|NO.Z.00226|——————————|CloudNative|——|KuberNetes&细粒度权限控制.V10|——|RBAC.v02|临时容器配置|

一、临时容器配置：打开k8s组件中--feature-gates功能

### --- 打开k8s组件功能：在k8s的kubelet组件打开--feature-gates功能（所有节点）
~~~     所有节点都执行
~~~     首先在kubelet下打开EphermeralContainers:

[root@k8s-master01 ~]#  vim /etc/systemd/system/kubelet.service.d/10-kubelet.conf 
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2" --feature-gates="EphemeralContainers=true"              
# 这行末尾添加如下参数：--feature-gates="EphemeralContainers=true"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARGS

~~~     # 通过这个命令也是可以查看的，默认是false

[root@k8s-master01 ~]# kubelet -h | grep EphemeralContainers
                EphemeralContainers=true|false (ALPHA - default=false)

### --- 打开kubelet-conf配置文件参数

[root@k8s-master01 ~]# vim /etc/kubernetes/kubelet-conf.yml
featureGates:
  EphemeralContainers: true         // 在文件末尾添加此参数

### --- daemon-reload：先重启一个节点，查看是否会报错

[root@k8s-node02 ~]# systemctl daemon-reload
[root@k8s-node02 ~]# systemctl restart kubelet
[root@k8s-node02 ~]# systemctl status kubelet
   Active: active (running) since Tue 2021-05-04 12:24:52 CST; 6s ago

~~~     # 查看日志没有error，再执行其它容器

[root@k8s-node02 ~]# tail -f /var/log/messages   

二、打开k8s组件功能：在k8s的kube-proxy组件打开--feature-gates功能（所有节点)

### --- 所有节点执行，在kube-proxy修改如下参数

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/kube-proxy.service 
[Service]
ExecStart=/usr/local/bin/kube-proxy \
  --config=/etc/kubernetes/kube-proxy.conf \
  --feature-gates=EphemeralContainers=true \    // 此行添加次参数，这是开启一个feature，若是开启多个的话逗号隔开即可
  --v=2

### --- 重启

[root@k8s-node02 ~]# systemctl daemon-reload
[root@k8s-node02 ~]# systemctl restart kube-proxy
[root@k8s-node02 ~]# systemctl status kube-proxy

三、打开k8s组件功能：在k8s的kube-apiserver组件打开--feature-gates功能（master节点）

### --- 在master节点执行修改kube-apiserver的组件说明

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/kube-apiserver.service
       --feature-gates=EphemeralContainers=true \   // 添加这行参数
      --requestheader-extra-headers-prefix=X-Remote-Extra-  \
      --requestheader-username-headers=X-Remote-User
      # --token-auth-file=/etc/kubernetes/token.csv

四、打开k8s组件功能：在k8s的controller Manager组件打开--geature-gates功能（master节点）

### --- 在master节点执行修改controller manager的组件说明

      --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem \
      --feature-gates=EphemeralContainers=true \    // 添加这行参数
      --node-cidr-mask-size=24

五、打开k8s组件功能：在k8s的kube-scheduler.service组件打开--geature-gates功能（master节点）

### --- 在master节点执行修改kube-scheduler.service的组件说明

      --leader-elect=true \
      --feature-gates=EphemeralContainers=true \    // 添加这行参数
      --kubeconfig=/etc/kubernetes/scheduler.kubeconfig

六、修改k8s组件配置：daemon-reolad修改的组件信息

[root@k8s-master01 ~]# systemctl daemon-reload
[root@k8s-master01 ~]# systemctl restart kube-apiserver kube-controller-manager kube-scheduler.service
[root@k8s-master01 ~]# systemctl status kube-apiserver kube-controller-manager kube-scheduler.service
● kube-apiserver.service - Kubernetes API Server
   Active: active (running) since Tue 2021-05-04 13:32:21 CST; 4min 55s ago
● kube-controller-manager.service - Kubernetes Controller Manager
Active: active (running) since Tue 2021-05-04 13:32:40 CST; 4min 35s ago
● kube-scheduler.service - Kubernetes Scheduler
  Active: active (running) since Tue 2021-05-04 13:23:31 CST; 13min ago
 [root@k8s-master01 ~]# tail -f /var/log/messages

---

 

 

 

 

 

 

 

 

 

---

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart

                                                                                                                                                   ——W.S.Landor

---