无法为Kubernetes静态Pod修改ETCD清单

时间:2019-05-24 14:44:38

标签: kubernetes etcd

我想修改etcd pod以监听0.0.0.0(或主机IP),而不是127.0.0.1。

我正在从单一主机迁移到多主机kubernetes集群,但是遇到一个问题,即在使用正确的设置修改了/etc/kubernetes/manifests/etcd.yaml并重新启动kubelet甚至docker之后守护程序,etcd仍在127.0.0.1上运行。

在docker容器内部,我很高兴看到etcd以--listen-client-urls = https://127.0.0.1:2379而不是主机IP开头

猫/etc/kubernetes/manifests/etcd.yaml 

/

[root @ test-master-01 centos]#kubectl -n kube-system get po etcd-test-master-01 -o yaml 

apiVersion: v1
kind: Pod
metadata:
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
  containers:
  - command:
    - etcd
    - --advertise-client-urls=https://192.168.22.9:2379
    - --cert-file=/etc/kubernetes/pki/etcd/server.crt
    - --client-cert-auth=true
    - --data-dir=/var/lib/etcd
    - --initial-advertise-peer-urls=https://192.168.22.9:2380
    - --initial-cluster=test-master-01=https://192.168.22.9:2380
    - --key-file=/etc/kubernetes/pki/etcd/server.key
    - --listen-client-urls=https://192.168.22.9:2379
    - --listen-peer-urls=https://192.168.22.9:2380
    - --name=test-master-01
    - --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
    - --peer-client-cert-auth=true
    - --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
    - --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
    - --snapshot-count=10000
    - --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
    image: k8s.gcr.io/etcd-amd64:3.2.18
    imagePullPolicy: IfNotPresent
    livenessProbe:
      exec:
        command:
        - /bin/sh
        - -ec
        - ETCDCTL_API=3 etcdctl --endpoints=https://[192.168.22.9]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
          --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
          get foo
      failureThreshold: 8
      initialDelaySeconds: 15
      timeoutSeconds: 15
    name: etcd
    resources: {}
    volumeMounts:
    - mountPath: /var/lib/etcd
      name: etcd-data
    - mountPath: /etc/kubernetes/pki/etcd
      name: etcd-certs
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /var/lib/etcd
      type: DirectoryOrCreate
    name: etcd-data
  - hostPath:
      path: /etc/kubernetes/pki/etcd
      type: DirectoryOrCreate
    name: etcd-certs
status: {}

2 个答案:

答案 0 :(得分:1)

首先检查kubelet选项--pod-manifest-path,然后在此路径中放入正确的Yaml。

要确保已删除etcd窗格,请将yaml文件移出pod-manifest-path,请等待docker ps -a删除此窗格。然后将正确的Yaml文件放入pod-manifest-path

答案 1 :(得分:0)

逐步查看了我的自动化脚本,发现我已经在扩展名为.bak的同一文件夹中执行了etcd yaml的备份。看起来kubelet守护程序上传了manifests文件夹内的所有文件,尽管文件扩展名为。

相关问题
最新问题