首页 > 其他分享 >修改k8s默认端口范围

修改k8s默认端口范围

时间:2022-11-29 10:34:19浏览次数:37  
标签:k8s kubernetes -- 端口 默认 apiserver etc client pki

前提:k8s通过kubeadm部署

vi /etc/kubernetes/manifests/kube-apiserver.yaml

 新增一行内容,修改保存之后无需重启即可生效

- --service-node-port-range=1-65535
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.1.190:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --service-node-port-range=1-65535
    - --advertise-address=192.168.1.190
    - --allow-privileged=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-issuer=https://kubernetes.default.svc.cluster.local
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
    - --service-cluster-ip-range=10.96.0.0/12
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.0
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 192.168.1.190
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    name: kube-apiserver
    readinessProbe:
      failureThreshold: 3
      httpGet:
        host: 192.168.1.190
        path: /readyz
        port: 6443
        scheme: HTTPS
      periodSeconds: 1
      timeoutSeconds: 15
    resources:
      requests:
        cpu: 250m
    startupProbe:
      failureThreshold: 24
      httpGet:
        host: 192.168.1.190
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ca-certs
      readOnly: true
    - mountPath: /etc/pki
      name: etc-pki
      readOnly: true
    - mountPath: /etc/kubernetes/pki
      name: k8s-certs
      readOnly: true
  hostNetwork: true
  priorityClassName: system-node-critical
  securityContext:
    seccompProfile:
      type: RuntimeDefault
  volumes:
  - hostPath:
      path: /etc/ssl/certs
      type: DirectoryOrCreate
    name: ca-certs
  - hostPath:
      path: /etc/pki
      type: DirectoryOrCreate
    name: etc-pki
  - hostPath:
      path: /etc/kubernetes/pki
      type: DirectoryOrCreate
    name: k8s-certs
status: {}

 

标签:k8s,kubernetes,--,端口,默认,apiserver,etc,client,pki
From: https://www.cnblogs.com/huangkui/p/16934665.html

相关文章

  • k8s学习手册
    k8s学习手册k8s学习手册原理讲解1、Master和Node1)、MasterK8S中的Master是集群控制节点,负责整个集群的管理和控制在Master上运行着以下关键进程:kube-apise......
  • k8s实战入门
    实战入门本章节将介绍如何在kubernetes集群中部署一个nginx服务,并且能够对其进行访问。NamespaceNamespace是kubernetes系统中的一种非常重要资源,它的主要作用是用来实......
  • gitlab内网地址端口映射更改克隆地址为映射地址
     因为gitlab通过端口映射放在了外网上,所以克隆地址依然显示为内网地址。直接vim/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml然后修改   里......
  • HighCharts 后台加载数据的时候去掉默认的 series
    varchart;varoptions={chart:{renderTo:'container',type:'line'},title:{text:'历史趋势时序图',x:-20//center......
  • K8s系列---【KubeSphere扩展添加worker节点】
    KubeSphere扩展添加worker节点选自官网文档:https://kubesphere.com.cn/docs/v3.3/installing-on-linux/cluster-operation/add-new-nodes/1.先找到首次集群安装时的配置......
  • k8s 基于hpa弹性伸缩实验
    HPA基本原理 kubectlscale 命令可以来实现Pod的扩缩容功能,但是这个毕竟是完全手动操作的,要应对线上的各种复杂情况,我们需要能够做到自动化去感知业务,来自动进行扩缩......
  • k8s容器中通过Prometheus Operator部署Kafka Exporter监控Kafka集群
    写在前面在按照下面步骤操作之前,请先确保服务器已经部署k8s,prometheus,prometheusoperator以及kafka集群,关于这些环境的部署,可以自行查找相关资料安装部署,本文档便不在此......
  • 在非k8s 环境下 的应用 使用 Dapr Sidekick for .NET
    在k8s环境下,通过Operator可以管理Daprsidecar,在虚拟机环境下,我们也是非常需要这样的一个管理组件,类似下图:​​​​在这张图片中,在上图左面,我们看到了“dapr.exe”、我们......
  • Docker容器内部端口映射到外部宿主机端口的方法总结
    好记性不如烂笔头,将docker容器端口映射到宿主机的方法做一个总结,方便后边忘记了能快速的查询。 首先需要注意:宿主机的一个端口只能映射到容器内部的某一个端口上,比如:80......
  • 卸载K8S集群
    一、配置命令自动补全yuminstall-ybash-completionsource/usr/share/bash-completion/bash_completionsource<(kubectlcompletionbash)echo"source<(kubect......