我正在阅读kube-prometheus的自述文件,马上看以下段落:
> This means the kubelet configuration must contain these flags:
>
> --authentication-token-webhook=true This flag enables, that a ServiceAccount token can be used to authenticate against the
> kubelet(s). This can also be enabled by setting the kubelet
> configuration value authentication.webhook.enabled to true.
> --authorization-mode=Webhook This flag enables, that the kubelet will perform an RBAC request with the API to determine, whether the
> requesting entity (Prometheus in this case) is allow to access a
> resource, in specific for this project the /metrics endpoint. This can
> also be enabled by setting the kubelet configuration value
> authorization.mode to Webhook.
这让我感到奇怪-我们怎么知道K8s用于运行其kubelet的命令行?我可能在这里错了,不是K8s集群旋转了kubelet,而是负责管理K8s集群的AKS基础结构。但是问题仍然存在-我们如何看到命令行?我们可以影响它吗?
编辑1
似乎非常相关。尽管它实际上并没有提供命令行或告诉用户如何更改它,但它确实提供了kubelet配置,并且同一页面说明了如何修改它。
基本上,要获得kubelet配置,我们需要做两件事:
kubectl proxy --port=8001 &
NODE_NAME="the-name-of-the-node-you-are-reconfiguring"; curl -sSL "http://localhost:8001/api/v1/nodes/${NODE_NAME}/proxy/configz" | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' > kubelet_configz_${NODE_NAME}
然后kubelet_configz_${NODE_NAME}将是Kubelet配置为YAML。