go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/kubelet_defaults.go (about) 1 /* 2 Copyright 2015 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // https://github.com/kubernetes/kubernetes/blob/release-1.25/pkg/kubelet/apis/config/v1beta1/defaults.go 18 package resources 19 20 import ( 21 "time" 22 23 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" 25 26 // TODO: Cut references to k8s.io/kubernetes, eventually there should be none from this package 27 logsapi "k8s.io/component-base/logs/api/v1" 28 utilpointer "k8s.io/utils/pointer" 29 ) 30 31 const ( 32 // TODO: Move these constants to k8s.io/kubelet/config/v1beta1 instead? 33 DefaultIPTablesMasqueradeBit = 14 34 DefaultIPTablesDropBit = 15 35 DefaultVolumePluginDir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" 36 37 // See https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2570-memory-qos 38 DefaultMemoryThrottlingFactor = 0.8 39 ) 40 41 // https://github.com/kubernetes/kubernetes/blob/release-1.25/pkg/kubelet/types/constants.go 42 const ( 43 // ResolvConfDefault is the system default DNS resolver configuration. 44 ResolvConfDefault = "/etc/resolv.conf" 45 ) 46 47 // https://github.com/kubernetes/kubernetes/blob/release-1.25/pkg/cluster/ports/ports.go 48 const ( 49 // KubeletPort is the default port for the kubelet server on each host machine. 50 // May be overridden by a flag at startup. 51 KubeletPort = 10250 52 // KubeletReadOnlyPort exposes basic read-only services from the kubelet. 53 // May be overridden by a flag at startup. 54 // This is necessary for heapster to collect monitoring stats from the kubelet 55 // until heapster can transition to using the SSL endpoint. 56 // TODO(roberthbailey): Remove this once we have a better solution for heapster. 57 KubeletReadOnlyPort = 10255 58 // KubeletHealthzPort exposes a healthz endpoint from the kubelet. 59 // May be overridden by a flag at startup. 60 KubeletHealthzPort = 10248 61 ) 62 63 // https://github.com/kubernetes/kubernetes/blob/release-1.25/pkg/kubelet/qos/policy.go 64 const ( 65 // KubeletOOMScoreAdj is the OOM score adjustment for Kubelet 66 KubeletOOMScoreAdj int = -999 67 ) 68 69 // https://github.com/kubernetes/kubernetes/blob/release-1.25/pkg/kubelet/apis/config/v1beta1/defaults_linux.go 70 // DefaultEvictionHard includes default options for hard eviction. 71 var DefaultEvictionHard = map[string]string{ 72 "memory.available": "100Mi", 73 "nodefs.available": "10%", 74 "nodefs.inodesFree": "5%", 75 "imagefs.available": "15%", 76 } 77 78 var ( 79 zeroDuration = metav1.Duration{} 80 // TODO: Move these constants to k8s.io/kubelet/config/v1beta1 instead? 81 // Refer to [Node Allocatable](https://git.k8s.io/design-proposals-archive/node/node-allocatable.md) doc for more information. 82 DefaultNodeAllocatableEnforcement = []string{"pods"} 83 ) 84 85 func SetDefaults_KubeletConfiguration(obj *kubeletconfigv1beta1.KubeletConfiguration) { 86 if obj.EnableServer == nil { 87 obj.EnableServer = utilpointer.BoolPtr(true) 88 } 89 if obj.SyncFrequency == zeroDuration { 90 obj.SyncFrequency = metav1.Duration{Duration: 1 * time.Minute} 91 } 92 if obj.FileCheckFrequency == zeroDuration { 93 obj.FileCheckFrequency = metav1.Duration{Duration: 20 * time.Second} 94 } 95 if obj.HTTPCheckFrequency == zeroDuration { 96 obj.HTTPCheckFrequency = metav1.Duration{Duration: 20 * time.Second} 97 } 98 if obj.Address == "" { 99 obj.Address = "0.0.0.0" 100 } 101 if obj.Port == 0 { 102 obj.Port = KubeletPort 103 } 104 if obj.Authentication.Anonymous.Enabled == nil { 105 obj.Authentication.Anonymous.Enabled = utilpointer.BoolPtr(false) 106 } 107 if obj.Authentication.Webhook.Enabled == nil { 108 obj.Authentication.Webhook.Enabled = utilpointer.BoolPtr(true) 109 } 110 if obj.Authentication.Webhook.CacheTTL == zeroDuration { 111 obj.Authentication.Webhook.CacheTTL = metav1.Duration{Duration: 2 * time.Minute} 112 } 113 if obj.Authorization.Mode == "" { 114 obj.Authorization.Mode = kubeletconfigv1beta1.KubeletAuthorizationModeWebhook 115 } 116 if obj.Authorization.Webhook.CacheAuthorizedTTL == zeroDuration { 117 obj.Authorization.Webhook.CacheAuthorizedTTL = metav1.Duration{Duration: 5 * time.Minute} 118 } 119 if obj.Authorization.Webhook.CacheUnauthorizedTTL == zeroDuration { 120 obj.Authorization.Webhook.CacheUnauthorizedTTL = metav1.Duration{Duration: 30 * time.Second} 121 } 122 if obj.RegistryPullQPS == nil { 123 obj.RegistryPullQPS = utilpointer.Int32Ptr(5) 124 } 125 if obj.RegistryBurst == 0 { 126 obj.RegistryBurst = 10 127 } 128 if obj.EventRecordQPS == nil { 129 obj.EventRecordQPS = utilpointer.Int32Ptr(5) 130 } 131 if obj.EventBurst == 0 { 132 obj.EventBurst = 10 133 } 134 if obj.EnableDebuggingHandlers == nil { 135 obj.EnableDebuggingHandlers = utilpointer.BoolPtr(true) 136 } 137 if obj.HealthzPort == nil { 138 obj.HealthzPort = utilpointer.Int32Ptr(10248) 139 } 140 if obj.HealthzBindAddress == "" { 141 obj.HealthzBindAddress = "127.0.0.1" 142 } 143 if obj.OOMScoreAdj == nil { 144 obj.OOMScoreAdj = utilpointer.Int32Ptr(int32(KubeletOOMScoreAdj)) 145 } 146 if obj.StreamingConnectionIdleTimeout == zeroDuration { 147 obj.StreamingConnectionIdleTimeout = metav1.Duration{Duration: 4 * time.Hour} 148 } 149 if obj.NodeStatusReportFrequency == zeroDuration { 150 // For backward compatibility, NodeStatusReportFrequency's default value is 151 // set to NodeStatusUpdateFrequency if NodeStatusUpdateFrequency is set 152 // explicitly. 153 if obj.NodeStatusUpdateFrequency == zeroDuration { 154 obj.NodeStatusReportFrequency = metav1.Duration{Duration: 5 * time.Minute} 155 } else { 156 obj.NodeStatusReportFrequency = obj.NodeStatusUpdateFrequency 157 } 158 } 159 if obj.NodeStatusUpdateFrequency == zeroDuration { 160 obj.NodeStatusUpdateFrequency = metav1.Duration{Duration: 10 * time.Second} 161 } 162 if obj.NodeLeaseDurationSeconds == 0 { 163 obj.NodeLeaseDurationSeconds = 40 164 } 165 if obj.ImageMinimumGCAge == zeroDuration { 166 obj.ImageMinimumGCAge = metav1.Duration{Duration: 2 * time.Minute} 167 } 168 if obj.ImageGCHighThresholdPercent == nil { 169 // default is below docker's default dm.min_free_space of 90% 170 obj.ImageGCHighThresholdPercent = utilpointer.Int32Ptr(85) 171 } 172 if obj.ImageGCLowThresholdPercent == nil { 173 obj.ImageGCLowThresholdPercent = utilpointer.Int32Ptr(80) 174 } 175 if obj.VolumeStatsAggPeriod == zeroDuration { 176 obj.VolumeStatsAggPeriod = metav1.Duration{Duration: time.Minute} 177 } 178 if obj.CgroupsPerQOS == nil { 179 obj.CgroupsPerQOS = utilpointer.BoolPtr(true) 180 } 181 if obj.CgroupDriver == "" { 182 obj.CgroupDriver = "cgroupfs" 183 } 184 if obj.CPUManagerPolicy == "" { 185 obj.CPUManagerPolicy = "none" 186 } 187 if obj.CPUManagerReconcilePeriod == zeroDuration { 188 // Keep the same as default NodeStatusUpdateFrequency 189 obj.CPUManagerReconcilePeriod = metav1.Duration{Duration: 10 * time.Second} 190 } 191 if obj.MemoryManagerPolicy == "" { 192 obj.MemoryManagerPolicy = kubeletconfigv1beta1.NoneMemoryManagerPolicy 193 } 194 if obj.TopologyManagerPolicy == "" { 195 obj.TopologyManagerPolicy = kubeletconfigv1beta1.NoneTopologyManagerPolicy 196 } 197 if obj.TopologyManagerScope == "" { 198 obj.TopologyManagerScope = kubeletconfigv1beta1.ContainerTopologyManagerScope 199 } 200 if obj.RuntimeRequestTimeout == zeroDuration { 201 obj.RuntimeRequestTimeout = metav1.Duration{Duration: 2 * time.Minute} 202 } 203 if obj.HairpinMode == "" { 204 obj.HairpinMode = kubeletconfigv1beta1.PromiscuousBridge 205 } 206 if obj.MaxPods == 0 { 207 obj.MaxPods = 110 208 } 209 // default nil or negative value to -1 (implies node allocatable pid limit) 210 if obj.PodPidsLimit == nil || *obj.PodPidsLimit < int64(0) { 211 obj.PodPidsLimit = utilpointer.Int64(-1) 212 } 213 214 if obj.ResolverConfig == nil { 215 obj.ResolverConfig = utilpointer.String(ResolvConfDefault) 216 } 217 if obj.CPUCFSQuota == nil { 218 obj.CPUCFSQuota = utilpointer.BoolPtr(true) 219 } 220 if obj.CPUCFSQuotaPeriod == nil { 221 obj.CPUCFSQuotaPeriod = &metav1.Duration{Duration: 100 * time.Millisecond} 222 } 223 if obj.NodeStatusMaxImages == nil { 224 obj.NodeStatusMaxImages = utilpointer.Int32Ptr(50) 225 } 226 if obj.MaxOpenFiles == 0 { 227 obj.MaxOpenFiles = 1000000 228 } 229 if obj.ContentType == "" { 230 obj.ContentType = "application/vnd.kubernetes.protobuf" 231 } 232 if obj.KubeAPIQPS == nil { 233 obj.KubeAPIQPS = utilpointer.Int32Ptr(5) 234 } 235 if obj.KubeAPIBurst == 0 { 236 obj.KubeAPIBurst = 10 237 } 238 if obj.SerializeImagePulls == nil { 239 obj.SerializeImagePulls = utilpointer.BoolPtr(true) 240 } 241 if obj.EvictionHard == nil { 242 obj.EvictionHard = DefaultEvictionHard 243 } 244 if obj.EvictionPressureTransitionPeriod == zeroDuration { 245 obj.EvictionPressureTransitionPeriod = metav1.Duration{Duration: 5 * time.Minute} 246 } 247 if obj.EnableControllerAttachDetach == nil { 248 obj.EnableControllerAttachDetach = utilpointer.BoolPtr(true) 249 } 250 if obj.MakeIPTablesUtilChains == nil { 251 obj.MakeIPTablesUtilChains = utilpointer.BoolPtr(true) 252 } 253 if obj.IPTablesMasqueradeBit == nil { 254 obj.IPTablesMasqueradeBit = utilpointer.Int32Ptr(DefaultIPTablesMasqueradeBit) 255 } 256 if obj.IPTablesDropBit == nil { 257 obj.IPTablesDropBit = utilpointer.Int32Ptr(DefaultIPTablesDropBit) 258 } 259 if obj.FailSwapOn == nil { 260 obj.FailSwapOn = utilpointer.BoolPtr(true) 261 } 262 if obj.ContainerLogMaxSize == "" { 263 obj.ContainerLogMaxSize = "10Mi" 264 } 265 if obj.ContainerLogMaxFiles == nil { 266 obj.ContainerLogMaxFiles = utilpointer.Int32Ptr(5) 267 } 268 if obj.ConfigMapAndSecretChangeDetectionStrategy == "" { 269 obj.ConfigMapAndSecretChangeDetectionStrategy = kubeletconfigv1beta1.WatchChangeDetectionStrategy 270 } 271 if obj.EnforceNodeAllocatable == nil { 272 obj.EnforceNodeAllocatable = DefaultNodeAllocatableEnforcement 273 } 274 if obj.VolumePluginDir == "" { 275 obj.VolumePluginDir = DefaultVolumePluginDir 276 } 277 // Use the Default LoggingConfiguration option 278 logsapi.SetRecommendedLoggingConfiguration(&obj.Logging) 279 if obj.EnableSystemLogHandler == nil { 280 obj.EnableSystemLogHandler = utilpointer.BoolPtr(true) 281 } 282 if obj.EnableProfilingHandler == nil { 283 obj.EnableProfilingHandler = utilpointer.BoolPtr(true) 284 } 285 if obj.EnableDebugFlagsHandler == nil { 286 obj.EnableDebugFlagsHandler = utilpointer.BoolPtr(true) 287 } 288 if obj.SeccompDefault == nil { 289 obj.SeccompDefault = utilpointer.BoolPtr(false) 290 } 291 if obj.MemoryThrottlingFactor == nil { 292 obj.MemoryThrottlingFactor = utilpointer.Float64Ptr(DefaultMemoryThrottlingFactor) 293 } 294 if obj.RegisterNode == nil { 295 obj.RegisterNode = utilpointer.BoolPtr(true) 296 } 297 if obj.LocalStorageCapacityIsolation == nil { 298 obj.LocalStorageCapacityIsolation = utilpointer.BoolPtr(true) 299 } 300 }