k8s apiserver配置
接着上面的博客继续写
pwd -> /etc/kubernetes/ssl
cp /etc/etcd/ssl/etcd-1-71.* .
cat apiserver
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--bind-address=0.0.0.0 --insecure-bind-address=0.0.0.0" # The port on the local server to listen on. KUBE_API_PORT="--secure-port=6443 --insecure-port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=https://192.168.1.71:2379,https://192.168.1.72:2379,https://192.168.1.73:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.0.0.0/12" # default admission control policies KUBE_ADMISSION_CONTROL="--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota" # Add your own! KUBE_API_ARGS="--allow-privileged=true \ --service-account-key-file=/etc/kubernetes/ssl/apiserver.key \ --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem \ --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key \ --client-ca-file=/etc/kubernetes/ssl/ca.pem \ --etcd-cafile=/etc/kubernetes/ssl/ca.pem \ --etcd-certfile=/etc/kubernetes/ssl/etcd-1-71.pem \ --etcd-keyfile=/etc/kubernetes/ssl/etcd-1-71.key \ --token-auth-file=/etc/kubernetes/token.csv \ --authorization-mode=RBAC \ --kubelet-https=true \ --apiserver-count=3 \ --default-not-ready-toleration-seconds=10 \ --default-unreachable-toleration-seconds=10 \ --delete-collection-workers=3 \ --enable-bootstrap-token-auth"
注意上面修改配置文件路径 并进行验证