User Tools

Site Tools


soft:kubernetes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
soft:kubernetes [2019/07/14 14:03]
phil created
soft:kubernetes [2019/12/15 17:11] (current)
phil
Line 40: Line 40:
 </​code>​ </​code>​
  
-==== Join worker nodes with kubeadm ====+===== Join worker nodes with kubeadm ​=====
  
 TODO TODO
  
-==== Upgrade a cluster with kubeadm ====+===== Upgrade a cluster with kubeadm ​=====
  
 Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://​kubernetes.io/​docs/​tasks/​administer-cluster/​kubeadm/​kubeadm-upgrade-1-15/​ Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://​kubernetes.io/​docs/​tasks/​administer-cluster/​kubeadm/​kubeadm-upgrade-1-15/​
Line 57: Line 57:
 sudo apt-get install kubectl=$version kubelet=$version sudo apt-get install kubectl=$version kubelet=$version
 sudo systemctl restart kubelet sudo systemctl restart kubelet
 +sudo apt-mark hold kubectl kubelet kubeadm
 </​code>​ </​code>​
  
-On worker nodes:+On other control panes and on worker nodes:
  
 <​code>​ <​code>​
Line 67: Line 68:
 sudo apt-get install kubectl=$version kubelet=$version sudo apt-get install kubectl=$version kubelet=$version
 sudo systemctl restart kubelet sudo systemctl restart kubelet
 +sudo apt-mark hold kubectl kubelet kubeadm
 </​code>​ </​code>​
 +
 +===== Modify cluster configuration =====
 +
 +kubeadm write configuration in a configmap named //​kubeadm-config//​ in the //​kube-system//​ namespace.
 +
 +Edit with:
 +
 +<​code>​
 +kubectl -n kube-system edit configmap kubeadm-config
 +</​code>​
 +
 +Parameters for api-server, controllers etc, can be added to the //​extraArgs//​ key. Then to apply changes:
 +
 +<​code>​
 +kubeadm upgrade node
 +</​code>​
 +
 +This will write new static manifests to /​etc/​kubernetes/​manifest and restart the components that need to be restarted.
 +
 +Example for securing a 1.16 cluster:
 +
 +<​code>​
 +  ClusterConfiguration:​ |                                                                                                                                                                     
 +    apiServer: ​                                                                                                                                                                               ​
 +      extraArgs: ​                                                                                                                                                                             ​
 +        authorization-mode:​ Node,​RBAC ​                                                                                                                                                        
 +        profiling: "​false" ​                                                                                                                                                                   ​
 +        enable-admission-plugins:​ NodeRestriction,​AlwaysPullImages,​DenyEscalatingExec ​                                                                                                        
 +</​code>​
 +
soft/kubernetes.1563113008.txt.gz ยท Last modified: 2019/07/14 14:03 by phil