首页 > 其他分享 >k8s:bootstrap方式部署 kubelet的相关参数设置:【重点一篇文章】

k8s:bootstrap方式部署 kubelet的相关参数设置:【重点一篇文章】

时间:2022-11-17 15:15:48浏览次数:56  
标签:tls opt -- ca bootstrap kubelet file k8s 参数设置

重点!! 相关参数必须适应!!

有些参数不可以配置!!!!!

 

kube-apiserver

特别注意:使用bootstrap,apiserver中千万 【不可以】  配置以下kubelet认证相关参数

  • --kubelet-certificate-authority  string Path to a cert file for the certificate authority.
  • --kubelet-client-certificate        string Path to a client cert file for TLS.
  • --kubelet-client-key                  string Path to a client key file for TLS.
      - /kube-apiserver
      -   --allow-privileged=true
      -   --etcd-servers=http://127.0.0.1:2379
      -   --secure-port=6443
      -   --service-cluster-ip-range=10.233.0.0/18
      -   --tls-cert-file=/opt/k8s/tls/apiserver2.crt
      -   --tls-private-key-file=/opt/k8s/tls/apiserver2.pem
      -   --client-ca-file=/opt/k8s/tls/ca.crt
      -   --service-account-issuer=https://kubernetes.service.account.issuer
      -   --service-account-key-file=/opt/k8s/tls/ca.crt
      -   --service-account-signing-key-file=/opt/k8s/tls/ca.pem
      -   --feature-gates=LegacyServiceAccountTokenNoAutoGeneration=false
      -   --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
      -   --enable-bootstrap-token-auth=true

 

kube-controller-manager

      - /kube-controller-manager
      -  --secure-port=10257
      - --cluster-cidr=10.244.0.0/16
      -                --kubeconfig=/opt/k8s/tls/kubeconfig.yaml
      -             --tls-cert-file=/opt/k8s/tls/admin.crt
      -      --tls-private-key-file=/opt/k8s/tls/admin.pem
      -            --client-ca-file=/opt/k8s/tls/ca.crt
      -              --root-ca-file=/opt/k8s/tls/ca.crt
      -  --cluster-signing-cert-file=/opt/k8s/tls/ca.crt
      -  --cluster-signing-key-file=/opt/k8s/tls/ca.pem
      -  --cluster-signing-duration=87600h
      -       --allocate-node-cidrs=true
      - --service-account-private-key-file=/opt/k8s/tls/ca.pem
      - --feature-gates=LegacyServiceAccountTokenNoAutoGeneration=false

 

kubelet

command_background=1
command=/opt/k8s/bin/kubelet
command_args="\
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
  --cgroup-driver=cgroups \
--runtime-cgroups=/systemd/system.slice \
--kubelet-cgroups=/systemd/system.slice \
--pod-infra-container-image=k8s.gcr.io/pause:3.6 \
--feature-gates=LegacyServiceAccountTokenNoAutoGeneration=false \
      --client-ca-file=/opt/k8s/tls/ca.crt \
--bootstrap-kubeconfig=/opt/k8s/tls/kubeconfig.yaml \
            --cert-dir=/root \
          --kubeconfig=/root/kubeconfig2.yaml \
--v=3
"

 

标签:tls,opt,--,ca,bootstrap,kubelet,file,k8s,参数设置
From: https://www.cnblogs.com/jinzhenshui/p/16899530.html

相关文章

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99