在 GKE 中配置 kube-proxy
[英]Configure kube-proxy in GKE
问题描述
Is there a way to configure kube-proxy in GKE?
有没有办法在 GKE 中配置 kube-proxy?
I can see the pods creating from the daemonset, but I cannot see the daemonset itself.我可以看到从 daemonset 创建的 pod,但我看不到 daemonset 本身。
Thanks for your help.谢谢你的帮助。
2 个解决方案
解决方案1
0 2018-06-28 22:28:33
At the node level, the system is managed by Kubernetes K8s, whereas, at the master level, the system is managed by GKE .在节点级别,系统由 Kubernetes K8s 管理,而在主级别,系统由 GKE 管理。 The master operates and runs the Kubernetes API server, core resources controllers and the scheduler. Master 操作和运行 Kubernetes API 服务器、核心资源控制器和调度程序。
Even though the kube-proxy resides within the node, the cluster is responsible for the kube-proxy, and, please bear in mind that in GKE the cluster master is inaccessible.即使 kube-proxy 驻留在节点中,集群也负责 kube-proxy,并且请记住,在 GKE 中无法访问集群主节点。
While it is possible to configure the proxy in Kubernetes k8s , it is not possible to do so in GKE.虽然可以在 Kubernetes k8s 中配置代理,但不能在 GKE 中这样做。
For the daemonset, please make sure that you are looking through all namespaces.对于守护进程,请确保您正在查看所有名称空间。
$ kubectl get ds --all-namespaces
解决方案2
0 2021-03-29 15:56:20
kube-proxy pod in k8s (not only in GKE) is created as Static Pod . k8s 中的 kube-proxy pod(不仅在 GKE 中)被创建为静态 Pod 。
Kubelet automatically creates so-called mirror pod on Kubernetes API server for each static pod, so the pods are visible there, but they cannot be controlled from the API server. Kubelet 会在 Kubernetes API 服务器上为每个静态 Pod 自动创建所谓的镜像 Pod,因此 Pod 在那里可见,但无法从 API 服务器进行控制。 2 2
That's why you cannot edit and configure it as a usual API object.这就是为什么您不能将其编辑和配置为通常的 API 对象的原因。
However, you can edit kube-proxy manifest on the nodes and kubelet applies a new configuration.但是,您可以在节点上编辑 kube-proxy 清单,kubelet 会应用新配置。 Static pod manifest located on each node in位于每个节点上的静态 pod 清单
/etc/kubernetes/manifests//etc/kubernetes/manifests/kube-proxy.manifest
You can ssh into node and manually change it but we can automate it using cilium approach for removing kube-proxy 3 with DaemonSet and modify it a little bit 4 .您可以通过 ssh 进入节点并手动更改它,但我们可以使用 cilium 方法将其自动化,使用 DaemonSet 删除 kube-proxy 3并稍微修改它4 。
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-proxy-configurator
namespace: kube-system
spec:
selector:
matchLabels:
name: kube-proxy-configurator
template:
metadata:
labels:
name: kube-proxy-configurator
spec:
initContainers:
- command:
- /bin/sh
- -c
- |
echo 'Changing kube-proxy iptables-min-sync-period'
sed -i 's/iptables-min-sync-period=10s/iptables-min-sync-period=2s/g' /etc/kubernetes/manifests/kube-proxy.manifest
echo 'All Done!'
image: alpine:latest
name: kube-proxy-configurator
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/kubernetes
name: kubernetes-configs
containers:
- image: k8s.gcr.io/pause
name: pause
terminationGracePeriodSeconds: 0
volumes:
- hostPath:
path: /etc/kubernetes
type: Directory
name: kubernetes-configs
Just apply it and kube-proxy configuration will be changed on each node (even on newly created by autoscaler).只需应用它,kube-proxy 配置将在每个节点上更改(即使在自动缩放器新创建的节点上)。
kubectl apply -f kube-proxy-configurator.yml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.