Documentation ¶
Index ¶
- Constants
- Variables
- func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, ...) error
- func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, ...) error
- func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, ...) error
- func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, ...) error
- func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, ...) error
- func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, ...) error
- func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, ...) error
- func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, ...) error
- func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, ...) error
- func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, ...) error
- func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, ...) error
- func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, ...) error
- func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, ...) error
- func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, ...) error
- func RegisterConversions(scheme *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
- func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
- type HairpinMode
- type KubeletAnonymousAuthentication
- type KubeletAuthentication
- type KubeletAuthorization
- type KubeletAuthorizationMode
- type KubeletConfiguration
- type KubeletWebhookAuthentication
- type KubeletWebhookAuthorization
- type KubeletX509Authentication
Constants ¶
const ( DefaultIPTablesMasqueradeBit = 14 DefaultIPTablesDropBit = 15 )
const ( // Set the hairpin flag on the veth of containers in the respective // container runtime. HairpinVeth = "hairpin-veth" // Make the container bridge promiscuous. This will force it to accept // hairpin packets, even if the flag isn't set on ports of the bridge. PromiscuousBridge = "promiscuous-bridge" // Neither of the above. If the kubelet is started in this hairpin mode // and kube-proxy is running in iptables mode, hairpin packets will be // dropped by the container bridge. HairpinNone = "none" )
Enum settings for different ways to handle hairpin packets.
const GroupName = "kubelet.config.k8s.io"
GroupName is the group name use in this package
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var ( // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. DefaultNodeAllocatableEnforcement = []string{"pods"} )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication ¶
func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication ¶
func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization ¶
func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error
Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration ¶
func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error
Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication ¶
func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization ¶
func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error
Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication ¶
func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication ¶
func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *kubeletconfig.KubeletAnonymousAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication ¶
func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization ¶
func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, s conversion.Scope) error
Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization is an autogenerated conversion function.
func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration ¶
func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, s conversion.Scope) error
Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration is an autogenerated conversion function.
func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication ¶
func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *kubeletconfig.KubeletWebhookAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization ¶
func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *kubeletconfig.KubeletWebhookAuthorization, s conversion.Scope) error
Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization is an autogenerated conversion function.
func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication ¶
func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, s conversion.Scope) error
Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication is an autogenerated conversion function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_KubeletConfiguration ¶
func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
func SetObjectDefaults_KubeletConfiguration ¶
func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
Types ¶
type HairpinMode ¶
type HairpinMode string
HairpinMode denotes how the kubelet should configure networking to handle hairpin packets.
type KubeletAnonymousAuthentication ¶
type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests. // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. // +optional Enabled *bool `json:"enabled,omitempty"` }
func (*KubeletAnonymousAuthentication) DeepCopy ¶
func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication.
func (*KubeletAnonymousAuthentication) DeepCopyInto ¶
func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthentication ¶
type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication // +optional X509 KubeletX509Authentication `json:"x509"` // webhook contains settings related to webhook bearer token authentication // +optional Webhook KubeletWebhookAuthentication `json:"webhook"` // anonymous contains settings related to anonymous authentication // +optional Anonymous KubeletAnonymousAuthentication `json:"anonymous"` }
func (*KubeletAuthentication) DeepCopy ¶
func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication.
func (*KubeletAuthentication) DeepCopyInto ¶
func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorization ¶
type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. // Webhook mode uses the SubjectAccessReview API to determine authorization. // +optional Mode KubeletAuthorizationMode `json:"mode,omitempty"` // webhook contains settings related to Webhook authorization. // +optional Webhook KubeletWebhookAuthorization `json:"webhook"` }
func (*KubeletAuthorization) DeepCopy ¶
func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization.
func (*KubeletAuthorization) DeepCopyInto ¶
func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorizationMode ¶
type KubeletAuthorizationMode string
const ( // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" )
type KubeletConfiguration ¶
type KubeletConfiguration struct { metav1.TypeMeta `json:",inline"` // staticPodPath is the path to the directory containing local (static) pods to // run, or the path to a single static pod file. // Default: "" // +optional StaticPodPath string `json:"staticPodPath,omitempty"` // syncFrequency is the max period between synchronizing running // containers and config. // Default: "1m" // +optional SyncFrequency metav1.Duration `json:"syncFrequency,omitempty"` // fileCheckFrequency is the duration between checking config files for // new data // Default: "20s" // +optional FileCheckFrequency metav1.Duration `json:"fileCheckFrequency,omitempty"` // httpCheckFrequency is the duration between checking http for new data // Default: "20s" // +optional HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency,omitempty"` // staticPodURL is the URL for accessing static pods to run // Default: "" // +optional StaticPodURL string `json:"staticPodURL,omitempty"` // staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL // Default: nil // +optional StaticPodURLHeader map[string][]string `json:"staticPodURLHeader,omitempty"` // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 // for all interfaces). // Default: "0.0.0.0" // +optional Address string `json:"address,omitempty"` // port is the port for the Kubelet to serve on. // Default: 10250 // +optional Port int32 `json:"port,omitempty"` // readOnlyPort is the read-only port for the Kubelet to serve on with // no authentication/authorization. // Default: 0 (disabled) // +optional ReadOnlyPort int32 `json:"readOnlyPort,omitempty"` // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // if any, concatenated after server cert). If tlsCertFile and // tlsPrivateKeyFile are not provided, a self-signed certificate // and key are generated for the public address and saved to the directory // passed to the Kubelet's --cert-dir flag. // Default: "" // +optional TLSCertFile string `json:"tlsCertFile,omitempty"` // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile // Default: "" // +optional TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"` // TLSCipherSuites is the list of allowed cipher suites for the server. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Default: nil // +optional TLSCipherSuites []string `json:"tlsCipherSuites,omitempty"` // TLSMinVersion is the minimum TLS version supported. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Default: "" // +optional TLSMinVersion string `json:"tlsMinVersion,omitempty"` // serverTLSBootstrap enables server certificate bootstrap. Instead of self // signing a serving certificate, the Kubelet will request a certificate from // the certificates.k8s.io API. This requires an approver to approve the // certificate signing requests. The RotateKubeletServerCertificate feature // must be enabled. // Default: false ServerTLSBootstrap bool `json:"serverTLSBootstrap,omitempty"` // authentication specifies how requests to the Kubelet's server are authenticated // Defaults: // anonymous: // enabled: false // webhook: // enabled: true // cacheTTL: "2m" // +optional Authentication KubeletAuthentication `json:"authentication"` // authorization specifies how requests to the Kubelet's server are authorized // Defaults: // mode: Webhook // webhook: // cacheAuthorizedTTL: "5m" // cacheUnauthorizedTTL: "30s" // +optional Authorization KubeletAuthorization `json:"authorization"` // registryPullQPS is the limit of registry pulls per second. // Set to 0 for no limit. // Default: 5 // +optional RegistryPullQPS *int32 `json:"registryPullQPS,omitempty"` // registryBurst is the maximum size of bursty pulls, temporarily allows // pulls to burst to this number, while still not exceeding registryPullQPS. // Only used if registryPullQPS > 0. // Default: 10 // +optional RegistryBurst int32 `json:"registryBurst,omitempty"` // eventRecordQPS is the maximum event creations per second. If 0, there // is no limit enforced. // Default: 5 // +optional EventRecordQPS *int32 `json:"eventRecordQPS,omitempty"` // eventBurst is the maximum size of a burst of event creations, temporarily // allows event creations to burst to this number, while still not exceeding // eventRecordQPS. Only used if eventRecordQPS > 0. // Default: 10 // +optional EventBurst int32 `json:"eventBurst,omitempty"` // enableDebuggingHandlers enables server endpoints for log collection // and local running of containers and commands // Default: true // +optional EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers,omitempty"` // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. // Default: false // +optional EnableContentionProfiling bool `json:"enableContentionProfiling,omitempty"` // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable) // Default: 10248 // +optional HealthzPort *int32 `json:"healthzPort,omitempty"` // healthzBindAddress is the IP address for the healthz server to serve on // Default: "127.0.0.1" // +optional HealthzBindAddress string `json:"healthzBindAddress,omitempty"` // oomScoreAdj is The oom-score-adj value for kubelet process. Values // must be within the range [-1000, 1000]. // Default: -999 // +optional OOMScoreAdj *int32 `json:"oomScoreAdj,omitempty"` // clusterDomain is the DNS domain for this cluster. If set, kubelet will // configure all containers to search this domain in addition to the // host's search domains. // Default: "" // +optional ClusterDomain string `json:"clusterDomain,omitempty"` // clusterDNS is a list of IP addresses for the cluster DNS server. If set, // kubelet will configure all containers to use this for DNS resolution // instead of the host's DNS servers. // Default: nil // +optional ClusterDNS []string `json:"clusterDNS,omitempty"` // streamingConnectionIdleTimeout is the maximum time a streaming connection // can be idle before the connection is automatically closed. // Default: "4h" // +optional StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout,omitempty"` // nodeStatusUpdateFrequency is the frequency that kubelet posts node // status to master. Note: be cautious when changing the constant, it // must work with nodeMonitorGracePeriod in nodecontroller. // Default: "10s" // +optional NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency,omitempty"` // imageMinimumGCAge is the minimum age for an unused image before it is // garbage collected. // Default: "2m" // +optional ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge,omitempty"` // imageGCHighThresholdPercent is the percent of disk usage after which // image garbage collection is always run. The percent is calculated as // this field value out of 100. // Default: 85 // +optional ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"` // imageGCLowThresholdPercent is the percent of disk usage before which // image garbage collection is never run. Lowest disk usage to garbage // collect to. The percent is calculated as this field value out of 100. // Default: 80 // +optional ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"` // How frequently to calculate and cache volume disk usage for all pods // Default: "1m" // +optional VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod,omitempty"` // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in // Default: "" // +optional KubeletCgroups string `json:"kubeletCgroups,omitempty"` // systemCgroups is absolute name of cgroups in which to place // all non-kernel processes that are not already in a container. Empty // for no container. Rolling back the flag requires a reboot. // Default: "" // +optional SystemCgroups string `json:"systemCgroups,omitempty"` // cgroupRoot is the root cgroup to use for pods. This is handled by the // container runtime on a best effort basis. // Default: "" // +optional CgroupRoot string `json:"cgroupRoot,omitempty"` // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes // And all Burstable and BestEffort pods are brought up under their // specific top level QoS cgroup. // +optional // Default: true // +optional CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) // +optional // Default: "cgroupfs" // +optional CgroupDriver string `json:"cgroupDriver,omitempty"` // CPUManagerPolicy is the name of the policy to use. // Requires the CPUManager feature gate to be enabled. // Default: "none" // +optional CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"` // CPU Manager reconciliation period. // Requires the CPUManager feature gate to be enabled. // Default: "10s" // +optional CPUManagerReconcilePeriod metav1.Duration `json:"cpuManagerReconcilePeriod,omitempty"` // runtimeRequestTimeout is the timeout for all runtime requests except long running // requests - pull, logs, exec and attach. // Default: "2m" // +optional RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout,omitempty"` // hairpinMode specifies how the Kubelet should configure the container // bridge for hairpin packets. // Setting this flag allows endpoints in a Service to loadbalance back to // themselves if they should try to access their own Service. Values: // "promiscuous-bridge": make the container bridge promiscuous. // "hairpin-veth": set the hairpin flag on container veth interfaces. // "none": do nothing. // Generally, one must set --hairpin-mode=hairpin-veth to achieve hairpin NAT, // because promiscuous-bridge assumes the existence of a container bridge named cbr0. // Default: "promiscuous-bridge" // +optional HairpinMode string `json:"hairpinMode,omitempty"` // maxPods is the number of pods that can run on this Kubelet. // Default: 110 // +optional MaxPods int32 `json:"maxPods,omitempty"` // The CIDR to use for pod IP addresses, only used in standalone mode. // In cluster mode, this is obtained from the master. // Default: "" // +optional PodCIDR string `json:"podCIDR,omitempty"` // PodPidsLimit is the maximum number of pids in any pod. // Requires the SupportPodPidsLimit feature gate to be enabled. // Default: -1 // +optional PodPidsLimit *int64 `json:"podPidsLimit,omitempty"` // ResolverConfig is the resolver configuration file used as the basis // for the container DNS resolution configuration. // Default: "/etc/resolv.conf" // +optional ResolverConfig string `json:"resolvConf,omitempty"` // cpuCFSQuota enables CPU CFS quota enforcement for containers that // specify CPU limits. // Default: true // +optional CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"` // maxOpenFiles is Number of files that can be opened by Kubelet process. // Default: 1000000 // +optional MaxOpenFiles int64 `json:"maxOpenFiles,omitempty"` // contentType is contentType of requests sent to apiserver. // Default: "application/vnd.kubernetes.protobuf" // +optional ContentType string `json:"contentType,omitempty"` // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver // Default: 5 // +optional KubeAPIQPS *int32 `json:"kubeAPIQPS,omitempty"` // kubeAPIBurst is the burst to allow while talking with kubernetes apiserver // Default: 10 // +optional KubeAPIBurst int32 `json:"kubeAPIBurst,omitempty"` // serializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details. // Default: true // +optional SerializeImagePulls *bool `json:"serializeImagePulls,omitempty"` // Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}. // To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource. // Default: // memory.available: "100Mi" // nodefs.available: "10%" // nodefs.inodesFree: "5%" // imagefs.available: "15%" // +optional EvictionHard map[string]string `json:"evictionHard,omitempty"` // Map of signal names to quantities that defines soft eviction thresholds. For example: {"memory.available": "300Mi"}. // Default: nil // +optional EvictionSoft map[string]string `json:"evictionSoft,omitempty"` // Map of signal names to quantities that defines grace periods for each soft eviction signal. For example: {"memory.available": "30s"}. // Default: nil // +optional EvictionSoftGracePeriod map[string]string `json:"evictionSoftGracePeriod,omitempty"` // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. // Default: "5m" // +optional EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod,omitempty"` // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. // Default: 0 // +optional EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod,omitempty"` // Map of signal names to quantities that defines minimum reclaims, which describe the minimum // amount of a given resource the kubelet will reclaim when performing a pod eviction while // that resource is under pressure. For example: {"imagefs.available": "2Gi"} // +optional // Default: nil // +optional EvictionMinimumReclaim map[string]string `json:"evictionMinimumReclaim,omitempty"` // podsPerCore is the maximum number of pods per core. Cannot exceed MaxPods. // If 0, this field is ignored. // Default: 0 // +optional PodsPerCore int32 `json:"podsPerCore,omitempty"` // enableControllerAttachDetach enables the Attach/Detach controller to // manage attachment/detachment of volumes scheduled to this node, and // disables kubelet from executing any attach/detach operations // Default: true // +optional EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach,omitempty"` // protectKernelDefaults, if true, causes the Kubelet to error if kernel // flags are not as it expects. Otherwise the Kubelet will attempt to modify // kernel flags to match its expectation. // Default: false // +optional ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"` // If true, Kubelet ensures a set of iptables rules are present on host. // These rules will serve as utility rules for various components, e.g. KubeProxy. // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. // Default: true // +optional MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains,omitempty"` // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT // Values must be within the range [0, 31]. Must be different from other mark bits. // Warning: Please match the value of the corresponding parameter in kube-proxy. // TODO: clean up IPTablesMasqueradeBit in kube-proxy // Default: 14 // +optional IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit,omitempty"` // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. // Values must be within the range [0, 31]. Must be different from other mark bits. // Default: 15 // +optional IPTablesDropBit *int32 `json:"iptablesDropBit,omitempty"` // featureGates is a map of feature names to bools that enable or disable alpha/experimental // features. This field modifies piecemeal the built-in default values from // "k8s.io/kubernetes/pkg/features/kube_features.go". // Default: nil // +optional FeatureGates map[string]bool `json:"featureGates,omitempty"` // failSwapOn tells the Kubelet to fail to start if swap is enabled on the node. // Default: true // +optional FailSwapOn *bool `json:"failSwapOn,omitempty"` // A quantity defines the maximum size of the container log file before it is rotated. For example: "5Mi" or "256Ki". // Default: "10Mi" // +optional ContainerLogMaxSize string `json:"containerLogMaxSize,omitempty"` // Maximum number of container log files that can be present for a container. // Default: 5 // +optional ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty"` // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for non-kubernetes components. // Currently only cpu and memory are supported. // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. // Default: nil // +optional SystemReserved map[string]string `json:"systemReserved,omitempty"` // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for kubernetes system components. // Currently cpu, memory and local storage for root file system are supported. // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. // Default: nil // +optional KubeReserved map[string]string `json:"kubeReserved,omitempty"` // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Default: "" // +optional SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Default: "" // +optional KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. // This flag accepts a list of options. Acceptable options are `none`, `pods`, `system-reserved` & `kube-reserved`. // If `none` is specified, no other options may be specified. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Default: ["pods"] // +optional EnforceNodeAllocatable []string `json:"enforceNodeAllocatable,omitempty"` }
KubeletConfiguration contains the configuration for the Kubelet
func (*KubeletConfiguration) DeepCopy ¶
func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration.
func (*KubeletConfiguration) DeepCopyInto ¶
func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeletConfiguration) DeepCopyObject ¶
func (in *KubeletConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeletWebhookAuthentication ¶
type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API // +optional Enabled *bool `json:"enabled,omitempty"` // cacheTTL enables caching of authentication results // +optional CacheTTL metav1.Duration `json:"cacheTTL,omitempty"` }
func (*KubeletWebhookAuthentication) DeepCopy ¶
func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication.
func (*KubeletWebhookAuthentication) DeepCopyInto ¶
func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletWebhookAuthorization ¶
type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. // +optional CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL,omitempty"` // +optional CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL,omitempty"` }
func (*KubeletWebhookAuthorization) DeepCopy ¶
func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization.
func (*KubeletWebhookAuthorization) DeepCopyInto ¶
func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletX509Authentication ¶
type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, // and groups corresponding to the Organization in the client certificate. // +optional ClientCAFile string `json:"clientCAFile,omitempty"` }
func (*KubeletX509Authentication) DeepCopy ¶
func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication.
func (*KubeletX509Authentication) DeepCopyInto ¶
func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.