简体繁体 English

对于GKE，我们如何控制控制平面的配置？

[英]for GKE how can we control the configuration of the control plane?

原文 2022-02-18 09:43:09 1 1 google-kubernetes-engine/ kube-apiserver

I am creating a GKE cluster (4 nodes) and deploying applications on it.我正在创建一个 GKE 集群（4 个节点）并在其上部署应用程序。

While doing that the API server become unresponsive for a few minutes.这样做时，API 服务器会在几分钟内没有响应。

Want to create a GKE cluster with scaled control plane.想要创建具有扩展控制平面的 GKE 集群。

1 个解决方案

As I mentioned in the comment section, you cannot change anything in the GKE master, its fully managed by googler.正如我在评论部分中提到的，您无法更改 GKE master 中的任何内容，它完全由 googler 管理。

In overall GKE Documentation you can find information that it's managed by GKE SRE在整个GKE 文档中，您可以找到它由 GKE SRE 管理的信息

Fully managed: GKE clusters are fully managed by Google Site Reliability Engineers (SREs), ensuring your cluster is available and up-to-date.完全托管： GKE 集群由 Google 站点可靠性工程师 (SRE) 完全管理，确保您的集群可用且是最新的。

One of the reasons why only Google can manage your cluster is described Vulnerability and patch management part of GKE documentation, however there are a few more reasons. GKE 文档的漏洞和补丁管理部分描述了只有 Google 可以管理您的集群的原因之一，但是还有更多原因。

GKE control plane components are managed by a team of Google site reliability engineers, and are kept up to date with the latest security patches. GKE 控制平面组件由 Google 网站可靠性工程师团队管理，并保持最新的安全补丁。 This includes patches to the host operating system, Kube.netes components, and containers running on the control plane VMs.这包括主机操作系统、Kube.netes 组件和在控制平面 VM 上运行的容器的补丁。

Additional information you can find also in Control plane security :您还可以在控制平面安全中找到其他信息：

Under the Shared Responsibility Model, Google manages the GKE control plane components for you.根据共同责任 Model，Google 为您管理 GKE 控制平面组件。 The control plane includes the Kube.netes API server, etcd, and other controllers.控制平面包括Kube.netes API服务器，etcd，以及其他控制器。 Google is responsible for securing the control plane, though you might be able to configure certain options based on your requirements. Google 负责保护控制平面，但您可以根据您的要求配置某些选项。 You are responsible for securing your nodes, containers, and Pods.您负责保护您的节点、容器和 Pod。

Regarding the second part, where you want to have multiple masters, you can achieve it creating Regional Cluster .关于第二部分，如果你想拥有多个 master，你可以通过创建Regional Cluster来实现。

In contrast to zonal clusters that have a single control plane in a single zone , regional clusters increase the availability of both a cluster's control plane and its nodes by replicating them across multiple zones in a region .与在单个区域中具有单个控制平面的区域集群相比，区域集群通过跨区域中的多个区域复制它们来提高集群控制平面及其节点的可用性。 This provides the advantages of multi-zonal clusters这提供了多区域集群的优势

... ...

The control plane is replicated across three zones of a region.控制平面在一个区域的三个区域中复制。 For node pools, you can manually specify the zone(s) in which the cluster's node pools run or you can use the default configuration, which replicates each node pool across three zones of the control plane's region.对于节点池，您可以手动指定运行集群节点池的区域，也可以使用默认配置，即跨控制平面区域的三个区域复制每个节点池。 All zones must be within the same region as the cluster's control plane.所有区域都必须与集群的控制平面位于同一区域内。

To sum up:总结：

Google is responsible for your GKE cluster control plane, and you can't do much about it Google 负责您的 GKE 集群控制平面，您对此无能为力
If you want to have more Control Plane, you can achieve this by using Regional cluster instead of Zonal如果你想拥有更多的控制平面，你可以通过使用Regional集群而不是区域Zonal来实现
Just as addition, if your application have issues with accessibility, you can think about HPA or Cluster Autoscaler另外，如果您的应用程序存在可访问性问题，您可以考虑HPA或Cluster Autoscaler