[k8s]k8s架构图解
2017-11-15 15:01
1286 查看
k8s架构图解
启动参数及证书梳理
master端必须要装flannel
注: flannel网络能确保各节点间 Pod 网段实现互通master 节点与 node 节点上的 Pods 通过 Pod 网络通信,所以需要在 master 节点上部署 Flannel 网络。
外部访问集群的方式:
1,ingress
2,通过apiserver 这种方式结合kube-proxy
kubectl proxy --address='10.64.3.7' --port=8086 --accept-hosts='^*$'
可以做一些内部url的一些限制.
浏览器访问 URL:http://10.64.3.7:8086/ui 自动跳转到:http://10.64.3.7:8086/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=default
如果不做
kubectl proxy则意味着外界访问api没任何限制,加上后可以做一些限制.
kubectl proxy -h ... Options: --accept-hosts='^localhost$,^127\.0\.0\.1$,^\[::1\]$': Regular expression for hosts that the proxy should accept. --accept-paths='^.*': Regular expression for paths that the proxy should accept. --address='127.0.0.1': The IP address on which to serve on. --api-prefix='/': Prefix to serve the proxied API under. --disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port. -p, --port=8001: The port on which to run the proxy. Set to 0 to pick a random port. --reject-methods='POST,PUT,PATCH': Regular expression for HTTP methods that the proxy should reject. --reject-paths='^/api/.*/pods/.*/exec,^/api/.*/pods/.*/attach': Regular expression for paths that the proxy should reject. -u, --unix-socket='': Unix socket on which to run the proxy. -w, --www='': Also serve static files from the given directory under the specified prefix. -P, --www-prefix='/static/': Prefix to serve static files under, if static file directory is specified. Usage: kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [options]
我认为
kubectl proxy --address='10.64.3.7' --port=8086 --accept-hosts='^*$'不止可以加访问acl一个功能,还修改了监听地址.不然外界也访问不到.
[root@master]# kubectl clusterinfo Command "clusterinfo" is deprecated, use "cluster-info" instead Kubernetes master is running at http://localhost:8080 Heapster is running at http://localhost:8080/api/v1/namespaces/kube-system/services/heapster/proxy KubeDNS is running at http://localhost:8080/api/v1/namespaces/kube-system/services/kube-dns/proxy kubernetes-dashboard is running at http://localhost:8080/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy[/code]kube cluster info显示的内容由什么控制?
参考:https://kubernetes-v1-4.github.io/docs/user-guide/kubectl/kubectl_cluster-info/
Display addresses of the master and services with label kubernetes.io/cluster-service=trueapiVersion: v1 kind: Service metadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" #只需要加上这句就可以cluster-info显示了,就可以直接通过kube-proxy访问了traefix工作过程图解
ci流程
相关文章推荐
- [k8s]k8s架构图解
- [k8s]kube-dns架构图解
- [k8s]k8s架构图解
- 图解Android系统架构
- 每周荐书:渗透测试、K8s、架构(评论送书)
- 内部管理类软件基础架构思想(思路图解 + 配套免费视频)
- 图解Facebook的服务器架构
- 手把手编译安装实现LNMP架构(图解)
- 内部管理类软件基础架构思想(思路图解 + 配套免费视频)
- 内部管理类软件基础架构思想(思路图解 + 配套免费视频)
- 通过例子理解 k8s 架构 - 每天5分钟玩转 Docker 容器技术(122)
- Google服务器架构图解简析
- IBM SOA[ESB,BPM,Portal等]基础架构图解
- 软件三层架构图解+实例
- 图解LSTM神经网络架构及其11种变体(附论文)
- 架构图解
- 《K8s与云原生应用》之K8s的系统架构与设计理念
- 通过例子理解 k8s 架构 - 每天5分钟玩转 Docker 容器技术(122)
- Google服务器架构图解简析
- 【图解】Oracle复制容灾软件DDS-架构