1#!/bin/bash
2/opt/kubernetes/server/bin/kube-apiserver
3# 是否打印错误信息
4--logtostderr false
5# 日志级别
6--v 2
7# 日志目录
8--log-dir /opt/kubernetes/logs
9# etcd的地址
10--etcd-servers https://192.168.111.119:2379,https://192.168.111.99:2379,https://192.168.111.109:2379
11# 本服务,APIServer的地址
12--bind-address 192.168.111.119
13# 本服务端口
14--secure-port 6443
15# 广播地址
16--advertise-address 192.168.111.119
17# 是否 使用超级管理员权限创建容器
18--allow-privileged true
19# 启动Service时生成的虚拟网段
20--service-cluster-ip-range 10.0.0.0/24
21# 开启插件
22--enable-admission-plugins NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction
23# 授权模式
24--authorization-mode RBAC,Node
25# 实现基于token自动颁发证书
26--enable-bootstrap-token-auth true
27# 颁发证书的token
28--token-auth-file /opt/kubernetes/cfg/token.csv
29# service端口范围
30--service-node-port-range 30000-32767
31--kubelet-client-certificate /opt/ssl/k8sca/etcd.pem
32--kubelet-client-key /opt/ssl/k8sca/etcd-key.pem
33--tls-cert-file /opt/ssl/k8sca/etcd.pem
34--tls-private-key-file /opt/ssl/k8sca/etcd-key.pem
35--client-ca-file /opt/ssl/k8sca/ca.pem
36--service-account-key-file /opt/ssl/k8sca/ca-key.pem
37--etcd-cafile /opt/ssl/k8sca/ca.pem
38--etcd-certfile /opt/ssl/k8sca/etcd.pem
39--etcd-keyfile /opt/ssl/k8sca/etcd-key.pem
40# log的最大限度配置
41--audit-log-maxage 30
42--audit-log-maxbackup 3
43--audit-log-maxsize 100
44--audit-log-path /opt/kubernetes/k8s-audit.log
45