二进制部署k8s教程18 - TLS Bootstrap完整配置
2023-06-13 09:15:38 时间
!TIP
TLS Bootstrap部署完整配置文件转载请注明出处:https://janrs.com/y44v 有任何问题欢迎在底部评论区发言。
token.csr 配置
cat > /etc/kubernetes/config/auth-token.csv <<EOF
dafe33bc8fcdae7f9f16df53a95199fa,kubelet-bootstrap,10001,system:bootstrappers
EOFapiserver.conf 配置
cat > /etc/kubernetes/config/apiserver.conf <<EOF
KUBE_APISERVER_OPTS="--enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
--anonymous-auth=false
--bind-address=172.16.222.121
--secure-port=6443
--advertise-address=172.16.222.121
--insecure-port=0
--authorization-mode=Node,RBAC
--runtime-config=api/all=true
--service-cluster-ip-range=10.68.0.1/16
--service-node-port-range=30000-39999
--service-account-key-file=/etc/kubernetes/pki/apiserver/apiserver-ca.pem
--tls-cert-file=/etc/kubernetes/pki/apiserver/apiserver-server.pem
--tls-private-key-file=/etc/kubernetes/pki/apiserver/apiserver-server-key.pem
--client-ca-file=/etc/kubernetes/pki/apiserver/apiserver-ca.pem
--service-account-signing-key-file=/etc/kubernetes/pki/apiserver/apiserver-ca-key.pem
--service-account-issuer=https://kubernetes.default.svc.cluster.local
--api-audiences=https://kubernetes.default.svc
--etcd-cafile=/etc/kubernetes/pki/etcd/etcd-ca.pem
--etcd-certfile=/etc/kubernetes/pki/etcd/etcd-apiserver-client.pem
--etcd-keyfile=/etc/kubernetes/pki/etcd/etcd-apiserver-client-key.pem
--etcd-servers=https://172.16.222.121:2379
--kubelet-client-certificate=/etc/kubernetes/pki/kubelet/kubelet-apiserver-client.pem
--kubelet-client-key=/etc/kubernetes/pki/kubelet/kubelet-apiserver-client-key.pem
--token-auth-file=/etc/kubernetes/config/auth-token.csv
--feature-gates=RemoveSelfLink=false
--enable-swagger-ui=true
--allow-privileged=true
--apiserver-count=3
--enable-aggregator-routing=true
--audit-log-maxage=30
--audit-log-maxbackup=3
--audit-log-maxsize=100
--audit-log-path=/var/log/kubernetes/apiserver/apiserver-audit.log
--event-ttl=1h
--alsologtostderr=true
--logtostderr=false
--log-dir=/var/log/kubernetes/apiserver/
--v=2"
EOFcontroller.conf 配置
cat > /etc/kubernetes/config/controller.conf <<EOF
KUBE_CONTROLLER_MANAGER_OPTS="--port=0
--secure-port=10257
--bind-address=127.0.0.1
--kubeconfig=/etc/kubernetes/kubeconfig/controller.kubeconfig
--service-cluster-ip-range=10.68.0.1/16
--cluster-name=kubernetes
--cluster-signing-cert-file=/etc/kubernetes/pki/apiserver/apiserver-ca.pem
--cluster-signing-key-file=/etc/kubernetes/pki/apiserver/apiserver-ca-key.pem
--root-ca-file=/etc/kubernetes/pki/apiserver/apiserver-ca.pem
--feature-gates=RotateKubeletServerCertificate=true
--allocate-node-cidrs=true
--cluster-cidr=10.100.0.0/16
--cluster-signing-duration=87600h
--leader-elect=true
--controllers=*,bootstrapsigner,tokencleaner
--horizontal-pod-autoscaler-sync-period=10s
--tls-cert-file=/etc/kubernetes/pki/apiserver/apiserver-controller-client.pem
--tls-private-key-file=/etc/kubernetes/pki/apiserver/apiserver-controller-client-key.pem
--alsologtostderr=true
--logtostderr=false
--log-dir=/var/log/kubernetes/controller/
--v=2"
EOF相关文章
- K8s pod详解
- k8s学习六-k8s部署go服务
- k8s的pod状态表
- K8s集群环境搭建
- 快速搭建云原生开发环境(k8s+pv+prometheus+grafana)
- 微服务 - 搭建k8s(kubeadm)模拟复杂的生产环境(上篇)
- K8S 生态周报| K8s v1.25 将 GlusterFS 卷插件废弃
- 如何解密k8s中的加密资源
- 图解K8s源码 - k8s核心数据结构
- 软件测试|K8S 容器编排(上)
- 2022-12-25:etcd可以完全替代zookeeper,原因是k8s用的etcd,不用担心不成熟。请问etcd部署在k3s
- 【K8S 系列】k8s 学习一,Kubernetes 基本介绍及核心组件
- K8S 生态周报| KSM 即将废弃对 VerticalPodAutoscaler 的支持
- 支撑 100Gbit/s K8s 集群的未来网络数据平面
- 部署基于K8s的Oracle容器云(k8s 安装oracle)
- Redis如何用K8s进行自动部署与扩容(redis需要k8s吗)
- K8S 生态周报| Kubernetes v1.22.0 正式发布,新特性一览!