Documentation
¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func RegisterDeepCopies(scheme *runtime.Scheme) errordeprecated
- func Resource(resource string) schema.GroupResource
- type ConfigurationMap
- type HairpinMode
- type KubeletAnonymousAuthentication
- type KubeletAuthentication
- type KubeletAuthorization
- type KubeletAuthorizationMode
- type KubeletConfiguration
- type KubeletWebhookAuthentication
- type KubeletWebhookAuthorization
- type KubeletX509Authentication
Constants ¶
View Source
const ( // Set the hairpin flag on the veth of containers in the respective // container runtime. HairpinVeth = "hairpin-veth" // Make the container bridge promiscuous. This will force it to accept // hairpin packets, even if the flag isn't set on ports of the bridge. PromiscuousBridge = "promiscuous-bridge" // Neither of the above. If the kubelet is started in this hairpin mode // and kube-proxy is running in iptables mode, hairpin packets will be // dropped by the container bridge. HairpinNone = "none" )
Enum settings for different ways to handle hairpin packets.
View Source
const GroupName = "kubeletconfig"
GroupName is the group name use in this package
Variables ¶
View Source
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func RegisterDeepCopies
deprecated
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ConfigurationMap ¶
func (*ConfigurationMap) Set ¶
func (m *ConfigurationMap) Set(value string) error
func (*ConfigurationMap) String ¶
func (m *ConfigurationMap) String() string
func (*ConfigurationMap) Type ¶
func (*ConfigurationMap) Type() string
type HairpinMode ¶
type HairpinMode string
HairpinMode denotes how the kubelet should configure networking to handle hairpin packets.
type KubeletAnonymousAuthentication ¶
type KubeletAnonymousAuthentication struct {
// enabled allows anonymous requests to the kubelet server.
// Requests that are not rejected by another authentication method are treated as anonymous requests.
// Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated.
Enabled bool
}
func (*KubeletAnonymousAuthentication) DeepCopy ¶
func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication.
func (*KubeletAnonymousAuthentication) DeepCopyInto ¶
func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthentication ¶
type KubeletAuthentication struct {
// x509 contains settings related to x509 client certificate authentication
X509 KubeletX509Authentication
// webhook contains settings related to webhook bearer token authentication
Webhook KubeletWebhookAuthentication
// anonymous contains settings related to anonymous authentication
Anonymous KubeletAnonymousAuthentication
}
func (*KubeletAuthentication) DeepCopy ¶
func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication.
func (*KubeletAuthentication) DeepCopyInto ¶
func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorization ¶
type KubeletAuthorization struct {
// mode is the authorization mode to apply to requests to the kubelet server.
// Valid values are AlwaysAllow and Webhook.
// Webhook mode uses the SubjectAccessReview API to determine authorization.
Mode KubeletAuthorizationMode
// webhook contains settings related to Webhook authorization.
Webhook KubeletWebhookAuthorization
}
func (*KubeletAuthorization) DeepCopy ¶
func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization.
func (*KubeletAuthorization) DeepCopyInto ¶
func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorizationMode ¶
type KubeletAuthorizationMode string
const ( // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" )
type KubeletConfiguration ¶
type KubeletConfiguration struct {
metav1.TypeMeta
// Only used for dynamic configuration.
// The length of the trial period for this configuration. This configuration will become the last-known-good after this duration.
ConfigTrialDuration *metav1.Duration
// podManifestPath is the path to the directory containing pod manifests to
// run, or the path to a single manifest file
PodManifestPath string
// syncFrequency is the max period between synchronizing running
// containers and config
SyncFrequency metav1.Duration
// fileCheckFrequency is the duration between checking config files for
// new data
FileCheckFrequency metav1.Duration
// httpCheckFrequency is the duration between checking http for new data
HTTPCheckFrequency metav1.Duration
// manifestURL is the URL for accessing the container manifest
ManifestURL string
// manifestURLHeader is the HTTP header to use when accessing the manifest
// URL, with the key separated from the value with a ':', as in 'key:value'
ManifestURLHeader string
// enableServer enables the Kubelet's server
EnableServer bool
// address is the IP address for the Kubelet to serve on (set to 0.0.0.0
// for all interfaces)
Address string
// port is the port for the Kubelet to serve on.
Port int32
// readOnlyPort is the read-only port for the Kubelet to serve on with
// no authentication/authorization (set to 0 to disable)
ReadOnlyPort int32
// tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert,
// if any, concatenated after server cert). If tlsCertFile and
// tlsPrivateKeyFile are not provided, a self-signed certificate
// and key are generated for the public address and saved to the directory
// passed to certDir.
TLSCertFile string
// tlsPrivateKeyFile is the ile containing x509 private key matching
// tlsCertFile.
TLSPrivateKeyFile string
// authentication specifies how requests to the Kubelet's server are authenticated
Authentication KubeletAuthentication
// authorization specifies how requests to the Kubelet's server are authorized
Authorization KubeletAuthorization
// seccompProfileRoot is the directory path for seccomp profiles.
SeccompProfileRoot string
// allowPrivileged enables containers to request privileged mode.
// Defaults to false.
AllowPrivileged bool
// hostNetworkSources is a comma-separated list of sources from which the
// Kubelet allows pods to use of host network. Defaults to "*". Valid
// options are "file", "http", "api", and "*" (all sources).
HostNetworkSources []string
// hostPIDSources is a comma-separated list of sources from which the
// Kubelet allows pods to use the host pid namespace. Defaults to "*".
HostPIDSources []string
// hostIPCSources is a comma-separated list of sources from which the
// Kubelet allows pods to use the host ipc namespace. Defaults to "*".
HostIPCSources []string
// registryPullQPS is the limit of registry pulls per second. If 0,
// unlimited. Set to 0 for no limit. Defaults to 5.0.
RegistryPullQPS int32
// registryBurst is the maximum size of a bursty pulls, temporarily allows
// pulls to burst to this number, while still not exceeding registryQps.
// Only used if registryQPS > 0.
RegistryBurst int32
// eventRecordQPS is the maximum event creations per second. If 0, there
// is no limit enforced.
EventRecordQPS int32
// eventBurst is the maximum size of a bursty event records, temporarily
// allows event records to burst to this number, while still not exceeding
// event-qps. Only used if eventQps > 0
EventBurst int32
// enableDebuggingHandlers enables server endpoints for log collection
// and local running of containers and commands
EnableDebuggingHandlers bool
// enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true.
EnableContentionProfiling bool
// minimumGCAge is the minimum age for a finished container before it is
// garbage collected.
MinimumGCAge metav1.Duration
// maxPerPodContainerCount is the maximum number of old instances to
// retain per container. Each container takes up some disk space.
MaxPerPodContainerCount int32
// maxContainerCount is the maximum number of old instances of containers
// to retain globally. Each container takes up some disk space.
MaxContainerCount int32
// cAdvisorPort is the port of the localhost cAdvisor endpoint (set to 0 to disable)
CAdvisorPort int32
// healthzPort is the port of the localhost healthz endpoint (set to 0 to disable)
HealthzPort int32
// healthzBindAddress is the IP address for the healthz server to serve
// on.
HealthzBindAddress string
// oomScoreAdj is The oom-score-adj value for kubelet process. Values
// must be within the range [-1000, 1000].
OOMScoreAdj int32
// registerNode enables automatic registration with the apiserver.
RegisterNode bool
// clusterDomain is the DNS domain for this cluster. If set, kubelet will
// configure all containers to search this domain in addition to the
// host's search domains.
ClusterDomain string
// masterServiceNamespace is The namespace from which the kubernetes
// master services should be injected into pods.
MasterServiceNamespace string
// clusterDNS is a list of IP address for a cluster DNS server. If set,
// kubelet will configure all containers to use this for DNS resolution
// instead of the host's DNS servers
ClusterDNS []string
// streamingConnectionIdleTimeout is the maximum time a streaming connection
// can be idle before the connection is automatically closed.
StreamingConnectionIdleTimeout metav1.Duration
// nodeStatusUpdateFrequency is the frequency that kubelet posts node
// status to master. Note: be cautious when changing the constant, it
// must work with nodeMonitorGracePeriod in nodecontroller.
NodeStatusUpdateFrequency metav1.Duration
// imageMinimumGCAge is the minimum age for an unused image before it is
// garbage collected.
ImageMinimumGCAge metav1.Duration
// imageGCHighThresholdPercent is the percent of disk usage after which
// image garbage collection is always run.
ImageGCHighThresholdPercent int32
// imageGCLowThresholdPercent is the percent of disk usage before which
// image garbage collection is never run. Lowest disk usage to garbage
// collect to.
ImageGCLowThresholdPercent int32
// How frequently to calculate and cache volume disk usage for all pods
VolumeStatsAggPeriod metav1.Duration
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins
VolumePluginDir string
// KubeletCgroups is the absolute name of cgroups to isolate the kubelet in.
// +optional
KubeletCgroups string
// Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes
// And all Burstable and BestEffort pods are brought up under their
// specific top level QoS cgroup.
// +optional
CgroupsPerQOS bool
// driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd)
// +optional
CgroupDriver string
// Cgroups that container runtime is expected to be isolated in.
// +optional
RuntimeCgroups string
// SystemCgroups is absolute name of cgroups in which to place
// all non-kernel processes that are not already in a container. Empty
// for no container. Rolling back the flag requires a reboot.
// +optional
SystemCgroups string
// CgroupRoot is the root cgroup to use for pods.
// If CgroupsPerQOS is enabled, this is the root of the QoS cgroup hierarchy.
// +optional
CgroupRoot string
// containerRuntime is the container runtime to use.
ContainerRuntime string
// remoteRuntimeEndpoint is the endpoint of remote runtime service
RemoteRuntimeEndpoint string
// remoteImageEndpoint is the endpoint of remote image service
RemoteImageEndpoint string
// CPUManagerPolicy is the name of the policy to use.
CPUManagerPolicy string
// CPU Manager reconciliation period.
CPUManagerReconcilePeriod metav1.Duration
// runtimeRequestTimeout is the timeout for all runtime requests except long running
// requests - pull, logs, exec and attach.
// +optional
RuntimeRequestTimeout metav1.Duration
// experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path
ExperimentalMounterPath string
// lockFilePath is the path that kubelet will use to as a lock file.
// It uses this file as a lock to synchronize with other kubelet processes
// that may be running.
LockFilePath string
// ExitOnLockContention is a flag that signifies to the kubelet that it is running
// in "bootstrap" mode. This requires that 'LockFilePath' has been set.
// This will cause the kubelet to listen to inotify events on the lock file,
// releasing it and exiting when another process tries to open that file.
ExitOnLockContention bool
// How should the kubelet configure the container bridge for hairpin packets.
// Setting this flag allows endpoints in a Service to loadbalance back to
// themselves if they should try to access their own Service. Values:
// "promiscuous-bridge": make the container bridge promiscuous.
// "hairpin-veth": set the hairpin flag on container veth interfaces.
// "none": do nothing.
// Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT,
// because promiscous-bridge assumes the existence of a container bridge named cbr0.
HairpinMode string
// maxPods is the number of pods that can run on this Kubelet.
MaxPods int32
// The CIDR to use for pod IP addresses, only used in standalone mode.
// In cluster mode, this is obtained from the master.
PodCIDR string
// ResolverConfig is the resolver configuration file used as the basis
// for the container DNS resolution configuration."), []
ResolverConfig string
// cpuCFSQuota is Enable CPU CFS quota enforcement for containers that
// specify CPU limits
CPUCFSQuota bool
// containerized should be set to true if kubelet is running in a container.
Containerized bool
// maxOpenFiles is Number of files that can be opened by Kubelet process.
MaxOpenFiles int64
// registerSchedulable tells the kubelet to register the node as
// schedulable. Won't have any effect if register-node is false.
// DEPRECATED: use registerWithTaints instead
RegisterSchedulable bool
// registerWithTaints are an array of taints to add to a node object when
// the kubelet registers itself. This only takes effect when registerNode
// is true and upon the initial registration of the node.
RegisterWithTaints []api.Taint
// contentType is contentType of requests sent to apiserver.
ContentType string
// kubeAPIQPS is the QPS to use while talking with kubernetes apiserver
KubeAPIQPS int32
// kubeAPIBurst is the burst to allow while talking with kubernetes
// apiserver
KubeAPIBurst int32
// serializeImagePulls when enabled, tells the Kubelet to pull images one
// at a time. We recommend *not* changing the default value on nodes that
// run docker daemon with version < 1.9 or an Aufs storage backend.
// Issue #10959 has more details.
SerializeImagePulls bool
// nodeLabels to add when registering the node in the cluster.
NodeLabels map[string]string
// nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.
NonMasqueradeCIDR string
// enable gathering custom metrics.
EnableCustomMetrics bool
// Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'.
// +optional
EvictionHard string
// Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'.
// +optional
EvictionSoft string
// Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'.
// +optional
EvictionSoftGracePeriod string
// Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition.
// +optional
EvictionPressureTransitionPeriod metav1.Duration
// Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met.
// +optional
EvictionMaxPodGracePeriod int32
// Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.
// +optional
EvictionMinimumReclaim string
// If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling.
// +optional
ExperimentalKernelMemcgNotification bool
// Maximum number of pods per core. Cannot exceed MaxPods
PodsPerCore int32
// enableControllerAttachDetach enables the Attach/Detach controller to
// manage attachment/detachment of volumes scheduled to this node, and
// disables kubelet from executing any attach/detach operations
EnableControllerAttachDetach bool
// A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe
// how pod resource requests are reserved at the QoS level.
// Currently only memory is supported. [default=none]"
ExperimentalQOSReserved ConfigurationMap
// Default behaviour for kernel tuning
ProtectKernelDefaults bool
// If true, Kubelet ensures a set of iptables rules are present on host.
// These rules will serve as utility for various components, e.g. kube-proxy.
// The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit.
MakeIPTablesUtilChains bool
// iptablesMasqueradeBit is the bit of the iptables fwmark space to use for SNAT
// Values must be within the range [0, 31].
// Warning: Please match the value of corresponding parameter in kube-proxy
// TODO: clean up IPTablesMasqueradeBit in kube-proxy
IPTablesMasqueradeBit int32
// iptablesDropBit is the bit of the iptables fwmark space to use for dropping packets. Kubelet will ensure iptables mark and drop rules.
// Values must be within the range [0, 31]. Must be different from IPTablesMasqueradeBit
IPTablesDropBit int32
// Whitelist of unsafe sysctls or sysctl patterns (ending in *).
// +optional
AllowedUnsafeSysctls []string
// featureGates is a string of comma-separated key=value pairs that describe feature
// gates for alpha/experimental features.
FeatureGates string
// Tells the Kubelet to fail to start if swap is enabled on the node.
FailSwapOn bool
// This flag, if set, enables a check prior to mount operations to verify that the required components
// (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled
// and fails the mount operation fails.
ExperimentalCheckNodeCapabilitiesBeforeMount bool
// This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node.
// This can be useful for debugging volume related issues.
KeepTerminatedPodVolumes bool
// A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs
// that describe resources reserved for non-kubernetes components.
// Currently only cpu and memory are supported. [default=none]
// See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
SystemReserved ConfigurationMap
// A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs
// that describe resources reserved for kubernetes system components.
// Currently cpu, memory and local storage for root file system are supported. [default=none]
// See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
KubeReserved ConfigurationMap
// This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons.
// Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information.
SystemReservedCgroup string
// This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons.
// Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information.
KubeReservedCgroup string
// This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform.
// This flag accepts a list of options. Acceptable options are `pods`, `system-reserved` & `kube-reserved`.
// Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information.
EnforceNodeAllocatable []string
// This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable.
// Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information.
ExperimentalNodeAllocatableIgnoreEvictionThreshold bool
}
A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true:
- its value will never, or cannot safely be changed during the lifetime of a node
- its value cannot be safely shared between nodes at the same time (e.g. a hostname) KubeletConfiguration is intended to be shared between nodes
In general, please try to avoid adding flags or configuration fields, we already have a confusingly large amount of them. TODO: curate the ordering and structure of this config object
func (*KubeletConfiguration) DeepCopy ¶
func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration.
func (*KubeletConfiguration) DeepCopyInto ¶
func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeletConfiguration) DeepCopyObject ¶
func (in *KubeletConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeletWebhookAuthentication ¶
type KubeletWebhookAuthentication struct {
// enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API
Enabled bool
// cacheTTL enables caching of authentication results
CacheTTL metav1.Duration
}
func (*KubeletWebhookAuthentication) DeepCopy ¶
func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication.
func (*KubeletWebhookAuthentication) DeepCopyInto ¶
func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletWebhookAuthorization ¶
type KubeletWebhookAuthorization struct {
// cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer.
CacheAuthorizedTTL metav1.Duration
CacheUnauthorizedTTL metav1.Duration
}
func (*KubeletWebhookAuthorization) DeepCopy ¶
func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization.
func (*KubeletWebhookAuthorization) DeepCopyInto ¶
func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletX509Authentication ¶
type KubeletX509Authentication struct {
// clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate
// signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName,
// and groups corresponding to the Organization in the client certificate.
ClientCAFile string
}
func (*KubeletX509Authentication) DeepCopy ¶
func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication.
func (*KubeletX509Authentication) DeepCopyInto ¶
func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.