github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/pkg/runtime/kubernetes/kubeadm/common.go (about) 1 // Copyright © 2021 Alibaba Group Holding Ltd. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package kubeadm 16 17 const ( 18 InitConfiguration = "InitConfiguration" 19 JoinConfiguration = "JoinConfiguration" 20 ClusterConfiguration = "ClusterConfiguration" 21 KubeProxyConfiguration = "KubeProxyConfiguration" 22 KubeletConfiguration = "KubeletConfiguration" 23 ) 24 25 const ( 26 DefaultKubeadmConfig = ` 27 apiVersion: kubeadm.k8s.io/v1beta3 28 kind: InitConfiguration 29 localAPIEndpoint: 30 bindPort: 6443 31 nodeRegistration: 32 criSocket: /var/run/dockershim.sock 33 34 --- 35 apiVersion: kubeadm.k8s.io/v1beta3 36 kind: ClusterConfiguration 37 kubernetesVersion: v1.19.8 38 imageRepository: sea.hub:5000 39 networking: 40 podSubnet: 100.64.0.0/10 41 serviceSubnet: 10.96.0.0/22 42 apiServer: 43 extraArgs: 44 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 45 audit-policy-file: "/etc/kubernetes/audit-policy.yml" 46 audit-log-path: "/var/log/kubernetes/audit.log" 47 audit-log-format: json 48 audit-log-maxbackup: '10' 49 audit-log-maxsize: '100' 50 audit-log-maxage: '7' 51 enable-aggregator-routing: 'true' 52 extraVolumes: 53 - name: "audit" 54 hostPath: "/etc/kubernetes" 55 mountPath: "/etc/kubernetes" 56 pathType: DirectoryOrCreate 57 - name: "audit-log" 58 hostPath: "/var/log/kubernetes" 59 mountPath: "/var/log/kubernetes" 60 pathType: DirectoryOrCreate 61 - name: localtime 62 hostPath: /etc/localtime 63 mountPath: /etc/localtime 64 readOnly: true 65 pathType: File 66 controllerManager: 67 extraArgs: 68 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 69 experimental-cluster-signing-duration: 876000h 70 extraVolumes: 71 - hostPath: /etc/localtime 72 mountPath: /etc/localtime 73 name: localtime 74 readOnly: true 75 pathType: File 76 scheduler: 77 extraArgs: 78 feature-gates: TTLAfterFinished=true,EphemeralContainers=true 79 extraVolumes: 80 - hostPath: /etc/localtime 81 mountPath: /etc/localtime 82 name: localtime 83 readOnly: true 84 pathType: File 85 etcd: 86 local: 87 extraArgs: 88 listen-metrics-urls: http://0.0.0.0:2381 89 90 --- 91 apiVersion: kubeproxy.config.k8s.io/v1alpha1 92 kind: KubeProxyConfiguration 93 mode: "ipvs" 94 ipvs: 95 excludeCIDRs: 96 - "10.103.97.2/32" 97 98 --- 99 apiVersion: kubelet.config.k8s.io/v1beta1 100 kind: KubeletConfiguration 101 authentication: 102 anonymous: 103 enabled: false 104 webhook: 105 cacheTTL: 2m0s 106 enabled: true 107 x509: 108 clientCAFile: /etc/kubernetes/pki/ca.crt 109 authorization: 110 mode: Webhook 111 webhook: 112 cacheAuthorizedTTL: 5m0s 113 cacheUnauthorizedTTL: 30s 114 cgroupDriver: 115 cgroupsPerQOS: true 116 clusterDomain: cluster.local 117 configMapAndSecretChangeDetectionStrategy: Watch 118 containerLogMaxFiles: 5 119 containerLogMaxSize: 10Mi 120 contentType: application/vnd.kubernetes.protobuf 121 cpuCFSQuota: true 122 cpuCFSQuotaPeriod: 100ms 123 cpuManagerPolicy: none 124 cpuManagerReconcilePeriod: 10s 125 enableControllerAttachDetach: true 126 enableDebuggingHandlers: true 127 enforceNodeAllocatable: 128 - pods 129 eventBurst: 10 130 eventRecordQPS: 5 131 evictionHard: 132 imagefs.available: 15% 133 memory.available: 100Mi 134 nodefs.available: 10% 135 nodefs.inodesFree: 5% 136 evictionPressureTransitionPeriod: 5m0s 137 failSwapOn: true 138 fileCheckFrequency: 20s 139 hairpinMode: promiscuous-bridge 140 healthzBindAddress: 127.0.0.1 141 healthzPort: 10248 142 httpCheckFrequency: 20s 143 imageGCHighThresholdPercent: 85 144 imageGCLowThresholdPercent: 80 145 imageMinimumGCAge: 2m0s 146 iptablesDropBit: 15 147 iptablesMasqueradeBit: 14 148 kubeAPIBurst: 10 149 kubeAPIQPS: 5 150 makeIPTablesUtilChains: true 151 maxOpenFiles: 1000000 152 maxPods: 110 153 nodeLeaseDurationSeconds: 40 154 nodeStatusReportFrequency: 10s 155 nodeStatusUpdateFrequency: 10s 156 oomScoreAdj: -999 157 podPidsLimit: -1 158 port: 10250 159 registryBurst: 10 160 registryPullQPS: 5 161 rotateCertificates: true 162 runtimeRequestTimeout: 2m0s 163 serializeImagePulls: false 164 staticPodPath: /etc/kubernetes/manifests 165 streamingConnectionIdleTimeout: 4h0m0s 166 syncFrequency: 1m0s 167 volumeStatsAggPeriod: 1m0s 168 --- 169 apiVersion: kubeadm.k8s.io/v1beta3 170 kind: JoinConfiguration 171 caCertPath: /etc/kubernetes/pki/ca.crt 172 discovery: 173 timeout: 5m0s 174 nodeRegistration: 175 criSocket: /var/run/dockershim.sock 176 controlPlane: 177 localAPIEndpoint: 178 bindPort: 6443` 179 )