在k8s上启用服务拓扑 [英] Enable Service Topology on k8s
问题描述
我正在将k8s与kubeadm版本1.17一起使用.我正在尝试启用服务拓扑功能门,但我不能.文档说要使用"--feature-gates =" ServiceTopology = true,EndpointSlice = true.我试图在" kubeadm init中使用它.但是kubeadm说集群不可用.您能帮我吗?那就是我要遵循的文档: https://kubernetes .io/docs/tasks/administer-cluster/enabling-service-topology/
I'm using k8s with kubeadm version 1.17. I'm trying to enable Service Topology feature gates but I can't. Documentation say to use "--feature-gates="ServiceTopology=true,EndpointSlice=true". I tried to use that in "kubeadm init"... But kubeadm say that is not available to the cluster. Can you help me? That is the documentation that I'm following: https://kubernetes.io/docs/tasks/administer-cluster/enabling-service-topology/
推荐答案
这不是kubeadm的标志.您需要为每个kubernetes控制平面组件(例如控制器管理器,API服务器,调度程序,Kube代理)启用它.需要修改所有主节点上位于/etc/kubernetes/manifests
位置的每个组件的yaml,以添加功能标记- --feature-gates=ServiceTopology=true
It's not a flag of kubeadm. You need to enable it for each kubernetes control plane component such as controller manager, API Server, Scheduler, Kube proxy. The yamls for each of these components located at /etc/kubernetes/manifests
location on all the master nodes need to be modified to add the feature flag - --feature-gates=ServiceTopology=true
例如API服务器Yaml
API Server yaml for example
root@kind-control-plane:/# cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 172.18.0.2:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=172.18.0.2
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=6443
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --service-cluster-ip-range=10.96.0.0/12
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --feature-gates=ServiceTopology=true
对于 kube代理需要创建自定义kubeadm配置文件以添加功能标记
For kube proxy a custom kubeadm config file need to be created to add the feature flag
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
...
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
FeatureGates:
ServiceTopology: true
参考 查看全文