kubespray/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2

apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
nodeStatusUpdateFrequency: "{{ kubelet_status_update_frequency }}"
failSwapOn: {{ kubelet_fail_swap_on }}
authentication:
  anonymous:
    enabled: false
  webhook:
    enabled: {{ kubelet_authentication_token_webhook }}
  x509:
    clientCAFile: {{ kube_cert_dir }}/ca.crt
authorization:
{% if kubelet_authorization_mode_webhook %}
  mode: Webhook
{% else %}
  mode: AlwaysAllow
{% endif %}
{% if kubelet_enforce_node_allocatable is defined and kubelet_enforce_node_allocatable != "\"\"" %}
{% set kubelet_enforce_node_allocatable_list = kubelet_enforce_node_allocatable.split(",") %}
enforceNodeAllocatable:
{% for item in kubelet_enforce_node_allocatable_list %}
- {{ item }}
{% endfor %}
{% endif %}
staticPodPath: "{{ kubelet_static_pod_path }}"
cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }}
containerLogMaxFiles: {{ kubelet_logfiles_max_nr }}
containerLogMaxSize: {{ kubelet_logfiles_max_size }}
containerRuntimeEndpoint : {{ cri_socket }}
maxPods: {{ kubelet_max_pods }}
podPidsLimit: {{ kubelet_pod_pids_limit }}
address: "{{ kubelet_bind_address }}"
readOnlyPort: {{ kube_read_only_port }}
healthzPort: {{ kubelet_healthz_port }}
healthzBindAddress: "{{ kubelet_healthz_bind_address }}"
kubeletCgroups: {{ kubelet_kubelet_cgroups }}
clusterDomain: {{ dns_domain }}
{% if kubelet_protect_kernel_defaults | bool %}
protectKernelDefaults: true
{% endif %}
{% if kubelet_rotate_certificates | bool %}
rotateCertificates: true
{% endif %}
{% if kubelet_rotate_server_certificates | bool %}
serverTLSBootstrap: true
{% endif %}
{# DNS settings for kubelet #}
{% if enable_nodelocaldns %}
{% set kubelet_cluster_dns = [nodelocaldns_ip] %}
{% elif dns_mode in ['coredns'] %}
{% set kubelet_cluster_dns = [skydns_server] %}
{% elif dns_mode == 'coredns_dual' %}
{% set kubelet_cluster_dns = [skydns_server,skydns_server_secondary] %}
{% elif dns_mode == 'manual' %}
{% set kubelet_cluster_dns = [manual_dns_server] %}
{% else %}
{% set kubelet_cluster_dns = [] %}
{% endif %}
clusterDNS:
{% for dns_address in kubelet_cluster_dns %}
- {{ dns_address }}
{% endfor %}
{# Node reserved CPU/memory #}
{% for scope in "kube", "system" %}
{% if lookup('ansible.builtin.vars', scope + "_reserved") | bool %}
{{ scope }}ReservedCgroup: {{ lookup('ansible.builtin.vars', scope + '_reserved_cgroups') }}
{% endif %}
{{ scope }}Reserved:
{% for resource in "cpu", "memory", "ephemeral-storage", "pid" %}
  {{ resource }}: "{{ lookup('ansible.builtin.vars', scope + '_' ~ (resource | replace('-', '_')) + '_reserved') }}"
{% endfor %}
{% endfor %}
{% if eviction_hard is defined and eviction_hard %}
evictionHard:
  {{ eviction_hard | to_nice_yaml(indent=2) | indent(2) }}
{% endif %}
resolvConf: "{{ kube_resolv_conf }}"
{% if kubelet_config_extra_args %}
{{ kubelet_config_extra_args | to_nice_yaml(indent=2) }}
{% endif %}
{% if kubelet_feature_gates or kube_feature_gates %}
featureGates:
{% for feature in (kubelet_feature_gates | default(kube_feature_gates, true)) %}
  {{ feature | replace("=", ": ") }}
{% endfor %}
{% endif %}
{% if tls_min_version is defined %}
tlsMinVersion: {{ tls_min_version }}
{% endif %}
{% if tls_cipher_suites is defined %}
tlsCipherSuites:
{% for tls in tls_cipher_suites %}
- {{ tls }}
{% endfor %}
{% endif %}
eventRecordQPS: {{ kubelet_event_record_qps }}
shutdownGracePeriod: {{ kubelet_shutdown_grace_period }}
shutdownGracePeriodCriticalPods: {{ kubelet_shutdown_grace_period_critical_pods }}
{% if not kubelet_fail_swap_on %}
memorySwap:
  swapBehavior: {{ kubelet_swap_behavior }}
{% endif %}
{% if kubelet_streaming_connection_idle_timeout is defined %}
streamingConnectionIdleTimeout: {{ kubelet_streaming_connection_idle_timeout }}
{% endif %}
{% if kubelet_image_gc_high_threshold is defined %}
imageGCHighThresholdPercent: {{ kubelet_image_gc_high_threshold }}
{% endif %}
{% if kubelet_image_gc_low_threshold is defined %}
imageGCLowThresholdPercent: {{ kubelet_image_gc_low_threshold }}
{% endif %}
{% if kubelet_make_iptables_util_chains is defined %}
makeIPTablesUtilChains: {{ kubelet_make_iptables_util_chains | bool }}
{% endif %}
{% if kubelet_seccomp_default is defined %}
seccompDefault: {{ kubelet_seccomp_default | bool }}
{% endif %}
{% if kubelet_cpu_manager_policy is defined %}
cpuManagerPolicy: {{ kubelet_cpu_manager_policy }}
{% endif %}
{% if kubelet_cpu_manager_policy_options is defined %}
cpuManagerPolicyOptions:
  {{ kubelet_cpu_manager_policy_options | to_nice_yaml(indent=2) | indent(width=2) }}
{% endif %}
{% if kubelet_topology_manager_policy is defined %}
topologyManagerPolicy: {{ kubelet_topology_manager_policy }}
{% endif %}
{% if kubelet_topology_manager_scope is defined %}
topologyManagerScope: {{ kubelet_topology_manager_scope }}
{% endif %}
{% if kubelet_tracing %}
tracing:
  endpoint: "{{ kubelet_tracing_endpoint }}"
  samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
{% endif %}
maxParallelImagePulls: {{ kubelet_max_parallel_image_pulls }}