apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration nodeStatusUpdateFrequency: "{{ kubelet_status_update_frequency }}" failSwapOn: {{ kubelet_fail_swap_on }} authentication: anonymous: enabled: false webhook: enabled: {{ kubelet_authentication_token_webhook }} x509: clientCAFile: {{ kube_cert_dir }}/ca.crt authorization: {% if kubelet_authorization_mode_webhook %} mode: Webhook {% else %} mode: AlwaysAllow {% endif %} {% if kubelet_enforce_node_allocatable is defined and kubelet_enforce_node_allocatable != "\"\"" %} {% set kubelet_enforce_node_allocatable_list = kubelet_enforce_node_allocatable.split(",") %} enforceNodeAllocatable: {% for item in kubelet_enforce_node_allocatable_list %} - {{ item }} {% endfor %} {% endif %} staticPodPath: {{ kube_manifest_dir }} cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }} containerLogMaxFiles: {{ kubelet_logfiles_max_nr }} containerLogMaxSize: {{ kubelet_logfiles_max_size }} containerRuntimeEndpoint : {{ cri_socket }} maxPods: {{ kubelet_max_pods }} podPidsLimit: {{ kubelet_pod_pids_limit }} address: {{ kubelet_bind_address }} readOnlyPort: {{ kube_read_only_port }} healthzPort: {{ kubelet_healthz_port }} healthzBindAddress: {{ kubelet_healthz_bind_address }} kubeletCgroups: {{ kubelet_kubelet_cgroups }} clusterDomain: {{ dns_domain }} {% if kubelet_protect_kernel_defaults | bool %} protectKernelDefaults: true {% endif %} {% if kubelet_rotate_certificates | bool %} rotateCertificates: true {% endif %} {% if kubelet_rotate_server_certificates | bool %} serverTLSBootstrap: true {% endif %} {# DNS settings for kubelet #} {% if enable_nodelocaldns %} {% set kubelet_cluster_dns = [nodelocaldns_ip] %} {% elif dns_mode in ['coredns'] %} {% set kubelet_cluster_dns = [skydns_server] %} {% elif dns_mode == 'coredns_dual' %} {% set kubelet_cluster_dns = [skydns_server,skydns_server_secondary] %} {% elif dns_mode == 'manual' %} {% set kubelet_cluster_dns = [manual_dns_server] %} {% else %} {% set kubelet_cluster_dns = [] %} {% endif %} clusterDNS: {% for dns_address in kubelet_cluster_dns %} - {{ dns_address }} {% endfor %} {# Node reserved CPU/memory #} {% for scope in "kube", "system" %} {% if lookup('ansible.builtin.vars', scope + "_reserved") | bool %} {{ scope }}ReservedCgroup: {{ lookup('ansible.builtin.vars', scope + '_reserved_cgroups') }} {% endif %} {{ scope }}Reserved: {% for resource in "cpu", "memory", "ephemeral-storage", "pid" %} {{ resource }}: "{{ lookup('ansible.builtin.vars', scope + '_' ~ (resource | replace('-', '_')) + '_reserved') }}" {% endfor %} {% endfor %} {% if eviction_hard is defined and eviction_hard %} evictionHard: {{ eviction_hard | to_nice_yaml(indent=2) | indent(2) }} {% endif %} resolvConf: "{{ kube_resolv_conf }}" {% if kubelet_config_extra_args %} {{ kubelet_config_extra_args | to_nice_yaml(indent=2) }} {% endif %} {% if kubelet_feature_gates or kube_feature_gates %} featureGates: {% for feature in (kubelet_feature_gates | default(kube_feature_gates, true)) %} {{ feature | replace("=", ": ") }} {% endfor %} {% endif %} {% if tls_min_version is defined %} tlsMinVersion: {{ tls_min_version }} {% endif %} {% if tls_cipher_suites is defined %} tlsCipherSuites: {% for tls in tls_cipher_suites %} - {{ tls }} {% endfor %} {% endif %} eventRecordQPS: {{ kubelet_event_record_qps }} shutdownGracePeriod: {{ kubelet_shutdown_grace_period }} shutdownGracePeriodCriticalPods: {{ kubelet_shutdown_grace_period_critical_pods }} {% if not kubelet_fail_swap_on %} memorySwap: swapBehavior: {{ kubelet_swap_behavior }} {% endif %} {% if kubelet_streaming_connection_idle_timeout is defined %} streamingConnectionIdleTimeout: {{ kubelet_streaming_connection_idle_timeout }} {% endif %} {% if kubelet_image_gc_high_threshold is defined %} imageGCHighThresholdPercent: {{ kubelet_image_gc_high_threshold }} {% endif %} {% if kubelet_image_gc_low_threshold is defined %} imageGCLowThresholdPercent: {{ kubelet_image_gc_low_threshold }} {% endif %} {% if kubelet_make_iptables_util_chains is defined %} makeIPTablesUtilChains: {{ kubelet_make_iptables_util_chains | bool }} {% endif %} {% if kubelet_seccomp_default is defined %} seccompDefault: {{ kubelet_seccomp_default | bool }} {% endif %} {% if kubelet_cpu_manager_policy is defined %} cpuManagerPolicy: {{ kubelet_cpu_manager_policy }} {% endif %} {% if kubelet_cpu_manager_policy_options is defined %} cpuManagerPolicyOptions: {{ kubelet_cpu_manager_policy_options | to_nice_yaml(indent=2) }} {% endif %} {% if kubelet_topology_manager_policy is defined %} topologyManagerPolicy: {{ kubelet_topology_manager_policy }} {% endif %} {% if kubelet_topology_manager_scope is defined %} topologyManagerScope: {{ kubelet_topology_manager_scope }} {% endif %} {% if kubelet_tracing %} tracing: endpoint: {{ kubelet_tracing_endpoint }} samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }} {% endif %} maxParallelImagePulls: {{ kubelet_max_parallel_image_pulls }}