# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration failSwapOn: false cgroupDriver: cgroupfs logging: # We already have syslog-ng logging json # format: json hairpinMode: hairpin-veth {{- if .Values.systemd }} resolvConf: /run/systemd/resolve/resolv.conf {{- end }} protectKernelDefaults: {{ .Values.protectKernelDefaults }} eventRecordQPS: 0 # Breaks kubelet at boot time # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform" .Values.platform ) }} # Minimal unit is 50m per pod podsPerCore: 20 # cpuCFSQuotaPeriod: 10ms # Basic OS on Ubuntu 20.04 incl. crio systemReserved: memory: 256Mi ephemeral-storage: "2Gi" # kubelet memory should be static as runc,conmon are added to each pod's cgroup kubeReserved: cpu: 70m memory: 128Mi # Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems #evictionHard: # memory.available: "484Mi" imageGCLowThresholdPercent: 70 kernelMemcgNotification: true