본문 바로가기

[kubernetes 쿠버네티스] kube-API server 이란

인포꿀팁 발행일 : 2022-02-10

API 서버

쿠버네티스는 모든 명령과 통신을 API를 통해서 하는데, 그 중심이 되는 서버가 API서버이다.

쿠버네티스의 모든 기능들을 REST API로 제공하고 그에 대한 명령을 처리한다.

작동 원리

  1. 유저 검증
  2. 검증 요청
  3. 데이터 반환
  4. etcd 업데이트
  5. 스케쥴러
  6. kubelet 실행

특징

  • kube-api server는 etcd 데이터저장소와 직접적으로 연결되는 유일한 컴포넌트다.
  • kube-api server는 여러 파라미터와 함께 구동된다.
    • etcd-cafile
    • etcd-certifile
    • etcd-keyfile
    • kubelet-certificate
    • kubelet-client-certificate
    • kubelet-client-key
    • kubelet-https
    • 등등

api-server 체크

kubectl get pods -n kube-system

api-server 옵션체크 방법

cat /etc/systemd/system/kube-apiserver.service
[Service]
ExecStart=/usr/local/bin/kube-apiserver \\\\
--advertise-address=${INTERNAL_IP} \\\\
--allow-privileged=true \\\\
--apiserver-count=3 \\\\
--audit-log-maxage=30 \\\\
--audit-log-maxbackup=3 \\\\
--audit-log-maxsize=100 \\\\
--audit-log-path=/var/log/audit.log \\\\
--authorization-mode=Node,RBAC \\\\
--bind-address=0.0.0.0 \\\\
--client-ca-file=/var/lib/kubernetes/ca.pem \\\\
--enable-admissionplugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,Defa
ultStorageClass,ResourceQuota \\\\
--enable-swagger-ui=true \\\\
--etcd-cafile=/var/lib/kubernetes/ca.pem \\\\
--etcd-certfile=/var/lib/kubernetes/kubernetes.pem \\\\
--etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem \\\\
--etcdservers=https://10.240.0.10:2379,<https://10.240.0.11:2379>,<https://10.240.0.12:2379> \\\\
--event-ttl=1h \\\\
--experimental-encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml
\\\\
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \\\\
--kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem \\\\

ps -aux | grep kube-apiserver
root 2348 3.3 15.4 399040 315604 ? Ssl 15:46 1:22 kube-apiserver --authorization-mode=Node,RBAC --
advertise-address=172.17.0.32 --allow-privileged=true --client-ca-file=/etc/kubernetes/pki/ca.crt --disableadmission-plugins=PersistentVolumeLabel --enable-admission-plugins=NodeRestriction--enable-bootstrap-tokenauth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcdclient.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --
insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-clientkey=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-addresstypes=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxyclient-key-file=/etc/kubernetes/pki/front-proxy-client.key--requestheader-allowed-names=front-proxy-client --
requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-RemoteExtra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secureport=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-cluster-ip-range=10.96.0.0/12

'Infra > Kubernetes&OCP' 카테고리의 다른 글

[Kubernetes] labels, selector  (0) 2022.02.14
[OCP] podman 으로 이미지 가져오기  (0) 2022.02.10
[kubernetes 쿠버네티스] etcd란?  (0) 2022.02.10
Dockerfile 로 apache Deployment 배포하기  (0) 2022.02.07
컨테이너 vs 가상머신(Container vs VM)  (0) 2022.02.07

관련글

댓글

티스토리툴바