Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what are the kube-controller-manager configuration parameters", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "what are the kube-controller-manager configuration parameters" this article.

Here are all the configurations for kube-controller-manager version 1.12.0, of which the highlighted and bold is the Flag that I think you should pay attention to.

FlagComments--allocate-node-cidrs assigns and sets CIDR--attach-detach-reconcile-sync-period for pod on cloud provider

The synchronous wait time between Volume connection and detach. This time must be more than 1 second.

Increasing this value from the default value may result in a mismatch between volume and pod. The default value is 1m0s

-- authentication-kubeconfig

The kubeconfig file points to the 'core' kubernetes service and has sufficient permissions to create the

Tokenaccessreviews.authentication.k8s.io. . Optional parameter, if empty

All token requests are treated as anonymous and the cluster does not look for customer CA certificates.

-- authentication-skip-lookup

If it is false,authentication-kubeconfig, it will be used to find it from the cluster.

Missing authentication configuration

-- duration of response cached by authentication-token-webhook-cache-ttl from webhook token authenticator. Default is 10s--authorization-always-allow-paths.

Ignore the list of authorized HTTP paths and do not need to contact the 'core' kubernetes server

You can authorize it. Default value: [/ healthz]

-- authorization-kubeconfig

The kubeconfig file points to the 'core' kubernetes service and has sufficient permissions to create the subjectaccessreviews.authorization.k8s.io. Optional parameter, if empty

All requests that are skipped without authorization are prohibited.

-- authorization-webhook-cache-authorized-ttl caches the duration of the authorized response by the webhook Authorizer. Default value: the duration of the response not authorized by the 10s--authorization-webhook-cache-unauthorized-ttl cache webhook Authorizer. Default value: 10s--azure-container-registry-config contains the file path of Azure container registration configuration information-bind-address

Default value: 0.0.0.0, listening-- the IP address of the secure-port port. Associated interface

It must be accessed by other parts of the cluster and by CLI/web clients.

-- cert-dir

The directory where the TLS certs is located. If-- tls-cert-file and-- tls-private-key-file are provided

Then this parameter is ignored. Default value: "/ var/run/kubernetes"

-- cidr-allocator-type uses the type of CIDR allocator. Default value: "RangeAllocator"-- client-ca-file

If set is enabled, any client that provides a signature by some authority in the client-ca-file

Requests for certificates are authenticated using the identity corresponding to the public name of the client certificate

-- path to the cloud-configcloud provider configuration file. Null means there is no configuration file-- cloud-provider cloud service provider. Null means that there is no provider-- the CIDR scope of the pod in the cluster-cidr cluster. If-allocate-node-cidrs is set to the prefix of the true--cluster-name cluster instance, the default value is "kubernetes"-- cluster-signing-cert-file.

The file name containing the PEM-encoded X509 CA certificate, which is used to issue the cluster-scoped certificate

Default value: "/ etc/kubernetes/ca/ca.pem"

-- cluster-signing-key-file

The file name containing the PEM-encoded RSA or ECDSA private key, used to sign the cluster-scoped certificate

Default value: "/ etc/kubernetes/ca/ca.key"

-- concurrent-deployment-syncs

The number of Deployment objects that allow concurrent synchronization, and a larger number equals faster deployment responses

But more CPU (and network) load, default value: 5

-- concurrent-endpoint-syncs

The number of endpoint synchronization operations allowed to be performed concurrently, with a larger number equal to faster endpoint updates

But more CPU (and network) load, default value: 5

-- the number of garbage collectors allowed for concurrent synchronization in concurrent-gc-syncs. Default: 20--concurrent-namespace-syncs

The number of namespace objects that allow concurrent synchronization, and a larger number equals faster namespace termination

But more CPU (and network) load, default: 10

-- concurrent-replicaset-syncs

The number of replica sets that allows concurrent synchronization, and a larger number equals faster replica management

But more CPU (and network) load, default value: 5

-- concurrent-resource-quota-syncs

The number of resource quta that allows concurrent synchronization, and a larger number equals faster quota management

But more CPU (and network) load, default value: 5

-- concurrent-service-syncs

The number of service that allows concurrent synchronization, and a larger number equals faster service management

But more CPU (and network) load, default: 1

-- concurrent-serviceaccount-token-syncs

The number of service account token that allows concurrent synchronization, and a larger number equals a faster

Generate token, but more CPU (and network) load, default: 5

-- concurrent-ttl-after-finished-syncs

The number of TTL-after-finished controllers that allow concurrent synchronization, default: 5

-- concurrent_rc_syncs

The number of replication controllers that allows concurrent synchronization, with a larger number equal to

Faster replica management, but more CPU (and network) load, default: 5

-- whether the configure-cloud-routes CIDR assigned by allocate-node-cidrs should be configured on cloud provider. -- contention-profiling if profilling is enabled, enable lock contention profilling--controller-start-interval enable the interval between controller manager-- controllers

List of controllers to enable,'* 'indicates that all on-by-default controllers are enabled, and' foo' indicates that the name is enabled

For the controller of foo,'- foo' means that the controller named foo is not enabled. Default value: [*]

-- deployment-controller-sync-period synchronizes the cycle of deployment. Default: 30s--disable-attach-detach-reconcile-sync enables coordination synchronization of volume connections and detaches. Disabling this option may cause volume and pod to be out of sync-enable-dynamic-provisioning enables dynamic provisioning for environments that support dynamic provisioning, and the default value: true--enable-garbage-collector enables a generic garbage collector. Must be consistent with the corresponding logo of kube-apiserver. Default value: true--enable-hostpath-provisioner

Enable HostPath PV provisioning in the absence of cloud provider. Allow testing and development of supply

This feature, HostPath provisioning, is not supported anyway because it does not work in a multi-node cluster

And should not be used outside of testing or development.

-- enable-taint-manager

Beta function, if set to true. Enable Noexecute Taint and clear all not allowed to run in the

Pod on Node with Noexecute Taint. Default is true.

-- the duration of the signed certificate of experimental-cluster-signing-duration. Default value: 8760h0m0s--external-cloud-volume-plugin

The plug-in used when cloud provider is set to external, can be empty, only cloud provider is

Set externally. Currently used to allow node and volume controller to work in tree cloud provider

-- feature-gates A set of key-value pairs used to describe the experimental characteristics of alpha/-- flex-volume-plugin-dir

The flex volume plug-in searches the full path to the directory of the attached third-party volume plug-in

Default value: "/ usr/libexec/kubernetes/kubelet-plugins/volume/exec/"

-- the time that CPU samples may be skipped after the pod of the horizontal-pod-autoscaler-cpu-initialization-periodAutoscaler extension is started. Default value: the period during which 5m0s--horizontal-pod-autoscaler-downscale-stabilizationAutoscaler looks backward, during which the number of POD will not be reduced. Default value: 5m0s--horizontal-pod-autoscaler-initial-readiness-delay

A period of time after Pod starts, during which time if the readiness changes, it will be treated again as

New readiness, default: 30s

-- the cycle of the number of pods synchronized by horizontal-pod-autoscaler-sync-periodhorizontal pod autoscaler. Default value: 15s--horizontal-pod-autoscaler-tolerance

Horizontal pod autoscaler considers the actual measurement ratio required by scaling

Minimum change (from 1.0), default value: 0.1

-- http2-max-streams-per-connection

The maximum data flow limit that the server provides to the client for a single HTTP/2 connection.

0 means to use the default value of golang.

-- insecure-experimental-approve-all-kubelet-csrs-for-group. This parameter does nothing-- kube-api-burst.

The number of bursts that interact with kubernetes apiserver. Default is 30.

-- kube-api-content-type

The text type of the request sent to apiserver

Default value: "application/vnd.kubernetes.protobuf"

-- QPS--kubeconfig where kube-api-qps interacts with kubernetes apiserver kubeconfig file path with authorization and master location information-- large-cluster-size-threshold

NodeController regards a cluster as the number of nodes of a large cluster, the logic that the main purpose is to expel.

For clusters of this size or smaller, implicitly secondary-node-eviction-rate

Rewrite to 0.

-- leader-elect

Before executing the main logic, start the leader election and obtain the right to leader.

Enable this parameter when running multiple components for high availability. Default value: true

-- leader-elect-lease-duration duration

The maximum amount of time that Leader can be stopped before being replaced by another candidate.

This parameter applies only when the-- leader-elect parameter is enabled. Default value: 15s

-- leader-elect-renew-deadline

The interval between the conversion of leader rights and the stop of leader rights of the proxy Master, this parameter

Must be less than-- leader-elect-lease-duration duration.

This parameter applies only when the-- leader-elect parameter is enabled. Default value: 10s

-- leader-elect-resource-lock

The type of resource object locked during the leader election. Supported options:

Endpoints (default) and configmaps

-- leader-elect-retry-period

The waiting time between the client master and apprentice gets and the replacement leader.

This parameter applies only when the-- leader-elect parameter is enabled. Default value: 2s

-- log-flush-frequency

Interval between log refreshes. Default is 5s.

-- address of masterKubernetes API server (overrides any value in kubeconfig)-- min-resync-period

The synchronization period of the reflector, with a value of MinResyncPeriod and

The random number of 2*MinResyncPeriod. Default value 12h0m0s

-- namespace-sync-period synchronizes the cycle of namespace lifecycle updates. Default value: mask size of node cidr in 5m0s--node-cidr-mask-size cluster, default value: 24--node-eviction-rate

The percentage of Pod on the failed Node that was deleted per second when Node failed in a healthy zone.

The default value is 0.1, which means that the default is 10s to delete all Pod of the failed node.

Zone refers to the whole cluster in a non-multi-area cluster.

-- node-monitor-grace-period

Identify the time when the node is allowed to run unresponsive before node is unhealthy

Must be N times the kubelet nodeStatusUpdateFrequency parameter, where N represents

The number of retries allowed for the kubelet node state. Default value: 40s

-- the interval between node-monitor-periodNodeController synchronizing NodeStatus. Default: the time that 5s--node-startup-grace-period allows the startup node not to respond before marking unhealthy. Default: 1m0s--pod-eviction-timeout deletes the grace period of pod on the failed node. Default: 5m0s--profiling enables profilling--pv-recycler-increment-timeout-nfs through web interface host:port/debug/pprof/

For NFS washing pod, the increased time from each Gi to ActiveDeadlineSeconds

Default value: 30s

-- pv-recycler-minimum-timeout-hostpath

The smallest activedeadlinesecond used for HostPath recycling Pod. This parameter is used only for

Development testing cannot be used in a multi-node cluster. The default is 60.

-- the smallest activedeadlinesecond used by pv-recycler-minimum-timeout-nfs for NFS to recycle Pod. Default: 300--pv-recycler-pod-template-filepath-hostpath.

The file path defined by pod for the Hostpath pv recycling template.

This parameter is only used for development testing and cannot be used in a multi-node cluster.

-- pv-recycler-pod-template-filepath-nfs

The file path defined by pod for the NFS pv recycling template.

This parameter is only used for development testing and cannot be used in a multi-node cluster.

-- pv-recycler-timeout-increment-hostpath

For HostPath washing pod, the increased time from each Gi to ActiveDeadlineSeconds

This parameter is only used for development testing and cannot be used in a multi-node cluster. Default value: 30s

-- pvclaimbinder-sync-period duration synchronizes the cycle of pv and pv requests. Default: 15s--requestheader-allowed-names

List of common names of client certificates, allowed-- in requestheader-username-headers

The specified header provides the user name. If empty, allow-- requestheader-client-ca-file

Any client certificate verified by the authorities in the document.

-- requestheader-client-ca-file

Used in the trust header specified by-requestheader-username-headers

Before the user name, verify the root certificate bundle of the requested client certificate

-- A list of request header prefixes to be checked by requestheader-extra-headers-prefix. It is recommended that you set it to the list of request headers for X-Remote-Extra.--requestheader-group-headers to check the group. It is recommended that you set the list of request headers for X-Remote-Group--requestheader-username-headers to check the user name. Cycle of commonly used X-Remote-User--resource-quota-sync-period synchronization system quota usage status. Default: 5m0s--root-ca-file

If set, the root certificate permission will contain the toker secret of service acount.

This must be a valid PEM encoded CA package.

-- the period in which route-reconciliation-periodcloud provider creates coordinated routes for nodes. Default: 10s--secondary-node-eviction-rate

When the zone is unhealthy, the percentage of pod on the failed Node deleted per second when the node fails. If the set

If the group size is less than-- large-cluster-size-threshold, the value will be implicitly rewritten to 0.

The default value is 0.01s, which is 100s to delete all Pod of the failed node.

-- secure-port

The port that uses authentication and authorization to service the HTTPS. If it is 0, it means

No HTTPS service is provided. Default value: 10257

-- service-account-private-key-file

Contains the PEM encoding RSA or ECDSA used to sign the service account token

File name of the private key

-- CIDR range of service-cluster-ip-rang cluster Services. Need-- allocate-node-cidrs is set to true--terminated-pod-gc-threshold

The number of terminating pod that can exist before the pod garbage collector starts to delete the terminating pod.

Default value: 12500

-- tls-cert-file

A file containing the default x509 certificate for HTTPS. If the HTTPS service is enabled, and

-- tls-cert-file and-- tls-private-key-file are not provided and will be generated for public addresses

Self-sign the certificate and key and save it to the directory established by cert-dir.

-- tls-cipher-suites separates the list of server password suites with commas. If omitted, the default Go cipher suite, tls-min-version, will be used

The smallest supported version of TLS. Possible values: VersionTLS10, VersionTLS11

VersionTLS12

-- tls-private-key-file

A file containing the default x509 private key of the matching-- tls-cert-file

-- percentage of Not Ready nodes when the unhealthy-zone-threshold area is considered unhealthy-- use-service-account-credentials if true, use a separate service account certificate for each controller-- tls-sni-cert-key namedCertKey

A pair of x509 certificate and private key file paths, optionally

Suffixed with a list of domain patterns which are fully qualified

Domain names, possibly with prefixed wildcard segments. If no

Domain patterns are provided, the names of the certificate are

Extracted. Non-wildcard matches trump over wildcard matches

Explicit domain patterns trump over extracted names. For multiple

Key/certificate pairs, use the-- tls-sni-cert-key multiple times.

Examples: "example.crt,example.key" or

"foo.crt,foo.key:*.foo.com,foo.com". Default: []

These are all the contents of the article "what are the kube-controller-manager configuration parameters?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.