Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func RegisterDeepCopies(scheme *runtime.Scheme) errordeprecated
- func Resource(resource string) schema.GroupResource
- type ConfigurationMap
- type HairpinMode
- type KubeletAnonymousAuthentication
- type KubeletAuthentication
- type KubeletAuthorization
- type KubeletAuthorizationMode
- type KubeletConfiguration
- type KubeletWebhookAuthentication
- type KubeletWebhookAuthorization
- type KubeletX509Authentication
Constants ¶
const ( // Set the hairpin flag on the veth of containers in the respective // container runtime. HairpinVeth = "hairpin-veth" // Make the container bridge promiscuous. This will force it to accept // hairpin packets, even if the flag isn't set on ports of the bridge. PromiscuousBridge = "promiscuous-bridge" // Neither of the above. If the kubelet is started in this hairpin mode // and kube-proxy is running in iptables mode, hairpin packets will be // dropped by the container bridge. HairpinNone = "none" )
Enum settings for different ways to handle hairpin packets.
const GroupName = "kubeletconfig"
GroupName is the group name use in this package
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func RegisterDeepCopies
deprecated
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ConfigurationMap ¶
func (*ConfigurationMap) Set ¶
func (m *ConfigurationMap) Set(value string) error
func (*ConfigurationMap) String ¶
func (m *ConfigurationMap) String() string
func (*ConfigurationMap) Type ¶
func (*ConfigurationMap) Type() string
type HairpinMode ¶
type HairpinMode string
HairpinMode denotes how the kubelet should configure networking to handle hairpin packets.
type KubeletAnonymousAuthentication ¶
type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests. // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. Enabled bool }
func (*KubeletAnonymousAuthentication) DeepCopy ¶
func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication.
func (*KubeletAnonymousAuthentication) DeepCopyInto ¶
func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthentication ¶
type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication X509 KubeletX509Authentication // webhook contains settings related to webhook bearer token authentication Webhook KubeletWebhookAuthentication // anonymous contains settings related to anonymous authentication Anonymous KubeletAnonymousAuthentication }
func (*KubeletAuthentication) DeepCopy ¶
func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication.
func (*KubeletAuthentication) DeepCopyInto ¶
func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorization ¶
type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. // Webhook mode uses the SubjectAccessReview API to determine authorization. Mode KubeletAuthorizationMode // webhook contains settings related to Webhook authorization. Webhook KubeletWebhookAuthorization }
func (*KubeletAuthorization) DeepCopy ¶
func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization.
func (*KubeletAuthorization) DeepCopyInto ¶
func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorizationMode ¶
type KubeletAuthorizationMode string
const ( // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" )
type KubeletConfiguration ¶
type KubeletConfiguration struct { metav1.TypeMeta // Only used for dynamic configuration. // The length of the trial period for this configuration. This configuration will become the last-known-good after this duration. ConfigTrialDuration *metav1.Duration // podManifestPath is the path to the directory containing pod manifests to // run, or the path to a single manifest file PodManifestPath string // syncFrequency is the max period between synchronizing running // containers and config SyncFrequency metav1.Duration // fileCheckFrequency is the duration between checking config files for // new data FileCheckFrequency metav1.Duration // httpCheckFrequency is the duration between checking http for new data HTTPCheckFrequency metav1.Duration // manifestURL is the URL for accessing the container manifest ManifestURL string // manifestURLHeader is the HTTP header to use when accessing the manifest // URL, with the key separated from the value with a ':', as in 'key:value' ManifestURLHeader string // enableServer enables the Kubelet's server EnableServer bool // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 // for all interfaces) Address string // port is the port for the Kubelet to serve on. Port int32 // readOnlyPort is the read-only port for the Kubelet to serve on with // no authentication/authorization (set to 0 to disable) ReadOnlyPort int32 // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // if any, concatenated after server cert). If tlsCertFile and // tlsPrivateKeyFile are not provided, a self-signed certificate // and key are generated for the public address and saved to the directory // passed to certDir. TLSCertFile string // tlsPrivateKeyFile is the ile containing x509 private key matching // tlsCertFile. TLSPrivateKeyFile string // authentication specifies how requests to the Kubelet's server are authenticated Authentication KubeletAuthentication // authorization specifies how requests to the Kubelet's server are authorized Authorization KubeletAuthorization // seccompProfileRoot is the directory path for seccomp profiles. SeccompProfileRoot string // allowPrivileged enables containers to request privileged mode. // Defaults to false. AllowPrivileged bool // hostNetworkSources is a comma-separated list of sources from which the // Kubelet allows pods to use of host network. Defaults to "*". Valid // options are "file", "http", "api", and "*" (all sources). HostNetworkSources []string // hostPIDSources is a comma-separated list of sources from which the // Kubelet allows pods to use the host pid namespace. Defaults to "*". HostPIDSources []string // hostIPCSources is a comma-separated list of sources from which the // Kubelet allows pods to use the host ipc namespace. Defaults to "*". HostIPCSources []string // registryPullQPS is the limit of registry pulls per second. If 0, // unlimited. Set to 0 for no limit. Defaults to 5.0. RegistryPullQPS int32 // registryBurst is the maximum size of a bursty pulls, temporarily allows // pulls to burst to this number, while still not exceeding registryQps. // Only used if registryQPS > 0. RegistryBurst int32 // eventRecordQPS is the maximum event creations per second. If 0, there // is no limit enforced. EventRecordQPS int32 // eventBurst is the maximum size of a bursty event records, temporarily // allows event records to burst to this number, while still not exceeding // event-qps. Only used if eventQps > 0 EventBurst int32 // enableDebuggingHandlers enables server endpoints for log collection // and local running of containers and commands EnableDebuggingHandlers bool // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. EnableContentionProfiling bool // minimumGCAge is the minimum age for a finished container before it is // garbage collected. MinimumGCAge metav1.Duration // maxPerPodContainerCount is the maximum number of old instances to // retain per container. Each container takes up some disk space. MaxPerPodContainerCount int32 // maxContainerCount is the maximum number of old instances of containers // to retain globally. Each container takes up some disk space. MaxContainerCount int32 // cAdvisorPort is the port of the localhost cAdvisor endpoint (set to 0 to disable) CAdvisorPort int32 // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable) HealthzPort int32 // healthzBindAddress is the IP address for the healthz server to serve // on. HealthzBindAddress string // oomScoreAdj is The oom-score-adj value for kubelet process. Values // must be within the range [-1000, 1000]. OOMScoreAdj int32 // registerNode enables automatic registration with the apiserver. RegisterNode bool // clusterDomain is the DNS domain for this cluster. If set, kubelet will // configure all containers to search this domain in addition to the // host's search domains. ClusterDomain string // masterServiceNamespace is The namespace from which the kubernetes // master services should be injected into pods. MasterServiceNamespace string // clusterDNS is a list of IP address for a cluster DNS server. If set, // kubelet will configure all containers to use this for DNS resolution // instead of the host's DNS servers ClusterDNS []string // streamingConnectionIdleTimeout is the maximum time a streaming connection // can be idle before the connection is automatically closed. StreamingConnectionIdleTimeout metav1.Duration // nodeStatusUpdateFrequency is the frequency that kubelet posts node // status to master. Note: be cautious when changing the constant, it // must work with nodeMonitorGracePeriod in nodecontroller. NodeStatusUpdateFrequency metav1.Duration // imageMinimumGCAge is the minimum age for an unused image before it is // garbage collected. ImageMinimumGCAge metav1.Duration // imageGCHighThresholdPercent is the percent of disk usage after which // image garbage collection is always run. ImageGCHighThresholdPercent int32 // imageGCLowThresholdPercent is the percent of disk usage before which // image garbage collection is never run. Lowest disk usage to garbage // collect to. ImageGCLowThresholdPercent int32 // How frequently to calculate and cache volume disk usage for all pods VolumeStatsAggPeriod metav1.Duration // volumePluginDir is the full path of the directory in which to search // for additional third party volume plugins VolumePluginDir string // KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. // +optional KubeletCgroups string // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes // And all Burstable and BestEffort pods are brought up under their // specific top level QoS cgroup. // +optional CgroupsPerQOS bool // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) // +optional CgroupDriver string // Cgroups that container runtime is expected to be isolated in. // +optional RuntimeCgroups string // SystemCgroups is absolute name of cgroups in which to place // all non-kernel processes that are not already in a container. Empty // for no container. Rolling back the flag requires a reboot. // +optional SystemCgroups string // CgroupRoot is the root cgroup to use for pods. // If CgroupsPerQOS is enabled, this is the root of the QoS cgroup hierarchy. // +optional CgroupRoot string // containerRuntime is the container runtime to use. ContainerRuntime string // remoteRuntimeEndpoint is the endpoint of remote runtime service RemoteRuntimeEndpoint string // remoteImageEndpoint is the endpoint of remote image service RemoteImageEndpoint string // CPUManagerPolicy is the name of the policy to use. CPUManagerPolicy string // CPU Manager reconciliation period. CPUManagerReconcilePeriod metav1.Duration // runtimeRequestTimeout is the timeout for all runtime requests except long running // requests - pull, logs, exec and attach. // +optional RuntimeRequestTimeout metav1.Duration // experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path ExperimentalMounterPath string // lockFilePath is the path that kubelet will use to as a lock file. // It uses this file as a lock to synchronize with other kubelet processes // that may be running. LockFilePath string // ExitOnLockContention is a flag that signifies to the kubelet that it is running // in "bootstrap" mode. This requires that 'LockFilePath' has been set. // This will cause the kubelet to listen to inotify events on the lock file, // releasing it and exiting when another process tries to open that file. ExitOnLockContention bool // How should the kubelet configure the container bridge for hairpin packets. // Setting this flag allows endpoints in a Service to loadbalance back to // themselves if they should try to access their own Service. Values: // "promiscuous-bridge": make the container bridge promiscuous. // "hairpin-veth": set the hairpin flag on container veth interfaces. // "none": do nothing. // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, // because promiscous-bridge assumes the existence of a container bridge named cbr0. HairpinMode string // maxPods is the number of pods that can run on this Kubelet. MaxPods int32 // The CIDR to use for pod IP addresses, only used in standalone mode. // In cluster mode, this is obtained from the master. PodCIDR string // ResolverConfig is the resolver configuration file used as the basis // for the container DNS resolution configuration."), [] ResolverConfig string // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that // specify CPU limits CPUCFSQuota bool // containerized should be set to true if kubelet is running in a container. Containerized bool // maxOpenFiles is Number of files that can be opened by Kubelet process. MaxOpenFiles int64 // registerSchedulable tells the kubelet to register the node as // schedulable. Won't have any effect if register-node is false. // DEPRECATED: use registerWithTaints instead RegisterSchedulable bool // registerWithTaints are an array of taints to add to a node object when // the kubelet registers itself. This only takes effect when registerNode // is true and upon the initial registration of the node. RegisterWithTaints []api.Taint // contentType is contentType of requests sent to apiserver. ContentType string // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver KubeAPIQPS int32 // kubeAPIBurst is the burst to allow while talking with kubernetes // apiserver KubeAPIBurst int32 // serializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details. SerializeImagePulls bool // nodeLabels to add when registering the node in the cluster. NodeLabels map[string]string // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. NonMasqueradeCIDR string // enable gathering custom metrics. EnableCustomMetrics bool // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. // +optional EvictionHard string // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. // +optional EvictionSoft string // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. // +optional EvictionSoftGracePeriod string // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. // +optional EvictionPressureTransitionPeriod metav1.Duration // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. // +optional EvictionMaxPodGracePeriod int32 // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. // +optional EvictionMinimumReclaim string // If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. // +optional ExperimentalKernelMemcgNotification bool // Maximum number of pods per core. Cannot exceed MaxPods PodsPerCore int32 // enableControllerAttachDetach enables the Attach/Detach controller to // manage attachment/detachment of volumes scheduled to this node, and // disables kubelet from executing any attach/detach operations EnableControllerAttachDetach bool // A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe // how pod resource requests are reserved at the QoS level. // Currently only memory is supported. [default=none]" ExperimentalQOSReserved ConfigurationMap // Default behaviour for kernel tuning ProtectKernelDefaults bool // If true, Kubelet ensures a set of iptables rules are present on host. // These rules will serve as utility for various components, e.g. kube-proxy. // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. MakeIPTablesUtilChains bool // iptablesMasqueradeBit is the bit of the iptables fwmark space to use for SNAT // Values must be within the range [0, 31]. // Warning: Please match the value of corresponding parameter in kube-proxy // TODO: clean up IPTablesMasqueradeBit in kube-proxy IPTablesMasqueradeBit int32 // iptablesDropBit is the bit of the iptables fwmark space to use for dropping packets. Kubelet will ensure iptables mark and drop rules. // Values must be within the range [0, 31]. Must be different from IPTablesMasqueradeBit IPTablesDropBit int32 // Whitelist of unsafe sysctls or sysctl patterns (ending in *). // +optional AllowedUnsafeSysctls []string // featureGates is a string of comma-separated key=value pairs that describe feature // gates for alpha/experimental features. FeatureGates string // Tells the Kubelet to fail to start if swap is enabled on the node. FailSwapOn bool // This flag, if set, enables a check prior to mount operations to verify that the required components // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled // and fails the mount operation fails. ExperimentalCheckNodeCapabilitiesBeforeMount bool // This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node. // This can be useful for debugging volume related issues. KeepTerminatedPodVolumes bool // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for non-kubernetes components. // Currently only cpu and memory are supported. [default=none] // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. SystemReserved ConfigurationMap // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for kubernetes system components. // Currently cpu, memory and local ephemeral storage for root file system are supported. [default=none] // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. KubeReserved ConfigurationMap // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. SystemReservedCgroup string // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. KubeReservedCgroup string // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. // This flag accepts a list of options. Acceptable options are `pods`, `system-reserved` & `kube-reserved`. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. EnforceNodeAllocatable []string // This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. ExperimentalNodeAllocatableIgnoreEvictionThreshold bool }
A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true:
- its value will never, or cannot safely be changed during the lifetime of a node
- its value cannot be safely shared between nodes at the same time (e.g. a hostname) KubeletConfiguration is intended to be shared between nodes
In general, please try to avoid adding flags or configuration fields, we already have a confusingly large amount of them. TODO: curate the ordering and structure of this config object
func (*KubeletConfiguration) DeepCopy ¶
func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration.
func (*KubeletConfiguration) DeepCopyInto ¶
func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeletConfiguration) DeepCopyObject ¶
func (in *KubeletConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeletWebhookAuthentication ¶
type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API Enabled bool // cacheTTL enables caching of authentication results CacheTTL metav1.Duration }
func (*KubeletWebhookAuthentication) DeepCopy ¶
func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication.
func (*KubeletWebhookAuthentication) DeepCopyInto ¶
func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletWebhookAuthorization ¶
type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. CacheAuthorizedTTL metav1.Duration CacheUnauthorizedTTL metav1.Duration }
func (*KubeletWebhookAuthorization) DeepCopy ¶
func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization.
func (*KubeletWebhookAuthorization) DeepCopyInto ¶
func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletX509Authentication ¶
type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, // and groups corresponding to the Organization in the client certificate. ClientCAFile string }
func (*KubeletX509Authentication) DeepCopy ¶
func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication.
func (*KubeletX509Authentication) DeepCopyInto ¶
func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.