philpep's wiki

User Tools

Site Tools

Trace:
soft:kubernetes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
soft:kubernetes [2019/07/14 14:03]
phil created 		soft:kubernetes [2019/12/15 17:11] (current)
phil
Line 40: Line 40:
 </code> </code>
  
-==== Join worker nodes with kubeadm ====+===== Join worker nodes with kubeadm =====
  
 TODO TODO
  
-==== Upgrade a cluster with kubeadm ====+===== Upgrade a cluster with kubeadm =====
  
 Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/ Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/
Line 57: Line 57:
 sudo apt-get install kubectl=$version kubelet=$version sudo apt-get install kubectl=$version kubelet=$version
 sudo systemctl restart kubelet sudo systemctl restart kubelet
 +sudo apt-mark hold kubectl kubelet kubeadm
 </code> </code>
  
-On worker nodes:+On other control panes and on worker nodes:
  
 <code> <code>
Line 67: Line 68:
 sudo apt-get install kubectl=$version kubelet=$version sudo apt-get install kubectl=$version kubelet=$version
 sudo systemctl restart kubelet sudo systemctl restart kubelet
 +sudo apt-mark hold kubectl kubelet kubeadm
 </code> </code>
 +
 +===== Modify cluster configuration =====
 +
 +kubeadm write configuration in a configmap named //kubeadm-config// in the //kube-system// namespace.
 +
 +Edit with:
 +
 +<code>
 +kubectl -n kube-system edit configmap kubeadm-config
 +</code>
 +
 +Parameters for api-server, controllers etc, can be added to the //extraArgs// key. Then to apply changes:
 +
 +<code>
 +kubeadm upgrade node
 +</code>
 +
 +This will write new static manifests to /etc/kubernetes/manifest and restart the components that need to be restarted.
 +
 +Example for securing a 1.16 cluster:
 +
 +<code>
 +  ClusterConfiguration: |                                                                                                                                                                     
 +    apiServer:                                                                                                                                                                                
 +      extraArgs:                                                                                                                                                                              
 +        authorization-mode: Node,RBAC                                                                                                                                                         
 +        profiling: "false"                                                                                                                                                                    
 +        enable-admission-plugins: NodeRestriction,AlwaysPullImages,DenyEscalatingExec                                                                                                         
 +</code>
 +
soft/kubernetes.1563113008.txt.gz ยท Last modified: 2019/07/14 14:03 by phil

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki