2021-04-15 13:51:46 +00:00
|
|
|
# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
|
2021-01-03 15:33:13 +00:00
|
|
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
|
|
|
kind: KubeletConfiguration
|
|
|
|
failSwapOn: false
|
2021-02-12 11:04:16 +00:00
|
|
|
cgroupDriver: cgroupfs
|
|
|
|
logging:
|
2021-03-18 13:31:10 +00:00
|
|
|
# We already have syslog-ng logging json
|
|
|
|
# format: json
|
2021-01-03 15:33:13 +00:00
|
|
|
hairpinMode: hairpin-veth
|
2021-02-22 13:41:32 +00:00
|
|
|
{{- if .Values.systemd }}
|
2021-01-03 15:33:13 +00:00
|
|
|
resolvConf: /run/systemd/resolve/resolv.conf
|
2021-02-22 13:41:32 +00:00
|
|
|
{{- end }}
|
|
|
|
protectKernelDefaults: {{ .Values.protectKernelDefaults }}
|
2021-01-03 15:33:13 +00:00
|
|
|
eventRecordQPS: 0
|
|
|
|
# Breaks kubelet at boot time
|
|
|
|
# tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
|
|
|
|
# tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key
|
|
|
|
tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256]
|
2021-03-30 12:50:37 +00:00
|
|
|
featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform" .Values.platform ) }}
|
2021-03-18 13:31:10 +00:00
|
|
|
# Minimal unit is 50m per pod
|
|
|
|
podsPerCore: 20
|
2021-04-04 14:52:18 +00:00
|
|
|
# cpuCFSQuotaPeriod: 10ms
|
2021-03-18 13:31:10 +00:00
|
|
|
# Basic OS on Ubuntu 20.04 incl. crio
|
2021-04-15 13:51:46 +00:00
|
|
|
systemReserved:
|
|
|
|
memory: 256Mi
|
|
|
|
ephemeral-storage: "2Gi"
|
|
|
|
# kubelet memory should be static as runc,conmon are added to each pod's cgroup
|
2021-02-22 13:41:32 +00:00
|
|
|
kubeReserved:
|
2021-03-18 13:31:10 +00:00
|
|
|
cpu: 70m
|
2021-04-15 13:51:46 +00:00
|
|
|
memory: 128Mi
|
2021-04-04 14:52:18 +00:00
|
|
|
# Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems
|
2021-04-15 13:51:46 +00:00
|
|
|
#evictionHard:
|
|
|
|
# memory.available: "484Mi"
|
|
|
|
imageGCLowThresholdPercent: 70
|
|
|
|
kernelMemcgNotification: true
|