Migrate config to KubeletConfiguration
This patchset changes the way that kubelet receives it configuration parameters so that we can enable [dynamic kubelet configuration][1] down the line. Starting in Kubernetes v1.11 the configuration of some parameters has been moved from command line arguments to a static [configuration file][2]. [1] https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/ [2] https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ Change-Id: Id406ae81fcf44ed0319513e5befc37fd4cff30e5
This commit is contained in:
parent
26ef1d7b9f
commit
fd1ff8444d
@ -2,9 +2,12 @@ Kubelet
|
|||||||
=======
|
=======
|
||||||
|
|
||||||
Configuration for the Kubernetes worker daemon (the Kubelet). This document
|
Configuration for the Kubernetes worker daemon (the Kubelet). This document
|
||||||
contains two keys: ``arguments`` and ``images``. The ``arguments`` are
|
contains three keys: ``arguments``, ``images``, and ``config_file_overrides``.
|
||||||
appended directly to the ``kubelet`` command line, along with arguments that
|
The ``arguments`` are appended directly to the ``kubelet`` command line,
|
||||||
are controlled by Promenade more directly.
|
along with arguments that are controlled by Promenade more directly.
|
||||||
|
The ``config_file_overrides`` are appended directly to the static kubelet
|
||||||
|
configuration file and only consists of a subset of kubelet arguments.
|
||||||
|
More information regarding the format for this key can be found here_.
|
||||||
|
|
||||||
The only image that is configurable is for the ``pause`` container.
|
The only image that is configurable is for the ``pause`` container.
|
||||||
|
|
||||||
@ -27,9 +30,12 @@ Here is a sample document:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --v=5
|
- --v=5
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
|
||||||
|
.. _here: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file
|
||||||
|
@ -11,14 +11,16 @@ data:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --serialize-image-pulls=false
|
|
||||||
- --anonymous-auth=false
|
|
||||||
- --feature-gates=PodShareProcessNamespace=true
|
|
||||||
- --v=3
|
- --v=3
|
||||||
- --cgroup-root=/kube_whitelist
|
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
cgroupRoot: "/kube_whitelist"
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
featureGates:
|
||||||
|
PodShareProcessNamespace: true
|
||||||
|
TaintBasedEvictions: false
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
serializeImagePulls: false
|
||||||
...
|
...
|
||||||
|
@ -11,11 +11,12 @@ data:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --serialize-image-pulls=false
|
|
||||||
- --v=5
|
- --v=5
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
serializeImagePulls: false
|
||||||
...
|
...
|
||||||
|
@ -11,13 +11,15 @@ data:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --serialize-image-pulls=false
|
|
||||||
- --anonymous-auth=false
|
|
||||||
- --feature-gates=PodShareProcessNamespace=true
|
|
||||||
- --v=3
|
- --v=3
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
featureGates:
|
||||||
|
PodShareProcessNamespace: true
|
||||||
|
TaintBasedEvictions: false
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
serializeImagePulls: false
|
||||||
...
|
...
|
||||||
|
@ -26,6 +26,8 @@ data:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
config_file_overrides:
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- images
|
- images
|
||||||
additionalProperties: false
|
additionalProperties: false
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: "/etc/kubernetes/pki/kubelet-client-ca.pem"
|
||||||
|
authorization:
|
||||||
|
mode: AlwaysAllow
|
||||||
|
clusterDNS:
|
||||||
|
- {{ config['KubernetesNetwork:dns.service_ip'] }}
|
||||||
|
clusterDomain: {{ config['KubernetesNetwork:dns.cluster_domain'] }}
|
||||||
|
staticPodPath: "/etc/kubernetes/manifests"
|
||||||
|
tlsCertFile: "/etc/kubernetes/pki/kubelet.pem"
|
||||||
|
tlsPrivateKeyFile: "/etc/kubernetes/pki/kubelet-key.pem"
|
||||||
|
{%- if config['Kubelet:config_file_overrides'] is defined %}
|
||||||
|
{{ config.get_path('Kubelet:config_file_overrides') | toyaml }}
|
||||||
|
{%- endif %}
|
@ -5,16 +5,10 @@ After=network-online.target
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/opt/kubernetes/bin/kubelet \
|
ExecStart=/opt/kubernetes/bin/kubelet \
|
||||||
--anonymous-auth=false \
|
--config=/etc/kubernetes/kubelet/config.yaml \
|
||||||
--client-ca-file=/etc/kubernetes/pki/kubelet-client-ca.pem \
|
|
||||||
--cluster-dns={{ config['KubernetesNetwork:dns.service_ip'] }} \
|
|
||||||
--cluster-domain={{ config['KubernetesNetwork:dns.cluster_domain'] }} \
|
|
||||||
--hostname-override={{ config.get_first('Genesis:hostname', 'KubernetesNode:hostname') }} \
|
--hostname-override={{ config.get_first('Genesis:hostname', 'KubernetesNode:hostname') }} \
|
||||||
--kubeconfig=/etc/kubernetes/kubeconfig \
|
--kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--node-ip={{ config.get_first('Genesis:ip', 'KubernetesNode:ip') }} \
|
--node-ip={{ config.get_first('Genesis:ip', 'KubernetesNode:ip') }} \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
||||||
--tls-cert-file=/etc/kubernetes/pki/kubelet.pem \
|
|
||||||
--tls-private-key-file=/etc/kubernetes/pki/kubelet-key.pem \
|
|
||||||
{%- if config['Genesis:labels.static'] is defined %}
|
{%- if config['Genesis:labels.static'] is defined %}
|
||||||
--node-labels={{ config['Genesis:labels.static'] | join(',') }} \
|
--node-labels={{ config['Genesis:labels.static'] | join(',') }} \
|
||||||
{%- elif config['KubernetesNode:labels.static'] is defined %}
|
{%- elif config['KubernetesNode:labels.static'] is defined %}
|
||||||
|
@ -201,12 +201,15 @@ VALID_DOCS = [
|
|||||||
'data': {
|
'data': {
|
||||||
'arguments': [
|
'arguments': [
|
||||||
'--cni-bin-dir=/opt/cni/bin', '--cni-conf-dir=/etc/cni/net.d',
|
'--cni-bin-dir=/opt/cni/bin', '--cni-conf-dir=/etc/cni/net.d',
|
||||||
'--eviction-max-pod-grace-period=-1', '--network-plugin=cni',
|
'--network-plugin=cni', '--v=5'
|
||||||
'--node-status-update-frequency=5s',
|
|
||||||
'--serialize-image-pulls=false', '--v=5'
|
|
||||||
],
|
],
|
||||||
'images': {
|
'images': {
|
||||||
'pause': 'gcr.io/google_containers/pause-amd64:3.0'
|
'pause': 'gcr.io/google_containers/pause-amd64:3.0'
|
||||||
|
},
|
||||||
|
'config_file_overrides': {
|
||||||
|
'evictionMaxPodGracePeriod': -1,
|
||||||
|
'nodeStatusUpdateFrequency': '5s',
|
||||||
|
'serializeImagePulls': 'false'
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
'metadata': {
|
'metadata': {
|
||||||
|
@ -11,11 +11,12 @@ data:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --serialize-image-pulls=false
|
|
||||||
- --v=5
|
- --v=5
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
serializeImagePulls: false
|
||||||
...
|
...
|
||||||
|
@ -120,11 +120,12 @@ data:
|
|||||||
arguments:
|
arguments:
|
||||||
- --cni-bin-dir=/opt/cni/bin
|
- --cni-bin-dir=/opt/cni/bin
|
||||||
- --cni-conf-dir=/etc/cni/net.d
|
- --cni-conf-dir=/etc/cni/net.d
|
||||||
- --eviction-max-pod-grace-period=-1
|
|
||||||
- --network-plugin=cni
|
- --network-plugin=cni
|
||||||
- --node-status-update-frequency=5s
|
|
||||||
- --serialize-image-pulls=false
|
|
||||||
- --v=5
|
- --v=5
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
config_file_overrides:
|
||||||
|
evictionMaxPodGracePeriod: -1
|
||||||
|
nodeStatusUpdateFrequency: "5s"
|
||||||
|
serializeImagePulls: false
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user