TKE独立集群(2)
原创
观察master节点
master 上腾讯云开发的服务,简单查看服务,不深究服务的作用;master节点默认不开放22端口,这里我打开了
kubectl get pods -n kube-system|grep -v kube|grep -v etcd|grep -v coredns
NAME READY STATUS RESTARTS AGE
cbs-provisioner-ddf49575-npk47 1/1 Running 0 22h
hpa-metrics-server-5fd795c489-ppfcz 1/1 Running 0 22h
ip-masq-agent-5d2dx 1/1 Running 0 22h
ip-masq-agent-cxsfs 1/1 Running 0 22h
ip-masq-agent-tw4n6 1/1 Running 0 22h
ip-masq-agent-w7mkg 1/1 Running 0 22h
ip-masq-agent-z6ckl 1/1 Running 0 22h
l7-lb-controller-9bc86d488-gwp9q 1/1 Running 0 22h
service-controller-85fd87859c-8cw5q 1/1 Running 0 22h
tke-bridge-agent-2pc5q 1/1 Running 0 22h
tke-bridge-agent-cz4vr 1/1 Running 0 22h
tke-bridge-agent-fm74n 1/1 Running 0 22h
tke-bridge-agent-gqs5p 1/1 Running 0 22h
tke-bridge-agent-s4rv9 1/1 Running 0 22h
tke-cni-agent-dswc2 1/1 Running 0 22h
tke-cni-agent-gc6nr 1/1 Running 0 22h
tke-cni-agent-jvdh4 1/1 Running 0 22h
tke-cni-agent-kzdrw 1/1 Running 0 22h
tke-cni-agent-mz8w9 1/1 Running 0 22h- cbs-provisioner 腾讯云提供的动态持久化存储
- hpa-metrics-server hpa
- ip-masq-agent NAT功能,隐藏pod节点ip。k8s官网
- l7-lb-controller 腾讯云lb控制器
- service-controller
- tke-bridge-agent cni服务
- tke-cni-agent cni服务
查看cni挂载到目录到文件
cd /etc/cni/net.d/
cat multus/tke-bridge.conf
{
"cniVersion": "0.1.0",
"name": "tke-bridge",
"type": "bridge",
"bridge": "cbr0",
"mtu": 1500,
"addIf": "eth0",
"isGateway": true,
"forceAddress": true,
"ipMasq": false,
"hairpinMode": false,
"promiscMode": true,
"ipam": {
"type": "host-local",
"subnet": "172.16.0.128/26", # pod范围
"gateway": "172.16.0.129", # 网关
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}查看master的路由
ip route
default via 172.27.16.1 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.32.0/28 dev docker0 proto kernel scope link src 169.254.32.1 linkdown
172.16.0.128/26 dev cbr0 proto kernel scope link src 172.16.0.129
172.27.16.0/20 dev eth0 proto kernel scope link src 172.27.16.13查看设置的/etc/hosts
cat /etc/hosts
169.254.0.28 cbs.api.qcloud.com
169.254.0.28 cvm.api.qcloud.com
169.254.0.28 lb.api.qcloud.com
169.254.0.28 snapshot.api.qcloud.com
169.254.0.95 cbs.tencentcloudapi.com
169.254.0.95 cvm.tencentcloudapi.com
169.254.0.28 monitor.api.qcloud.com
169.254.0.28 tag.api.qcloud.com
169.254.128.2 etcd.cls-cf90rcwh.ccs.tencent-cloud.com # 是etcd内网负载均衡的地址每个节点配置的pod的掩码,网关不同。代表节点分配的pod地址不同,网关也是每个master节点的虚拟的网卡地址;hosts设置etcd内网负载均衡还有其他的服务地址
观察worker节点
ip-masq-agent,tke-bridge-agent,tke-cni-agent 这几个服务是daemonset,所有的节点都有的服务
查看cni的配置
cd /etc/cni/net.d/
cat tke-bridge.conf
{
"cniVersion": "0.1.0",
"name": "tke-bridge",
"type": "bridge",
"bridge": "cbr0",
"mtu": 1500,
"addIf": "eth0",
"isGateway": true,
"forceAddress": true,
"ipMasq": false,
"hairpinMode": false,
"promiscMode": true,
"ipam": {
"type": "host-local",
"subnet": "172.16.1.0/26",
"gateway": "172.16.1.1",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}查看路由
ip route
default via 172.27.16.1 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.32.0/28 dev docker0 proto kernel scope link src 169.254.32.1 linkdown
172.16.1.0/26 dev cbr0 proto kernel scope link src 172.16.1.1 linkdown
172.27.16.0/20 dev eth0 proto kernel scope link src 172.27.16.5 了解worker节点的pod的地址范围是怎么设置的,当然这些都是默认的,不能修改
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读