1
Write all Admission Controller Plugins, which are enabled in the kube-apiserver manifest, into /root/admission-plugins .
참고
정답
controlplane $ cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep admission-plugins
- --enable-admission-plugins=NodeRestriction,LimitRanger,Priority
controlplane $ cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep admission-plugins > /root/admission-plugins2
Enable the Admission Controller Plugin MutatingAdmissionWebhook .
정답
cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml
vi /etc/kubernetes/manifests/kube-apiserver.yaml
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep admission-plugins
- --enable-admission-plugins=NodeRestriction,LimitRanger,Priority,MutatingAdmissionWebhook적용하는데에 시간이 걸려서 컨테이너 상태를 보려면 아래 명령어 사용
$ watch crictl ps
Every 2.0s: crictl ps controlplane: Sat Feb 1 14:57:50 2025
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
0605c89cc5d51 604f5db92eaa8 37 seconds ago Running kube-apiserver 0 d36c09c7163c6 kube-apiserver-controlplane
4d0cb65e7cc7a 1766f54c897f0 About a minute ago Running kube-scheduler 3 f63c64498a148 kube-scheduler-controlplane
58b8b733a2bb5 045733566833c About a minute ago Running kube-controller-manager 3 662edc963fc95 kube-controller-manager-controlplane
1f47272e90aa8 03c7f74a90d48 40 minutes ago Running local-path-provisioner 1 2ce03503534da local-path-provisioner-6c5cff8948-2x89z
c650e4d99bd55 f9c3c1813269c 40 minutes ago Running calico-kube-controllers 1 5d0228366341e calico-kube-controllers-94fb6bc47-rxh7x
bc6254baccb6e cbb01a7bd410d 40 minutes ago Running coredns 1 7e096f77c6fe1 coredns-57888bfdc7-clhw7
d91df22131a2f cbb01a7bd410d 40 minutes ago Running coredns 1 806eea7109217 coredns-57888bfdc7-bh4rd
59040a9507c64 e6ea68648f0cd 41 minutes ago Running kube-flannel 1 d031db7960477 canal-ln25l
c4751b2a15237 75392e3500e36 41 minutes ago Running calico-node 1 d031db7960477 canal-ln25l
6837821a0eb8c ad83b2ca7b09e 41 minutes ago Running kube-proxy 1 d16874c1ac807 kube-proxy-2mfwz
066feea166867 2e96e5913fc06 41 minutes ago Running etcd 1 4ac50fcb06e5a etcd-controlplane3
Delete Namespace space1 .
Delete Namespace default (throws error)
Disable the Admission Controller Plugin NamespaceLifecycle . It's not recommended to do this at all, we just do this for showing the effect.
It can take a few minutes for the apiserver container to restart after changing the manifest. You can watch using watch crictl ps .
Now delete Namespace default .
정답
# ALWAYS make a backup
cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml
vi /etc/kubernetes/manifests/kube-apiserver.yamlkube-apiserver.yaml에 아래 추가
--disable-admission-plugins=NamespaceLifecyclek delete ns default
