kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 0.0.0.0 authentication: anonymous: enabled: false webhook: cacheTTL: 2m0s enabled: true x509: clientCAFile: {{ ca_dir }}/ca.pem authorization: mode: Webhook webhook: cacheAuthorizedTTL: 5m0s cacheUnauthorizedTTL: 30s cgroupDriver: {{ CGROUP_DRIVER }} cgroupsPerQOS: true clusterDNS: {% if ENABLE_LOCAL_DNS_CACHE %} - {{ LOCAL_DNS_CACHE }} {% else %} - {{ CLUSTER_DNS_SVC_IP }} {% endif %} clusterDomain: {{ CLUSTER_DNS_DOMAIN }} configMapAndSecretChangeDetectionStrategy: Watch containerLogMaxFiles: 3 containerLogMaxSize: 10Mi enforceNodeAllocatable: - pods {% if KUBE_RESERVED_ENABLED == "yes" %} - kube-reserved {% endif %} {% if SYS_RESERVED_ENABLED == "yes" %} - system-reserved {% endif %} eventBurst: 10 eventRecordQPS: 5 evictionHard: imagefs.available: 15% memory.available: 300Mi nodefs.available: 10% nodefs.inodesFree: 5% evictionPressureTransitionPeriod: 5m0s failSwapOn: true fileCheckFrequency: 40s hairpinMode: hairpin-veth healthzBindAddress: 0.0.0.0 healthzPort: 10248 httpCheckFrequency: 40s imageGCHighThresholdPercent: 85 imageGCLowThresholdPercent: 80 imageMinimumGCAge: 2m0s {% if KUBE_RESERVED_ENABLED == "yes" %} kubeReservedCgroup: /podruntime.slice kubeReserved: cpu: 500m memory: 1000Mi pid: "1000" {% endif %} kubeAPIBurst: 100 kubeAPIQPS: 50 makeIPTablesUtilChains: true maxOpenFiles: 1000000 maxParallelImagePulls: 5 maxPods: {{ MAX_PODS }} nodeLeaseDurationSeconds: 40 nodeStatusReportFrequency: 1m0s nodeStatusUpdateFrequency: 10s oomScoreAdj: -999 podPidsLimit: {{ POD_MAX_PIDS }} port: 10250 # disable readOnlyPort readOnlyPort: 0 resolvConf: /etc/resolv.conf runtimeRequestTimeout: 2m0s serializeImagePulls: false streamingConnectionIdleTimeout: 4h0m0s syncFrequency: 1m0s {% if SYS_RESERVED_ENABLED == "yes" %} systemReservedCgroup: /system.slice systemReserved: cpu: 500m memory: 1000Mi pid: "5000" {% endif %} tlsCertFile: {{ ca_dir }}/kubelet.pem tlsPrivateKeyFile: {{ ca_dir }}/kubelet-key.pem