Stack Overflow
Stack Overflow

Questions tagged [kube-apiserver]

The main implementation of a Kubernetes API server is kube-apiserver. kube-apiserver is designed to scale horizontally — that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances.

The kube-apiserver validates and configures data for the API objects which include pods, services, replicationcontrollers, and others.

The API Server services REST operations and provides the frontend to the cluster's shared state through which all other components interact.

132 questions
2
votes
1 answer

Kubernetes on Docker Desktop fails to launch after kube-apiserver certificate expiry

Issue type: Kubernetes on Docker Desktop stopped working due to expired kuber-apiserver certificates OS Version/build: Windows 10 version - 1909 and OS Build - 18363 App version: Docker Desktop 3.03 Steps to reproduce: Install Docker Desktop Enable…
dock-dock
  • 21
  • 2
2
votes
1 answer

How to edit etcd configuration in an existing bare metal kubernetes cluster

I have a standalone Kuberenets cluster installed on some physical RHEL machine. I'm experiencing recurring crashes of etcd and kube-apiserver containers. From their logs, I managed to guess that I need to tune etcd to better perform in this…
Mugen
  • 8,301
  • 10
  • 62
  • 140
2
votes
2 answers

NodePort conflicts wiht kube-apiserver's hostPort

I have a healthy k8s cluster. The kube-apiserver is using port 8443. Then I do something like below. I create/edit a Sevice and assign a fixed nodePort 8443, too. apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app:…
Cain
  • 585
  • 1
  • 9
  • 25
2
votes
1 answer

Availability calculation using PromQL

I'm going to monitor my Kubernetes cluster availability. Prometheus server scraping kube-apiserver metrics and calculate availability percent according to kube-apiserver pods availability. Sometime kube-apiserver pods down and Prometheus server is…
mahmoud shiri varamini
  • 60
  • 7
2
votes
1 answer

kube-api server is not starting (CrashLoopBackOff)

i am unable to start the kube-apiserver on my 1 master node cluster. the kubelet keeps on trying to start the service but get all the time CrashLoopBackOff. i tried to run the container using the docker run command and i m getting the following…
Blkwtch
  • 31
  • 1
  • 7
2
votes
1 answer

Encrypting Secret Data at Rest in Kubernetes AKS?

I am unable to figure out how to change my kube-apiserver. The current version I am using from azure AKS is 1.13.7. Below is what I need to change the kube-apiserver in kubernetes. The kube-apiserver process accepts an argument…
Alex Zimmerman
  • 21
  • 1
  • 9
2
votes
2 answers

Kubernetes: failure loading apiserver-etcd-client certificate: the certificate has expired

I am unable to run any kubectl commands and I believe it is a result of an expired apiserver-etcd-client certificate. $ openssl x509 -in /etc/kubernetes/pki/apiserver-etcd-client.crt -noout -text |grep ' Not ' Not Before: Jun 25 17:28:17…
RandyB
  • 133
  • 1
  • 3
  • 14
2
votes
1 answer

How do I modify kube-apiserver parameters when provisioning a cluster using kops?

the kube-apiserver isn't running /var/log/kube-apiserver.log has the following: Flag --address has been deprecated, see --insecure-bind-address instead. Where are these values stored / configured? I mean yes the originate from my kops config,…
Chris Stryczynski
  • 30,145
  • 48
  • 175
  • 286
2
votes
1 answer

Where is kube-apiserver.yaml?

I would like to add a flag to the kube-apiserver. So I logged in the docker container of the kube-apiserver on the master node and went on a mission to find kube-apiserver.yaml. I heard reports that it was located in…
Doctor
  • 7,115
  • 4
  • 37
  • 55
2
votes
3 answers

How do I set audit related flags on kubeapi-server when using kubeadm?

I'm trying to enable 'auditing'. https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ mentions: You can pass a file with the policy to kube-apiserver using the --audit-policy-file flag. If the flag is omitted, no events are…
Chris Stryczynski
  • 30,145
  • 48
  • 175
  • 286
2
votes
1 answer

Kubernetes - How does API Server / etcd know the status of each Pod?

I understand that kubelet is responsible for taking PodSpecs (usually from the API Server) and running the Pod. Kubernetes Components > Node Components > kubelet "The kubelet takes a set of PodSpecs that are provided through various mechanisms and…
dayuloli
  • 16,205
  • 16
  • 71
  • 126
1
vote
1 answer

Getting 'invalid bearer token' error when integrating webhook-token with Kube-apiserver: How to resolve?

I have created a go server to return tokenreview JSON serialized string as per the docs to validate users using id and password. My go server is able to send back the correct response but it seems like there is some issue with validation which I am…
sw9719
  • 21
  • 3
1
vote
1 answer

What is the value range of the log level parameter --v of kube-apiserver?

I want to change kube-apiserver log level use --v parameter , I checked all the documents, and none of them gave the value range of this parameter. Check the code, the value is int32 type, I tried to fill in 0, 1, 2, and even 9999, all can pass the…
moweiraul
  • 43
  • 4
1
vote
0 answers

Why memory of kube server api in go pprof tool is far less than the memory that actually used?

Our kube api server in master node has one problem recently, its memory keeps growing and will cause OOM kill, now I am looking into this issue and using go pprof tool to check the memory status, but one thing that confused me is that the…
og f91
  • 37
  • 5
1
vote
0 answers

transport: authentication handshake failed: x509: certificate signed by unknown authority,address LimitRanger: missing port in address

when i start a kube-apiserver ,the log shows that W0225 19:40:59.585020 13807 clientconn.go:1208] grpc: addrConn.createTransport failed to connect to {Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv…
oliver
  • 11
  • 2
1 2
3
8 9