Kubernets master
1. 准备环境¶
ip | 操作系统 | 角色 | 安装软件 | 主机名 |
---|---|---|---|---|
192.168.186.139 | centos7.6_x64 | master1 | docker | k8s-master01 |
192.168.186.141 | centos7.6_x64 | node1 | docker | k8s-node01 |
192.168.186.142 | centos7.6_x64 | node2 | docker | k8s-node02 |
1. 安装好docker 2. 配置docker加速器[dao cloud]
2. 部署¶
- kube-apiserver
- kube-controller-manager
- kube-scheduler
配置文件 -> systemd管理组件 -> 启动
kubernets的下载地址
https://github.com/kubernetes/kubernetes/releases
2.1 kube-apiserver¶
k8s-cert.sh
[root@k8s-master01 k8s-cert]# cat k8s-cert.sh cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF cat > ca-csr.json <<EOF { "CN": "kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Beijing", "ST": "Beijing", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -initca ca-csr.json | cfssljson -bare ca - #----------------------- cat > server-csr.json <<EOF { "CN": "kubernetes", "hosts": [ "10.0.0.1", "127.0.0.1", "192.168.186.139", "192.168.186.140", "192.168.186.141", "192.168.186.142", "192.168.186.143", "192.168.186.144", "192.168.186.145", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server #----------------------- cat > admin-csr.json <<EOF { "CN": "admin", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "system:masters", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin #----------------------- cat > kube-proxy-csr.json <<EOF { "CN": "system:kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
命令
sh k8s-cert.sh ls -l cp ca.pem ca-key.pem server.pem server-key.pem /opt/kubernetes/ssl/ # 生成token文件 BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008 cat > token.csv <<EOF ${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap" EOF mv token.csv /opt/kubernetes/cfg/ # 配置文件和启动文件 cat >/opt/kubernetes/cfg/kube-apiserver<<EOF KUBE_APISERVER_OPTS="--logtostderr=true \\ --v=4 \\ --etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 \\ --bind-address=192.168.186.139 \\ --secure-port=6443 \\ --advertise-address=192.168.186.139 \\ --allow-privileged=true \\ --service-cluster-ip-range=10.0.0.0/24 \\ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\ --authorization-mode=RBAC,Node \\ --kubelet-https=true \\ --enable-bootstrap-token-auth \\ --token-auth-file=/opt/kubernetes/cfg/token.csv \\ --service-node-port-range=30000-50000 \\ --tls-cert-file=/opt/kubernetes/ssl/server.pem \\ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\ --client-ca-file=/opt/kubernetes/ssl/ca.pem \\ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --etcd-cafile=/opt/etcd/ssl/ca.pem \\ --etcd-certfile=/opt/etcd/ssl/server.pem \\ --etcd-keyfile=/opt/etcd/ssl/server-key.pem" EOF 启动文件 cat>/usr/lib/systemd/system/kube-apiserver.service<<EOF [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF # 二进制安装master # 下载二进制包:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md # 下载这个包(kubernetes-server-linux-amd64.tar.gz)就够了,包含了所需的所有组件。 mkdir /opt/kubernetes/{bin,cfg,ssl} -p tar xf kubernetes-server-linux-amd64.tar.gz cd kubernetes/server/bin cp kube-apiserver kube-scheduler kube-controller-manager kubectl /opt/kubernetes/bin # 启动 systemctl start kube-apiserver systemctl status kube-apiserver netstat -lnp|egrep '8080|6443'
配置文件/opt/kubernetes/cfg/kube-apiserver解释
--logtostderr 启用日志 --v 日志等级 --etcd-servers etcd集群地址 --bind-address 监听地址 --secure-port https安全端口 --advertise-address 集群通告地址 --allow-privileged 启用授权 --service-cluster-ip-range Service虚拟IP地址段 --enable-admission-plugins 准入控制模块 --authorization-mode 认证授权,启用RBAC授权和节点自管理 --enable-bootstrap-token-auth 启用TLS bootstrap功能 --token-auth-file token文件 --service-node-port-range Service Node类型默认分配端口范围
详细操作
[root@k8s-master01 k8s-cert]# sh k8s-cert.sh 2019/04/18 15:35:55 [INFO] generating a new CA key and certificate from CSR 2019/04/18 15:35:55 [INFO] generate received request 2019/04/18 15:35:55 [INFO] received CSR 2019/04/18 15:35:55 [INFO] generating key: rsa-2048 2019/04/18 15:35:56 [INFO] encoded CSR 2019/04/18 15:35:56 [INFO] signed certificate with serial number 241119064329440576584372707594511202166980750174 2019/04/18 15:35:56 [INFO] generate received request 2019/04/18 15:35:56 [INFO] received CSR 2019/04/18 15:35:56 [INFO] generating key: rsa-2048 2019/04/18 15:35:56 [INFO] encoded CSR 2019/04/18 15:35:56 [INFO] signed certificate with serial number 534925926822911487989404786746217251923733657099 2019/04/18 15:35:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). 2019/04/18 15:35:56 [INFO] generate received request 2019/04/18 15:35:56 [INFO] received CSR 2019/04/18 15:35:56 [INFO] generating key: rsa-2048 2019/04/18 15:35:56 [INFO] encoded CSR 2019/04/18 15:35:56 [INFO] signed certificate with serial number 112864343340575063841679898865276132997300012231 2019/04/18 15:35:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). 2019/04/18 15:35:56 [INFO] generate received request 2019/04/18 15:35:56 [INFO] received CSR 2019/04/18 15:35:56 [INFO] generating key: rsa-2048 2019/04/18 15:35:56 [INFO] encoded CSR 2019/04/18 15:35:56 [INFO] signed certificate with serial number 639713345028309638507679332001340084790736763856 2019/04/18 15:35:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). [root@k8s-master01 k8s-cert]# ls -l total 72 -rw-r--r-- 1 root root 1009 Apr 18 15:35 admin.csr -rw-r--r-- 1 root root 229 Apr 18 15:35 admin-csr.json -rw------- 1 root root 1675 Apr 18 15:35 admin-key.pem -rw-r--r-- 1 root root 1399 Apr 18 15:35 admin.pem -rw-r--r-- 1 root root 294 Apr 18 15:35 ca-config.json -rw-r--r-- 1 root root 1001 Apr 18 15:35 ca.csr -rw-r--r-- 1 root root 263 Apr 18 15:35 ca-csr.json -rw------- 1 root root 1679 Apr 18 15:35 ca-key.pem -rw-r--r-- 1 root root 1359 Apr 18 15:35 ca.pem -rw-r--r-- 1 root root 2370 Apr 18 15:34 k8s-cert.sh -rw-r--r-- 1 root root 1009 Apr 18 15:35 kube-proxy.csr -rw-r--r-- 1 root root 230 Apr 18 15:35 kube-proxy-csr.json -rw------- 1 root root 1675 Apr 18 15:35 kube-proxy-key.pem -rw-r--r-- 1 root root 1403 Apr 18 15:35 kube-proxy.pem -rw-r--r-- 1 root root 1293 Apr 18 15:35 server.csr -rw-r--r-- 1 root root 663 Apr 18 15:35 server-csr.json -rw------- 1 root root 1679 Apr 18 15:35 server-key.pem -rw-r--r-- 1 root root 1659 Apr 18 15:35 server.pem [root@k8s-master01 k8s-cert]# cp ca.pem ca-key.pem server.pem server-key.pem /opt/kubernetes/ssl/ [root@k8s-master01 k8s-cert]# BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008 [root@k8s-master01 k8s-cert]# cat > token.csv <<EOF > ${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap" > EOF [root@k8s-master01 k8s-cert]# cat token.csv 0fb61c46f8991b718eb38d27b605b008,kubelet-bootstrap,10001,"system:kubelet-bootstrap" [root@k8s-master01 k8s-cert]# mv token.csv /opt/kubernetes/cfg/ # [root@k8s-master01 k8s-cert]# cat >/opt/kubernetes/cfg/kube-apiserver<<EOF > KUBE_APISERVER_OPTS="--logtostderr=true \\ > --v=4 \\ > --etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 \\ > --bind-address=192.168.186.139 \\ > --secure-port=6443 \\ > --advertise-address=192.168.186.139 \\ > --allow-privileged=true \\ > --service-cluster-ip-range=10.0.0.0/24 \\ > --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\ > --authorization-mode=RBAC,Node \\ > --kubelet-https=true \\ > --enable-bootstrap-token-auth \\ > --token-auth-file=/opt/kubernetes/cfg/token.csv \\ > --service-node-port-range=30000-50000 \\ > --tls-cert-file=/opt/kubernetes/ssl/server.pem \\ > --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\ > --client-ca-file=/opt/kubernetes/ssl/ca.pem \\ > --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\ > --etcd-cafile=/opt/etcd/ssl/ca.pem \\ > --etcd-certfile=/opt/etcd/ssl/server.pem \\ > --etcd-keyfile=/opt/etcd/ssl/server-key.pem" > EOF [root@k8s-master01 k8s-cert]# mkdir /opt/kubernetes/{bin,cfg,ssl} -p [root@k8s-master01 ~]# cd /root/soft/ [root@k8s-master01 soft]# tar xf kubernetes-server-linux-amd64.tar.gz [root@k8s-master01 soft]# cd kubernetes/server/bin [root@k8s-master01 bin]# cp kube-apiserver kube-scheduler kube-controller-manager kubectl /opt/kubernetes/bin # 启动kube-apiserver [root@k8s-master01 k8s-cert]# systemctl start kube-apiserver # 查看状态 [root@k8s-master01 k8s-cert]# systemctl status kube-apiserver ● kube-apiserver.service - Kubernetes API Server Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2019-04-18 15:52:22 CST; 2min 55s ago Docs: https://github.com/kubernetes/kubernetes Main PID: 107702 (kube-apiserver) Tasks: 14 Memory: 271.7M CGroup: /system.slice/kube-apiserver.service └─107702 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 --bi... Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.038216 107702 wrap.go:47] GET /apis/admissionregistration.k8s.io/v1beta1?timeout=32s: (167.098µs) 200 [kub…86.139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.038905 107702 wrap.go:47] GET /apis/apiextensions.k8s.io/v1beta1?timeout=32s: (123.136µs) 200 [kube-apiser…86.139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.039633 107702 wrap.go:47] GET /apis/scheduling.k8s.io/v1beta1?timeout=32s: (183.735µs) 200 [kube-apiserver…86.139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.040199 107702 wrap.go:47] GET /apis/coordination.k8s.io/v1beta1?timeout=32s: (172.826µs) 200 [kube-apiserv…86.139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.505740 107702 wrap.go:47] GET /api/v1/namespaces/default: (3.237194ms) 200 [kube-apiserver/v1.13.4 (linux/....139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.513184 107702 wrap.go:47] GET /api/v1/namespaces/default/services/kubernetes: (6.18309ms) 200 [kube-apiser....139:40042] Apr 18 15:54:59 k8s-master01 kube-apiserver[107702]: I0418 15:54:59.523248 107702 wrap.go:47] GET /api/v1/namespaces/default/endpoints/kubernetes: (2.810184ms) 200 [kube-apis....139:40042] Apr 18 15:55:09 k8s-master01 kube-apiserver[107702]: I0418 15:55:09.536820 107702 wrap.go:47] GET /api/v1/namespaces/default: (6.354246ms) 200 [kube-apiserver/v1.13.4 (linux/....139:40042] Apr 18 15:55:09 k8s-master01 kube-apiserver[107702]: I0418 15:55:09.544944 107702 wrap.go:47] GET /api/v1/namespaces/default/services/kubernetes: (5.982051ms) 200 [kube-apise....139:40042] Apr 18 15:55:09 k8s-master01 kube-apiserver[107702]: I0418 15:55:09.565551 107702 wrap.go:47] GET /api/v1/namespaces/default/endpoints/kubernetes: (1.775132ms) 200 [kube-apis....139:40042] Hint: Some lines were ellipsized, use -l to show in full. 查看进程 [root@k8s-master01 k8s-cert]# ps axf|grep kube 112457 pts/1 S+ 0:00 \_ grep --color=auto kube 107702 ? Ssl 0:19 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 --bind-address=192.168.186.139 --secure-port=6443 --advertise-address=192.168.186.139 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem 查看端口 [root@k8s-master01 k8s]# netstat -lnp|egrep '8080|6443' tcp 0 0 192.168.186.139:6443 0.0.0.0:* LISTEN 107702/kube-apiserv tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 107702/kube-apiserv
token.csv是kubelet加入集群时候颁发证书使用
2.2 kube-controller-manager¶
controller-manager.sh
[root@k8s-master01 k8s]# cat controller-manager.sh #!/bin/bash MASTER_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect=true \\ --address=127.0.0.1 \\ --service-cluster-ip-range=10.0.0.0/24 \\ --cluster-name=kubernetes \\ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --root-ca-file=/opt/kubernetes/ssl/ca.pem \\ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --experimental-cluster-signing-duration=87600h0m0s" EOF cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-controller-manager systemctl restart kube-controller-manager
sh controller-manager.sh 127.0.0.1
[root@k8s-master01 k8s]# sh controller-manager.sh 127.0.0.1 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service. 检查 [root@k8s-master01 k8s]# ps axf|grep kube-con 122803 pts/1 S+ 0:00 \_ grep --color=auto kube-con 120170 ? Ssl 0:08 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader- elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s
2.3 kube-scheduler¶
scheduler.sh
[root@k8s-master01 k8s]# cat scheduler.sh #!/bin/bash MASTER_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect" EOF cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-scheduler systemctl restart kube-scheduler
logtostderr 也可以配置单独日志输出地方
sh scheduler.sh 127.0.0.1
[root@k8s-master01 k8s]# sh scheduler.sh 127.0.0.1 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service. 检查 [root@k8s-master01 k8s]# ps axf|grep kube-sch 122835 pts/1 S+ 0:00 \_ grep --color=auto kube-sch 121551 ? Ssl 0:02 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect
2.4 查看集群状态¶
拷贝管理bin
[root@k8s-master01 k8s]# cp /root/soft/kubernetes/server/bin/kubectl /usr/bin/ [root@k8s-master01 k8s]# kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"}
cs 是缩写
如上输出说明,节点master各个组件都正常。
cs 是componentstatuses缩写
[root@k8s-master01 bin]# kubectl get componentstatuses NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-1 Healthy {"health":"true"} etcd-0 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"}
常见缩写
[root@k8s-master01 k8s]# kubectl api-resources NAME SHORTNAMES APIGROUP NAMESPACED KIND bindings true Binding componentstatuses cs false ComponentStatus configmaps cm true ConfigMap endpoints ep true Endpoints events ev true Event limitranges limits true LimitRange namespaces ns false Namespace nodes no false Node persistentvolumeclaims pvc true PersistentVolumeClaim persistentvolumes pv false PersistentVolume pods po true Pod podtemplates true PodTemplate replicationcontrollers rc true ReplicationController resourcequotas quota true ResourceQuota secrets true Secret serviceaccounts sa true ServiceAccount services svc true Service mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition apiservices apiregistration.k8s.io false APIService controllerrevisions apps true ControllerRevision daemonsets ds apps true DaemonSet deployments deploy apps true Deployment replicasets rs apps true ReplicaSet statefulsets sts apps true StatefulSet tokenreviews authentication.k8s.io false TokenReview localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview subjectaccessreviews authorization.k8s.io false SubjectAccessReview horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler cronjobs cj batch true CronJob jobs batch true Job certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest leases coordination.k8s.io true Lease events ev events.k8s.io true Event daemonsets ds extensions true DaemonSet deployments deploy extensions true Deployment ingresses ing extensions true Ingress networkpolicies netpol extensions true NetworkPolicy podsecuritypolicies psp extensions false PodSecurityPolicy replicasets rs extensions true ReplicaSet networkpolicies netpol networking.k8s.io true NetworkPolicy poddisruptionbudgets pdb policy true PodDisruptionBudget podsecuritypolicies psp policy false PodSecurityPolicy clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding clusterroles rbac.authorization.k8s.io false ClusterRole rolebindings rbac.authorization.k8s.io true RoleBinding roles rbac.authorization.k8s.io true Role priorityclasses pc scheduling.k8s.io false PriorityClass storageclasses sc storage.k8s.io false StorageClass volumeattachments storage.k8s.io false VolumeAttachment