easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add limits for pids #1265

pull/1282/head
gjmzj 2023-04-28 21:56:38 +08:00
parent f9185ab56a
commit 84760323d6
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/guide/harbor.md
View File

@ -198,7 +198,7 @@ type: kubernetes.io/dockerconfigjson
# 停止 harbor # 停止 harbor
docker-compose down -v docker-compose down -v
# 修改配置 # 修改配置
vim harbor.cfg vim harbor.yml
# 执行./prepare已更新配置到docker-compose.yml文件 # 执行./prepare已更新配置到docker-compose.yml文件
./prepare ./prepare
# 启动 harbor # 启动 harbor

8
roles/kube-node/templates/kubelet-config.yaml.j2
View File

@ -54,7 +54,9 @@ imageMinimumGCAge: 2m0s
{% if KUBE_RESERVED_ENABLED == "yes" %} {% if KUBE_RESERVED_ENABLED == "yes" %}
kubeReservedCgroup: /podruntime.slice kubeReservedCgroup: /podruntime.slice
kubeReserved: kubeReserved:
cpu: 200m
memory: 400Mi memory: 400Mi
pid: 1000
{% endif %} {% endif %}
kubeAPIBurst: 100 kubeAPIBurst: 100
kubeAPIQPS: 50 kubeAPIQPS: 50
@ -65,7 +67,7 @@ nodeLeaseDurationSeconds: 40
nodeStatusReportFrequency: 1m0s nodeStatusReportFrequency: 1m0s
nodeStatusUpdateFrequency: 10s nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999 oomScoreAdj: -999
podPidsLimit: -1 podPidsLimit: {{ POD_MAX_PIDS }}
port: 10250 port: 10250
# disable readOnlyPort # disable readOnlyPort
readOnlyPort: 0 readOnlyPort: 0
@ -81,7 +83,9 @@ syncFrequency: 1m0s
{% if SYS_RESERVED_ENABLED == "yes" %} {% if SYS_RESERVED_ENABLED == "yes" %}
systemReservedCgroup: /system.slice systemReservedCgroup: /system.slice
systemReserved: systemReserved:
memory: 1000Mi cpu: 200m
memory: 500Mi
pid: 5000
{% endif %} {% endif %}
tlsCertFile: {{ ca_dir }}/kubelet.pem tlsCertFile: {{ ca_dir }}/kubelet.pem
tlsPrivateKeyFile: {{ ca_dir }}/kubelet-key.pem tlsPrivateKeyFile: {{ ca_dir }}/kubelet-key.pem

3
roles/kube-node/vars/main.yml
View File

@ -6,3 +6,6 @@ CGROUP_DRIVER: "systemd"
# coredns 服务地址根据SERVICE_CIDR 设置,默认选择网段第二个地址 # coredns 服务地址根据SERVICE_CIDR 设置,默认选择网段第二个地址
CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR.split('.')[0] }}.{{ SERVICE_CIDR.split('.')[1] }}.{{ SERVICE_CIDR.split('.')[2] }}.{{ SERVICE_CIDR.split('.')[3]|int + 2 }}" CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR.split('.')[0] }}.{{ SERVICE_CIDR.split('.')[1] }}.{{ SERVICE_CIDR.split('.')[2] }}.{{ SERVICE_CIDR.split('.')[3]|int + 2 }}"
# pod-max-pids
POD_MAX_PIDS: 1024