# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration failSwapOn: false cgroupDriver: cgroupfs logging: format: json hairpinMode: hairpin-veth containerRuntimeEndpoint: "unix:///run/containerd/containerd.sock" {{- if .Values.systemd }} resolvConf: /run/systemd/resolve/resolv.conf {{- end }} protectKernelDefaults: {{ .Values.protectKernelDefaults }} #eventRecordQPS: 0 # Breaks kubelet at boot time # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] featureGates: {{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }} # Minimal unit is 40m per pod podsPerCore: 25 # cpuCFSQuotaPeriod: 10ms # Basic OS incl. cri systemReserved: memory: 96Mi #ephemeral-storage: "1Gi" # kubelet memory should be static as runc,conmon are added to each pod's cgroup kubeReserved: cpu: 70m memory: 96Mi # Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems #evictionHard: # memory.available: "484Mi" imageGCLowThresholdPercent: 70 imageMaximumGCAge: 168h serializeImagePulls: false maxParallelImagePulls: 4