在GKE中配置功能门时出错

Question

我试图在节点版本为1.9.7的GKE节点上运行kubelet parameters add --feature-gates=ReadOnlyAPIDataVolumes=false。

然后我遇到以下错误：

I1002 00:56:53.617596   13469 feature_gate.go:226] feature gates: &{{} map[ReadOnlyAPIDataVolumes:false]}
I1002 00:56:53.617724   13469 controller.go:114] kubelet config controller: starting controller
I1002 00:56:53.617729   13469 controller.go:118] kubelet config controller: validating combination of defaults and flags
error: error reading /var/lib/kubelet/pki/kubelet.key, certificate and key must be supplied as a pair

如果我运行sudo kubelet parameters add --feature-gates=ReadOnlyAPIDataVolumes=false，那么我得到

error: unrecognized key: ReadOnlyAPIDataVolumes

我的问题：

• 通常，是否应以root用户身份执行kubelet命令？
• 具体如何成功运行“ kubelet parameters add”命令？

Answer 1

1. 是的。尽管可能以non-root的身份运行，但kubelet可以控制系统上的许多不同组件，因此很难与non-root的所有组件进行对话。

   < / li>

2. 我真的不确定kubelet parameters add的来源或在GKE上的设置方式（我相信它是旧的kube-up.sh脚本），但是通常，您可以更改kubelet参数在systemd级别。例如，根据以下/var/lib/kubelet/kubeadm-flags.env服务定义，我使用kubeadm并在systemd中更改/添加标志，或仅在kubelet命令行上内联：

   $ systemctl cat kubelet
   # /lib/systemd/system/kubelet.service
   [Unit]
   Description=kubelet: The Kubernetes Node Agent
   Documentation=https://kubernetes.io/docs/home/
   
   [Service]
   ExecStart=/usr/bin/kubelet
   Restart=always
   StartLimitInterval=0
   RestartSec=10
   
   [Install]
   WantedBy=multi-user.target
   
   # /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
   # Note: This dropin only works with kubeadm and kubelet v1.11+
   [Service]
   Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap- kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --hostname-override=ip-x-x-x-x.us-east-1.compute.internal"
   Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
   # This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
   EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
   # This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
   # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
   EnvironmentFile=-/etc/default/kubelet
   ExecStart=
   ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS