philpep's wiki

User Tools

Site Tools

Trace:
soft:kubernetes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
soft:kubernetes [2019/08/07 07:59]
phil 		soft:kubernetes [2019/12/15 17:11]
phil
Line 40: Line 40:
 </code> </code>
  
-==== Join worker nodes with kubeadm ====+===== Join worker nodes with kubeadm =====
  
 TODO TODO
  
-==== Upgrade a cluster with kubeadm ====+===== Upgrade a cluster with kubeadm =====
  
 Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/ Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/
Line 70: Line 70:
 sudo apt-mark hold kubectl kubelet kubeadm sudo apt-mark hold kubectl kubelet kubeadm
 </code> </code>
 +
 +===== Modify cluster configuration =====
 +
 +kubeadm write configuration in a configmap named //kubeadm-config// in the //kube-system// namespace.
 +
 +Edit with:
 +
 +<code>
 +kubectl -n kube-system edit configmap kubeadm-config
 +</code>
 +
 +Parameters for api-server, controllers etc, can be added to the //extraArgs// key. Then to apply changes:
 +
 +<code>
 +kubeadm upgrade node
 +</code>
 +
 +This will write new static manifests to /etc/kubernetes/manifest and restart the components that need to be restarted.
 +
 +Example for securing a 1.7 cluster:
 +
 +<code>
 +  ClusterConfiguration: |                                                                                                                                                                     
 +    apiServer:                                                                                                                                                                                
 +      extraArgs:                                                                                                                                                                              
 +        authorization-mode: Node,RBAC                                                                                                                                                         
 +        profiling: "false"                                                                                                                                                                    
 +        enable-admission-plugins: NodeRestriction,AlwaysPullImages,DenyEscalatingExec                                                                                                         
 +</code>
 +
soft/kubernetes.txt ยท Last modified: 2019/12/15 17:11 by phil

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki