Shulou(Shulou.com)05/31 Report--

This article mainly introduces what the Kubelet configuration parameters are, which have a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

Here are all the configurations for Kubelet version 1.12.0.

FlagComments--address

Default 0.0.0.0 Kublet listening address

0.0.0.0 means listening on all network interfaces

-- whether allow-privileged allows containers to use privileged mode-- alsologtostderr outputs all log to standard error output-- whether anonymous-authKubelet server allows anonymous requests (default true)-- maximum number of events allowed to be recorded per application-metrics-count-limit container (whether default 100--authentication-token-webhook allows TokerReview API to authenticate held tokens-- authentication-token-webhook-cache-ttl cache webhook token authenticator returns Time of reply (default value 2m0s)-authorization-mode

Authentication mode of Kubelet. Value (AlwaysAllow (default), Webhook)

Webhook mode uses SubjectAccessReview API for authentication

-- time that authorization-webhook-cache-authorized-ttl caches authorized replies of Webhook licensees (default is 5m0s)-- time that authorization-webhook-cache-unauthorized-ttl caches unauthorized replies of Webhook licensees (default is 30s)-- azure-container-registry-config file container path Azure container registration configuration information-- boot-id-file

A comma-separated list of files that check boot-id. Use the first existing

(default: / proc/sys/kernel/random/boot_id)

-- the directory where bootstrap-checkpoint-path stores checkpoint-- bootstrap-kubeconfig

The path to the Kubeconfig file used to obtain the kubelet customer certificate, if kubelet

The-- kubeconfig parameter is not defined, and bootstrap kubeconfig will be used from the

API server obtains the customer certificate. Successful experience: referencing generated customer certificates and keys

To write to the kubeconfig of-- the path specified by kubeconfig.

The customer certificate and key will be stored in the directory specified by-- cert-dir

-- the port of cadvisor-port local cAdvisor. Set to 0 means it is not available. Default is 4194--cert-dir.

The directory where the TLS certificate is located. If-- tls-cert-file and-- tls-private-key-file

Provided, then this parameter will be ignored. Default value: "/ var/lib/kubelet/pki"

-- cgroup-root, the driver used by cgroup-driverKubelet to operate the host cgroups

Pods optional root cgroup, which is created by container runtime

On the basis of the best work.

The default value: ", which means to use the default handling of container runtime

-- cgroups-per-qos supports the creation of a hierarchy of QoS cgroup. In the case of true, the highest level-- if the value of chaos-chance is greater than 0. 0, random client errors and delays are introduced for testing. -- client-ca-file

If set is enabled, anyone in the client-ca-file that is signed by some authority

Requests for client certificates all use the public name corresponding to the client certificate

Identity for authentication

-- the path to the cloud-configcloud provider profile-- the provider of cloud-provider cloud services. Specify a null value to run without a cloud provider-- cloud-provider-gce-lb-src-cidrs

GCE firewall opens CIDRS to LB traffic proxies. Default value:

130.211.0.0/22,35.191.0.0/16209.85.152.0/22209.85.204.0/22

-- cluster-dns comma-separated DNS service IP address. -- the domain name of the cluster-domain cluster-- cni-bin-dir finds the complete directory of the CNI plug-in binaries. Default: / opt/cni/bin--cni-conf-dir looks for the full directory of the CNI plug-in configuration file. Default value: / etc/cni/net.d--container-hints container prompt file directory. Default value: / etc/cadvisor/container_hints.json--container-runtime

The container runtime container runtime used. Available values "docker", "rkt".

The default is "docker".

-- container-runtime-endpoint

Experimental parameters. Remote runtime service port. Currently, Linux supports unix socket.

Windows supports tcp.

-- containerdcontained port. Default value: unix:///var/run/containerd.sock--containerized experimental parameter. Support running kubelet--contention-profiling in container. If profiling is enabled, contention profiling--cpu-cfs-quota can be locked.

Initiates CPU quota enforcement for containers that specify CPU CFS quota limits

Default value: true

-- Manager policy for cpu-manager-policyCPU. Available values: "none", "static". Default value: "none"-the cpu-manager-reconcile-periodCPU manager adjusts the period. Frequency of Nodes status updates. The default is 10s. -- dockerdocker port. Default: unix:///var/run/docker.sock--docker-disable-shared-pid

Containers of RI in the same POD are used by default in version 1.13.1 of docker.

The same PID namespace. Setting this flag will restore to stand-alone

The previous behavior of PID namespace will be removed later

-- docker-endpoint

Use this port for docker port communication

Default value: unix:///var/run/docker.sock

-- A comma-separated list of environment variables that the docker-env-metadata-whitelistdocker container needs to collect-- docker-only only reports the docker container except the root directory-- docker-root deprecation: read by docker root from docker info (default: "/ var/lib/docker")-- docker-tls uses TLS to connect the path of docker--docker-tls-ca trusted CA. Default: path of ca.pem--docker-tls-cert client certificate. Default value: path of cert.pe--docker-tls-key private key-dynamic-config-dir

Kubelet will use this directory to verify the downloaded configuration and track the health of the configuration.

Kubelet creates an empty directory when it does not exist. The path may be absolute

Or, in contrast, the relative path starts from the directory where Kubelet is working.

Provide this flag to enable Kubelet dynamic configuration, currently

DynamicKubeletConfig must be enabled to pass this flag.

-- enable-controller-attach-detach

Allow attached / detached controller management to schedule attached / detached volumes to the node

And prohibit kubelet from performing any attach / detach operations. Default: true

-- enable-debugging-handlers enables server-side endpoints for log collection and local running of containers and commands. Default value: whether true--enable-load-reader enables cpu load reading-- enable-server enables kubelet server, default: true--enforce-node-allocatable

Nodes executed by kubelet can assign a comma-separated list of enforcement levels.

Available values: "pods", "system-reserved,"kube-reserved".

If you specify the last two options, then'--system-reserved-cgroup' &

'--kube-reserved-cgroup' also needs to be set separately. The default value is "pods".

-- event-burst

The maximum value of the emergency record, to which the event record is temporarily allowed to break out, but not more than

Event-qps . Useful only when-- event-qps > 0, default: 10

-- event-qps

If greater than 0, limit the number of events created per second to that value. If it is 0, there is no limit.

Default value: 5

-- event-storage-age-limit

The maximum length of time to store the event (each type), the value is a comma

A separated list of key values. The key value is the event type (creation, oom) or dafault

The value is an integer. The default applies to all unspecified event types.

Default value: "default=0"

-- event-storage-event-limit

Stores the maximum number of events (each type), and the value is a list of key values separated by commas.

The key value is the event type (creation, oom) or dafault, and the value is an integer. Apply by default to

All unspecified event types. Default value: "default=0"

-- eviction-hard

A set of expulsion thresholds that trigger pod eviction (e.g. Memory.available

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.