Easypack: Kubernetes 1.17.2 设定选项更新:ApiServer

Source

在这里插入图片描述
以目前最新的稳定版本1.17.2,总结更新ApiServer相关设定选项。

版本

[root@host131 ansible]# kubectl get node -o wide
NAME              STATUS   ROLES    AGE     VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
192.168.163.131   Ready    <none>   4m19s   v1.17.2   192.168.163.131   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.5
[root@host131 ansible]# 

现象和对应方法

  • insecure-port has been deprecated
    日志信息如下所示
kube-apiserver[3728]: Flag --insecure-port has been deprecated, This flag will be removed in a future version.

原因与对应方法:需要从apiserver中将如下的设定删除

  --insecure-port=0 \
  • controller-manager中提示missing content for CA bundle
kube-system/extension-apiserver-authentication failed with : missing content for CA bundle "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"

对应方法:在apiserver中添加metrics server所需设定

  --requestheader-client-ca-file={{ var_ssl_ca_dir }}/{{ var_ssl_file_ca_pem }} \
  --requestheader-allowed-names= \
  --requestheader-extra-headers-prefix=X-Remote-Extra- \
  --requestheader-group-headers=X-Remote-Group \
  --requestheader-username-headers=X-Remote-User \
  --proxy-client-cert-file={{ var_ssl_k8s_dir }}/{{ var_ssl_aggregator_cert_prefix }}.pem \
  --proxy-client-key-file={{ var_ssl_k8s_dir }}/{{ var_ssl_aggregator_cert_prefix }}-key.pem \
  --enable-aggregator-routing=true
  • Unable to remove old endpoints from kubernetes service
controller.go:151] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/192.168.163.131, ResourceVersion: 0, AdditionalErrorMsg:

原因未定,后续确认

地址

  • https://github.com/liumiaocn/easypack/tree/master/k8s/ansible
发布了1140 篇原创文章 · 获赞 1362 · 访问量 414万+