K8S基础服务(apiserver、controller、scheduler、etcd)时区设置
使用PodPreset可以修改所有容器的时区(在pod 创建时,用户可以使用 podpreset 对象将特定信息注入 pod 中,这些信息可以包括 secret、 卷、 卷挂载和环境变量)
1.1、默认k8s是没有开启PodPreset的,开启PodPreset需要修改kube-apiserver的配置
1.2、添加一个–runtime-config=settings.k8s.io/v1alpha1=true或者–runtime-config=api/all=true
1.3、在–enable-admission-plugins的后面增加一个PodPreset
[root@k8s-singlenode-xxx manifests]# pwd
/etc/kubernetes/manifests
[root@k8s-singlenode-xxx manifests]# cat kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: xxx.xxx.xxx.xxx:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=100.64.22.23
- --allow-privileged=true
- --audit-log-format=json
- --audit-log-maxage=7
- --audit-log-maxbackup=10
- --audit-log-maxsize=100
- --audit-log-path=/var/log/kubernetes/audit.log
- --audit-policy-file=/etc/kubernetes/audit-policy.yml
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
##########变更配置位置#########
- --enable-admission-plugins=NodeRestriction,PodPreset
- --runtime-config=api/all=true
#########变更配置位置##########
- --enable-aggregator-routing=true
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379
- --feature-gates=TTLAfterFinished=true,EphemeralContainers=true
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=6443
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --service-cluster-ip-range=10.96.0.0/22
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
1.4、创建Podpreset
yaml文件
apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: tz-env
spec:
selector:
matchLabels:
env:
- name: TZ
value: Asia/Shanghai
1.4、podpreset只对当前名称空间生效
注意
Pod Preset是namespace级别的对象,其作用范围只能是同一个命名空间下容器
matchLabels为空代表选择所有
要为所有命名空间下配置可以执行脚本:
#!/bin/bash
namespaces=`kubectl get namespaces | awk 'NR>=2{print $1'}`
for namespace in $namespaces
do
kubectl apply -n $namespace -f pod-preset.yaml
done
2.1、etcd
/etc/kubernetes/manifests/etcd.yaml
volumeMounts:
- mountPath: /etc/localtime
name: host-time
readOnly: true
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time
2.2、K8S组件
apiserver、controller、scheduler同上
/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-scheduler.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml
参考:https://blog.csdn.net/u010389826/article/details/132357697
参考:https://blog.csdn.net/sunnyliuqi/article/details/122323557