Cat > Kube-apiserver.service <<eof[unit]description=kubernetes API serverdocumentation=https://github.com/ Googlecloudplatform/kubernetesafter=network.target[service]execstart=/usr/local/bin/kube-apiserver \-- Admission-control=serviceaccount,defaultstorageclass,resourcequota,limitranger,namespacelifecycle \-- Allow-privileged=true \ # docker run--privileged--authorization-mode=rbac \ # licensing Mode--advertise-address=192.168.1 4.132 \ \ #告诉别人在我是谁--insecure-bind-address=192.168.14.132 \ \ #非安全端口监听的ip--insecure-port=8080 \ # Non-secure port listening port--bind-ad dress=0.0.0.0 \ # Secure port listening IP--secure-port=6443 \ # secure port--runtime-config=rbac.authorization.k8s.io/v1alpha1 \ \ # Turn on or off support for an API version--kubelet-https=true \ \ #指定kubelet使用https--experimental-bootstrap-token-auth \--token-auth-file =/etc/kubernetes/token.csv \--service-cluster-ip-range=10.254.0.0/16 \--service-node-port-range=30000-65535 \--t LS-CERT-FILE=/ETC/KUBERNETES/SSL/SERVER.CRT \--tls-private-key-fiLe=/etc/kubernetes/ssl/server.key \--client-ca-file=/etc/kubernetes/ssl/ca.crt \--service-account-key-file=/etc/ Kubernetes/ssl/ca.key \--etcd-cafile=/etc/kubernetes/ssl/ca.pem \--etcd-servers=http://192.168.14.132:2379 \--ena ble-swagger-ui=true \--apiserver-count=3 \--audit-log-path=/var/log/kubernetes/apiserver.log \ #审计日志路径--audit-l og-maxsize=100 \ #日志文件最大大小 (MB), after automatic rotation (default is 100MB)--audit-log-maxbackup=3 \ \ #旧日志文件最多保留个数--audit-log-maxage=30 \ \ #旧日志最长保留天数--event-ttl=1h \--logtostderr=false \ #不输出到--v=2 #debug级别是0Restart =on-failurerestartsec=5type=notifyli Mitnofile=65536[install]wantedby=multi-user.targeteof
[k8s]k8s api-server start systemd parameter analysis