参数配置

// KubeletConfiguration contains the configuration for the Kubelet
type KubeletConfiguration struct {
    metav1.TypeMeta

    // enableServer enables Kubelet's secured server.
    // Note: Kubelet's insecure port is controlled by the readOnlyPort option.
    EnableServer bool
    // staticPodPath is the path to the directory containing local (static) pods to
    // run, or the path to a single static pod file.
    StaticPodPath string
    // syncFrequency is the max period between synchronizing running
    // containers and config
    SyncFrequency metav1.Duration
    // fileCheckFrequency is the duration between checking config files for
    // new data
    FileCheckFrequency metav1.Duration
    // httpCheckFrequency is the duration between checking http for new data
    HTTPCheckFrequency metav1.Duration
    // staticPodURL is the URL for accessing static pods to run
    StaticPodURL string
    // staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL
    StaticPodURLHeader map[string][]string
    // address is the IP address for the Kubelet to serve on (set to 0.0.0.0
    // for all interfaces)
    Address string
    // port is the port for the Kubelet to serve on.
    Port int32
    // readOnlyPort is the read-only port for the Kubelet to serve on with
    // no authentication/authorization (set to 0 to disable)
    ReadOnlyPort int32
    // volumePluginDir is the full path of the directory in which to search
    // for additional third party volume plugins.
    VolumePluginDir string
    // providerID, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider)
    // can use to identify a specific node
    ProviderID string
    // tlsCertFile is the file containing x509 Certificate for HTTPS.  (CA cert,
    // if any, concatenated after server cert). If tlsCertFile and
    // tlsPrivateKeyFile are not provided, a self-signed certificate
    // and key are generated for the public address and saved to the directory
    // passed to the Kubelet's --cert-dir flag.
    TLSCertFile string
    // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile
    TLSPrivateKeyFile string
    // TLSCipherSuites is the list of allowed cipher suites for the server.
    // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
    TLSCipherSuites []string
    // TLSMinVersion is the minimum TLS version supported.
    // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
    TLSMinVersion string
    // rotateCertificates enables client certificate rotation. The Kubelet will request a
    // new certificate from the certificates.k8s.io API. This requires an approver to approve the
    // certificate signing requests.
    RotateCertificates bool
    // serverTLSBootstrap enables server certificate bootstrap. Instead of self
    // signing a serving certificate, the Kubelet will request a certificate from
    // the certificates.k8s.io API. This requires an approver to approve the
    // certificate signing requests. The RotateKubeletServerCertificate feature
    // must be enabled.
    ServerTLSBootstrap bool
    // authentication specifies how requests to the Kubelet's server are authenticated
    Authentication KubeletAuthentication
    // authorization specifies how requests to the Kubelet's server are authorized
    Authorization KubeletAuthorization
    // registryPullQPS is the limit of registry pulls per second.
    // Set to 0 for no limit.
    RegistryPullQPS int32
    // registryBurst is the maximum size of bursty pulls, temporarily allows
    // pulls to burst to this number, while still not exceeding registryPullQPS.
    // Only used if registryPullQPS > 0.
    RegistryBurst int32
    // eventRecordQPS is the maximum event creations per second. If 0, there
    // is no limit enforced.
    EventRecordQPS int32
    // eventBurst is the maximum size of a burst of event creations, temporarily
    // allows event creations to burst to this number, while still not exceeding
    // eventRecordQPS. Only used if eventRecordQPS > 0.
    EventBurst int32
    // enableDebuggingHandlers enables server endpoints for log collection
    // and local running of containers and commands
    EnableDebuggingHandlers bool
    // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true.
    EnableContentionProfiling bool
    // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable)
    HealthzPort int32
    // healthzBindAddress is the IP address for the healthz server to serve on
    HealthzBindAddress string
    // oomScoreAdj is The oom-score-adj value for kubelet process. Values
    // must be within the range [-1000, 1000].
    OOMScoreAdj int32
    // clusterDomain is the DNS domain for this cluster. If set, kubelet will
    // configure all containers to search this domain in addition to the
    // host's search domains.
    ClusterDomain string
    // clusterDNS is a list of IP addresses for a cluster DNS server. If set,
    // kubelet will configure all containers to use this for DNS resolution
    // instead of the host's DNS servers.
    ClusterDNS []string
    // streamingConnectionIdleTimeout is the maximum time a streaming connection
    // can be idle before the connection is automatically closed.
    StreamingConnectionIdleTimeout metav1.Duration
    // nodeStatusUpdateFrequency is the frequency that kubelet computes node
    // status. If node lease feature is not enabled, it is also the frequency that
    // kubelet posts node status to master. In that case, be cautious when
    // changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller.
    NodeStatusUpdateFrequency metav1.Duration
    // nodeStatusReportFrequency is the frequency that kubelet posts node
    // status to master if node status does not change. Kubelet will ignore this
    // frequency and post node status immediately if any change is detected. It is
    // only used when node lease feature is enabled.
    NodeStatusReportFrequency metav1.Duration
    // nodeLeaseDurationSeconds is the duration the Kubelet will set on its corresponding Lease.
    NodeLeaseDurationSeconds int32
    // imageMinimumGCAge is the minimum age for an unused image before it is
    // garbage collected.
    ImageMinimumGCAge metav1.Duration
    // imageGCHighThresholdPercent is the percent of disk usage after which
    // image garbage collection is always run. The percent is calculated as
    // this field value out of 100.
    ImageGCHighThresholdPercent int32
    // imageGCLowThresholdPercent is the percent of disk usage before which
    // image garbage collection is never run. Lowest disk usage to garbage
    // collect to. The percent is calculated as this field value out of 100.
    ImageGCLowThresholdPercent int32
    // How frequently to calculate and cache volume disk usage for all pods
    VolumeStatsAggPeriod metav1.Duration
    // KubeletCgroups is the absolute name of cgroups to isolate the kubelet in
    KubeletCgroups string
    // SystemCgroups is absolute name of cgroups in which to place
    // all non-kernel processes that are not already in a container. Empty
    // for no container. Rolling back the flag requires a reboot.
    SystemCgroups string
    // CgroupRoot is the root cgroup to use for pods.
    // If CgroupsPerQOS is enabled, this is the root of the QoS cgroup hierarchy.
    CgroupRoot string
    // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes
    // And all Burstable and BestEffort pods are brought up under their
    // specific top level QoS cgroup.
    CgroupsPerQOS bool
    // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd)
    CgroupDriver string
    // CPUManagerPolicy is the name of the policy to use.
    // Requires the CPUManager feature gate to be enabled.
    CPUManagerPolicy string
    // CPUManagerPolicyOptions is a set of key=value which  allows to set extra options
    // to fine tune the behaviour of the cpu manager policies.
    // Requires  both the "CPUManager" and "CPUManagerPolicyOptions" feature gates to be enabled.
    CPUManagerPolicyOptions map[string]string
    // CPU Manager reconciliation period.
    // Requires the CPUManager feature gate to be enabled.
    CPUManagerReconcilePeriod metav1.Duration
    // MemoryManagerPolicy is the name of the policy to use.
    // Requires the MemoryManager feature gate to be enabled.
    MemoryManagerPolicy string
    // TopologyManagerPolicy is the name of the policy to use.
    // Policies other than "none" require the TopologyManager feature gate to be enabled.
    TopologyManagerPolicy string
    // TopologyManagerScope represents the scope of topology hint generation
    // that topology manager requests and hint providers generate.
    // "pod" scope requires the TopologyManager feature gate to be enabled.
    // Default: "container"
    // +optional
    TopologyManagerScope string
    // Map of QoS resource reservation percentages (memory only for now).
    // Requires the QOSReserved feature gate to be enabled.
    QOSReserved map[string]string
    // runtimeRequestTimeout is the timeout for all runtime requests except long running
    // requests - pull, logs, exec and attach.
    RuntimeRequestTimeout metav1.Duration
    // hairpinMode specifies how the Kubelet should configure the container
    // bridge for hairpin packets.
    // Setting this flag allows endpoints in a Service to loadbalance back to
    // themselves if they should try to access their own Service. Values:
    //   "promiscuous-bridge": make the container bridge promiscuous.
    //   "hairpin-veth":       set the hairpin flag on container veth interfaces.
    //   "none":               do nothing.
    // Generally, one must set --hairpin-mode=hairpin-veth to achieve hairpin NAT,
    // because promiscuous-bridge assumes the existence of a container bridge named cbr0.
    HairpinMode string
    // maxPods is the number of pods that can run on this Kubelet.
    MaxPods int32
    // The CIDR to use for pod IP addresses, only used in standalone mode.
    // In cluster mode, this is obtained from the master.
    PodCIDR string
    // The maximum number of processes per pod.  If -1, the kubelet defaults to the node allocatable pid capacity.
    PodPidsLimit int64
    // ResolverConfig is the resolver configuration file used as the basis
    // for the container DNS resolution configuration.
    ResolverConfig string
    // RunOnce causes the Kubelet to check the API server once for pods,
    // run those in addition to the pods specified by static pod files, and exit.
    RunOnce bool
    // cpuCFSQuota enables CPU CFS quota enforcement for containers that
    // specify CPU limits
    CPUCFSQuota bool
    // CPUCFSQuotaPeriod sets the CPU CFS quota period value, cpu.cfs_period_us, defaults to 100ms
    CPUCFSQuotaPeriod metav1.Duration
    // maxOpenFiles is Number of files that can be opened by Kubelet process.
    MaxOpenFiles int64
    // nodeStatusMaxImages caps the number of images reported in Node.Status.Images.
    NodeStatusMaxImages int32
    // contentType is contentType of requests sent to apiserver.
    ContentType string
    // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver
    KubeAPIQPS int32
    // kubeAPIBurst is the burst to allow while talking with kubernetes
    // apiserver
    KubeAPIBurst int32
    // serializeImagePulls when enabled, tells the Kubelet to pull images one at a time.
    SerializeImagePulls bool
    // Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}.
    EvictionHard map[string]string
    // Map of signal names to quantities that defines soft eviction thresholds.  For example: {"memory.available": "300Mi"}.
    EvictionSoft map[string]string
    // Map of signal names to quantities that defines grace periods for each soft eviction signal. For example: {"memory.available": "30s"}.
    EvictionSoftGracePeriod map[string]string
    // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition.
    EvictionPressureTransitionPeriod metav1.Duration
    // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met.
    EvictionMaxPodGracePeriod int32
    // Map of signal names to quantities that defines minimum reclaims, which describe the minimum
    // amount of a given resource the kubelet will reclaim when performing a pod eviction while
    // that resource is under pressure. For example: {"imagefs.available": "2Gi"}
    EvictionMinimumReclaim map[string]string
    // podsPerCore is the maximum number of pods per core. Cannot exceed MaxPods.
    // If 0, this field is ignored.
    PodsPerCore int32
    // enableControllerAttachDetach enables the Attach/Detach controller to
    // manage attachment/detachment of volumes scheduled to this node, and
    // disables kubelet from executing any attach/detach operations
    EnableControllerAttachDetach bool
    // protectKernelDefaults, if true, causes the Kubelet to error if kernel
    // flags are not as it expects. Otherwise the Kubelet will attempt to modify
    // kernel flags to match its expectation.
    ProtectKernelDefaults bool
    // If true, Kubelet ensures a set of iptables rules are present on host.
    // These rules will serve as utility for various components, e.g. kube-proxy.
    // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit.
    MakeIPTablesUtilChains bool
    // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT
    // Values must be within the range [0, 31]. Must be different from other mark bits.
    // Warning: Please match the value of the corresponding parameter in kube-proxy.
    // TODO: clean up IPTablesMasqueradeBit in kube-proxy
    IPTablesMasqueradeBit int32
    // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets.
    // Values must be within the range [0, 31]. Must be different from other mark bits.
    IPTablesDropBit int32
    // featureGates is a map of feature names to bools that enable or disable alpha/experimental
    // features. This field modifies piecemeal the built-in default values from
    // "k8s.io/kubernetes/pkg/features/kube_features.go".
    FeatureGates map[string]bool
    // Tells the Kubelet to fail to start if swap is enabled on the node.
    FailSwapOn bool
    // memorySwap configures swap memory available to container workloads.
    // +featureGate=NodeSwap
    // +optional
    MemorySwap MemorySwapConfiguration
    // A quantity defines the maximum size of the container log file before it is rotated. For example: "5Mi" or "256Ki".
    ContainerLogMaxSize string
    // Maximum number of container log files that can be present for a container.
    ContainerLogMaxFiles int32
    // ConfigMapAndSecretChangeDetectionStrategy is a mode in which config map and secret managers are running.
    ConfigMapAndSecretChangeDetectionStrategy ResourceChangeDetectionStrategy
    // A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in *).
    // Unsafe sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*.
    // These sysctls are namespaced but not allowed by default.  For example: "kernel.msg*,net.ipv4.route.min_pmtu"
    // +optional
    AllowedUnsafeSysctls []string
    // kernelMemcgNotification if enabled, the kubelet will integrate with the kernel memcg
    // notification to determine if memory eviction thresholds are crossed rather than polling.
    KernelMemcgNotification bool

    /* the following fields are meant for Node Allocatable */

    // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G,pid=100) pairs
    // that describe resources reserved for non-kubernetes components.
    // Currently only cpu and memory are supported.
    // See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
    SystemReserved map[string]string
    // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G,pid=100) pairs
    // that describe resources reserved for kubernetes system components.
    // Currently cpu, memory and local ephemeral storage for root file system are supported.
    // See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
    KubeReserved map[string]string
    // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons.
    // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
    SystemReservedCgroup string
    // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons.
    // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
    KubeReservedCgroup string
    // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform.
    // This flag accepts a list of options. Acceptable options are `pods`, `system-reserved` & `kube-reserved`.
    // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
    EnforceNodeAllocatable []string
    // This option specifies the cpu list reserved for the host level system threads and kubernetes related threads.
    // This provide a "static" CPU list rather than the "dynamic" list by system-reserved and kube-reserved.
    // This option overwrites CPUs provided by system-reserved and kube-reserved.
    ReservedSystemCPUs string
    // The previous version for which you want to show hidden metrics.
    // Only the previous minor version is meaningful, other values will not be allowed.
    // The format is <major>.<minor>, e.g.: '1.16'.
    // The purpose of this format is make sure you have the opportunity to notice if the next release hides additional metrics,
    // rather than being surprised when they are permanently removed in the release after that.
    ShowHiddenMetricsForVersion string
    // Logging specifies the options of logging.
    // Refer [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go) for more information.
    Logging componentbaseconfig.LoggingConfiguration
    // EnableSystemLogHandler enables /logs handler.
    EnableSystemLogHandler bool
    // ShutdownGracePeriod specifies the total duration that the node should delay the shutdown and total grace period for pod termination during a node shutdown.
    // Defaults to 0 seconds.
    // +featureGate=GracefulNodeShutdown
    // +optional
    ShutdownGracePeriod metav1.Duration
    // ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. This should be less than ShutdownGracePeriod.
    // Defaults to 0 seconds.
    // For example, if ShutdownGracePeriod=30s, and ShutdownGracePeriodCriticalPods=10s, during a node shutdown the first 20 seconds would be reserved for gracefully terminating normal pods, and the last 10 seconds would be reserved for terminating critical pods.
    // +featureGate=GracefulNodeShutdown
    // +optional
    ShutdownGracePeriodCriticalPods metav1.Duration
    // ReservedMemory specifies a comma-separated list of memory reservations for NUMA nodes.
    // The parameter makes sense only in the context of the memory manager feature. The memory manager will not allocate reserved memory for container workloads.
    // For example, if you have a NUMA0 with 10Gi of memory and the ReservedMemory was specified to reserve 1Gi of memory at NUMA0,
    // the memory manager will assume that only 9Gi is available for allocation.
    // You can specify a different amount of NUMA node and memory types.
    // You can omit this parameter at all, but you should be aware that the amount of reserved memory from all NUMA nodes
    // should be equal to the amount of memory specified by the node allocatable features(https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable).
    // If at least one node allocatable parameter has a non-zero value, you will need to specify at least one NUMA node.
    // Also, avoid specifying:
    // 1. Duplicates, the same NUMA node, and memory type, but with a different value.
    // 2. zero limits for any memory type.
    // 3. NUMAs nodes IDs that do not exist under the machine.
    // 4. memory types except for memory and hugepages-<size>
    ReservedMemory []MemoryReservation
    // EnableProfiling enables /debug/pprof handler.
    EnableProfilingHandler bool
    // EnableDebugFlagsHandler enables/debug/flags/v handler.
    EnableDebugFlagsHandler bool
    // SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
    SeccompDefault bool
    // MemoryThrottlingFactor specifies the factor multiplied by the memory limit or node allocatable memory
    // when setting the cgroupv2 memory.high value to enforce MemoryQoS.
    // Decreasing this factor will set lower high limit for container cgroups and put heavier reclaim pressure
    // while increasing will put less reclaim pressure.
    // See http://kep.k8s.io/2570 for more details.
    // Default: 0.8
    // +featureGate=MemoryQoS
    // +optional
    MemoryThrottlingFactor *float64
}