--- kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 {{#if settings.kubernetes.standalone-mode}} address: 127.0.0.1 authentication: anonymous: enabled: true webhook: enabled: false authorization: mode: AlwaysAllow {{else}} address: 0.0.0.0 authentication: anonymous: enabled: false webhook: cacheTTL: 2m0s enabled: true x509: clientCAFile: "/etc/kubernetes/pki/ca.crt" authorization: mode: Webhook webhook: cacheAuthorizedTTL: 5m0s cacheUnauthorizedTTL: 30s {{/if}} clusterDomain: {{settings.kubernetes.cluster-domain}} {{#if settings.kubernetes.cluster-dns-ip}} clusterDNS: {{#each settings.kubernetes.cluster-dns-ip}} - {{this}} {{else}} - {{settings.kubernetes.cluster-dns-ip}} {{/each}} {{/if}} {{#if settings.kubernetes.eviction-hard}} evictionHard: {{#each settings.kubernetes.eviction-hard}} {{@key}}: "{{this}}" {{/each}} {{/if}} {{#if settings.kubernetes.eviction-soft}} evictionSoft: {{#each settings.kubernetes.eviction-soft}} {{@key}}: "{{this}}" {{/each}} {{/if}} {{#if settings.kubernetes.eviction-soft-grace-period}} evictionSoftGracePeriod: {{#each settings.kubernetes.eviction-soft-grace-period}} {{@key}}: "{{this}}" {{/each}} {{/if}} {{#if settings.kubernetes.eviction-max-pod-grace-period}} evictionMaxPodGracePeriod: {{settings.kubernetes.eviction-max-pod-grace-period}} {{/if}} {{#if settings.kubernetes.allowed-unsafe-sysctls}} allowedUnsafeSysctls: {{settings.kubernetes.allowed-unsafe-sysctls}} {{/if}} {{#if settings.kubernetes.registry-qps includeZero=true}} registryPullQPS: {{settings.kubernetes.registry-qps}} {{/if}} {{#if settings.kubernetes.registry-burst includeZero=true}} registryBurst: {{settings.kubernetes.registry-burst}} {{/if}} {{#if settings.kubernetes.event-qps includeZero=true}} eventRecordQPS: {{settings.kubernetes.event-qps}} {{/if}} {{#if settings.kubernetes.event-burst includeZero=true}} eventBurst: {{settings.kubernetes.event-burst}} {{/if}} {{#if settings.kubernetes.kube-api-qps includeZero=true}} kubeAPIQPS: {{settings.kubernetes.kube-api-qps}} {{/if}} {{#if settings.kubernetes.kube-api-burst includeZero=true}} kubeAPIBurst: {{settings.kubernetes.kube-api-burst}} {{/if}} kubeReserved: cpu: "{{kube_reserve_cpu settings.kubernetes.kube-reserved.cpu}}" {{#if settings.kubernetes.kube-reserved.memory}} memory: "{{settings.kubernetes.kube-reserved.memory}}" {{else}} {{#if settings.kubernetes.max-pods}} memory: "{{kube_reserve_memory settings.kubernetes.max-pods settings.kubernetes.kube-reserved.memory}}" {{/if}} {{/if}} ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" kubeReservedCgroup: "/runtime" {{#if settings.kubernetes.system-reserved}} systemReserved: {{#each settings.kubernetes.system-reserved}} {{@key}}: "{{this}}" {{/each}} systemReservedCgroup: "/system" {{/if}} cpuCFSQuota: {{default true settings.kubernetes.cpu-cfs-quota-enforced}} cpuManagerPolicy: {{default "none" settings.kubernetes.cpu-manager-policy}} {{#if settings.kubernetes.cpu-manager-reconcile-period}} cpuManagerReconcilePeriod: {{settings.kubernetes.cpu-manager-reconcile-period}} {{/if}} {{#if settings.kubernetes.cpu-manager-policy-options}} cpuManagerPolicyOptions: {{#each settings.kubernetes.cpu-manager-policy-options}} {{this}}: "true" {{/each}} {{/if}} {{#if settings.kubernetes.topology-manager-scope}} topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} {{/if}} {{#if settings.kubernetes.topology-manager-policy}} topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} {{/if}} podPidsLimit: {{default 1048576 settings.kubernetes.pod-pids-limit}} {{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}} imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}} {{/if}} {{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}} imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}} {{/if}} {{#if settings.kubernetes.provider-id}} providerID: {{settings.kubernetes.provider-id}} {{/if}} resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true protectKernelDefaults: true serializeImagePulls: false {{#if (and (default "" settings.kubernetes.server-certificate) (default "" settings.kubernetes.server-key))}} tlsCertFile: "/etc/kubernetes/pki/kubelet-server.crt" tlsPrivateKeyFile: "/etc/kubernetes/pki/private/kubelet-server.key" {{else}} serverTLSBootstrap: {{settings.kubernetes.server-tls-bootstrap}} {{/if}} tlsCipherSuites: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 volumePluginDir: "/var/lib/kubelet/plugins/volume/exec" maxPods: {{default 110 settings.kubernetes.max-pods}} staticPodPath: "/etc/kubernetes/static-pods/" {{#if settings.kubernetes.container-log-max-size includeZero=true}} containerLogMaxSize: {{settings.kubernetes.container-log-max-size}} {{/if}} {{#if settings.kubernetes.container-log-max-files includeZero=true}} containerLogMaxFiles: {{settings.kubernetes.container-log-max-files}} {{/if}} {{#if settings.kubernetes.shutdown-grace-period}} shutdownGracePeriod: {{settings.kubernetes.shutdown-grace-period}} {{/if}} {{#if settings.kubernetes.shutdown-grace-period-for-critical-pods}} shutdownGracePeriodCriticalPods: {{settings.kubernetes.shutdown-grace-period-for-critical-pods}} {{/if}} {{#if settings.kubernetes.memory-manager-reserved-memory}} {{#if (any_enabled settings.kubernetes.memory-manager-reserved-memory)}} {{#if settings.kubernetes.memory-manager-policy}} memoryManagerPolicy: {{settings.kubernetes.memory-manager-policy}} {{/if}} reservedMemory: {{#each settings.kubernetes.memory-manager-reserved-memory}} {{#if this.enabled}} - numaNode: {{@key}} limits: {{#if this.memory}} memory: {{this.memory}} {{/if}} {{#if this.hugepages-1Gi}} hugepages-1Gi: {{this.hugepages-1Gi}} {{/if}} {{#if this.hugepages-2Mi}} hugepages-2Mi: {{this.hugepages-2Mi}} {{/if}} {{/if}} {{/each}} {{/if}} {{/if}}