TKE独立集群（2）

原创

何飞良

修改于 2020-06-29 06:30:22

1.5K0

观察master节点

master 上腾讯云开发的服务，简单查看服务，不深究服务的作用；master节点默认不开放22端口，这里我打开了

kubectl get pods -n kube-system|grep -v kube|grep -v etcd|grep -v coredns 
NAME                                   READY   STATUS    RESTARTS   AGE
cbs-provisioner-ddf49575-npk47         1/1     Running   0          22h
hpa-metrics-server-5fd795c489-ppfcz    1/1     Running   0          22h
ip-masq-agent-5d2dx                    1/1     Running   0          22h
ip-masq-agent-cxsfs                    1/1     Running   0          22h
ip-masq-agent-tw4n6                    1/1     Running   0          22h
ip-masq-agent-w7mkg                    1/1     Running   0          22h
ip-masq-agent-z6ckl                    1/1     Running   0          22h
l7-lb-controller-9bc86d488-gwp9q       1/1     Running   0          22h
service-controller-85fd87859c-8cw5q    1/1     Running   0          22h
tke-bridge-agent-2pc5q                 1/1     Running   0          22h
tke-bridge-agent-cz4vr                 1/1     Running   0          22h
tke-bridge-agent-fm74n                 1/1     Running   0          22h
tke-bridge-agent-gqs5p                 1/1     Running   0          22h
tke-bridge-agent-s4rv9                 1/1     Running   0          22h
tke-cni-agent-dswc2                    1/1     Running   0          22h
tke-cni-agent-gc6nr                    1/1     Running   0          22h
tke-cni-agent-jvdh4                    1/1     Running   0          22h
tke-cni-agent-kzdrw                    1/1     Running   0          22h
tke-cni-agent-mz8w9                    1/1     Running   0          22h

cbs-provisioner 腾讯云提供的动态持久化存储
hpa-metrics-server hpa
ip-masq-agent NAT功能，隐藏pod节点ip。k8s官网
l7-lb-controller 腾讯云lb控制器
service-controller
tke-bridge-agent cni服务
tke-cni-agent cni服务

查看cni挂载到目录到文件

cd /etc/cni/net.d/
cat multus/tke-bridge.conf 
{
  "cniVersion": "0.1.0",
  "name": "tke-bridge",
  "type": "bridge",
  "bridge": "cbr0",
  "mtu": 1500,
  "addIf": "eth0",
  "isGateway": true,
  "forceAddress": true,
  "ipMasq": false,
  "hairpinMode": false,
  "promiscMode": true,
  "ipam": {
    "type": "host-local",
    "subnet": "172.16.0.128/26", # pod范围
    "gateway": "172.16.0.129", # 网关
    "routes": [
      { "dst": "0.0.0.0/0" }
    ]
  }
}

查看master的路由

ip route
default via 172.27.16.1 dev eth0 
169.254.0.0/16 dev eth0 scope link metric 1002 
169.254.32.0/28 dev docker0 proto kernel scope link src 169.254.32.1 linkdown 
172.16.0.128/26 dev cbr0 proto kernel scope link src 172.16.0.129 
172.27.16.0/20 dev eth0 proto kernel scope link src 172.27.16.13

查看设置的/etc/hosts

cat /etc/hosts
169.254.0.28 cbs.api.qcloud.com
169.254.0.28 cvm.api.qcloud.com
169.254.0.28 lb.api.qcloud.com
169.254.0.28 snapshot.api.qcloud.com
169.254.0.95 cbs.tencentcloudapi.com
169.254.0.95 cvm.tencentcloudapi.com
169.254.0.28 monitor.api.qcloud.com
169.254.0.28 tag.api.qcloud.com
169.254.128.2 etcd.cls-cf90rcwh.ccs.tencent-cloud.com # 是etcd内网负载均衡的地址

每个节点配置的pod的掩码，网关不同。代表节点分配的pod地址不同，网关也是每个master节点的虚拟的网卡地址；hosts设置etcd内网负载均衡还有其他的服务地址

观察worker节点

ip-masq-agent，tke-bridge-agent，tke-cni-agent 这几个服务是daemonset，所有的节点都有的服务

查看cni的配置

cd /etc/cni/net.d/
cat tke-bridge.conf 
{
  "cniVersion": "0.1.0",
  "name": "tke-bridge",
  "type": "bridge",
  "bridge": "cbr0",
  "mtu": 1500,
  "addIf": "eth0",
  "isGateway": true,
  "forceAddress": true,
  "ipMasq": false,
  "hairpinMode": false,
  "promiscMode": true,
  "ipam": {
    "type": "host-local",
    "subnet": "172.16.1.0/26",
    "gateway": "172.16.1.1",
    "routes": [
      { "dst": "0.0.0.0/0" }
    ]
  }

查看路由

 ip route 
default via 172.27.16.1 dev eth0 
169.254.0.0/16 dev eth0 scope link metric 1002 
169.254.32.0/28 dev docker0 proto kernel scope link src 169.254.32.1 linkdown 
172.16.1.0/26 dev cbr0 proto kernel scope link src 172.16.1.1 linkdown 
172.27.16.0/20 dev eth0 proto kernel scope link src 172.27.16.5

了解worker节点的pod的地址范围是怎么设置的，当然这些都是默认的，不能修改

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

tcp/ip