I am running kubernetes inside 'Docker Desktop' on Mac OS High Sierra.
Is it possible to change the flags given to the kubernetes api-server with this setup?
I can see that the api-server is running.
I am able to exec into the api-server container. When I kill the api-server so I could run it with my desired flags, the container is immediately killed.
Try this to find the name of apiserver deployment:
kubectl -n kube-system get deploy | grep apiserver
Grab the name of deployment and edit its configuration:
kubectl -n kube-system edit deploy APISERVER_DEPLOY_NAME
When you do that the editor will open and from there you can change apiserver command line flags. After editing you should save and close editor, then your changes will be applied.
I there is no a deployment for kube-apiserver since those pods are static so they are created and managed by kubelet.
The way to change kube-api's parameters is like #hanx mentioned:
ssh into the master node (not a container);
update the file under - /etc/kubernetes/manifests/;
restart kubelet - systemctl restart kubelet;
Related
I accidentally deleted kube-proxy daemonset by using command: kubectl delete -n kube-system daemonset kube-proxy which should run kube-proxy pods in my cluster, what the best way to restore it?
That's how it should look
Kubernetes allows you to reinstall kube-proxy by running the following command which install the kube-proxy addon components via the API server.
$ kubeadm init phase addon kube-proxy --kubeconfig ~/.kube/config --apiserver-advertise-address string
This will generate the output as
[addons] Applied essential addon: kube-proxy
The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
Hence kube-proxy will be reinstalled in the cluster by creating a DaemonSet and launching the pods.
kube-proxy daemon got created at the time of cluster creation, so you need to write your own manifest for daemon-set unless you have a backup to restore it from there.
I've tried to change kube-proxy configMap and kube-proxy command to set metricsBindAddress but kubernetes resets these changes(without any warnings) after couple seconds.
kubectl edit cm kube-proxy-config -n kube-system => add metricsBindAddress => wait couple seconds and open the config - there is empty metricsBindAddress
kubectl edit ds kube-proxy -n kube-system => add --metrics-bind-address to command => wait couple seconds => the command was reset to default
How to change kube-proxy config and keep these changes ?
Kubernetes version 1.17
UPDATE(as you can, after several seconds metricsBindAddress was changed to empty string):
UPDATE 2(pay attention on metricsBinAddress, it's changed after ~40-50 seconds):
FINAL UPDATE:
Answer from cloud provider(Yandex) - kube-proxy pod it is on the host's network, so to prevent security problems, it listens exclusively on the loopback address and therefore the parameter will be reset
p.s. https://github.com/helm/charts/tree/master/stable/prometheus-operator#kubeproxy - I want to make kube-proxy accessible by prometheus
First edit:
kubectl edit cm/kube-proxy -n kube-system
.....
metricsBindAddress: 0.0.0.0:10249
.....
Then,
kubectl rollout restart ds kube-proxy -n kube-system
You have to restart the pods otherwise they do not get the configuration.
You can check the status by:
kubectl rollout status ds kube-proxy -n kube-system
I am posting this Community Wiki because root cause of the issue has been determined.
Usually to change of metricsBindAddress: can be achieved by editing ConfigMap and delete kube-proxy pod or use rollout restart on DaemonSet.
Root cause of this issue was that this change was blocked by OP's environment - Yandex Cloud.
OP received feedback from Yandex Support
kube-proxy pod it is on the host's network, so to prevent security problems, it listens exclusively on the loopback address and therefore the parameter will be reset
I have installed docker desktop on my windows 10 and have enabled Kubernetes. When I run the kubectl config current-context command I am getting this response gke_k8s-demo-263903_asia-south1-a_kubia. How do I set up the context to point to docker-desktop? I remember that I had worked with GKE earlier but not sure how to reset the context.
From your local machine run, you should see docker-desktop listed:
kubectl config get-contexts
Then run the below:
kubectl config use-context docker-desktop
If the cluster name you want to communicate with is not listed, it means you haven't got to context file to the cluster.
I'm trying the debug CLI feature on 1.18 release of Kubernetes but I have an issue while I have executed debug command.
I have created a pod show as below.
kubectl run ephemeral-demo --image=k8s.gcr.io/pause:3.1 --restart=Never
After than when running this command: kubectl alpha debug -it ephemeral-demo --image=busybox --target=ephemeral-demo
Kubernetes is hanging like that :
Defaulting debug container name to debugger-aaaa.
How Can I resolve that issue?
It seems that you need to enable the feature gate on all control plane components as well as on the kubelets. If the feature is enabled partially (for instance, only kube-apiserver and kube-scheduler), the resources will be created in the cluster, but no containers will be created, thus there will be nothing to attach to.
In addition to the answer posted by Konstl
To enable EphemeralContainers featureGate correctly, add on the master nodes to:
/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml
/etc/kubernetes/manifests/kube-scheduler.yaml
the following line to container command:
spec:
containers:
- command:
- kube-apiserver # or kube-controller-manager/kube-scheduler
- --feature-gates=EphemeralContainers=true # < -- add this line
Pods will restart immediately.
For enabling the featureGate for kubelet add on all nodes to:
/var/lib/kubelet/config.yaml
the following lines at the bottom:
featureGates:
EphemeralContainers: true
Save the file and run the following command:
$ systemctl restart kubelet
This was enough in my case to be able to use kubectl alpha debug as it's explained in the documentation
Additional usefull pages:
Ephemeral Containers
Share Process Namespace between Containers in a Pod
I'm seeing similar behaviour. Although i'm running 1.17 k8s with 1.18 kubectl. But I was under the impression that the feature was added in 1.16 in k8s and in 1.18 in kubectl.
As of Kubernetes 1.2, kube-proxy is now a pod running in the kube-system namespace.
The old init script /etc/init.d/kube-proxy has been removed.
Aside from simply resetting the GCE instance, is there a good way to restart kube-proxy?
I just added an annotation to change the proxy mode, and I need to restart kube-proxy for my change to take effect.
The kube-proxy is run as an addon pod, meaning the Kubelet will automatically restart it if it goes away. This means you can restart the kube-proxy pod by simply deleting it:
$ kubectl delete pod --namespace=kube-system kube-proxy-${NODE_NAME}
Where $NODE_NAME is the node you want to restart the proxy on (this is assuming a default configuration, otherwise kubectl get pods --kube-system should include the list of kube-proxy pods).
If the restarted kube-proxy is missing your annotation change, you may need to update the manifest file, usually found in /etc/kubernetes/manifests on the node.