Looking at documentation for installing Knative requires a Kubernetes cluster v1.11 or newer with the MutatingAdmissionWebhook admission controller enabled. So checking the documentation for this I see the following command:
kube-apiserver -h | grep enable-admission-plugins
However, kube-apiserver is running inside a docker container on master. Logging in as admin to master, I am not seeing this on the command line after install. What steps do I need to take to to run this command? Its probably a basic docker question but I dont see this documented anywhere in Kubernetes documentation.
So what I really need to know is if this command line is the best way to set these plugins and also how exactly to enter the container to execute the command line.
Where is kube-apiserver located
Should I enter the container? What is name of container and how do I enter it to execute the command?
I think that answer from @embik that you've pointed out in the initial question is quite decent, but I'll try to shed light on some aspects that can be useful for you.
As @embik mentioned in his answer, kube-apiserver
binary actually resides on particular container within K8s api-server Pod, therefore you can free to check it, just execute /bin/sh
on that Pod:
kubectl exec -it $(kubectl get pods -n kube-system| grep kube-apiserver|awk '{print $1}') -n kube-system -- /bin/sh
You might be able to propagate the desired enable-admission-plugins through kube-apiserver
command inside this Pod, however any modification will disappear once api-server Pod re-spawns, i.e. master node reboot, etc.
The essential api-server config located in /etc/kubernetes/manifests/kube-apiserver.yaml
. Node agent kubelet controls kube-apiserver
runtime Pod, and each time when health checks are not successful kubelet
sents a request to K8s Scheduler in order to re-create this affected Pod from primary kube-apiserver.yaml
file.