Enabling API versions
Updated Apr 07, 2022 ·
Overview
This scenario was encountered during CKA and CKAD exam study.
To enable the v1alpha1 version for the rbac.authorization.k8s.io API group on the control plane node, follow the steps below.
NOTE
Incorrect changes to the config file may make the API server unavailable and potentially break the cluster.
Steps
-
Check the available resources:
kubectl api-resources | grep authorization.k8s.ioOutput:
localsubjectaccessreviews authorization.k8s.io/v1 true LocalSubjectAccessReviewselfsubjectaccessreviews authorization.k8s.io/v1 false SelfSubjectAccessReviewselfsubjectrulesreviews authorization.k8s.io/v1 false SelfSubjectRulesReviewsubjectaccessreviews authorization.k8s.io/v1 false SubjectAccessReviewclusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBindingclusterroles rbac.authorization.k8s.io/v1 false ClusterRolerolebindings rbac.authorization.k8s.io/v1 true RoleBindingroles rbac.authorization.k8s.io/v1 true Role -
Backup the API server manifest file before making any changes:
cp /etc/kubernetes/manifests/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml.bak -
Modify
kube-apiserver.yamlto include the--runtime-configflag:apiVersion: v1kind: Podmetadata:name: kube-apiservernamespace: kube-systemspec:containers:- command:- kube-apiserver- --runtime-config=rbac.authorization.k8s.io/v1alpha1- --other-flags... -
After saving the changes, the kubelet will recreate the apiserver pod. Ensure that the
kube-apiserverpod is running.kubectl get po -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-5d78c9869d-s664z 1/1 Running 0 33mcoredns-5d78c9869d-xvhgl 1/1 Running 0 33metcd-controlplane 1/1 Running 0 33mkube-apiserver-controlplane 1/1 Running 0 109skube-controller-manager-controlplane 1/1 Running 2 (40s ago) 33mkube-proxy-p24r9 1/1 Running 0 33mkube-scheduler-controlplane 1/1 Running 2 (41s ago) 33m