【云原生 | Kubernetes 系列】— 部署K8S 1.28版本集群部署(基于Containerd容器运行)
kubernetes集群规划 准备工作1、主机配置2、升级内核3、配置内核转发以及过滤4、安装ipset ipvsadm,IPVS(IP Virtual Server)是一个用于负载均衡的 Linux 内核模块,它可以用来替代 kube-proxy 默认的 iptables 方式。IPVS 提供了更高效和可扩展的负载均衡功能,特别适用于大规模的集群环境。
省 部署containerd1 ,下载runc 准备(替换原有问题的runc)
部署K8S1、K8S集群软件部署,选择一个yum 源即可2, K8S软件初始化3, 集群初始化4, 手动拉去镜像(如果镜像拉去不下来也可以手动拉去)5, 保存文件
网络插件flannelcalico部署
报错一解决报错二解决结果
资源监控
kubernetes集群规划
主机名IP地址备注k8s-master01192.168.0.109masterk8s-node1192.168.0.108node1k8s-node2192.168.0.107node1k8s-node3192.168.0.105node1
准备工作
1、主机配置
[root@k8s-master01 ~]# hostnamectl set-hostname k8s-master01
[root@k8s-master01 ~]# hostname
k8s-master01
[root@localhost ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.109 k8s-master01
192.168.0.108 k8s-node1
192.168.0.107 k8s-node2
192.168.0.105 k8s-node3
systemctl stop firewalld && systemctl disable firewalld
setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sestatus #查看selinux 状态
# 时间同步
ntpdate time1.aliyun.com
2、升级内核
导elrepo gpg key,软件验证
# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
安装elrepoYUM源仓库
# yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
安装kernel-ml版本,ml为长期稳定版本,1t为长期维护版本
# yum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64
设置grub2默认引导为0,就是重启后会使用最新内核
# grub2-set-default 0
重新生成grub2引导文件
# grub2-mkconfig -o /boot/grub2/grub.cfg
更新后,需要重启,使用升级的内核生效。
#reboot 重启后检查版本
# uname -r
[root@k8s-master01 ~]# uname -r
5.4.265-1.el7.elrepo.x86_64
3、配置内核转发以及过滤
添加网桥过滤及内核转发配置文件
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1 #启用 IPv6 数据包经过 iptables 的处理。
net.bridge.bridge-nf-call-iptables = 1 #启用 IPv4 数据包经过 iptables 的处理。
net.ipv4.ip_forward = 1 #启用 IPv4 数据包的转发功能。
vm.swappiness = 0 #闭交换分区的使用,使系统更加倾向于使用物理内存而非交换分区。
EOF
加载br_netfilter模块
# modprobe br_netfilter
# sysctl -p /etc/sysctl.d/k8s.conf
查看是否加载
# lsmod | grep br_netfilter
[root@k8s-master01 ~]# lsmod | grep br_netfilter
br_netfilter 28672 0
设置开机自启 vi /etc/sysconfig/modules/br_netfilter.modules
#!/bin/bash
modprobe br_netfilter
设置权限
# chmod 755 /etc/sysconfig/modules/br_netfilter.modules
4、安装ipset ipvsadm,IPVS(IP Virtual Server)是一个用于负载均衡的 Linux 内核模块,它可以用来替代 kube-proxy 默认的 iptables 方式。IPVS 提供了更高效和可扩展的负载均衡功能,特别适用于大规模的集群环境。
yum -y install ipset ipvsadm
配置ipvsadm模块加载方式
添加需要加载的模块
# cat > /etc/sysconfig/modules/ipvs.modules < # !/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF 授权、运行、检查是否加载 [root@k8s-master01 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack ip_vs_sh 16384 0 ip_vs_wrr 16384 0 ip_vs_rr 16384 0 ip_vs 155648 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr nf_conntrack 147456 4 xt_conntrack,nf_nat,xt_MASQUERADE,ip_vs nf_defrag_ipv6 24576 2 nf_conntrack,ip_vs nf_defrag_ipv4 16384 1 nf_conntrack libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs 配置文件解析: ip_vs:这是 IPVS 的核心模块,用于实现 IP 负载均衡。它拦截流量并将其转发到后端的服务节点,以实现负载均衡和高可用性。 ip_vs_rr:这个模块实现了基于轮询的调度算法(Round Robin),它按顺序将请求分配给后端节点,直到达到最大连接数限制。 ip_vs_wrr:这个模块实现了加权轮询的调度算法(Weighted Round Robin),它根据节点的权重分配请求,可以使具有更高权重的节点处理更多的请求。 ip_vs_sh:这个模块实现了源地址哈希的调度算法(Source Hash),它基于请求的源 IP 地址将请求分发到后端节点。相同的源 IP 地址将始终被分配到同一个后端节点。 nf_conntrack:这个模块提供了网络连接跟踪功能,用于跟踪数据包的连接状态,以便正确地处理负载均衡过程中的网络流量。 5、关闭swap 分区 swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab 省 部署containerd 1 ,下载 wget https://github.com/containerd/containerd/releases/download/v1.7.7/cri-containerd-1.7.7-linux-amd64.tar.gz scp -r ./cri-containerd-1.7.7-linux-amd64.tar.gz root@192.168.0.108:/root/ scp -r ./cri-containerd-1.7.7-linux-amd64.tar.gz root@192.168.0.107:/root/ scp -r ./cri-containerd-1.7.7-linux-amd64.tar.gz root@192.168.0.105:/root/ tar -xvf cri-containerd-1.7.7-linux-amd64.tar.gz -C / 配置配置文件 mkdir /etc/contained containerd config default > /etc/contained/config.toml vi /etc/contained/config.toml sandbox_image = "redistry.k8s.io/pause:3.9" #由3.8修改为3.9 设置开机自启 systemctl enable --now containerd runc 准备(替换原有问题的runc) github:https://github.com/opencontainers/runc/releases/tag/v1.1.9 libseccomp准备 下载部署包 tar -xvf libseccomp-2.5.4.tar.gz yum -y install gperf cd libseccomp-2.5.4 ./configure make make install find / -name "libseccomp.so" [root@k8s-master01 libseccomp-2.5.4]# find / -name "libseccomp.so" /root/libseccomp-2.5.4/src/.libs/libseccomp.so /usr/local/lib/libseccomp.so 安装runc gtihub:https://github.com/opencontainers/runc/releases/download/v1.1.9/runc.amd64 rm -rf `which runc` chmod +x runc.amd64 mv runc.amd64 runc mv runc /usr/local/sbin/ [root@k8s-master01 ~]# runc -version runc version 1.1.9 commit: v1.1.9-0-gccaecfcb spec: 1.0.2-dev go: go1.20.3 libseccomp: 2.5.4 部署K8S 1、K8S集群软件部署,选择一个yum 源即可 cat > /etc/yum.repos.d/k8s.repo < [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey-https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOF cat > /etc/yum.repos.d/k8s.repo < [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey-https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 更新后查看是否存在1.28镜像 yum clean all yum makecache yum list kubeadm.x86_64 --showduplicates yum -y install kubeadm-1.28.0-0 kubelet-1.28.0-0 kubectl-1.28.0-0 2, K8S软件初始化 #配置kubelet [root@k8s-master wrap]# vi /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" systemctl enable kubelet 3, 集群初始化 kubeadm init --kubernetes-version=v1.28.0 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.21.131.89 --cri-socket unix:///var/run/containerd/containerd.sock 新版本--cri-socket可以不添加 默认优先选择contained 拉取镜像失败使用: kubeadm init --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.109 unix:///var/run/containerd/containerd.sock kubeadm token create --print-join-command #过有效期之后重新生成 4, 手动拉去镜像(如果镜像拉去不下来也可以手动拉去) kubeadm config images list [root@k8s-master01 ~]# kubeadm config images list W1228 02:55:13.724483 8989 version.go:104] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get "https://cdn.dl.k8s.io/release/stable-1.txt": dial tcp 146.75.113.55:443: i/o timeout (Client.Timeout exceeded while awaiting headers) W1228 02:55:13.724662 8989 version.go:105] falling back to the local client version: v1.28.0 registry.k8s.io/kube-apiserver:v1.28.0 registry.k8s.io/kube-controller-manager:v1.28.0 registry.k8s.io/kube-scheduler:v1.28.0 registry.k8s.io/kube-proxy:v1.28.0 registry.k8s.io/pause:3.9 registry.k8s.io/etcd:3.5.9-0 registry.k8s.io/coredns/coredns:v1.10.1 ctr image pull docker.io/gotok8s/kube-apiserver:v1.28.0 ctr image pull docker.io/gotok8s/kube-controller-manager:v1.28.0 ctr image pull docker.io/gotok8s/kube-scheduler:v1.28.0 ctr image pull docker.io/gotok8s/kube-proxy:v1.28.0 ctr image pull docker.io/gotok8s/pause:3.9 ctr image pull docker.io/gotok8s/etcd:3.5.9-0 ctr image pull docker.io/gotok8s/coredns:v1.10.1 ctr i tag docker.io/gotok8s/kube-apiserver:v1.28.0 registry.k8s.io/kube-apiserver:v1.28.0 ctr i tag docker.io/gotok8s/kube-controller-manager:v1.28.0 registry.k8s.io/kube-controller-manager:v1.28.0 ctr i tag docker.io/gotok8s/kube-scheduler:v1.28.0 registry.k8s.io/kube-scheduler:v1.28.0 ctr i tag docker.io/gotok8s/kube-proxy:v1.28.0 registry.k8s.io/kube-proxy:v1.28.0 ctr i tag docker.io/gotok8s/pause:3.9 registry.k8s.io/pause:3.9 ctr i tag docker.io/gotok8s/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0 ctr i tag docker.io/gotok8s/coredns:v1.10.1 registry.k8s.io/coredns:v1.10.1 5, 保存文件 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config export KUBECONFIG=/etc/kubernetes/admin.conf [root@k8s-master01 kubernetes-1.28.0]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master01 NotReady control-plane 53m v1.28.0 k8s-node1 NotReady k8s-node2 NotReady k8s-node3 NotReady 网络插件 flannel sudo docker pull rancher/mirrored-flannelcni-flannel-cni-plugin:v1.2.0 wget https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml -O kube-flannel.yml sed -i 's|docker.io/flannel/flannel-cni-plugin:v1.2.0|ccr.ccs.tencentyun.com/google_cn/mirrored-flannelcni-flannel-cni-plugin:v1.1.0|g' kube-flannel.yml sed -i 's|docker.io/flannel/flannel:v0.23.0|ccr.ccs.tencentyun.com/google_cn/mirrored-flannelcni-flannel:v0.18.1|g' kube-flannel.yml sed -i 's|10.244.0.0/16|10.1.0.0/16|' kube-flannel.yml kubectl apply -f kube-flannel.yml calico部署 calico访问链接:https://projectcalico.docs.tigera.io/about/about-calico # kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml # wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml # vim custom-resources.yaml # This section includes base Calico installation configuration. # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation apiVersion: operator.tigera.io/v1 kind: Installation metadata: name: default spec: # Configures Calico networking. calicoNetwork: # Note: The ipPools section cannot be modified post-install. ipPools: - blockSize: 26 cidr: 10.244.0.0/16 修改此行内容为初始化时定义的pod network cidr encapsulation: VXLANCrossSubnet natOutgoing: Enabled nodeSelector: all() --- # This section configures the Calico API server. # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer apiVersion: operator.tigera.io/v1 kind: APIServer metadata: name: default spec: {} kubectl create -f custom-resources.yaml 报错一 [root@k8s-master01 ~]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.109 [init] Using Kubernetes version: v1.28.1 [preflight] Running pre-flight checks error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running: output: time="2023-12-28T02:42:09-08:00" level=fatal msg="validate service connection: validate CRI v1 runtime API for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" , error: exit status 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher 解决 vim /etc/containerd/config.toml disabled_plugins = ["cri"] 改成 disabled_plugins = [""] sudo systemctl restart containerd 报错二 [init] Using Kubernetes version: v1.28.1 [preflight] Running pre-flight checks [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' W1228 02:50:26.797707 8490 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.aliyuncs.com/google_containers/pause:3.9" as the CRI sandbox image. [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [k8s-master01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.109] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [k8s-master01 localhost] and IPs [192.168.0.109 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [k8s-master01 localhost] and IPs [192.168.0.109 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [kubelet-check] Initial timeout of 40s passed. # 查看错误信息 journalctl -u kubelet -f 大概是: Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.8": failed to pull image "registry.k8s.io/pause:3.8": failed to pull and unpack image "registry.k8s.io/pause:3.8": failed to resolve reference "registry.k8s.io/pause:3.8": failed to do request: Head "https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.8": dial tcp 173.194.174.82:443: i/o timeout 解决 crictl pull registry.aliyuncs.com/google_containers/pause:3.9 ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.8 kubeadm reset kubeadm init --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.0 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.109 结果 root@k8s-master01 contained]# kubectl get po -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-flannel kube-flannel-ds-6nbh9 1/1 Running 0 156m kube-flannel kube-flannel-ds-vpghq 1/1 Running 0 16m kube-flannel kube-flannel-ds-wv5hb 1/1 Running 0 15m kube-flannel kube-flannel-ds-zdsfg 1/1 Running 0 16m kube-system coredns-66f779496c-fcxnb 1/1 Running 0 4h16m kube-system coredns-66f779496c-snjk2 1/1 Running 0 4h16m kube-system etcd-k8s-master01 1/1 Running 0 4h16m kube-system kube-apiserver-k8s-master01 1/1 Running 0 4h16m kube-system kube-controller-manager-k8s-master01 1/1 Running 0 4h16m kube-system kube-proxy-6vdts 1/1 Running 0 4h16m kube-system kube-proxy-7thjs 1/1 Running 0 3m11s kube-system kube-proxy-nc5zh 1/1 Running 0 3m11s kube-system kube-proxy-sgwcc 1/1 Running 0 2m43s kube-system kube-scheduler-k8s-master01 1/1 Running 0 4h16m 资源监控 apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: replicas: 2 selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 1 template: metadata: labels: k8s-app: metrics-server spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: metrics-server namespaces: - kube-system topologyKey: kubernetes.io/hostname containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 4443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: metrics-server namespace: kube-system spec: minAvailable: 1 selector: matchLabels: k8s-app: metrics-server --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 文章链接
发表评论