-
|
Hi, for the SSH connection to the instances I want to use a dedicated user called Based on the principle of least privilege, I would like to grant the user only the permissions necessary for the installation (via KubeOne). So far I have been able to break this down to the following commands that I have defined in the # installation
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/os-release
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/kubeone
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/kubeone/proxy-env
kubeone ALL=NOPASSWD:/usr/bin/rm -f /tmp/k1-etc-environment
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/environment
kubeone ALL=NOPASSWD:/usr/sbin/swapoff -a
kubeone ALL=NOPASSWD:/usr/bin/sed -i /.*swap.*/d /etc/fstab
kubeone ALL=NOPASSWD:/usr/bin/systemctl disable --now ufw
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/modules-load.d/containerd.conf
kubeone ALL=NOPASSWD:/usr/sbin/modprobe overlay
kubeone ALL=NOPASSWD:/usr/sbin/modprobe br_netfilter
kubeone ALL=NOPASSWD:/usr/sbin/modprobe ip_tables
kubeone ALL=NOPASSWD:/usr/sbin/modprobe nf_conntrack_ipv4
kubeone ALL=NOPASSWD:/usr/sbin/modprobe nf_conntrack
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/sysctl.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/sysctl.d/k8s.conf
kubeone ALL=NOPASSWD:/usr/sbin/sysctl --system
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/systemd/journald.conf.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/systemd/journald.conf.d/max_disk_use.conf
kubeone ALL=NOPASSWD:/usr/bin/systemctl force-reload systemd-journald
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/apt/apt.conf.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/apt/apt.conf.d/proxy.conf
kubeone ALL=NOPASSWD:/usr/bin/apt-get update
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold -y --no-install-recommends apt-transport-https ca-certificates curl gnupg lsb-release rsync
kubeone ALL=NOPASSWD:/usr/bin/apt-key add -
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/apt/sources.list.d/kubernetes.list
kubeone ALL=NOPASSWD:/usr/bin/apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
kubeone ALL=NOPASSWD:/usr/bin/add-apt-repository deb https\://download.docker.com/linux/ubuntu * stable
kubeone ALL=NOPASSWD:/usr/bin/apt-mark unhold containerd.io
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y containerd.io=*
kubeone ALL=NOPASSWD:/usr/bin/apt-mark hold containerd.io
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/containerd
kubeone ALL=NOPASSWD:/usr/bin/touch /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/crictl.yaml
kubeone ALL=NOPASSWD:/usr/bin/systemctl daemon-reload
kubeone ALL=NOPASSWD:/usr/bin/systemctl enable containerd
kubeone ALL=NOPASSWD:/usr/bin/systemctl restart containerd
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y kubelet=* kubeadm=* kubectl=* kubernetes-cni=* cri-tools=*
kubeone ALL=NOPASSWD:/usr/bin/apt-mark hold kubelet kubeadm kubectl kubernetes-cni cri-tools
kubeone ALL=NOPASSWD:/usr/bin/systemctl daemon-reload
kubeone ALL=NOPASSWD:/usr/bin/systemctl enable --now kubelet
kubeone ALL=NOPASSWD:/usr/bin/systemctl restart kubelet
kubeone ALL=NOPASSWD:/usr/bin/kubeadm config images list --image-repository=registry.k8s.io --kubernetes-version=*
# deinstallation/removal
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 reset --force
kubeone ALL=NOPASSWD:/usr/bin/rm -f /etc/kubernetes/cloud-config
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubernetes/admission
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubernetes/encryption-providers
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /var/lib/etcd/
kubeone ALL=NOPASSWD:/usr/bin/rm -rf ./kubeone
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubeoneIt also looks quite good unfortunately I don't get further with the following step: INFO[15:06:24 CET] Generating kubeadm config file...
INFO[15:06:24 CET] Determining Kubernetes pause image...
[10.110.139.132] + export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/sbin:/usr/local/bin:/opt/bin
[10.110.139.132] + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/sbin:/usr/local/bin:/opt/bin
[10.110.139.132] + sudo kubeadm config images list --image-repository=registry.k8s.io --kubernetes-version=1.25.6
[10.110.139.132] + cut -d : -f2
[10.110.139.132] + grep registry.k8s.io/pause
[10.110.139.132] 3.8
ERRO[15:06:24 CET] mkdir kubeone/cfg: ssh: popen
Process exited with status 1 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required node=10.110.139.132
WARN[15:06:24 CET] Task failed, error was: runtime: running task on "10.110.139.132"
mkdir kubeone/cfg: ssh: popen
Process exited with status 1 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is requiredThis step is executed a total of 10 times, then the kubeone command aborts with the following stacktrace: ---stacktrace---
runtime: running task on "10.110.139.132"
mkdir kubeone/cfg: ssh: popen
Process exited with status 1 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
k8c.io/kubeone/pkg/fail.Runtime
k8c.io/kubeone/pkg/fail/helpers.go:112
k8c.io/kubeone/pkg/tasks.Tasks.Run
k8c.io/kubeone/pkg/tasks/tasks.go:42
k8c.io/kubeone/pkg/cmd.runApplyInstall
k8c.io/kubeone/pkg/cmd/apply.go:320
k8c.io/kubeone/pkg/cmd.runApply
k8c.io/kubeone/pkg/cmd/apply.go:177
k8c.io/kubeone/pkg/cmd.applyCmd.func1
k8c.io/kubeone/pkg/cmd/apply.go:93
github.com/spf13/cobra.(*Command).execute
github.com/spf13/cobra@v1.6.1/command.go:916
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/cobra@v1.6.1/command.go:1044
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/cobra@v1.6.1/command.go:968
k8c.io/kubeone/pkg/cmd.Execute
k8c.io/kubeone/pkg/cmd/root.go:55
main.main
k8c.io/kubeone/main.go:24
runtime.main
runtime/proc.go:250
runtime.goexit
runtime/asm_amd64.s:1594Maybe someone has an idea which commando I have to add to the list so that this step also runs successfully. I have a hunch that the problem is with this function: kubeone/pkg/tasks/kubeadm_config.go Line 54 in 2e12000 |
Beta Was this translation helpful? Give feedback.
Answered by
steled
Mar 15, 2023
Replies: 1 comment
-
|
Finally I could find the answer myself. Below you can find a full list of commands, maybe someone else also want to go this way: # installation
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/os-release
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/kubeone
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/kubeone/proxy-env
kubeone ALL=NOPASSWD:/usr/bin/rm -f /tmp/k1-etc-environment
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/environment
kubeone ALL=NOPASSWD:/usr/sbin/swapoff -a
kubeone ALL=NOPASSWD:/usr/bin/sed -i /.*swap.*/d /etc/fstab
kubeone ALL=NOPASSWD:/usr/bin/systemctl disable --now ufw
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/modules-load.d/containerd.conf
kubeone ALL=NOPASSWD:/usr/sbin/modprobe overlay
kubeone ALL=NOPASSWD:/usr/sbin/modprobe br_netfilter
kubeone ALL=NOPASSWD:/usr/sbin/modprobe ip_tables
kubeone ALL=NOPASSWD:/usr/sbin/modprobe nf_conntrack_ipv4
kubeone ALL=NOPASSWD:/usr/sbin/modprobe nf_conntrack
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/sysctl.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/sysctl.d/k8s.conf
kubeone ALL=NOPASSWD:/usr/sbin/sysctl --system
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/systemd/journald.conf.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/systemd/journald.conf.d/max_disk_use.conf
kubeone ALL=NOPASSWD:/usr/bin/systemctl force-reload systemd-journald
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/apt/apt.conf.d
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/apt/apt.conf.d/proxy.conf
kubeone ALL=NOPASSWD:/usr/bin/apt-get update
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold -y --no-install-recommends apt-transport-https ca-certificates curl gnupg lsb-release rsync
kubeone ALL=NOPASSWD:/usr/bin/apt-key add -
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/apt/sources.list.d/kubernetes.list
kubeone ALL=NOPASSWD:/usr/bin/apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
kubeone ALL=NOPASSWD:/usr/bin/add-apt-repository deb https\://download.docker.com/linux/ubuntu * stable
kubeone ALL=NOPASSWD:/usr/bin/apt-mark unhold containerd.io
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y containerd.io=*
kubeone ALL=NOPASSWD:/usr/bin/apt-mark hold containerd.io
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/containerd
kubeone ALL=NOPASSWD:/usr/bin/touch /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/containerd/config.toml
kubeone ALL=NOPASSWD:/usr/bin/tee /etc/crictl.yaml
kubeone ALL=NOPASSWD:/usr/bin/systemctl daemon-reload
kubeone ALL=NOPASSWD:/usr/bin/systemctl enable containerd
kubeone ALL=NOPASSWD:/usr/bin/systemctl restart containerd
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y kubelet=* kubeadm=* kubectl=* kubernetes-cni=* cri-tools=*
kubeone ALL=NOPASSWD:/usr/bin/apt-mark hold kubelet kubeadm kubectl kubernetes-cni cri-tools
kubeone ALL=NOPASSWD:/usr/bin/systemctl daemon-reload
kubeone ALL=NOPASSWD:/usr/bin/systemctl enable --now kubelet
kubeone ALL=NOPASSWD:/usr/bin/systemctl restart kubelet
kubeone ALL=NOPASSWD:/usr/bin/kubeadm config images list --image-repository=registry.k8s.io --kubernetes-version=*
kubeone ALL=NOPASSWD:/usr/bin/mkdir --mode=700 --parents kubeone/cfg
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/mkdir -p /etc/systemd/system/kubelet.service.d/ /etc/kubernetes
kubeone ALL=NOPASSWD:/usr/bin/mv ./kubeone/cfg/cloud-config /etc/kubernetes/cloud-config
kubeone ALL=NOPASSWD:/usr/bin/chown root\:root /etc/kubernetes/cloud-config
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/cloud-config
kubeone ALL=NOPASSWD:/usr/bin/test -f ./kubeone/cfg/audit-policy.yaml
kubeone ALL=NOPASSWD:/usr/bin/test -f ./kubeone/cfg/podnodeselector.yaml
kubeone ALL=NOPASSWD:/usr/bin/test -f ./kubeone/cfg/encryption-providers.yaml
kubeone ALL=NOPASSWD:/usr/bin/kubeadm config images pull --config=./kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 init phase certs all --config=./kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/mkdir --mode=700 --parents /etc/kubernetes/pki
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/ca.key
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/ca.key
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/ca.key
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/sa.key
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/sa.key
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/sa.key
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/sa.pub
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/sa.pub
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/sa.pub
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/front-proxy-ca.crt
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/front-proxy-ca.crt
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/front-proxy-ca.crt
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/front-proxy-ca.key
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/front-proxy-ca.key
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/front-proxy-ca.key
kubeone ALL=NOPASSWD:/usr/bin/mkdir --mode=700 --parents /etc/kubernetes/pki/etcd
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/etcd/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/etcd/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/etcd/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/pki/etcd/ca.key
kubeone ALL=NOPASSWD:/usr/bin/chmod 600 /etc/kubernetes/pki/etcd/ca.key
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/pki/etcd/ca.key
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/ca.key
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/sa.key
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/sa.pub
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/front-proxy-ca.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/front-proxy-ca.key
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/ca.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/ca.key
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/apiserver-etcd-client.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/apiserver-kubelet-client.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/apiserver.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/healthcheck-client.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/peer.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/server.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/front-proxy-client.crt
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/pki/etcd/server.key
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 init --config=./kubeone/cfg/*
kubeone ALL=NOPASSWD:/usr/bin/cat /etc/kubernetes/admin.conf
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 token create * --ttl 1h0m0s
kubeone ALL=NOPASSWD:/usr/bin/crictl ps --name=kube-apiserver -q
kubeone ALL=NOPASSWD:/usr/bin/crictl logs *
kubeone ALL=NOPASSWD:/usr/bin/grep -q * /tmp/kube-apiserver.log
kubeone ALL=NOPASSWD:/usr/bin/dd status=none iflag=count_bytes\,skip_bytes skip=* count=* if=/etc/kubernetes/manifests/kube-controller-manager.yaml
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /etc/kubernetes/manifests/kube-controller-manager.yaml
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/etc/kubernetes/manifests/kube-controller-manager.yaml
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=coredns-pdb
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=metrics-server
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=cni-canal
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=nodelocaldns
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=machinecontroller
kubeone ALL=NOPASSWD:SETENV:/usr/bin/kubectl apply -f - --prune -l kubeone.io/addon=operating-system-manager
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 join --config=./kubeone/cfg/*
# deinstallation/removal
kubeone ALL=NOPASSWD:/usr/bin/kubeadm --v=6 reset --force
kubeone ALL=NOPASSWD:/usr/bin/rm -f /etc/kubernetes/cloud-config
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubernetes/admission
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubernetes/encryption-providers
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /var/lib/etcd/
kubeone ALL=NOPASSWD:/usr/bin/rm -rf ./kubeone
kubeone ALL=NOPASSWD:/usr/bin/rm -rf /etc/kubeone
# update
kubeone ALL=NOPASSWD:/usr/bin/dd status=none iflag=count_bytes\,skip_bytes skip=* count=* if=/var/lib/kubelet/kubeadm-flags.env
kubeone ALL=NOPASSWD:/usr/bin/truncate --size=0 /var/lib/kubelet/kubeadm-flags.env
kubeone ALL=NOPASSWD:/usr/bin/dd status=none oflag=seek_bytes conv=notrunc seek=0 of=/var/lib/kubelet/kubeadm-flags.env
kubeone ALL=NOPASSWD:/usr/bin/apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y kubeadm=* kubernetes-cni=* cri-tools=*
kubeone ALL=NOPASSWD:/usr/bin/kubeadm upgrade apply -y --certificate-renewal=true * --config=./kubeone/cfg/*
kubeone ALL=NOPASSWD:SETENV:/usr/bin/apt-get install --option Dpkg\:\:Options\:\:=--force-confold --no-install-recommends -y kubelet=* kubectl=* kubernetes-cni=* cri-tools=*
kubeone ALL=NOPASSWD:/usr/bin/kubeadm upgrade node --certificate-renewal=trueEDIT: I updated the list with commands that are needed for a version upgrade of kubernetes. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
steled
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Finally I could find the answer myself.
By the help of the tool Snoopy all the used commands could be logged at the machines and I was able to see which one are needed.
Below you can find a full list of commands, maybe someone else also want to go this way: