master节点本身带有使用主机网络的api server的静态pod,所以master节点可直接访问api-server,而node节点无法直接访问,因此通过集群ingress 6443端口负载到node节点时无法访问api-server,可以通过node节点代理来实现调整到master节点:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: apiserver-proxy
namespace: sealos-system
spec:
selector:
matchLabels:
app: apiserver-proxy
template:
metadata:
labels:
app: apiserver-proxy
spec:
hostNetwork: true
containers:
- name: apiserver-proxy
image: nginx
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 6443
hostPort: 6443
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-conf
configMap:
name: apiserver-proxy
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
---
apiVersion: v1
kind: ConfigMap
metadata:
name: apiserver-proxy
namespace: sealos-system
data:
nginx.conf: |
worker_processes 1;
events {
worker_connections 1024;
}
stream {
server {
listen 6443;
proxy_pass 10.103.97.2:6443;
}
}