如何在轻量级 K3s 中访问 api 控制器配置
How do I access api controller config in lightweight K3s
通常在 /etc/kubernetes/manifests/kube-apiserver.yaml 的常规 Kubernetes 中找到。
在rancher/K3s中,我能找到的就这些了。我正在尝试调整一些设置,以便启用自定义自动缩放(例如 https://docs.bitnami.com/kubernetes/how-to/configure-autoscaling-custom-metrics/ )。还有其他方法可以影响这些设置吗?
$ sudo tree /var/lib/rancher/k3s/server/manifests
/var/lib/rancher/k3s/server/manifests
├── coredns.yaml
├── rolebindings.yaml
└── traefik.yaml
0 directories, 3 files
K3s bundles the Kubernetes components (kube-apiserver,
kube-controller-manager, kube-scheduler, kubelet, kube-proxy) into
combined processes that are presented as a simple server and agent
model. Running k3s server will start the Kubernetes server and
automatically register the local host as an agent. k3s supports
multi-node model where users can use the ‘node-token’ generated while
the process startup. By default k3s installs both server and agent
(combined the Kubelet, kubeproxy and flannel agent processes), the
same can be controlled using ‘ — disable-agent’ where server and agent
(master and node in Kubernetes terminology) can be separated.
据我所知 - k3s 的所有配置文件都可以在 /var/lib/rancher/k3s 目录下找到:
Running kube-apiserver --advertise-port=6443 --allow-privileged=true
--api-audiences=unknown --authorization-mode=Node,RBAC --basic-auth-file=/var/lib/ranch
er/k3s/server/cred/passwd
--bind-address=127.0.0.1 --cert-dir=/var/lib/rancher/k3s/server/tls/temporary-certs --client-ca-file=/var/lib/rancher/k3s/server/tls/client-ca.crt
--enable-admission-p
lugins=NodeRestriction --insecure-port=0
--kubelet-client-certificate=/var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt
--kubelet-client-key=/var/lib/rancher/k3s/server/tls/client-kube-
apiserver.key
--proxy-client-cert-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.crt
--proxy-client-key-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.key --requestheader-allowe
d-names=system:auth-proxy
--requestheader-client-ca-file=/var/lib/rancher/k3s/server/tls/request-header-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers
=X-Remote-Group --requestheader-username-headers=X-Remote-User
--secure-port=6444 --service-account-issuer=k3s --service-account-key-file=/var/lib/rancher/k3s/server/tls/service.key
--service-a
ccount-signing-key-file=/var/lib/rancher/k3s/server/tls/service.key
--service-cluster-ip-range=10.43.0.0/16 --tls-cert-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt --tls-priv
ate-key-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.key
您还可以使用 --kube-apiserver-arg option
指定所需的值
通常在 /etc/kubernetes/manifests/kube-apiserver.yaml 的常规 Kubernetes 中找到。
在rancher/K3s中,我能找到的就这些了。我正在尝试调整一些设置,以便启用自定义自动缩放(例如 https://docs.bitnami.com/kubernetes/how-to/configure-autoscaling-custom-metrics/ )。还有其他方法可以影响这些设置吗?
$ sudo tree /var/lib/rancher/k3s/server/manifests
/var/lib/rancher/k3s/server/manifests
├── coredns.yaml
├── rolebindings.yaml
└── traefik.yaml
0 directories, 3 files
K3s bundles the Kubernetes components (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, kube-proxy) into combined processes that are presented as a simple server and agent model. Running k3s server will start the Kubernetes server and automatically register the local host as an agent. k3s supports multi-node model where users can use the ‘node-token’ generated while the process startup. By default k3s installs both server and agent (combined the Kubelet, kubeproxy and flannel agent processes), the same can be controlled using ‘ — disable-agent’ where server and agent (master and node in Kubernetes terminology) can be separated.
据我所知 - k3s 的所有配置文件都可以在 /var/lib/rancher/k3s 目录下找到:
Running kube-apiserver --advertise-port=6443 --allow-privileged=true
--api-audiences=unknown --authorization-mode=Node,RBAC --basic-auth-file=/var/lib/ranch
er/k3s/server/cred/passwd
--bind-address=127.0.0.1 --cert-dir=/var/lib/rancher/k3s/server/tls/temporary-certs --client-ca-file=/var/lib/rancher/k3s/server/tls/client-ca.crt
--enable-admission-p
lugins=NodeRestriction --insecure-port=0
--kubelet-client-certificate=/var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt
--kubelet-client-key=/var/lib/rancher/k3s/server/tls/client-kube-
apiserver.key
--proxy-client-cert-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.crt
--proxy-client-key-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.key --requestheader-allowe
d-names=system:auth-proxy
--requestheader-client-ca-file=/var/lib/rancher/k3s/server/tls/request-header-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers
=X-Remote-Group --requestheader-username-headers=X-Remote-User
--secure-port=6444 --service-account-issuer=k3s --service-account-key-file=/var/lib/rancher/k3s/server/tls/service.key
--service-a
ccount-signing-key-file=/var/lib/rancher/k3s/server/tls/service.key
--service-cluster-ip-range=10.43.0.0/16 --tls-cert-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt --tls-priv
ate-key-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.key
您还可以使用 --kube-apiserver-arg option