本文介绍了在 k8s 上启用服务拓扑的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用 k8s 和 kubeadm 1.17 版.我正在尝试启用服务拓扑功能门,但我不能.文档说要使用--feature-gates="ServiceTopology=true,EndpointSlice=true".我尝试在kubeadm init"中使用它......但是kubeadm 说集群不可用.你能帮我吗?这是我正在关注的文档:https://kubernetes.io/docs/tasks/administer-cluster/enabling-service-topology/

I'm using k8s with kubeadm version 1.17. I'm trying to enable Service Topology feature gates but I can't. Documentation say to use "--feature-gates="ServiceTopology=true,EndpointSlice=true". I tried to use that in "kubeadm init"... But kubeadm say that is not available to the cluster. Can you help me? That is the documentation that I'm following: https://kubernetes.io/docs/tasks/administer-cluster/enabling-service-topology/

推荐答案

这不是 kubeadm 的标志.您需要为每个 Kubernetes 控制平面组件启用它,例如控制器管理器、API 服务器、调度程序、Kube 代理.位于所有主节点上 /etc/kubernetes/manifests 位置的每个组件的 yaml 需要修改以添加功能标志 - --feature-gates=ServiceTopology=true

It's not a flag of kubeadm. You need to enable it for each kubernetes control plane component such as controller manager, API Server, Scheduler, Kube proxy. The yamls for each of these components located at /etc/kubernetes/manifests location on all the master nodes need to be modified to add the feature flag - --feature-gates=ServiceTopology=true

API Server yaml 示例

API Server yaml for example

root@kind-control-plane:/# cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 172.18.0.2:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=172.18.0.2
    - --allow-privileged=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --insecure-port=0
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-cluster-ip-range=10.96.0.0/12
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    - --feature-gates=ServiceTopology=true

对于 kube 代理需要创建自定义 kubeadm 配置文件以添加功能标志

For kube proxy a custom kubeadm config file need to be created to add the feature flag

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
...
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
FeatureGates:
  ServiceTopology: true

参考这里

这篇关于在 k8s 上启用服务拓扑的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-01 12:29