修复kube-proxy证书颁发机构过大的问题。之前kube-proxy服务使用的是admin集群证书,导致权限过大,不安全。后续,该问题将在文档中修复。详情请关注https://github.com/cby-chen/K...创建证书配置文件:https://github.com/cby-chen/Kubernetes#23%E5%88%9B%E5%BB%BA%E8%AF%81%E4%B9%A6%E7%9B%B8%E5%85%B3%E6%96%87%E4%BB%B6cat>ca-config.json<kube-proxy-csr.json<2d21hv1.24.0k8s-master02Ready2d21hv1.24.0k8s-master03Ready2d21hv1.24.0k8s-node01Ready2d21hv1.24.0k8s-node02Ready2d21hv1.24.0[cby@k8s-master01~]$将配置进行替换对于k8s-master02k8s-master03中的节点;执行scp/etc/kubernetes/kube-proxy.kubeconfig$NODE:/etc/kubernetes/kube-proxy.kubeconfig;在k8s-node01k8s-node02中为NODE完成;执行scp/etc/kubernetes/kube-proxy.kubeconfig$NODE:/etc/kubernetes/kube-proxy.kubeconfig;完成[root@k8s-master01~]#cat/etc/kubernetes/kube-proxy.yamlapiVersion:kubeproxy.config.k8s.io/v1alpha1bindAddress:0.0.0.0clientConnection:acceptContentTypes:""burst:10contentType:application/vnd.kubernetes.protobufkubeconfig:/etc/kubernetes/kube-proxy.kubeconfigqps:5clusterCIDR:172.16.0.0/12,fc00::/48configSyncPeriod:15m0sconntrack:max:nullmaxPerCore:32768min:131072tcpCloseWaitTimeout:1h0m0stcpEstablishedTimeout:24h0m0senableProfiling:falsehealthzBindAddress:0.0.0.0:10256hostnameOverride:“”iptables:masqueradeAll:假masqueradeBit:14minSyncPeriod:0ssyncPeriod:30sipvs:masqueradeAll:trueminSyncPeriod:5s调度程序:“rr”syncPeriod:30skind:KubeProxyConfigurationmetricsBindAddress:127.0.0.1:10249mode:“ipvs:portejomAdress9-""udpIdleTimeout:250ms[root@k8s-master01~]#systemctlrestartkube-proxyhttps://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://blog.csdn.net/qq\_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/...https://segmentfault.com/u/hp...https://juejin.cn/user/331578...https://cloud.tencent.com/dev...https://www.jianshu.com/u/0f8...https://www.toutiao.com/c/use...CSDN、GitHub、知乎、开源中国、思想、掘金、简书、腾讯云,今日头条,个人博客,全网可搜索《小陈运维》文章主要发表在微信上公众号:《Linux运维交流社区》
