使用不同的选项重启Kubernetes API服务器 [英] Restart Kubernetes API server with different options
问题描述
我对Kubernetes和集群还很陌生,所以这可能很简单.
I'm pretty new to Kubernetes and clusters so this might be very simple.
我按照本指南.我遇到了一些问题,但最终都奏效了.因此,现在我想安装 Web UI(仪表板).为此,我需要设置身份验证:
I set up a Kubernetes cluster with 5 nodes using kubeadm following this guide. I got some issues but it all worked in the end. So now I want to install the Web UI (Dashboard). To do so I need to set up authentication:
请注意,仅当apiserver设置为允许使用用户名和密码进行身份验证时,此方法才有效.目前,某些设置工具(例如kubeadm)不是这种情况.有关如何手动配置身份验证的信息,请参阅身份验证管理员文档.
Please note, this works only if the apiserver is set up to allow authentication with username and password. This is not currently the case with the some setup tools (e.g., kubeadm). Refer to the authentication admin documentation for information on how to configure authentication manually.
因此,我必须阅读文档的身份验证页面.然后,我决定要通过静态密码文件添加身份验证.为此,我必须将选项--basic-auth-file=SOMEFILE附加到Api服务器.
So I got to read authentication page of the documentation. And I decided I want to add authentication via a Static Password File. To do so I have to append the option --basic-auth-file=SOMEFILE to the Api server.
当我执行ps -aux | grep kube-apiserver时,这是结果,因此它已经在运行. (这很有意义,因为我在调用kubectl时会使用它)
When I do ps -aux | grep kube-apiserver this is the result, so it is already running. (which makes sense because I use it when calling kubectl)
kube-apiserver
--insecure-bind-address=127.0.0.1
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota
--service-cluster-ip-range=10.96.0.0/12
--service-account-key-file=/etc/kubernetes/pki/apiserver-key.pem
--client-ca-file=/etc/kubernetes/pki/ca.pem
--tls-cert-file=/etc/kubernetes/pki/apiserver.pem
--tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem
--token-auth-file=/etc/kubernetes/pki/tokens.csv
--secure-port=6443
--allow-privileged
--advertise-address=192.168.1.137
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--anonymous-auth=false
--etcd-servers=http://127.0.0.1:2379
我所遇到的问题:
- 那么所有这些选项都设置在哪里?
- 我可以取消该过程并使用我需要的选项重新启动它吗?
- 重新启动系统后会启动吗?
推荐答案
是一个名为kube-apiserver.json的文件.这是一个JSON文件,包含您可以设置的所有选项.我已经附加了--basic-auth-file=SOMEFILE并重新启动了系统(在更改文件kubectl不再有效并且API已关闭之后)
in /etc/kubernetes/manifests is a file called kube-apiserver.json. This is a JSON file and contains all the option you can set. I've appended the --basic-auth-file=SOMEFILE and rebooted the system (right after the change of the file kubectl wasn't working anymore and the API was shutdown)
重新启动后,整个系统又可以正常工作.
After a reboot the whole system was working again.
我没有使用此方法来运行仪表板.最后,我要做的是在集群上安装仪表板.将密钥从主节点(/etc/kubernetes/admin.conf)复制到我的笔记本电脑,然后执行kubectl proxy来将仪表板的流量代理到我的本地计算机.现在,我可以通过127.0.0.1:8001/ui
I didn't manage to run the dashboard using this. What I did in the end was installing the dashboard on the cluster. copying the keys from the master node (/etc/kubernetes/admin.conf) to my laptop and did kubectl proxy to proxy the traffic of the dashboard to my local machine. Now I can access it on my laptop through 127.0.0.1:8001/ui
这篇关于使用不同的选项重启Kubernetes API服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
