kubelet是Kubernetes中的核心组件,需要在每一个节点安装,也是kubernetes集群启动的第一个服务。kubelet的参数存放在多个目录,修改时如果不完整就会导致各种错误,下面我们kubelet的参数存放位置和配置方法一探究竟。
在Ubuntu18.04上kubelet是使用宿主机的systemd来启动的,目前kubernetes 1.12.3为止都还没有将其容器化。
kubelet的配置参数存放在三个不同的目录:
- /etc/kubernetes,kubenetes主目录,其中kubelet.conf包括apiserver连接参数和连接证书。
- /lib/systemd/system/kubelet.service,kubelet服务的配置文件。
- /var/lib/kubelet,kubelet的数据目录。
kubelet主数据目录参数
/var/lib/kubelet
supermap@podc01:/var/lib/kubelet$ tree
.
├── config.yaml
├── cpu_manager_state
├── device-plugins
│ ├── DEPRECATION
│ ├── kubelet_internal_checkpoint
│ └── kubelet.sock
├── kubeadm-flags.env
├── pki
│ ├── kubelet-client-2018-11-23-10-08-12.pem
│ ├── kubelet-client-2018-11-23-10-08-38.pem
│ ├── kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2018-11-23-10-08-38.pem
│ ├── kubelet.crt
│ └── kubelet.key
├── plugin-containers [error opening dir]
├── plugins [error opening dir]
├── plugins_registry [error opening dir]
├── pod-resources [error opening dir]
└── pods [error opening dir]
7 directories, 11 files其中config.yaml的内容如下:
address: 10.1.1.201
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
cgroupDriver: cgroupfs
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
configMapAndSecretChangeDetectionStrategy: Watch
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuCFSQuotaPeriod: 100ms
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebuggingHandlers: true
enforceNodeAllocatable:
- pods
eventBurst: 10
eventRecordQPS: 5
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kind: KubeletConfiguration
kubeAPIBurst: 10
kubeAPIQPS: 5
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
resolvConf: /etc/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
volumeStatsAggPeriod: 1m0s注意,其中的address: 10.1.1.201,原来为address: 0.0.0.0,可以监听所有地址。