碼上歡樂
相關內容    簡體    繁體

[k8s]k8s架構圖解

本文轉載自   查看原文   2017-11-12 15:55   1016 

k8s架構圖解

k8s架構圖解

啟動參數及證書梳理

master端必須要裝flannel

注: flannel網絡能確保各節點間 Pod 網段實現互通
master 節點與 node 節點上的 Pods 通過 Pod 網絡通信,所以需要在 master 節點上部署 Flannel 網絡。

這里寫圖片描述

外部訪問集群的方式:

  • 1,ingress
  • 2,通過apiserver 這種方式結合kube-proxy kubectl proxy --address='10.64.3.7' --port=8086 --accept-hosts='^*$'
    可以做一些內部url的一些限制.

瀏覽器訪問 URL:http://10.64.3.7:8086/ui 自動跳轉到:http://10.64.3.7:8086/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=default

如果不做kubectl proxy 則意味着外界訪問api沒任何限制,加上后可以做一些限制.

kubectl proxy -h
...
Options:
      --accept-hosts='^localhost$,^127\.0\.0\.1$,^\[::1\]$': Regular expression for hosts that the proxy should accept.
      --accept-paths='^.*': Regular expression for paths that the proxy should accept.
      --address='127.0.0.1': The IP address on which to serve on.
      --api-prefix='/': Prefix to serve the proxied API under.
      --disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you
vulnerable to XSRF attacks, when used with an accessible port.
  -p, --port=8001: The port on which to run the proxy. Set to 0 to pick a random port.
      --reject-methods='POST,PUT,PATCH': Regular expression for HTTP methods that the proxy should reject.
      --reject-paths='^/api/.*/pods/.*/exec,^/api/.*/pods/.*/attach': Regular expression for paths that the proxy should
reject.
  -u, --unix-socket='': Unix socket on which to run the proxy.
  -w, --www='': Also serve static files from the given directory under the specified prefix.
  -P, --www-prefix='/static/': Prefix to serve static files under, if static file directory is specified.

Usage:
  kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [options]

我認為 kubectl proxy --address='10.64.3.7' --port=8086 --accept-hosts='^*$' 不止可以加訪問acl一個功能,還修改了監聽地址.不然外界也訪問不到.

[root@master]# kubectl clusterinfo
Command "clusterinfo" is deprecated, use "cluster-info" instead
Kubernetes master is running at http://localhost:8080
Heapster is running at http://localhost:8080/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at http://localhost:8080/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at http://localhost:8080/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy

traefix工作過程圖解

這里寫圖片描述

ci流程

這里寫圖片描述


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 [k8s]kube-dns架構圖解 K8S核心組件和架構圖 k8s架構 k8s架構 K8s架構詳解 k8s 組件架構 K8s生產架構 k8s 架構淺析 kubernetes(k8s)與其架構 k8s概述和架構
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM