sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/tasks/bootstrap/kubeadm-bootstrap/kubelet-config.md (about) 1 # Kubelet Configuration 2 3 CAPBK has several ways to configure kubelet. 4 5 - [Kubelet Configuration](#kubelet-configuration) 6 - [Pass `KubeletConfiguration` file via `KubeadmConfigSpec.files`](#pass-kubeletconfiguration-file-via-kubeadmconfigspecfiles) 7 - [KubeadmControlPlaneTemplate](#kubeadmcontrolplanetemplate) 8 - [KubeadmConfigTemplate](#kubeadmconfigtemplate) 9 - [Set kubelet flags via `KubeadmConfigSpec.kubeletExtraArgs`](#set-kubelet-flags-via-kubeadmconfigspeckubeletextraargs) 10 - [KubeadmControlPlaneTemplate](#kubeadmcontrolplanetemplate-1) 11 - [KubeadmConfigTemplate](#kubeadmconfigtemplate-1) 12 - [Use kubeadm's `kubeletconfiguration` patch target](#use-kubeadms-kubeletconfiguration-patch-target) 13 - [KubeadmControlPlaneTemplate](#kubeadmcontrolplanetemplate-2) 14 - [KubeadmConfigTemplate](#kubeadmconfigtemplate-2) 15 16 ## Pass `KubeletConfiguration` file via `KubeadmConfigSpec.files` 17 18 You can use `KubeadmConfigSpec.files` to put any files on nodes. This example puts a `KubeletConfiguration` file on nodes via `KubeadmConfigSpec.files`, and makes kubelet use it via `KubeadmConfigSpec.kubeletExtraArgs`. You can check available configurations of `KubeletConfiguration` on [Kubelet Configuration (v1beta1) | Kubernetes](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration). 19 20 This method is easy to replace the whole kubelet configuration generated by kubeadm, but it is not easy to replace only a part of the kubelet configuration. 21 22 ### KubeadmControlPlaneTemplate 23 24 ```yaml 25 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 26 kind: KubeadmControlPlaneTemplate 27 metadata: 28 name: cloudinit-control-plane 29 namespace: default 30 spec: 31 template: 32 spec: 33 kubeadmConfigSpec: 34 files: 35 # We put a KubeletConfiguration file on nodes via KubeadmConfigSpec.files 36 # In this example, we directly put the file content in the KubeadmConfigSpec.files.content field. 37 - path: /etc/kubernetes/kubelet/config.yaml 38 owner: "root:root" 39 permissions: "0644" 40 content: | 41 apiVersion: kubelet.config.k8s.io/v1beta1 42 kind: KubeletConfiguration 43 kubeReserved: 44 cpu: "1" 45 memory: "2Gi" 46 ephemeral-storage: "1Gi" 47 systemReserved: 48 cpu: "500m" 49 memory: "1Gi" 50 ephemeral-storage: "1Gi" 51 evictionHard: 52 memory.available: "500Mi" 53 nodefs.available: "10%" 54 authentication: 55 anonymous: 56 enabled: false 57 webhook: 58 cacheTTL: 0s 59 enabled: true 60 x509: 61 clientCAFile: /etc/kubernetes/pki/ca.crt 62 authorization: 63 mode: Webhook 64 webhook: 65 cacheAuthorizedTTL: 0s 66 cacheUnauthorizedTTL: 0s 67 cgroupDriver: systemd 68 clusterDNS: 69 - 10.128.0.10 70 clusterDomain: cluster.local 71 containerRuntimeEndpoint: "" 72 cpuManagerReconcilePeriod: 0s 73 evictionPressureTransitionPeriod: 0s 74 fileCheckFrequency: 0s 75 healthzBindAddress: 127.0.0.1 76 healthzPort: 10248 77 httpCheckFrequency: 0s 78 imageMinimumGCAge: 0s 79 logging: 80 flushFrequency: 0 81 options: 82 json: 83 infoBufferSize: "0" 84 verbosity: 0 85 memorySwap: {} 86 nodeStatusReportFrequency: 0s 87 nodeStatusUpdateFrequency: 0s 88 rotateCertificates: true 89 runtimeRequestTimeout: 0s 90 shutdownGracePeriod: 0s 91 shutdownGracePeriodCriticalPods: 0s 92 staticPodPath: /etc/kubernetes/manifests 93 streamingConnectionIdleTimeout: 0s 94 syncFrequency: 0s 95 volumeStatsAggPeriod: 0s 96 initConfiguration: 97 nodeRegistration: 98 criSocket: unix:///var/run/containerd/containerd.sock 99 # Here we configure kubelet to use the KubeletConfiguration file we put on nodes via KubeadmConfigSpec.files 100 kubeletExtraArgs: 101 config: "/etc/kubernetes/kubelet/config.yaml" 102 joinConfiguration: 103 nodeRegistration: 104 criSocket: unix:///var/run/containerd/containerd.sock 105 # Here we configure kubelet to use the KubeletConfiguration file we put on nodes via KubeadmConfigSpec.files 106 kubeletExtraArgs: 107 config: "/etc/kubernetes/kubelet/config.yaml" 108 ``` 109 110 ### KubeadmConfigTemplate 111 112 ```yaml 113 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 114 kind: KubeadmConfigTemplate 115 metadata: 116 name: cloudinit-default-worker-bootstraptemplate 117 namespace: default 118 spec: 119 template: 120 spec: 121 files: 122 # We puts a KubeletConfiguration file on nodes via KubeadmConfigSpec.files 123 # In this example, we directly put the file content in the KubeadmConfigSpec.files.content field. 124 - path: /etc/kubernetes/kubelet/config.yaml 125 owner: "root:root" 126 permissions: "0644" 127 content: | 128 apiVersion: kubelet.config.k8s.io/v1beta1 129 kind: KubeletConfiguration 130 kubeReserved: 131 cpu: "1" 132 memory: "2Gi" 133 ephemeral-storage: "1Gi" 134 systemReserved: 135 cpu: "500m" 136 memory: "1Gi" 137 ephemeral-storage: "1Gi" 138 evictionHard: 139 memory.available: "500Mi" 140 nodefs.available: "10%" 141 authentication: 142 anonymous: 143 enabled: false 144 webhook: 145 cacheTTL: 0s 146 enabled: true 147 x509: 148 clientCAFile: /etc/kubernetes/pki/ca.crt 149 authorization: 150 mode: Webhook 151 webhook: 152 cacheAuthorizedTTL: 0s 153 cacheUnauthorizedTTL: 0s 154 cgroupDriver: systemd 155 clusterDNS: 156 - 10.128.0.10 157 clusterDomain: cluster.local 158 containerRuntimeEndpoint: "" 159 cpuManagerReconcilePeriod: 0s 160 evictionPressureTransitionPeriod: 0s 161 fileCheckFrequency: 0s 162 healthzBindAddress: 127.0.0.1 163 healthzPort: 10248 164 httpCheckFrequency: 0s 165 imageMinimumGCAge: 0s 166 logging: 167 flushFrequency: 0 168 options: 169 json: 170 infoBufferSize: "0" 171 verbosity: 0 172 memorySwap: {} 173 nodeStatusReportFrequency: 0s 174 nodeStatusUpdateFrequency: 0s 175 rotateCertificates: true 176 runtimeRequestTimeout: 0s 177 shutdownGracePeriod: 0s 178 shutdownGracePeriodCriticalPods: 0s 179 staticPodPath: /etc/kubernetes/manifests 180 streamingConnectionIdleTimeout: 0s 181 syncFrequency: 0s 182 volumeStatsAggPeriod: 0s 183 joinConfiguration: 184 nodeRegistration: 185 criSocket: unix:///var/run/containerd/containerd.sock 186 # Here we configure kubelet to use the KubeletConfiguration file we put on nodes via KubeadmConfigSpec.files 187 kubeletExtraArgs: 188 config: "/etc/kubernetes/kubelet/config.yaml" 189 ``` 190 191 ## Set kubelet flags via `KubeadmConfigSpec.kubeletExtraArgs` 192 193 We can pass kubelet command-line flags via `KubeadmConfigSpec.kubeletExtraArgs`. This example is equivalent to setting `--kube-reserved`, `--system-reserved`, and `--eviction-hard` flags for the kubelet command. 194 195 This method is useful when you want to set kubelet flags that are not configurable via the `KubeletConfiguration` file, however, it is not recommended to use this method to set flags that are configurable via the `KubeletConfiguration` file. 196 197 ### KubeadmControlPlaneTemplate 198 199 ```yaml 200 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 201 kind: KubeadmControlPlaneTemplate 202 metadata: 203 name: kubelet-extra-args-control-plane 204 namespace: default 205 spec: 206 template: 207 spec: 208 kubeadmConfigSpec: 209 initConfiguration: 210 nodeRegistration: 211 criSocket: unix:///var/run/containerd/containerd.sock 212 # Set kubelet flags via KubeadmConfigSpec.kubeletExtraArgs 213 kubeletExtraArgs: 214 kube-reserved: cpu=1,memory=2Gi,ephemeral-storage=1Gi 215 system-reserved: cpu=500m,memory=1Gi,ephemeral-storage=1Gi 216 eviction-hard: memory.available<500Mi,nodefs.available<10% 217 joinConfiguration: 218 nodeRegistration: 219 criSocket: unix:///var/run/containerd/containerd.sock 220 # Set kubelet flags via KubeadmConfigSpec.kubeletExtraArgs 221 kubeletExtraArgs: 222 kube-reserved: cpu=1,memory=2Gi,ephemeral-storage=1Gi 223 system-reserved: cpu=500m,memory=1Gi,ephemeral-storage=1Gi 224 eviction-hard: memory.available<500Mi,nodefs.available<10% 225 ``` 226 227 ### KubeadmConfigTemplate 228 229 ```yaml 230 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 231 kind: KubeadmConfigTemplate 232 metadata: 233 name: kubelet-extra-args-default-worker-bootstraptemplate 234 namespace: default 235 spec: 236 template: 237 spec: 238 joinConfiguration: 239 nodeRegistration: 240 criSocket: unix:///var/run/containerd/containerd.sock 241 # Set kubelet flags via KubeadmConfigSpec.kubeletExtraArgs 242 kubeletExtraArgs: 243 kube-reserved: cpu=1,memory=2Gi,ephemeral-storage=1Gi 244 system-reserved: cpu=500m,memory=1Gi,ephemeral-storage=1Gi 245 eviction-hard: memory.available<500Mi,nodefs.available<10% 246 ``` 247 248 ## Use kubeadm's `kubeletconfiguration` patch target 249 250 We can use kubeadm's `kubeletconfiguration` patch target to patch the kubelet configuration file. In this example, we put a patch file for `kubeletconfiguration` target in `strategic` `patchtype` on nodes via `KubeadmConfigSpec.files`. For more details, see [Customizing components with the kubeadm API | Kubernetes](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches) 251 252 This method is useful when you want to change the kubelet configuration file partially on specific nodes. For example, you can deploy a partially patched kubelet configuration file on specific nodes based on the default configuration used for `kubeadm init` or `kubeadm join`. 253 254 ### KubeadmControlPlaneTemplate 255 256 ```yaml 257 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 258 kind: KubeadmControlPlaneTemplate 259 metadata: 260 name: kubeadm-config-template-control-plane 261 namespace: default 262 spec: 263 template: 264 spec: 265 kubeadmConfigSpec: 266 files: 267 # Here we put a patch file for kubeletconfiguration target in strategic patchtype on nodes via KubeadmConfigSpec.files 268 # The naming convention of the patch file is kubeletconfiguration{suffix}+{patchtype}.json where {suffix} is an string and {patchtype} is one of the following: strategic, merge, json. 269 # {suffix} determines the order of the patch files. The patches are applied in the alpha-numerical order of the {suffix}. 270 - path: /etc/kubernetes/patches/kubeletconfiguration0+strategic.json 271 owner: "root:root" 272 permissions: "0644" 273 content: | 274 { 275 "apiVersion": "kubelet.config.k8s.io/v1beta1", 276 "kind": "KubeletConfiguration", 277 "kubeReserved": { 278 "cpu": "1", 279 "memory": "2Gi", 280 "ephemeral-storage": "1Gi", 281 }, 282 "systemReserved": { 283 "cpu": "500m", 284 "memory": "1Gi", 285 "ephemeral-storage": "1Gi", 286 }, 287 "evictionHard": { 288 "memory.available": "500Mi", 289 "nodefs.available": "10%", 290 }, 291 } 292 initConfiguration: 293 nodeRegistration: 294 criSocket: unix:///var/run/containerd/containerd.sock 295 # Here we specify the directory that contains the patch files 296 patches: 297 directory: /etc/kubernetes/patches 298 joinConfiguration: 299 nodeRegistration: 300 criSocket: unix:///var/run/containerd/containerd.sock 301 # Here we specify the directory that contains the patch files 302 patches: 303 directory: /etc/kubernetes/patches 304 ``` 305 306 ### KubeadmConfigTemplate 307 308 ```yaml 309 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 310 kind: KubeadmConfigTemplate 311 metadata: 312 name: kubeadm-config-template-default-worker-bootstraptemplate 313 namespace: default 314 spec: 315 template: 316 spec: 317 files: 318 # Here we put a patch file for kubeletconfiguration target in strategic patchtype on nodes via KubeadmConfigSpec.files 319 # The naming convention of the patch file is kubeletconfiguration{suffix}+{patchtype}.json where {suffix} is an string and {patchtype} is one of the following: strategic, merge, json. 320 # {suffix} determines the order of the patch files. The patches are applied in the alpha-numerical order of the {suffix}. 321 - path: /etc/kubernetes/patches/kubeletconfiguration0+strategic.json 322 owner: "root:root" 323 permissions: "0644" 324 content: | 325 { 326 "apiVersion": "kubelet.config.k8s.io/v1beta1", 327 "kind": "KubeletConfiguration", 328 "kubeReserved": { 329 "cpu": "1", 330 "memory": "2Gi", 331 "ephemeral-storage": "1Gi", 332 }, 333 "systemReserved": { 334 "cpu": "500m", 335 "memory": "1Gi", 336 "ephemeral-storage": "1Gi", 337 }, 338 "evictionHard": { 339 "memory.available": "500Mi", 340 "nodefs.available": "10%", 341 }, 342 } 343 joinConfiguration: 344 nodeRegistration: 345 criSocket: unix:///var/run/containerd/containerd.sock 346 # Here we specify the directory that contains the patch files 347 patches: 348 directory: /etc/kubernetes/patches 349 ```