openshift已经安装好
下载kube-proxy二进制包,可以下载这个链接:https://pan.baidu.com/s/1Pllz1oXS9I8qA4gqujvF_Q 提取码:tgzl
1.准备工作在/etc/profile添加一行(kube-proxy为二进制文件目录/root/kube-proxy)PATH=/root/kube-proxy:$PATH查看iptables是否是以下两个版本,其他版本的话请更换iptables-1.4.21-24.1.el7_5.x86_64.rpmiptables-services-1.4.21-24.1.el7_5.x86_64.rpm更换iptables包之后以下才需要,备份规则iptables-save > iptables-node1.conf(2)卸载之前版本yum list |grep iptables查询版本卸载yum remove iptables-services.x86_64 iptables.x86_64 -y(3)安装yum localinstall iptables-1.4.21-24.1.el7_5.x86_64.rpm iptables-services-1.4.21-24.1.el7_5.x86_64.rpm -y(4)启动systemctl start iptables (5)恢复规则iptables-restore < iptables-node1.conf
2.生成kube-proxy证书(只需要生成一份,其他节点复制过去)(1)在master上,查看根证书ps -ef |grep openshift[root@tem1 ~]# ps -ef |grep openshiftroot 19498 15761 0 14:17 pts/0 00:00:00 grep --color=auto openshiftroot 28309 1 4 Mar01 ? 3-00:21:09 /usr/bin/openshift start master api --config=/etc/origin/master/master-config.yaml --loglevel=2 --listen=https://0.0.0.0:8443 --master=https://tem1:8443root 95614 1 4 Mar05 ? 2-23:46:19 /usr/bin/openshift start master controllers --config=/etc/origin/master/master-config.yaml --loglevel=2 --listen=https://0.0.0.0:8444可以看到配置在/etc/origin/master/上,进去查看ca.crt ,ca.key就是之前生成的证书(2)根据根证书生成kube-proxy证书,如果ca.crt ,ca.key不在同一路径下,需要指定绝对路径openssl genrsa -out kube-proxy.key 2048openssl req -new -key kube-proxy.key -out proxy.csr -subj '/CN=system:kube-proxy'openssl x509 -req -in kube-proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-proxy.pem -days 3650
3.关联上下文(自己修改ip地址跟对应的路径)kubectl config set-cluster telbvip:8443 \ --certificate-authority=/etc/origin/master/ca.crt \ --embed-certs=true \ --server=https://172.16.7.81:8443 \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials kube-proxy \ --client-certificate=/root/kube-proxy/config/kube-proxy.pem \ --client-key=/root/kube-proxy/config/kube-proxy.key \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-context default \ --cluster=telbvip:8443 \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
启动kube-proxy(1) 复制kube-proxy.kubeconfig到指定文件(这个位置可以随便指定)mkdir -p /etc/kubernetes/ && cp kube-proxy.kubeconfig /etc/kubernetes/kube-proxy.kubeconfig(2) 修改kube-proxy.service的地址(172.16.7.81修改为本机地址)[Unit]Description=Kubernetes Kube-Proxy ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.target[Service]WorkingDirectory=/var/lib/kube-proxyExecStart=/root/kube-proxy/kube-proxy \ --bind-address=172.16.7.81 \ --hostname-override=172.16.7.81 \ --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \ --logtostderr=true \ --v=2Restart=on-failureRestartSec=5LimitNOFILE=65536
[Install]WantedBy=multi-user.target(3) 复制启动文件到指定文件(目标路径不能更改)创建数据存放目录mkdir -p /var/lib/kube-proxy复制启动文件cp kube-proxy.service /lib/systemd/system/启动kube-proxysystemctl start kube-proxy查看状态systemctl status kube-proxy查看日志journalctl -f -u kube-proxy.service