add-cpuManagerPolicy (#10309)
parent
f2bb3aba1e
commit
b9e3861385
|
@ -216,6 +216,8 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
|
||||||
|
|
||||||
* *kubelet_make_iptables_util_chains* - If `true`, causes the kubelet ensures a set of `iptables` rules are present on host.
|
* *kubelet_make_iptables_util_chains* - If `true`, causes the kubelet ensures a set of `iptables` rules are present on host.
|
||||||
|
|
||||||
|
* *kubelet_cpu_manager_policy* - If set to `static`, allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. And it should be set with `kube_reserved` or `system-reserved`, enable this with the following guide:[Control CPU Management Policies on the Node](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/)
|
||||||
|
|
||||||
* *kubelet_systemd_hardening* - If `true`, provides kubelet systemd service with security features for isolation.
|
* *kubelet_systemd_hardening* - If `true`, provides kubelet systemd service with security features for isolation.
|
||||||
|
|
||||||
**N.B.** To enable this feature, ensure you are using the **`cgroup v2`** on your system. Check it out with command: `sudo ls -l /sys/fs/cgroup/*.slice`. If directory does not exist, enable this with the following guide: [enable cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2).
|
**N.B.** To enable this feature, ensure you are using the **`cgroup v2`** on your system. Check it out with command: `sudo ls -l /sys/fs/cgroup/*.slice`. If directory does not exist, enable this with the following guide: [enable cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2).
|
||||||
|
|
|
@ -159,3 +159,6 @@ makeIPTablesUtilChains: {{ kubelet_make_iptables_util_chains | bool }}
|
||||||
{% if kubelet_seccomp_default is defined %}
|
{% if kubelet_seccomp_default is defined %}
|
||||||
seccompDefault: {{ kubelet_seccomp_default | bool }}
|
seccompDefault: {{ kubelet_seccomp_default | bool }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kubelet_cpu_manager_policy is defined %}
|
||||||
|
cpuManagerPolicy: {{ kubelet_cpu_manager_policy }}
|
||||||
|
{% endif %}
|
Loading…
Reference in New Issue