github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/pkg/runtime/default_kubeadm_config.go (about) 1 // Copyright © 2021 Alibaba Group Holding Ltd. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package runtime 16 17 const ( 18 DefaultKubeadmConfig = ` 19 apiVersion: kubeadm.k8s.io/v1beta2 20 kind: InitConfiguration 21 localAPIEndpoint: 22 # advertiseAddress: 192.168.2.110 23 bindPort: 6443 24 nodeRegistration: 25 criSocket: /var/run/dockershim.sock 26 27 --- 28 apiVersion: kubeadm.k8s.io/v1beta2 29 kind: ClusterConfiguration 30 kubernetesVersion: v1.19.8 31 #controlPlaneEndpoint: "apiserver.cluster.local:6443" 32 imageRepository: sea.hub:5000/library 33 networking: 34 # dnsDomain: cluster.local 35 podSubnet: 100.64.0.0/10 36 serviceSubnet: 10.96.0.0/22 37 apiServer: 38 # certSANs: 39 # - 127.0.0.1 40 # - apiserver.cluster.local 41 # - aliyun-inc.com 42 # - 10.0.0.2 43 # - 10.103.97.2 44 extraArgs: 45 # etcd-servers: https://192.168.2.110:2379 46 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 47 audit-policy-file: "/etc/kubernetes/audit-policy.yml" 48 audit-log-path: "/var/log/kubernetes/audit.log" 49 audit-log-format: json 50 audit-log-maxbackup: '10' 51 audit-log-maxsize: '100' 52 audit-log-maxage: '7' 53 enable-aggregator-routing: 'true' 54 extraVolumes: 55 - name: "audit" 56 hostPath: "/etc/kubernetes" 57 mountPath: "/etc/kubernetes" 58 pathType: DirectoryOrCreate 59 - name: "audit-log" 60 hostPath: "/var/log/kubernetes" 61 mountPath: "/var/log/kubernetes" 62 pathType: DirectoryOrCreate 63 - name: localtime 64 hostPath: /etc/localtime 65 mountPath: /etc/localtime 66 readOnly: true 67 pathType: File 68 controllerManager: 69 extraArgs: 70 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 71 experimental-cluster-signing-duration: 876000h 72 extraVolumes: 73 - hostPath: /etc/localtime 74 mountPath: /etc/localtime 75 name: localtime 76 readOnly: true 77 pathType: File 78 scheduler: 79 extraArgs: 80 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 81 extraVolumes: 82 - hostPath: /etc/localtime 83 mountPath: /etc/localtime 84 name: localtime 85 readOnly: true 86 pathType: File 87 etcd: 88 local: 89 extraArgs: 90 listen-metrics-urls: http://0.0.0.0:2381 91 92 --- 93 apiVersion: kubeproxy.config.k8s.io/v1alpha1 94 kind: KubeProxyConfiguration 95 mode: "ipvs" 96 ipvs: 97 excludeCIDRs: 98 - "10.103.97.2/32" 99 100 --- 101 apiVersion: kubelet.config.k8s.io/v1beta1 102 kind: KubeletConfiguration 103 authentication: 104 anonymous: 105 enabled: false 106 webhook: 107 cacheTTL: 2m0s 108 enabled: true 109 x509: 110 clientCAFile: /etc/kubernetes/pki/ca.crt 111 authorization: 112 mode: Webhook 113 webhook: 114 cacheAuthorizedTTL: 5m0s 115 cacheUnauthorizedTTL: 30s 116 cgroupDriver: 117 cgroupsPerQOS: true 118 clusterDomain: cluster.local 119 configMapAndSecretChangeDetectionStrategy: Watch 120 containerLogMaxFiles: 5 121 containerLogMaxSize: 10Mi 122 contentType: application/vnd.kubernetes.protobuf 123 cpuCFSQuota: true 124 cpuCFSQuotaPeriod: 100ms 125 cpuManagerPolicy: none 126 cpuManagerReconcilePeriod: 10s 127 enableControllerAttachDetach: true 128 enableDebuggingHandlers: true 129 enforceNodeAllocatable: 130 - pods 131 eventBurst: 10 132 eventRecordQPS: 5 133 evictionHard: 134 imagefs.available: 15% 135 memory.available: 100Mi 136 nodefs.available: 10% 137 nodefs.inodesFree: 5% 138 evictionPressureTransitionPeriod: 5m0s 139 failSwapOn: true 140 fileCheckFrequency: 20s 141 hairpinMode: promiscuous-bridge 142 healthzBindAddress: 127.0.0.1 143 healthzPort: 10248 144 httpCheckFrequency: 20s 145 imageGCHighThresholdPercent: 85 146 imageGCLowThresholdPercent: 80 147 imageMinimumGCAge: 2m0s 148 iptablesDropBit: 15 149 iptablesMasqueradeBit: 14 150 kubeAPIBurst: 10 151 kubeAPIQPS: 5 152 makeIPTablesUtilChains: true 153 maxOpenFiles: 1000000 154 maxPods: 110 155 nodeLeaseDurationSeconds: 40 156 nodeStatusReportFrequency: 10s 157 nodeStatusUpdateFrequency: 10s 158 oomScoreAdj: -999 159 podPidsLimit: -1 160 port: 10250 161 registryBurst: 10 162 registryPullQPS: 5 163 rotateCertificates: true 164 runtimeRequestTimeout: 2m0s 165 serializeImagePulls: true 166 staticPodPath: /etc/kubernetes/manifests 167 streamingConnectionIdleTimeout: 4h0m0s 168 syncFrequency: 1m0s 169 volumeStatsAggPeriod: 1m0s 170 --- 171 apiVersion: kubeadm.k8s.io/v1beta2 172 kind: JoinConfiguration 173 caCertPath: /etc/kubernetes/pki/ca.crt 174 discovery: 175 timeout: 5m0s 176 nodeRegistration: 177 criSocket: /var/run/dockershim.sock 178 controlPlane: 179 localAPIEndpoint: 180 # advertiseAddress: 192.168.56.7 181 bindPort: 6443` 182 )