docker.md +++ b/07-1.docker.md @@ -157,13 +157,15 @@ for node_ip in ${NODE_IPS[@]} 确认各 work 节点的 docker0 网桥和 flannel.1 接口的 IP 处于同一个网段中(如下 172.30.39.0 和 172.30.39.1): - 3: flannel.1: mtu 1450 qdisc noqueue state UNKNOWN group default - link/ether ce:2f:d6:53:e5:f3 brd ff:ff:ff:ff:ff:ff - inet 172.30.39.0/32 scope global flannel.1 - valid_lft forever preferred_lft forever - inet6 fe80::cc2f:d6ff:fe53:e5f3/64 scope link - valid_lft forever preferred_lft forever - 4: docker0: mtu 1500 qdisc noqueue state DOWN group default - link/ether 02:42:bf:65:16:5c brd ff:ff:ff:ff:ff:ff - inet 172.30.39.1/24 brd 172.30.39.255 scope global docker0 - valid_lft forever preferred_lft forever \ No newline at end of file +``` bash +3: flannel.1: mtu 1450 qdisc noqueue state UNKNOWN group default + link/ether ce:2f:d6:53:e5:f3 brd ff:ff:ff:ff:ff:ff + inet 172.30.39.0/32 scope global flannel.1 + valid_lft forever preferred_lft forever + inet6 fe80::cc2f:d6ff:fe53:e5f3/64 scope link + valid_lft forever preferred_lft forever +4: docker0: mtu 1500 qdisc noqueue state DOWN group default + link/ether 02:42:bf:65:16:5c brd ff:ff:ff:ff:ff:ff + inet 172.30.39.1/24 brd 172.30.39.255 scope global docker0 + valid_lft forever preferred_lft forever +``` \ No newline at end of file diff --git a/07-3.kube-proxy.md b/07-3.kube-proxy.md index a16932f6..b15cb5b7 100644 --- a/07-3.kube-proxy.md +++ b/07-3.kube-proxy.md @@ -225,23 +225,24 @@ for node_ip in ${NODE_IPS[@]} 预期输出: - >>> 172.27.129.105 - IP Virtual Server version 1.2.1 (size=4096) - Prot LocalAddress:Port Scheduler Flags - -> RemoteAddress:Port Forward Weight ActiveConn InActConn - TCP 10.254.0.1:443 rr persistent 10800 - -> 172.27.129.105:6443 Masq 1 0 0 - >>> 172.27.129.111 - IP Virtual Server version 1.2.1 (size=4096) - Prot LocalAddress:Port Scheduler Flags - -> RemoteAddress:Port Forward Weight ActiveConn InActConn - TCP 10.254.0.1:443 rr persistent 10800 - -> 172.27.129.105:6443 Masq 1 0 0 - >>> 172.27.129.112 - IP Virtual Server version 1.2.1 (size=4096) - Prot LocalAddress:Port Scheduler Flags - -> RemoteAddress:Port Forward Weight ActiveConn InActConn - TCP 10.254.0.1:443 rr persistent 10800 - -> 172.27.129.105:6443 Masq 1 0 0 - +``` bash +>>> 172.27.129.105 +IP Virtual Server version 1.2.1 (size=4096) +Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn +TCP 10.254.0.1:443 rr persistent 10800 + -> 172.27.129.105:6443 Masq 1 0 0 +>>> 172.27.129.111 +IP Virtual Server version 1.2.1 (size=4096) +Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn +TCP 10.254.0.1:443 rr persistent 10800 + -> 172.27.129.105:6443 Masq 1 0 0 +>>> 172.27.129.112 +IP Virtual Server version 1.2.1 (size=4096) +Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn +TCP 10.254.0.1:443 rr persistent 10800 + -> 172.27.129.105:6443 Masq 1 0 0 +``` 可见将所有到 kubernetes cluster ip 443 端口的请求都转发到 kube-apiserver 的 6443 端口; \ No newline at end of file diff --git "a/09-0.\351\203\250\347\275\262\351\233\206\347\276\244\346\217\222\344\273\266.md" "b/09-0.\351\203\250\347\275\262\351\233\206\347\276\244\346\217\222\344\273\266.md" index ba3c6cf4..421919ba 100644 --- "a/09-0.\351\203\250\347\275\262\351\233\206\347\276\244\346\217\222\344\273\266.md" +++ "b/09-0.\351\203\250\347\275\262\351\233\206\347\276\244\346\217\222\344\273\266.md" @@ -2,7 +2,6 @@ 插件是集群的附件组件,丰富和完善了集群的功能。 - + [09-1.coredns](./09-1.dns插件.md) + [09-2.Dashboard](./09-2.dashboard插件.md) + [09-3.Heapster (influxdb、grafana)](./09-3.heapster插件.md) diff --git "a/09-4.metrics-server\346\217\222\344\273\266.md" "b/09-4.metrics-server\346\217\222\344\273\266.md" index dc847249..6221bfa4 100644 --- "a/09-4.metrics-server\346\217\222\344\273\266.md" +++ "b/09-4.metrics-server\346\217\222\344\273\266.md" @@ -53,15 +53,16 @@ scp metrics-server*.pem k8s@${MASTER_NODE}:/etc/kubernetes/cert/ 添加如下配置参数: - --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem - --requestheader-allowed-names="" - --requestheader-extra-headers-prefix="X-Remote-Extra-" - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --proxy-client-cert-file=/etc/kubernetes/cert/metrics-server.pem - --proxy-client-key-file=/etc/kubernetes/cert/metrics-server-key.pem - --runtime-config=api/all=true - +``` bash +--requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem +--requestheader-allowed-names="" +--requestheader-extra-headers-prefix="X-Remote-Extra-" +--requestheader-group-headers=X-Remote-Group +--requestheader-username-headers=X-Remote-User +--proxy-client-cert-file=/etc/kubernetes/cert/metrics-server.pem +--proxy-client-key-file=/etc/kubernetes/cert/metrics-server-key.pem +--runtime-config=api/all=true +``` + `--requestheader-XXX`、`--proxy-client-XXX` 是 kube-apiserver 的 aggregator layer 相关的配置参数,metrics-server & HPA 需要使用; + `--requestheader-client-ca-file`:用于签名 `--proxy-client-cert-file` 和 `--proxy-client-key-file` 指定的证书;在启用了 metric aggregator 时使用; + 如果 --requestheader-allowed-names 不为空,则--proxy-client-cert-file 证书的 CN 必须位于 allowed-names 中,默认为 aggregator;