背景:
在Kubernetes群集中,节点端口的默认范围为30000-32767。 在某些情况下,由于公司网络策略的限制,可能需要更改节点端口的端口范围。 操作方法:
更新配置文件:/etc/kubernetes/manifests/kube-apiserver.YAML,添加参数:–服务节点端口范围=20000-227660 删除kube API version 3360 v1 kind : pod元数据: annotations : scheduler.alpha.kubernetes.io/critical-pod : ' ' creation timestamp : null labels : component : kube-apiservertier : control-planename 3360 kubbbe RS :-command :-kube-apiserver----授权模式=node, RBAC---advertise-address=192.168.252.65---allow-privileged=true---client-ca-file=/etc/kuber red ca.CRT---enable-admission-plugins=node restriction---- enable-bootstrap-token-auth=true---ee kubernetes/PKI/apiserver-etcd-client.CRT---etcd-keyfile=/etc/ku BBC apiserver-etcd-client.key---- etcd-servers=https://127.0.0.133602379---- insecure-port=0----- y=/etc/kubernetes/PKI/apiserver-kube let-client.keer external IP, 主机名称--- -代理客户端中心文件=/etc/kubernetes/PKI/front-proxy-client.CRT-- proxy-client-k roxy front-proxy-client.key-- -请求标题别名roxy-ca.CRT---- request header-extra-headers-prefix=x-remote-extra---request header-group-header der t-key-file=/etc/kubernetes/PKI/sa.pub 12---service-node-port-range=2000-22767 #此参数--- - 添加apiserver.apiserver.key image 3360 k8s.gcr.io/kube-apiserver : v1. 13.3 imagepullpolicy : ifnotpresentlivenessprobe : failure threshold 33608 http get 3360110 healthzport :6443方案: httpsinitialdelayseconds 336015 time out seconds 336015 name : kube-apiserverrresources 3360 request ount path :/etc/SSL/certs name : ca-certs readonly :真- mount path 3360/etc/ca-certificates name : etc-ca-certificates readonly : true-mount path :/etc/kubernetes/PKI name : k8 s-certy usr/local/share/ca-certificates name : usr-local-share-ca-certificates readonly : true-mount path 3:/USS ca-certificates name : usr-share-ca-certificates readonly : truehost network 3360 truepriorityclassname 3360系统- clartion 0/etc/SSL/certs type : directoryorcreatename : ca-certs -主机路径3360 path :/etc/ca-certificates type : directoryorcreatename : etc-ca-certificates-host path : path :/etc/kubernetes/PKI type : directoryorcreatename : k8s-certs-host path : path :/usr/local/share/ca-certificates type : directoryorcreatename : usr-local-share-ca-certificates-host path 3360 path 3:/usr/SSR ca-certificates type : directoryorcreatename : usr-share-ca-certificates status 3360 { }检查结果$kubeCTLgetpods-nxxxxx