[轉]Kubernetes 调整 nodePort 端口范围

https://qhh.me/2019/08/pod 文件定义在 /etc/kubernetes/manifests/kube-apiserver.yaml15/Kubernetes-%E8%B0%83%E6%95%B4-nodePort-%E7%AB%AF%E5%8F%A3%E8%8C%83%E5%9B%B4/

在 command 下添加 –service-node-port-range=1-65535 参数，修改后会自动生效，无需其他操作:

  
apiVersion: v1  
kind: Pod  
metadata:  
  creationTimestamp: null  
  labels:  
    component: kube-apiserver  
    tier: control-plane  
  name: kube-apiserver  
  namespace: kube-system  
spec:  
  containers:  
  - command:  
    - kube-apiserver  
    - --service-node-port-range=1-65535  
    - --advertise-address=192.168.26.10  
    - --allow-privileged=true  
    - --authorization-mode=Node,RBAC  
    - --client-ca-file=/etc/kubernetes/pki/ca.crt  
    - --enable-admission-plugins=NodeRestriction  
    - --enable-bootstrap-token-auth=true  
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt  
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt  
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key  
    - --etcd-servers=https://127.0.0.1:2379  
    - --insecure-port=0  
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt  
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key  
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname  
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt  
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key  
    - --requestheader-allowed-names=front-proxy-client  
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt  
    - --requestheader-extra-headers-prefix=X-Remote-Extra-  
    - --requestheader-group-headers=X-Remote-Group  
    - --requestheader-username-headers=X-Remote-User  
    - --secure-port=6443  
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub  
    - --service-cluster-ip-range=10.96.0.0/12  
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt  
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key  
    image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.2  
    imagePullPolicy: IfNotPresent  
    livenessProbe:  
      failureThreshold: 8  
      httpGet:  
        host: 192.168.26.10  
        path: /healthz  
        port: 6443  
        scheme: HTTPS  
      initialDelaySeconds: 15  
      timeoutSeconds: 15  
    name: kube-apiserver  
    resources:  
      requests:  
        cpu: 250m  
    volumeMounts:  
    - mountPath: /etc/ssl/certs  
      name: ca-certs  
      readOnly: true  
    - mountPath: /etc/pki  
      name: etc-pki  
      readOnly: true  
    - mountPath: /etc/kubernetes/pki  
      name: k8s-certs  
      readOnly: true  
  hostNetwork: true  
  priorityClassName: system-cluster-critical  
  volumes:  
  - hostPath:  
      path: /etc/ssl/certs  
      type: DirectoryOrCreate  
    name: ca-certs  
  - hostPath:  
      path: /etc/pki  
      type: DirectoryOrCreate  
    name: etc-pki  
  - hostPath:  
      path: /etc/kubernetes/pki  
      type: DirectoryOrCreate  
    name: k8s-certs  
status: {}

[轉]Kubernetes 调整 nodePort 端口范围

Sue boy