以目前最新的稳定版本1.17.2,总结更新ApiServer相关设定选项。
版本
[root@host131 ansible]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
192.168.163.131 Ready <none> 4m19s v1.17.2 192.168.163.131 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5
[root@host131 ansible]#
现象和对应方法
- insecure-port has been deprecated
日志信息如下所示
kube-apiserver[3728]: Flag --insecure-port has been deprecated, This flag will be removed in a future version.
原因与对应方法:需要从apiserver中将如下的设定删除
--insecure-port=0 \
- controller-manager中提示missing content for CA bundle
kube-system/extension-apiserver-authentication failed with : missing content for CA bundle "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
对应方法:在apiserver中添加metrics server所需设定
--requestheader-client-ca-file={{ var_ssl_ca_dir }}/{{ var_ssl_file_ca_pem }} \
--requestheader-allowed-names= \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ var_ssl_k8s_dir }}/{{ var_ssl_aggregator_cert_prefix }}.pem \
--proxy-client-key-file={{ var_ssl_k8s_dir }}/{{ var_ssl_aggregator_cert_prefix }}-key.pem \
--enable-aggregator-routing=true
- Unable to remove old endpoints from kubernetes service
controller.go:151] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/192.168.163.131, ResourceVersion: 0, AdditionalErrorMsg:
原因未定,后续确认
地址
- https://github.com/liumiaocn/easypack/tree/master/k8s/ansible