Documentation ¶
Index ¶
- Constants
- Variables
- func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, ...) error
- func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, ...) error
- func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, ...) error
- func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, ...) error
- func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, ...) error
- func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, ...) error
- func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, ...) error
- func Convert_kubeletconfig_SerializedNodeConfigSource_To_v1beta1_SerializedNodeConfigSource(in *kubeletconfig.SerializedNodeConfigSource, out *SerializedNodeConfigSource, ...) error
- func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, ...) error
- func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, ...) error
- func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, ...) error
- func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, ...) error
- func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, ...) error
- func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, ...) error
- func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, ...) error
- func Convert_v1beta1_SerializedNodeConfigSource_To_kubeletconfig_SerializedNodeConfigSource(in *SerializedNodeConfigSource, out *kubeletconfig.SerializedNodeConfigSource, ...) error
- func RegisterConversions(s *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
- func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
- type HairpinMode
- type KubeletAnonymousAuthentication
- type KubeletAuthentication
- type KubeletAuthorization
- type KubeletAuthorizationMode
- type KubeletConfiguration
- type KubeletWebhookAuthentication
- type KubeletWebhookAuthorization
- type KubeletX509Authentication
- type ResourceChangeDetectionStrategy
- type SerializedNodeConfigSource
Constants ¶
const ( DefaultIPTablesMasqueradeBit = 14 DefaultIPTablesDropBit = 15 )
const ( // Set the hairpin flag on the veth of containers in the respective // container runtime. HairpinVeth = "hairpin-veth" // Make the container bridge promiscuous. This will force it to accept // hairpin packets, even if the flag isn't set on ports of the bridge. PromiscuousBridge = "promiscuous-bridge" // Neither of the above. If the kubelet is started in this hairpin mode // and kube-proxy is running in iptables mode, hairpin packets will be // dropped by the container bridge. HairpinNone = "none" )
Enum settings for different ways to handle hairpin packets.
const GroupName = "kubelet.config.k8s.io"
GroupName is the group name use in this package
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var ( // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. DefaultNodeAllocatableEnforcement = []string{"pods"} )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication ¶
func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1beta1_KubeletAnonymousAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication ¶
func Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletAuthentication_To_v1beta1_KubeletAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization ¶
func Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error
Convert_kubeletconfig_KubeletAuthorization_To_v1beta1_KubeletAuthorization is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration ¶
func Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error
Convert_kubeletconfig_KubeletConfiguration_To_v1beta1_KubeletConfiguration is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication ¶
func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1beta1_KubeletWebhookAuthentication is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization ¶
func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error
Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1beta1_KubeletWebhookAuthorization is an autogenerated conversion function.
func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication ¶
func Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error
Convert_kubeletconfig_KubeletX509Authentication_To_v1beta1_KubeletX509Authentication is an autogenerated conversion function.
func Convert_kubeletconfig_SerializedNodeConfigSource_To_v1beta1_SerializedNodeConfigSource ¶ added in v1.11.0
func Convert_kubeletconfig_SerializedNodeConfigSource_To_v1beta1_SerializedNodeConfigSource(in *kubeletconfig.SerializedNodeConfigSource, out *SerializedNodeConfigSource, s conversion.Scope) error
Convert_kubeletconfig_SerializedNodeConfigSource_To_v1beta1_SerializedNodeConfigSource is an autogenerated conversion function.
func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication ¶
func Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *kubeletconfig.KubeletAnonymousAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication ¶
func Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization ¶
func Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, s conversion.Scope) error
Convert_v1beta1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization is an autogenerated conversion function.
func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration ¶
func Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, s conversion.Scope) error
Convert_v1beta1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration is an autogenerated conversion function.
func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication ¶
func Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *kubeletconfig.KubeletWebhookAuthentication, s conversion.Scope) error
Convert_v1beta1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication is an autogenerated conversion function.
func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization ¶
func Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *kubeletconfig.KubeletWebhookAuthorization, s conversion.Scope) error
Convert_v1beta1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization is an autogenerated conversion function.
func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication ¶
func Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, s conversion.Scope) error
Convert_v1beta1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication is an autogenerated conversion function.
func Convert_v1beta1_SerializedNodeConfigSource_To_kubeletconfig_SerializedNodeConfigSource ¶ added in v1.11.0
func Convert_v1beta1_SerializedNodeConfigSource_To_kubeletconfig_SerializedNodeConfigSource(in *SerializedNodeConfigSource, out *kubeletconfig.SerializedNodeConfigSource, s conversion.Scope) error
Convert_v1beta1_SerializedNodeConfigSource_To_kubeletconfig_SerializedNodeConfigSource is an autogenerated conversion function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_KubeletConfiguration ¶
func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
func SetObjectDefaults_KubeletConfiguration ¶
func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
Types ¶
type HairpinMode ¶
type HairpinMode string
HairpinMode denotes how the kubelet should configure networking to handle hairpin packets.
type KubeletAnonymousAuthentication ¶
type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests. // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. // +optional Enabled *bool `json:"enabled,omitempty"` }
func (*KubeletAnonymousAuthentication) DeepCopy ¶
func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication.
func (*KubeletAnonymousAuthentication) DeepCopyInto ¶
func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthentication ¶
type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication // +optional X509 KubeletX509Authentication `json:"x509"` // webhook contains settings related to webhook bearer token authentication // +optional Webhook KubeletWebhookAuthentication `json:"webhook"` // anonymous contains settings related to anonymous authentication // +optional Anonymous KubeletAnonymousAuthentication `json:"anonymous"` }
func (*KubeletAuthentication) DeepCopy ¶
func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication.
func (*KubeletAuthentication) DeepCopyInto ¶
func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorization ¶
type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. // Webhook mode uses the SubjectAccessReview API to determine authorization. // +optional Mode KubeletAuthorizationMode `json:"mode,omitempty"` // webhook contains settings related to Webhook authorization. // +optional Webhook KubeletWebhookAuthorization `json:"webhook"` }
func (*KubeletAuthorization) DeepCopy ¶
func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization.
func (*KubeletAuthorization) DeepCopyInto ¶
func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletAuthorizationMode ¶
type KubeletAuthorizationMode string
const ( // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" )
type KubeletConfiguration ¶
type KubeletConfiguration struct { metav1.TypeMeta `json:",inline"` // staticPodPath is the path to the directory containing local (static) pods to // run, or the path to a single static pod file. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // the set of static pods specified at the new path may be different than the // ones the Kubelet initially started with, and this may disrupt your node. // Default: "" // +optional StaticPodPath string `json:"staticPodPath,omitempty"` // syncFrequency is the max period between synchronizing running // containers and config. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // shortening this duration may have a negative performance impact, especially // as the number of Pods on the node increases. Alternatively, increasing this // duration will result in longer refresh times for ConfigMaps and Secrets. // Default: "1m" // +optional SyncFrequency metav1.Duration `json:"syncFrequency,omitempty"` // fileCheckFrequency is the duration between checking config files for // new data // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // shortening the duration will cause the Kubelet to reload local Static Pod // configurations more frequently, which may have a negative performance impact. // Default: "20s" // +optional FileCheckFrequency metav1.Duration `json:"fileCheckFrequency,omitempty"` // httpCheckFrequency is the duration between checking http for new data // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // shortening the duration will cause the Kubelet to poll staticPodURL more // frequently, which may have a negative performance impact. // Default: "20s" // +optional HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency,omitempty"` // staticPodURL is the URL for accessing static pods to run // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // the set of static pods specified at the new URL may be different than the // ones the Kubelet initially started with, and this may disrupt your node. // Default: "" // +optional StaticPodURL string `json:"staticPodURL,omitempty"` // staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt the ability to read the latest set of static pods from StaticPodURL. // Default: nil // +optional StaticPodURLHeader map[string][]string `json:"staticPodURLHeader,omitempty"` // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 // for all interfaces). // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: "0.0.0.0" // +optional Address string `json:"address,omitempty"` // port is the port for the Kubelet to serve on. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: 10250 // +optional Port int32 `json:"port,omitempty"` // readOnlyPort is the read-only port for the Kubelet to serve on with // no authentication/authorization. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: 0 (disabled) // +optional ReadOnlyPort int32 `json:"readOnlyPort,omitempty"` // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // if any, concatenated after server cert). If tlsCertFile and // tlsPrivateKeyFile are not provided, a self-signed certificate // and key are generated for the public address and saved to the directory // passed to the Kubelet's --cert-dir flag. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: "" // +optional TLSCertFile string `json:"tlsCertFile,omitempty"` // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: "" // +optional TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"` // TLSCipherSuites is the list of allowed cipher suites for the server. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: nil // +optional TLSCipherSuites []string `json:"tlsCipherSuites,omitempty"` // TLSMinVersion is the minimum TLS version supported. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: "" // +optional TLSMinVersion string `json:"tlsMinVersion,omitempty"` // rotateCertificates enables client certificate rotation. The Kubelet will request a // new certificate from the certificates.k8s.io API. This requires an approver to approve the // certificate signing requests. The RotateKubeletClientCertificate feature // must be enabled. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // disabling it may disrupt the Kubelet's ability to authenticate with the API server // after the current certificate expires. // Default: false // +optional RotateCertificates bool `json:"rotateCertificates,omitempty"` // serverTLSBootstrap enables server certificate bootstrap. Instead of self // signing a serving certificate, the Kubelet will request a certificate from // the certificates.k8s.io API. This requires an approver to approve the // certificate signing requests. The RotateKubeletServerCertificate feature // must be enabled. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // disabling it will stop the renewal of Kubelet server certificates, which can // disrupt components that interact with the Kubelet server in the long term, // due to certificate expiration. // Default: false // +optional ServerTLSBootstrap bool `json:"serverTLSBootstrap,omitempty"` // authentication specifies how requests to the Kubelet's server are authenticated // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Defaults: // anonymous: // enabled: false // webhook: // enabled: true // cacheTTL: "2m" // +optional Authentication KubeletAuthentication `json:"authentication"` // authorization specifies how requests to the Kubelet's server are authorized // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Defaults: // mode: Webhook // webhook: // cacheAuthorizedTTL: "5m" // cacheUnauthorizedTTL: "30s" // +optional Authorization KubeletAuthorization `json:"authorization"` // registryPullQPS is the limit of registry pulls per second. // Set to 0 for no limit. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic produced // by image pulls. // Default: 5 // +optional RegistryPullQPS *int32 `json:"registryPullQPS,omitempty"` // registryBurst is the maximum size of bursty pulls, temporarily allows // pulls to burst to this number, while still not exceeding registryPullQPS. // Only used if registryPullQPS > 0. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic produced // by image pulls. // Default: 10 // +optional RegistryBurst int32 `json:"registryBurst,omitempty"` // eventRecordQPS is the maximum event creations per second. If 0, there // is no limit enforced. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic produced by // event creations. // Default: 5 // +optional EventRecordQPS *int32 `json:"eventRecordQPS,omitempty"` // eventBurst is the maximum size of a burst of event creations, temporarily // allows event creations to burst to this number, while still not exceeding // eventRecordQPS. Only used if eventRecordQPS > 0. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic produced by // event creations. // Default: 10 // +optional EventBurst int32 `json:"eventBurst,omitempty"` // enableDebuggingHandlers enables server endpoints for log access // and local running of containers and commands, including the exec, // attach, logs, and portforward features. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // disabling it may disrupt components that interact with the Kubelet server. // Default: true // +optional EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers,omitempty"` // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // enabling it may carry a performance impact. // Default: false // +optional EnableContentionProfiling bool `json:"enableContentionProfiling,omitempty"` // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable) // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that monitor Kubelet health. // Default: 10248 // +optional HealthzPort *int32 `json:"healthzPort,omitempty"` // healthzBindAddress is the IP address for the healthz server to serve on // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that monitor Kubelet health. // Default: "127.0.0.1" // +optional HealthzBindAddress string `json:"healthzBindAddress,omitempty"` // oomScoreAdj is The oom-score-adj value for kubelet process. Values // must be within the range [-1000, 1000]. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact the stability of nodes under memory pressure. // Default: -999 // +optional OOMScoreAdj *int32 `json:"oomScoreAdj,omitempty"` // clusterDomain is the DNS domain for this cluster. If set, kubelet will // configure all containers to search this domain in addition to the // host's search domains. // Dynamic Kubelet Config (beta): Dynamically updating this field is not recommended, // as it should be kept in sync with the rest of the cluster. // Default: "" // +optional ClusterDomain string `json:"clusterDomain,omitempty"` // clusterDNS is a list of IP addresses for the cluster DNS server. If set, // kubelet will configure all containers to use this for DNS resolution // instead of the host's DNS servers. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // changes will only take effect on Pods created after the update. Draining // the node is recommended before changing this field. // Default: nil // +optional ClusterDNS []string `json:"clusterDNS,omitempty"` // streamingConnectionIdleTimeout is the maximum time a streaming connection // can be idle before the connection is automatically closed. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact components that rely on infrequent updates over streaming // connections to the Kubelet server. // Default: "4h" // +optional StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout,omitempty"` // nodeStatusUpdateFrequency is the frequency that kubelet posts node // status to master. Note: be cautious when changing the constant, it // must work with nodeMonitorGracePeriod in nodecontroller. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact node scalability, and also that the node controller's // nodeMonitorGracePeriod must be set to N*NodeStatusUpdateFrequency, // where N is the number of retries before the node controller marks // the node unhealthy. // Default: "10s" // +optional NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency,omitempty"` // imageMinimumGCAge is the minimum age for an unused image before it is // garbage collected. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay garbage collection, and may change the image overhead // on the node. // Default: "2m" // +optional ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge,omitempty"` // imageGCHighThresholdPercent is the percent of disk usage after which // image garbage collection is always run. The percent is calculated as // this field value out of 100. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay garbage collection, and may change the image overhead // on the node. // Default: 85 // +optional ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"` // imageGCLowThresholdPercent is the percent of disk usage before which // image garbage collection is never run. Lowest disk usage to garbage // collect to. The percent is calculated as this field value out of 100. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay garbage collection, and may change the image overhead // on the node. // Default: 80 // +optional ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"` // How frequently to calculate and cache volume disk usage for all pods // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // shortening the period may carry a performance impact. // Default: "1m" // +optional VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod,omitempty"` // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "" // +optional KubeletCgroups string `json:"kubeletCgroups,omitempty"` // systemCgroups is absolute name of cgroups in which to place // all non-kernel processes that are not already in a container. Empty // for no container. Rolling back the flag requires a reboot. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "" // +optional SystemCgroups string `json:"systemCgroups,omitempty"` // cgroupRoot is the root cgroup to use for pods. This is handled by the // container runtime on a best effort basis. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "" // +optional CgroupRoot string `json:"cgroupRoot,omitempty"` // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes // And all Burstable and BestEffort pods are brought up under their // specific top level QoS cgroup. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: true // +optional CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "cgroupfs" // +optional CgroupDriver string `json:"cgroupDriver,omitempty"` // CPUManagerPolicy is the name of the policy to use. // Requires the CPUManager feature gate to be enabled. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "none" // +optional CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"` // CPU Manager reconciliation period. // Requires the CPUManager feature gate to be enabled. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // shortening the period may carry a performance impact. // Default: "10s" // +optional CPUManagerReconcilePeriod metav1.Duration `json:"cpuManagerReconcilePeriod,omitempty"` // qosReserved is a set of resource name to percentage pairs that specify // the minimum percentage of a resource reserved for exclusive use by the // guaranteed QoS tier. // Currently supported resources: "memory" // Requires the QOSReserved feature gate to be enabled. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: nil // +optional QOSReserved map[string]string `json:"qosReserved,omitempty"` // runtimeRequestTimeout is the timeout for all runtime requests except long running // requests - pull, logs, exec and attach. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may disrupt components that interact with the Kubelet server. // Default: "2m" // +optional RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout,omitempty"` // hairpinMode specifies how the Kubelet should configure the container // bridge for hairpin packets. // Setting this flag allows endpoints in a Service to loadbalance back to // themselves if they should try to access their own Service. Values: // "promiscuous-bridge": make the container bridge promiscuous. // "hairpin-veth": set the hairpin flag on container veth interfaces. // "none": do nothing. // Generally, one must set --hairpin-mode=hairpin-veth to achieve hairpin NAT, // because promiscuous-bridge assumes the existence of a container bridge named cbr0. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may require a node reboot, depending on the network plugin. // Default: "promiscuous-bridge" // +optional HairpinMode string `json:"hairpinMode,omitempty"` // maxPods is the number of pods that can run on this Kubelet. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // changes may cause Pods to fail admission on Kubelet restart, and may change // the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting // future scheduling decisions. Increasing this value may also decrease performance, // as more Pods can be packed into a single node. // Default: 110 // +optional MaxPods int32 `json:"maxPods,omitempty"` // The CIDR to use for pod IP addresses, only used in standalone mode. // In cluster mode, this is obtained from the master. // Dynamic Kubelet Config (beta): This field should always be set to the empty default. // It should only set for standalone Kubelets, which cannot use Dynamic Kubelet Config. // Default: "" // +optional PodCIDR string `json:"podCIDR,omitempty"` // PodPidsLimit is the maximum number of pids in any pod. // Requires the SupportPodPidsLimit feature gate to be enabled. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // lowering it may prevent container processes from forking after the change. // Default: -1 // +optional PodPidsLimit *int64 `json:"podPidsLimit,omitempty"` // ResolverConfig is the resolver configuration file used as the basis // for the container DNS resolution configuration. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // changes will only take effect on Pods created after the update. Draining // the node is recommended before changing this field. // Default: "/etc/resolv.conf" // +optional ResolverConfig string `json:"resolvConf,omitempty"` // cpuCFSQuota enables CPU CFS quota enforcement for containers that // specify CPU limits. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // disabling it may reduce node stability. // Default: true // +optional CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"` // maxOpenFiles is Number of files that can be opened by Kubelet process. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact the ability of the Kubelet to interact with the node's filesystem. // Default: 1000000 // +optional MaxOpenFiles int64 `json:"maxOpenFiles,omitempty"` // contentType is contentType of requests sent to apiserver. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact the ability for the Kubelet to communicate with the API server. // If the Kubelet loses contact with the API server due to a change to this field, // the change cannot be reverted via dynamic Kubelet config. // Default: "application/vnd.kubernetes.protobuf" // +optional ContentType string `json:"contentType,omitempty"` // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic the Kubelet // sends to the API server. // Default: 5 // +optional KubeAPIQPS *int32 `json:"kubeAPIQPS,omitempty"` // kubeAPIBurst is the burst to allow while talking with kubernetes apiserver // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact scalability by changing the amount of traffic the Kubelet // sends to the API server. // Default: 10 // +optional KubeAPIBurst int32 `json:"kubeAPIBurst,omitempty"` // serializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may impact the performance of image pulls. // Default: true // +optional SerializeImagePulls *bool `json:"serializeImagePulls,omitempty"` // Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}. // To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay Pod evictions. // Default: // memory.available: "100Mi" // nodefs.available: "10%" // nodefs.inodesFree: "5%" // imagefs.available: "15%" // +optional EvictionHard map[string]string `json:"evictionHard,omitempty"` // Map of signal names to quantities that defines soft eviction thresholds. // For example: {"memory.available": "300Mi"}. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay Pod evictions, and may change the allocatable reported // by the node. // Default: nil // +optional EvictionSoft map[string]string `json:"evictionSoft,omitempty"` // Map of signal names to quantities that defines grace periods for each soft eviction signal. // For example: {"memory.available": "30s"}. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger or delay Pod evictions. // Default: nil // +optional EvictionSoftGracePeriod map[string]string `json:"evictionSoftGracePeriod,omitempty"` // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // lowering it may decrease the stability of the node when the node is overcommitted. // Default: "5m" // +optional EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod,omitempty"` // Maximum allowed grace period (in seconds) to use when terminating pods in // response to a soft eviction threshold being met. This value effectively caps // the Pod's TerminationGracePeriodSeconds value during soft evictions. // Note: Due to issue #64530, the behavior has a bug where this value currently just // overrides the grace period during soft eviction, which can increase the grace // period from what is set on the Pod. This bug will be fixed in a future release. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // lowering it decreases the amount of time Pods will have to gracefully clean // up before being killed during a soft eviction. // Default: 0 // +optional EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod,omitempty"` // Map of signal names to quantities that defines minimum reclaims, which describe the minimum // amount of a given resource the kubelet will reclaim when performing a pod eviction while // that resource is under pressure. For example: {"imagefs.available": "2Gi"} // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may change how well eviction can manage resource pressure. // Default: nil // +optional EvictionMinimumReclaim map[string]string `json:"evictionMinimumReclaim,omitempty"` // podsPerCore is the maximum number of pods per core. Cannot exceed MaxPods. // If 0, this field is ignored. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // changes may cause Pods to fail admission on Kubelet restart, and may change // the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting // future scheduling decisions. Increasing this value may also decrease performance, // as more Pods can be packed into a single node. // Default: 0 // +optional PodsPerCore int32 `json:"podsPerCore,omitempty"` // enableControllerAttachDetach enables the Attach/Detach controller to // manage attachment/detachment of volumes scheduled to this node, and // disables kubelet from executing any attach/detach operations // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // changing which component is responsible for volume management on a live node // may result in volumes refusing to detach if the node is not drained prior to // the update, and if Pods are scheduled to the node before the // volumes.kubernetes.io/controller-managed-attach-detach annotation is updated by the // Kubelet. In general, it is safest to leave this value set the same as local config. // Default: true // +optional EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach,omitempty"` // protectKernelDefaults, if true, causes the Kubelet to error if kernel // flags are not as it expects. Otherwise the Kubelet will attempt to modify // kernel flags to match its expectation. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // enabling it may cause the Kubelet to crash-loop if the Kernel is not configured as // Kubelet expects. // Default: false // +optional ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"` // If true, Kubelet ensures a set of iptables rules are present on host. // These rules will serve as utility rules for various components, e.g. KubeProxy. // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // disabling it will prevent the Kubelet from healing locally misconfigured iptables rules. // Default: true // +optional MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains,omitempty"` // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT // Values must be within the range [0, 31]. Must be different from other mark bits. // Warning: Please match the value of the corresponding parameter in kube-proxy. // TODO: clean up IPTablesMasqueradeBit in kube-proxy // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it needs to be coordinated with other components, like kube-proxy, and the update // will only be effective if MakeIPTablesUtilChains is enabled. // Default: 14 // +optional IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit,omitempty"` // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. // Values must be within the range [0, 31]. Must be different from other mark bits. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it needs to be coordinated with other components, like kube-proxy, and the update // will only be effective if MakeIPTablesUtilChains is enabled. // Default: 15 // +optional IPTablesDropBit *int32 `json:"iptablesDropBit,omitempty"` // featureGates is a map of feature names to bools that enable or disable alpha/experimental // features. This field modifies piecemeal the built-in default values from // "k8s.io/kubernetes/pkg/features/kube_features.go". // Dynamic Kubelet Config (beta): If dynamically updating this field, consider the // documentation for the features you are enabling or disabling. While we // encourage feature developers to make it possible to dynamically enable // and disable features, some changes may require node reboots, and some // features may require careful coordination to retroactively disable. // Default: nil // +optional FeatureGates map[string]bool `json:"featureGates,omitempty"` // failSwapOn tells the Kubelet to fail to start if swap is enabled on the node. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // setting it to true will cause the Kubelet to crash-loop if swap is enabled. // Default: true // +optional FailSwapOn *bool `json:"failSwapOn,omitempty"` // A quantity defines the maximum size of the container log file before it is rotated. // For example: "5Mi" or "256Ki". // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may trigger log rotation. // Default: "10Mi" // +optional ContainerLogMaxSize string `json:"containerLogMaxSize,omitempty"` // Maximum number of container log files that can be present for a container. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // lowering it may cause log files to be deleted. // Default: 5 // +optional ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty"` // ConfigMapAndSecretChangeDetectionStrategy is a mode in which // config map and secret managers are running. // Default: "Watching" // +optional ConfigMapAndSecretChangeDetectionStrategy ResourceChangeDetectionStrategy `json:"configMapAndSecretChangeDetectionStrategy,omitempty"` // systemReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) // pairs that describe resources reserved for non-kubernetes components. // Currently only cpu and memory are supported. // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may not be possible to increase the reserved resources, because this // requires resizing cgroups. Always look for a NodeAllocatableEnforced event // after updating this field to ensure that the update was successful. // Default: nil // +optional SystemReserved map[string]string `json:"systemReserved,omitempty"` // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for kubernetes system components. // Currently cpu, memory and local storage for root file system are supported. // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // it may not be possible to increase the reserved resources, because this // requires resizing cgroups. Always look for a NodeAllocatableEnforced event // after updating this field to ensure that the update was successful. // Default: nil // +optional KubeReserved map[string]string `json:"kubeReserved,omitempty"` // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "" // +optional SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Dynamic Kubelet Config (beta): This field should not be updated without a full node // reboot. It is safest to keep this value the same as the local config. // Default: "" // +optional KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. // This flag accepts a list of options. Acceptable options are `none`, `pods`, `system-reserved` & `kube-reserved`. // If `none` is specified, no other options may be specified. // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that // removing enforcements may reduce the stability of the node. Alternatively, adding // enforcements may reduce the stability of components which were using more than // the reserved amount of resources; for example, enforcing kube-reserved may cause // Kubelets to OOM if it uses more than the reserved resources, and enforcing system-reserved // may cause system daemons to OOM if they use more than the reserved resources. // Default: ["pods"] // +optional EnforceNodeAllocatable []string `json:"enforceNodeAllocatable,omitempty"` }
KubeletConfiguration contains the configuration for the Kubelet
func (*KubeletConfiguration) DeepCopy ¶
func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration.
func (*KubeletConfiguration) DeepCopyInto ¶
func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeletConfiguration) DeepCopyObject ¶
func (in *KubeletConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeletWebhookAuthentication ¶
type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API // +optional Enabled *bool `json:"enabled,omitempty"` // cacheTTL enables caching of authentication results // +optional CacheTTL metav1.Duration `json:"cacheTTL,omitempty"` }
func (*KubeletWebhookAuthentication) DeepCopy ¶
func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication.
func (*KubeletWebhookAuthentication) DeepCopyInto ¶
func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletWebhookAuthorization ¶
type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. // +optional CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL,omitempty"` // +optional CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL,omitempty"` }
func (*KubeletWebhookAuthorization) DeepCopy ¶
func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization.
func (*KubeletWebhookAuthorization) DeepCopyInto ¶
func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeletX509Authentication ¶
type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, // and groups corresponding to the Organization in the client certificate. // +optional ClientCAFile string `json:"clientCAFile,omitempty"` }
func (*KubeletX509Authentication) DeepCopy ¶
func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication.
func (*KubeletX509Authentication) DeepCopyInto ¶
func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceChangeDetectionStrategy ¶
type ResourceChangeDetectionStrategy string
ResourceChangeDetectionStrategy denotes a mode in which internal managers (secret, configmap) are discovering object changes.
const ( // GetChangeDetectionStrategy is a mode in which kubelet fetches // necessary objects directly from apiserver. GetChangeDetectionStrategy ResourceChangeDetectionStrategy = "Get" // TTLCacheChangeDetectionStrategy is a mode in which kubelet uses // ttl cache for object directly fetched from apiserver. TTLCacheChangeDetectionStrategy ResourceChangeDetectionStrategy = "Cache" // WatchChangeDetectionStrategy is a mode in which kubelet uses // watches to observe changes to objects that are in its interest. WatchChangeDetectionStrategy ResourceChangeDetectionStrategy = "Watch" )
Enum settings for different strategies of kubelet managers.
type SerializedNodeConfigSource ¶ added in v1.11.0
type SerializedNodeConfigSource struct { metav1.TypeMeta `json:",inline"` // Source is the source that we are serializing // +optional Source v1.NodeConfigSource `json:"source,omitempty" protobuf:"bytes,1,opt,name=source"` }
SerializedNodeConfigSource allows us to serialize v1.NodeConfigSource. This type is used internally by the Kubelet for tracking checkpointed dynamic configs. It exists in the kubeletconfig API group because it is classified as a versioned input to the Kubelet.
func (*SerializedNodeConfigSource) DeepCopy ¶ added in v1.11.0
func (in *SerializedNodeConfigSource) DeepCopy() *SerializedNodeConfigSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SerializedNodeConfigSource.
func (*SerializedNodeConfigSource) DeepCopyInto ¶ added in v1.11.0
func (in *SerializedNodeConfigSource) DeepCopyInto(out *SerializedNodeConfigSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SerializedNodeConfigSource) DeepCopyObject ¶ added in v1.11.0
func (in *SerializedNodeConfigSource) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.