KubeZero/charts/kubeadm/templates/KubeletConfiguration.yaml

37 lines
1.4 KiB
YAML

# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
failSwapOn: false
cgroupDriver: cgroupfs
logging:
# We already have syslog-ng logging json
# format: json
hairpinMode: hairpin-veth
{{- if .Values.systemd }}
resolvConf: /run/systemd/resolve/resolv.conf
{{- end }}
protectKernelDefaults: {{ .Values.protectKernelDefaults }}
#eventRecordQPS: 0
# Breaks kubelet at boot time
# tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
# tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key
tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256]
featureGates:
{{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }}
# Minimal unit is 50m per pod
podsPerCore: 20
# cpuCFSQuotaPeriod: 10ms
# Basic OS incl. crio
systemReserved:
memory: 96Mi
#ephemeral-storage: "1Gi"
# kubelet memory should be static as runc,conmon are added to each pod's cgroup
kubeReserved:
cpu: 70m
memory: 96Mi
# Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems
#evictionHard:
# memory.available: "484Mi"
imageGCLowThresholdPercent: 70
# kernelMemcgNotification: true