{"id":1888,"date":"2023-03-30T23:04:18","date_gmt":"2023-03-30T15:04:18","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1888"},"modified":"2023-04-22T08:59:48","modified_gmt":"2023-04-22T00:59:48","slug":"kubernetes-modify-the-scope-of-nodeport","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/30\/kubernetes-modify-the-scope-of-nodeport\/","title":{"rendered":"Kubernetes\u4fee\u6539NodePort\u7684\u8303\u56f4"},"content":{"rendered":"

\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cNodePort \u9ed8\u8ba4\u8303\u56f4\u662f30000-32767<\/code>\uff0c\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u56e0\u4e3a\u6240\u5728\u516c\u53f8\u7684\u7f51\u7edc\u7b56\u7565\u9650\u5236\uff0c\u53ef\u80fd\u9700\u8981\u4fee\u6539 NodePort \u7684\u7aef\u53e3\u8303\u56f4\uff0c\u672c\u6587\u63cf\u8ff0\u4e86\u5177\u4f53\u7684\u64cd\u4f5c\u65b9\u6cd5\u3002<\/p>\n

\u4fee\u6539kube-apiserver.yaml<\/h2>\n

<\/p>\n

\u4f7f\u7528 kubeadm \u5b89\u88c5 K8S \u96c6\u7fa4\u7684\u60c5\u51b5\u4e0b\uff0cMaster \u8282\u70b9\u4e0a\u4f1a\u6709\u4e00\u4e2a\u6587\u4ef6\/etc\/kubernetes\/manifests\/kube-apiserver.yaml<\/code>\uff0c\u4fee\u6539\u6b64\u6587\u4ef6\uff0c\u5411\u5176\u4e2d\u6dfb\u52a0--service-node-port-range=20000-22767<\/code>\uff08\u8bf7\u4f7f\u7528\u9700\u8981\u7684\u7aef\u53e3\u8303\u56f4\uff09\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n

apiVersion: v1\nkind: Pod\nmetadata:\n  creationTimestamp: null\n  labels:\n    component: kube-apiserver\n    tier: control-plane\n  name: kube-apiserver\n  namespace: kube-system\nspec:\n  containers:\n  - command:\n    - kube-apiserver\n    - --advertise-address=172.17.216.80\n    - --allow-privileged=true\n    - --authorization-mode=Node,RBAC\n    - --client-ca-file=\/etc\/kubernetes\/pki\/ca.crt\n    - --enable-admission-plugins=NodeRestriction\n    - --enable-bootstrap-token-auth=true\n    - --etcd-cafile=\/etc\/kubernetes\/pki\/etcd\/ca.crt\n    - --etcd-certfile=\/etc\/kubernetes\/pki\/apiserver-etcd-client.crt\n    - --etcd-keyfile=\/etc\/kubernetes\/pki\/apiserver-etcd-client.key\n    - --etcd-servers=https:\/\/127.0.0.1:2379\n    - --insecure-port=0\n    - --kubelet-client-certificate=\/etc\/kubernetes\/pki\/apiserver-kubelet-client.crt\n    - --kubelet-client-key=\/etc\/kubernetes\/pki\/apiserver-kubelet-client.key\n    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname\n    - --proxy-client-cert-file=\/etc\/kubernetes\/pki\/front-proxy-client.crt\n    - --proxy-client-key-file=\/etc\/kubernetes\/pki\/front-proxy-client.key\n    - --requestheader-allowed-names=front-proxy-client\n    - --requestheader-client-ca-file=\/etc\/kubernetes\/pki\/front-proxy-ca.crt\n    - --requestheader-extra-headers-prefix=X-Remote-Extra-\n    - --requestheader-group-headers=X-Remote-Group\n    - --requestheader-username-headers=X-Remote-User\n    - --secure-port=6443\n    - --service-account-key-file=\/etc\/kubernetes\/pki\/sa.pub\n    - --service-cluster-ip-range=10.96.0.0\/12\n    - --service-node-port-range=20000-22767\n    - --tls-cert-file=\/etc\/kubernetes\/pki\/apiserver.crt\n    - --tls-private-key-file=\/etc\/kubernetes\/pki\/apiserver.key\n    image: registry.cn-hangzhou.aliyuncs.com\/google_containers\/kube-apiserver:v1.16.0\n    imagePullPolicy: IfNotPresent\n    livenessProbe:\n      failureThreshold: 8\n      httpGet:\n        host: 172.17.216.80\n        path: \/healthz\n        port: 6443\n        scheme: HTTPS\n      initialDelaySeconds: 15\n      timeoutSeconds: 15\n  ...<\/code><\/pre>\n
\u91cd\u542fapiserver<\/h2>\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f apiserver<\/p>\n
# \u83b7\u5f97 apiserver \u7684 pod \u540d\u5b57\nexport apiserver_pods=$(kubectl get pods --selector=component=kube-apiserver -n kube-system --output=jsonpath={.items..metadata.name})\n# \u5220\u9664 apiserver \u7684 pod\nkubectl delete pod $apiserver_pods -n kube-system<\/code><\/pre>\n
\u9a8c\u8bc1\u7ed3\u679c<\/h2>\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u9a8c\u8bc1\u4fee\u6539\u662f\u5426\u751f\u6548\uff1a<\/p>\n
kubectl describe pod $apiserver_pods -n kube-system<\/code><\/pre>\n
\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\u6240\u793a\uff1a\uff08\u6b64\u65f6\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\uff0capiserver \u5df2\u7ecf\u4f7f\u7528\u65b0\u7684\u547d\u4ee4\u884c\u53c2\u6570\u542f\u52a8\uff09<\/p>\n
...\n    Host Port:     <none>\n    Command:\n      kube-apiserver\n      --advertise-address=172.17.216.80\n      --allow-privileged=true\n      --authorization-mode=Node,RBAC\n      --client-ca-file=\/etc\/kubernetes\/pki\/ca.crt\n      --enable-admission-plugins=NodeRestriction\n      --enable-bootstrap-token-auth=true\n      --etcd-cafile=\/etc\/kubernetes\/pki\/etcd\/ca.crt\n      --etcd-certfile=\/etc\/kubernetes\/pki\/apiserver-etcd-client.crt\n      --etcd-keyfile=\/etc\/kubernetes\/pki\/apiserver-etcd-client.key\n      --etcd-servers=https:\/\/127.0.0.1:2379\n      --insecure-port=0\n      --kubelet-client-certificate=\/etc\/kubernetes\/pki\/apiserver-kubelet-client.crt\n      --kubelet-client-key=\/etc\/kubernetes\/pki\/apiserver-kubelet-client.key\n      --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname\n      --proxy-client-cert-file=\/etc\/kubernetes\/pki\/front-proxy-client.crt\n      --proxy-client-key-file=\/etc\/kubernetes\/pki\/front-proxy-client.key\n      --requestheader-allowed-names=front-proxy-client\n      --requestheader-client-ca-file=\/etc\/kubernetes\/pki\/front-proxy-ca.crt\n      --requestheader-extra-headers-prefix=X-Remote-Extra-\n      --requestheader-group-headers=X-Remote-Group\n      --requestheader-username-headers=X-Remote-User\n      --secure-port=6443\n      --service-account-key-file=\/etc\/kubernetes\/pki\/sa.pub\n      --service-cluster-ip-range=10.96.0.0\/12\n      --service-node-port-range=20000-22767\n      --tls-cert-file=\/etc\/kubernetes\/pki\/apiserver.crt\n      --tls-private-key-file=\/etc\/kubernetes\/pki\/apiserver.key\n    State:          Running\n      Started:      Mon, 11 Nov 2019 21:31:39 +0800\n    Ready:          True\n    Restart Count:  0\n    Requests:\n      cpu:        250m\n  ...<\/code><\/pre>\n
\u6ce8\u610f<\/p>\n
    \n
  • \u5bf9\u4e8e\u5df2\u7ecf\u521b\u5efa\u7684NodePort\u7c7b\u578b\u7684Service\uff0c\u9700\u8981\u5220\u9664\u91cd\u65b0\u521b\u5efa<\/li>\n
  • \u5982\u679c\u96c6\u7fa4\u6709\u591a\u4e2a Master \u8282\u70b9\uff0c\u9700\u8981\u9010\u4e2a\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u4e0a\u7684\/etc\/kubernetes\/manifests\/kube-apiserver.yaml<\/code>\u6587\u4ef6\uff0c\u5e76\u91cd\u542f apiserver<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
    \u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cNodePort \u9ed8\u8ba4\u8303\u56f4\u662f30000-32767\uff0c\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u56e0\u4e3a\u6240\u5728\u516c\u53f8 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[356],"class_list":["post-1888","post","type-post","status-publish","format-standard","hentry","category-k8s","tag-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1888"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1888\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}