User Tools

Site Tools


soft:kubernetes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
soft:kubernetes [2019/08/07 07:59]
phil
soft:kubernetes [2019/12/15 17:11] (current)
phil
Line 40: Line 40:
 </​code>​ </​code>​
  
-==== Join worker nodes with kubeadm ====+===== Join worker nodes with kubeadm ​=====
  
 TODO TODO
  
-==== Upgrade a cluster with kubeadm ====+===== Upgrade a cluster with kubeadm ​=====
  
 Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://​kubernetes.io/​docs/​tasks/​administer-cluster/​kubeadm/​kubeadm-upgrade-1-15/​ Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://​kubernetes.io/​docs/​tasks/​administer-cluster/​kubeadm/​kubeadm-upgrade-1-15/​
Line 70: Line 70:
 sudo apt-mark hold kubectl kubelet kubeadm sudo apt-mark hold kubectl kubelet kubeadm
 </​code>​ </​code>​
 +
 +===== Modify cluster configuration =====
 +
 +kubeadm write configuration in a configmap named //​kubeadm-config//​ in the //​kube-system//​ namespace.
 +
 +Edit with:
 +
 +<​code>​
 +kubectl -n kube-system edit configmap kubeadm-config
 +</​code>​
 +
 +Parameters for api-server, controllers etc, can be added to the //​extraArgs//​ key. Then to apply changes:
 +
 +<​code>​
 +kubeadm upgrade node
 +</​code>​
 +
 +This will write new static manifests to /​etc/​kubernetes/​manifest and restart the components that need to be restarted.
 +
 +Example for securing a 1.16 cluster:
 +
 +<​code>​
 +  ClusterConfiguration:​ |                                                                                                                                                                     
 +    apiServer: ​                                                                                                                                                                               ​
 +      extraArgs: ​                                                                                                                                                                             ​
 +        authorization-mode:​ Node,​RBAC ​                                                                                                                                                        
 +        profiling: "​false" ​                                                                                                                                                                   ​
 +        enable-admission-plugins:​ NodeRestriction,​AlwaysPullImages,​DenyEscalatingExec ​                                                                                                        
 +</​code>​
 +
soft/kubernetes.1565164752.txt.gz ยท Last modified: 2019/08/07 07:59 by phil