patternkubernetesMinor
Where is the documentation of Kubernetes API server configurations?
Viewed 0 times
thekuberneteswhereconfigurationsdocumentationserverapi
Problem
Questions
Where is the explanations or documentations of the Kubernetes API Server configuration parameters?
Background
There are parameters to configure for Kubernetes API server e.g. KUBE_API_ADDRESS (which seems needs to be changed from 127.0.0.1) for multi node cluster to work.
Looking for a definite configuration documentation of how to configure API server but so far could not find one.
Setup CentOS (Kubernetes.io) says below.
Kubernetes GitHub says below.
Connecting to Kubernetes API server from outside of Vagrant box #250 says below.
By default kube-apiserver listens only on 127.0.0.1.
Without reconfiguring it it is not possible to connect to Kubernetes using kubectl from another machine.
Kubernetes 1.7 /etc/kubernetes/apiserver is below.
Where is the explanations or documentations of the Kubernetes API Server configuration parameters?
Background
There are parameters to configure for Kubernetes API server e.g. KUBE_API_ADDRESS (which seems needs to be changed from 127.0.0.1) for multi node cluster to work.
Looking for a definite configuration documentation of how to configure API server but so far could not find one.
Setup CentOS (Kubernetes.io) says below.
# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=0.0.0.0"Kubernetes GitHub says below.
# --insecure-bind-address=127.0.0.1: The IP address on which to serve the --insecure-port.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"Connecting to Kubernetes API server from outside of Vagrant box #250 says below.
By default kube-apiserver listens only on 127.0.0.1.
Without reconfiguring it it is not possible to connect to Kubernetes using kubectl from another machine.
Kubernetes 1.7 /etc/kubernetes/apiserver is below.
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
# The port on the local server to listen on.
# KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""Solution
https://github.com/kubernetes/kubernetes/blob/master/cluster/centos/master/scripts/apiserver.sh
It seems that the
# Insecure kube configuration parameters go under here when node['kubernetes']['secure']['enabled'] == 'false'
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
...
# Secure kube configuration parameters go under here when node['kubernetes']['secure']['enabled'] == 'true'
KUBE_API_ADDRESS="--bind-address=0.0.0.0 --insecure-bind-address=127.0.0.1 "
...It seems that the
KUBE_API_ADDRESS will only listen to 0.0.0.0 if kubernetes has been secured.Code Snippets
# Insecure kube configuration parameters go under here when node['kubernetes']['secure']['enabled'] == 'false'
<% if node['kubernetes']['secure']['enabled'] == 'false' -%>
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
...
# Secure kube configuration parameters go under here when node['kubernetes']['secure']['enabled'] == 'true'
<% if node['kubernetes']['secure']['enabled'] == 'true' -%>
KUBE_API_ADDRESS="--bind-address=0.0.0.0 --insecure-bind-address=127.0.0.1 "
...Context
StackExchange DevOps Q#2517, answer score: 4
Revisions (0)
No revisions yet.