什么是hcp-tunnelfront？

我刚刚使用AKS在azure上安装了我的kubernetes集群.我没有安装任何东西,我注意到'tunnelfront'pod正在运行:

我试图找出这个pod的用途以及为什么它在我的集群上运行,找不到它存在的原因.我使用kubectl来描述pod:

Name:           tunnelfront-597b4868b8-8rz4w
Namespace:      kube-system
Node:           aks-agentpool-22029027-0/10.240.0.5
Start Time:     Mon, 07 May 2018 19:51:22 +0200
Labels:         component=tunnel
                pod-template-hash=1536042464
Annotations:    kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"tunnelfront-597b4868b8","uid":"d46dab68-449e-11e8-961c-0a58a...
Status:         Running
IP:             10.244.1.72
Controlled By:  ReplicaSet/tunnelfront-597b4868b8
Containers:
  tunnel-front:
    Container ID:   docker://a69b8d6dcaef7253d41d44fbd57fd776a0dfbf70dbbbb8303a691bebab169c26
    Image:          dockerio.azureedge.net/deis/hcp-tunnel-front:v1.9.2-v3.0.3
    Image ID:       docker-pullable://dockerio.azureedge.net/deis/hcp-tunnel-front@sha256:378db6f97778c6d86de94f72573a97975cd7b5ff6f1f02c1618616329fd94f1f
    Port:           
    Host Port:      
    State:          Running
      Started:      Tue, 15 May 2018 09:40:10 +0200
    Last State:     Terminated
      Reason:       Error
      Exit Code:    137
      Started:      Mon, 07 May 2018 19:56:15 +0200
      Finished:     Tue, 15 May 2018 09:40:09 +0200
    Ready:          True
    Restart Count:  1
    Liveness:       exec [/lib/tunnel-front/check-tunnel-connection.sh] delay=10s timeout=1s period=10s #success=1 #failure=12
    Environment:
      OVERRIDE_TUNNEL_SERVER_NAME:  t_XXXXXX-66f17513.hcp.westeurope.azmk8s.io
      KUBE_CONFIG:                  /etc/kubernetes/kubeconfig/kubeconfig
    Mounts:
      /etc/kubernetes/certs from certificates (ro)
      /etc/kubernetes/kubeconfig from kubeconfig (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-xkj92 (ro)
Conditions:
  Type           Status
  Initialized    True
  Ready          True
  PodScheduled   True
Volumes:
  kubeconfig:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/kubelet
    HostPathType:
  certificates:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/kubernetes/certs
    HostPathType:
  default-token-xkj92:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-xkj92
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  beta.kubernetes.io/os=linux
Tolerations:     node.alpha.kubernetes.io/notReady:NoExecute for 300s
                 node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age               From                               Message
  ----     ------     ----              ----                               -------
  Warning  Unhealthy  1m (x54 over 7d)  kubelet, aks-agentpool-22029027-0  Liveness probe failed:

我可以看到图像来自deis,但我还没有安装helm或任何此类工具.什么是TunnelFront？我需要它吗？

tunnelfront是一个安装在每个群集上的AKS系统组件,有助于促进托管Kubernetes控制平面和节点的安全通信.某些操作需要它kubectl exec,并且将在版本升级时重新部署到您的集群(请注意,隧道版本与集群版本匹配).

如果遇到隧道问题,请在https://github.com/Azure/AKS/issues上提出问题