userInfo [Required]authentication/v1.UserInfo
+authentication/v1.UserInfo
UserInfo is information about the requesting user
@@ -227,7 +227,7 @@ This must be copied over from the corresponding AdmissionRequest.statusmeta/v1.Status
+meta/v1.Status
Result contains extra details into why an admission request was denied. diff --git a/content/en/docs/reference/config-api/apiserver-audit.v1.md b/content/en/docs/reference/config-api/apiserver-audit.v1.md index 2837e7c323..4d36f5d218 100644 --- a/content/en/docs/reference/config-api/apiserver-audit.v1.md +++ b/content/en/docs/reference/config-api/apiserver-audit.v1.md @@ -72,14 +72,14 @@ For non-resource requests, this is the lower-cased HTTP method.
user [Required]authentication/v1.UserInfo
+authentication/v1.UserInfo
Authenticated user information.
impersonatedUserauthentication/v1.UserInfo
+authentication/v1.UserInfo
Impersonated user information.
@@ -117,7 +117,7 @@ Does not apply for List-type requests, or non-resource requests.responseStatusmeta/v1.Status
+meta/v1.Status
The response status, populated even when the ResponseObject is not a Status type. @@ -145,14 +145,14 @@ at Response Level.
requestReceivedTimestampmeta/v1.MicroTime
+meta/v1.MicroTime
Time the request reached the apiserver.
stageTimestampmeta/v1.MicroTime
+meta/v1.MicroTime
Time the request reached current audit stage.
@@ -189,7 +189,7 @@ should be short. Annotations are included in the Metadata level.metadatameta/v1.ListMeta
+meta/v1.ListMeta
metadatameta/v1.ObjectMeta
+meta/v1.ObjectMeta
ObjectMeta is included for interoperability with API infrastructure.
@@ -279,7 +279,7 @@ in a rule will override the global default.metadatameta/v1.ListMeta
+meta/v1.ListMeta
Resources is a list of resources this rule applies to.
-For example:
-pods matches pods.pods/log matches the log subresource of pods.* matches all resources and their subresources.pods/* matches all subresources of pods.*/scale matches all scale subresources.For example: +'pods' matches pods. +'pods/log' matches the log subresource of pods. +'' matches all resources and their subresources. +'pods/' matches all subresources of pods. +'*/scale' matches all scale subresources.
If wildcard is present, the validation rule will ensure resources do not overlap with each other.
An empty list implies all resources and subresources in this API groups apply.
@@ -503,12 +501,10 @@ An empty list implies every namespace.NonResourceURLs is a set of URL paths that should be audited.
-*s are allowed, but only as the full, final step in the path.
-Examples:
omitStagesEncryptionConfiguration stores the complete configuration for encryption providers.
It also allows the use of wildcards to specify the resources that should be encrypted.
-Use *.<group> to encrypt all resources within a group or *.* to encrypt all resources.
-*. can be used to encrypt all resource in the core group. *.* will encrypt all
+Use '.' to encrypt all resources within a group or '.' to encrypt all resources.
+'.' can be used to encrypt all resource in the core group. '.' will encrypt all
resources, even custom resources that are added after API server start.
Use of wildcards that overlap within the same resource list or across multiple
entries are not allowed since part of the configuration would be ineffective.
@@ -282,10 +282,10 @@ Set to a negative value to disable caching. This field is only allowed for KMS v
resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from resource or resource.group of the group/version/resource.
-eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas.
-Use *.* to encrypt all resources and *.<group>' to encrypt all resources in a specific group.
-eg: *.awesome.bears.example will encrypt all resources in the group awesome.bears.example.
-eg: *. will encrypt all resources in the core group (such as pods, configmaps, etc).
providers [Required]expirationTimestampmeta/v1.Time
+meta/v1.Time
ExpirationTimestamp indicates a time when the provided credentials expire.
diff --git a/content/en/docs/reference/config-api/client-authentication.v1beta1.md b/content/en/docs/reference/config-api/client-authentication.v1beta1.md index f8cab963cd..d9e55d0ee2 100644 --- a/content/en/docs/reference/config-api/client-authentication.v1beta1.md +++ b/content/en/docs/reference/config-api/client-authentication.v1beta1.md @@ -206,7 +206,7 @@ itself should at least be protected via file permissions.expirationTimestampmeta/v1.Time
+meta/v1.Time
ExpirationTimestamp indicates a time when the provided credentials expire.
diff --git a/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md b/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md index fb55f9a06b..f6eaa915a8 100644 --- a/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md +++ b/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md @@ -29,7 +29,7 @@ auto_generated: truemetadatameta/v1.ObjectMeta
+meta/v1.ObjectMeta
Standard object's metadata. diff --git a/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md b/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md index 455dbfc6b1..348c557807 100644 --- a/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md +++ b/content/en/docs/reference/config-api/kube-controller-manager-config.v1alpha1.md @@ -1,7 +1,7 @@ --- title: kube-controller-manager Configuration (v1alpha1) content_type: tool-reference -package: controllermanager.config.k8s.io/v1alpha1 +package: kubecontrollermanager.config.k8s.io/v1alpha1 auto_generated: true --- @@ -9,190 +9,9 @@ auto_generated: true ## Resource Types -- [LeaderMigrationConfiguration](#controllermanager-config-k8s-io-v1alpha1-LeaderMigrationConfiguration) - [KubeControllerManagerConfiguration](#kubecontrollermanager-config-k8s-io-v1alpha1-KubeControllerManagerConfiguration) - [CloudControllerManagerConfiguration](#cloudcontrollermanager-config-k8s-io-v1alpha1-CloudControllerManagerConfiguration) - - - -## `LeaderMigrationConfiguration` {#controllermanager-config-k8s-io-v1alpha1-LeaderMigrationConfiguration} - - -**Appears in:** - -- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration) - - -
LeaderMigrationConfiguration provides versioned configuration for all migrating leader locks.
- - -| Field | Description |
|---|---|
apiVersionstring | controllermanager.config.k8s.io/v1alpha1 |
kindstring | LeaderMigrationConfiguration |
leaderName [Required]- string
- |
-
- LeaderName is the name of the leader election resource that protects the migration -E.g. 1-20-KCM-to-1-21-CCM - |
-
resourceLock [Required]- string
- |
-
- ResourceLock indicates the resource object type that will be used to lock -Should be "leases" or "endpoints" - |
-
controllerLeaders [Required]- []ControllerLeaderConfiguration
- |
-
- ControllerLeaders contains a list of migrating leader lock configurations - |
-
ControllerLeaderConfiguration provides the configuration for a migrating leader lock.
- - -| Field | Description |
|---|---|
name [Required]- string
- |
-
- Name is the name of the controller being migrated -E.g. service-controller, route-controller, cloud-node-controller, etc - |
-
component [Required]- string
- |
-
- Component is the name of the component in which the controller should be running. -E.g. kube-controller-manager, cloud-controller-manager, etc -Or '*' meaning the controller can be run under any component that participates in the migration - |
-
GenericControllerManagerConfiguration holds configuration for a generic controller-manager.
- - -| Field | Description |
|---|---|
Port [Required]- int32
- |
-
- port is the port that the controller-manager's http service runs on. - |
-
Address [Required]- string
- |
-
- address is the IP address to serve on (set to 0.0.0.0 for all interfaces). - |
-
MinResyncPeriod [Required]- meta/v1.Duration
- |
-
- minResyncPeriod is the resync period in reflectors; will be random between -minResyncPeriod and 2*minResyncPeriod. - |
-
ClientConnection [Required]- ClientConnectionConfiguration
- |
-
- ClientConnection specifies the kubeconfig file and client connection -settings for the proxy server to use when communicating with the apiserver. - |
-
ControllerStartInterval [Required]- meta/v1.Duration
- |
-
- How long to wait between starting controller managers - |
-
LeaderElection [Required]- LeaderElectionConfiguration
- |
-
- leaderElection defines the configuration of leader election client. - |
-
Controllers [Required]- []string
- |
-
- Controllers is the list of controllers to enable or disable -'*' means "all enabled by default controllers" -'foo' means "enable 'foo'" -'-foo' means "disable 'foo'" -first item for a particular name wins - |
-
Debugging [Required]- DebuggingConfiguration
- |
-
- DebuggingConfiguration holds configuration for Debugging related features. - |
-
LeaderMigrationEnabled [Required]- bool
- |
-
- LeaderMigrationEnabled indicates whether Leader Migration should be enabled for the controller manager. - |
-
LeaderMigration [Required]- LeaderMigrationConfiguration
- |
-
- LeaderMigration holds the configuration for Leader Migration. - |
-
CronJobControllerConfiguration holds configuration for CronJobController related features.
LegacySATokenCleaner [Required]LegacySATokenCleanerConfiguration
+LegacySATokenCleanerConfiguration holds configuration for LegacySATokenCleaner related features.
+NamespaceController [Required]NamespaceControllerConfiguration
NamespaceControllerConfiguration holds configuration for NamespaceController -related features. -NamespaceControllerConfiguration holds configuration for NamespaceController related features.
ValidatingAdmissionPolicyStatusController [Required]ValidatingAdmissionPolicyStatusControllerConfiguration
+ValidatingAdmissionPolicyStatusControllerConfiguration holds configuration for +ValidatingAdmissionPolicyStatusController related features.
+LegacySATokenCleanerConfiguration contains elements describing LegacySATokenCleaner
+ + +| Field | Description |
|---|---|
CleanUpPeriod [Required]+ meta/v1.Duration
+ |
+
+ CleanUpPeriod is the period of time since the last usage of an +auto-generated service account token before it can be deleted. + |
+
[]string
VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the +
DEPRECATED: VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the controller from plugins.
bool
VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc) +
DEPRECATED: VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc) should be allowed from plugins.
ValidatingAdmissionPolicyStatusControllerConfiguration contains elements describing ValidatingAdmissionPolicyStatusController.
+ + +| Field | Description |
|---|---|
ConcurrentPolicySyncs [Required]+ int32
+ |
+
+ ConcurrentPolicySyncs is the number of policy objects that are +allowed to sync concurrently. Larger number = quicker type checking, +but more CPU (and network) load. +The default value is 5. + |
+
LeaderMigrationConfiguration provides versioned configuration for all migrating leader locks.
+ + +| Field | Description |
|---|---|
apiVersionstring | controllermanager.config.k8s.io/v1alpha1 |
kindstring | LeaderMigrationConfiguration |
leaderName [Required]+ string
+ |
+
+ LeaderName is the name of the leader election resource that protects the migration +E.g. 1-20-KCM-to-1-21-CCM + |
+
resourceLock [Required]+ string
+ |
+
+ ResourceLock indicates the resource object type that will be used to lock +Should be "leases" or "endpoints" + |
+
controllerLeaders [Required]+ []ControllerLeaderConfiguration
+ |
+
+ ControllerLeaders contains a list of migrating leader lock configurations + |
+
ControllerLeaderConfiguration provides the configuration for a migrating leader lock.
+ + +| Field | Description |
|---|---|
name [Required]+ string
+ |
+
+ Name is the name of the controller being migrated +E.g. service-controller, route-controller, cloud-node-controller, etc + |
+
component [Required]+ string
+ |
+
+ Component is the name of the component in which the controller should be running. +E.g. kube-controller-manager, cloud-controller-manager, etc +Or '*' meaning the controller can be run under any component that participates in the migration + |
+
GenericControllerManagerConfiguration holds configuration for a generic controller-manager.
+ + +| Field | Description |
|---|---|
Port [Required]+ int32
+ |
+
+ port is the port that the controller-manager's http service runs on. + |
+
Address [Required]+ string
+ |
+
+ address is the IP address to serve on (set to 0.0.0.0 for all interfaces). + |
+
MinResyncPeriod [Required]+ meta/v1.Duration
+ |
+
+ minResyncPeriod is the resync period in reflectors; will be random between +minResyncPeriod and 2*minResyncPeriod. + |
+
ClientConnection [Required]+ ClientConnectionConfiguration
+ |
+
+ ClientConnection specifies the kubeconfig file and client connection +settings for the proxy server to use when communicating with the apiserver. + |
+
ControllerStartInterval [Required]+ meta/v1.Duration
+ |
+
+ How long to wait between starting controller managers + |
+
LeaderElection [Required]+ LeaderElectionConfiguration
+ |
+
+ leaderElection defines the configuration of leader election client. + |
+
Controllers [Required]+ []string
+ |
+
+ Controllers is the list of controllers to enable or disable +'*' means "all enabled by default controllers" +'foo' means "enable 'foo'" +'-foo' means "disable 'foo'" +first item for a particular name wins + |
+
Debugging [Required]+ DebuggingConfiguration
+ |
+
+ DebuggingConfiguration holds configuration for Debugging related features. + |
+
LeaderMigrationEnabled [Required]+ bool
+ |
+
+ LeaderMigrationEnabled indicates whether Leader Migration should be enabled for the controller manager. + |
+
LeaderMigration [Required]+ LeaderMigrationConfiguration
+ |
+
+ LeaderMigration holds the configuration for Leader Migration. + |
+
ClientConnectionConfiguration contains details for constructing a client.
+ + +| Field | Description |
|---|---|
kubeconfig [Required]+ string
+ |
+
+ kubeconfig is the path to a KubeConfig file. + |
+
acceptContentTypes [Required]+ string
+ |
+
+ acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the +default value of 'application/json'. This field will control all connections to the server used by a particular +client. + |
+
contentType [Required]+ string
+ |
+
+ contentType is the content type used when sending data to the server from this client. + |
+
qps [Required]+ float32
+ |
+
+ qps controls the number of queries per second allowed for this connection. + |
+
burst [Required]+ int32
+ |
+
+ burst allows extra queries to accumulate when a client is exceeding its rate. + |
+
DebuggingConfiguration holds configuration for Debugging related features.
+ + +| Field | Description |
|---|---|
enableProfiling [Required]+ bool
+ |
+
+ enableProfiling enables profiling via web interface host:port/debug/pprof/ + |
+
enableContentionProfiling [Required]+ bool
+ |
+
+ enableContentionProfiling enables block profiling, if +enableProfiling is true. + |
+
LeaderElectionConfiguration defines the configuration of leader election +clients for components that can run with leader election enabled.
+ + +| Field | Description |
|---|---|
leaderElect [Required]+ bool
+ |
+
+ leaderElect enables a leader election client to gain leadership +before executing the main loop. Enable this when running replicated +components for high availability. + |
+
leaseDuration [Required]+ meta/v1.Duration
+ |
+
+ leaseDuration is the duration that non-leader candidates will wait +after observing a leadership renewal until attempting to acquire +leadership of a led but unrenewed leader slot. This is effectively the +maximum duration that a leader can be stopped before it is replaced +by another candidate. This is only applicable if leader election is +enabled. + |
+
renewDeadline [Required]+ meta/v1.Duration
+ |
+
+ renewDeadline is the interval between attempts by the acting master to +renew a leadership slot before it stops leading. This must be less +than or equal to the lease duration. This is only applicable if leader +election is enabled. + |
+
retryPeriod [Required]+ meta/v1.Duration
+ |
+
+ retryPeriod is the duration the clients should wait between attempting +acquisition and renewal of a leadership. This is only applicable if +leader election is enabled. + |
+
resourceLock [Required]+ string
+ |
+
+ resourceLock indicates the resource object type that will be used to lock +during leader election cycles. + |
+
resourceName [Required]+ string
+ |
+
+ resourceName indicates the name of resource object that will be used to lock +during leader election cycles. + |
+
resourceNamespace [Required]+ string
+ |
+
+ resourceName indicates the namespace of resource object that will be used to lock +during leader election cycles. + |
+
DetectLocal contains optional configuration settings related to DetectLocalMode.
+logging [Required]LoggingConfiguration
+logging specifies the options of logging. +Refer to Logs Options +for more information.
+ClientConnectionConfiguration contains details for constructing a client.
- - -| Field | Description |
|---|---|
kubeconfig [Required]- string
- |
-
- kubeconfig is the path to a KubeConfig file. - |
-
acceptContentTypes [Required]- string
- |
-
- acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the -default value of 'application/json'. This field will control all connections to the server used by a particular -client. - |
-
contentType [Required]- string
- |
-
- contentType is the content type used when sending data to the server from this client. - |
-
qps [Required]- float32
- |
-
- qps controls the number of queries per second allowed for this connection. - |
-
burst [Required]- int32
- |
-
- burst allows extra queries to accumulate when a client is exceeding its rate. - |
-
DebuggingConfiguration holds configuration for Debugging related features.
- - -| Field | Description |
|---|---|
enableProfiling [Required]- bool
- |
-
- enableProfiling enables profiling via web interface host:port/debug/pprof/ - |
-
enableContentionProfiling [Required]- bool
- |
-
- enableContentionProfiling enables block profiling, if -enableProfiling is true. - |
-
LeaderElectionConfiguration defines the configuration of leader election -clients for components that can run with leader election enabled.
- - -| Field | Description |
|---|---|
leaderElect [Required]- bool
- |
-
- leaderElect enables a leader election client to gain leadership -before executing the main loop. Enable this when running replicated -components for high availability. - |
-
leaseDuration [Required]- meta/v1.Duration
- |
-
- leaseDuration is the duration that non-leader candidates will wait -after observing a leadership renewal until attempting to acquire -leadership of a led but unrenewed leader slot. This is effectively the -maximum duration that a leader can be stopped before it is replaced -by another candidate. This is only applicable if leader election is -enabled. - |
-
renewDeadline [Required]- meta/v1.Duration
- |
-
- renewDeadline is the interval between attempts by the acting master to -renew a leadership slot before it stops leading. This must be less -than or equal to the lease duration. This is only applicable if leader -election is enabled. - |
-
retryPeriod [Required]- meta/v1.Duration
- |
-
- retryPeriod is the duration the clients should wait between attempting -acquisition and renewal of a leadership. This is only applicable if -leader election is enabled. - |
-
resourceLock [Required]- string
- |
-
- resourceLock indicates the resource object type that will be used to lock -during leader election cycles. - |
-
resourceName [Required]- string
- |
-
- resourceName indicates the name of resource object that will be used to lock -during leader election cycles. - |
-
resourceNamespace [Required]- string
- |
-
- resourceName indicates the namespace of resource object that will be used to lock -during leader election cycles. - |
-
ClientConnectionConfiguration contains details for constructing a client.
+ + +| Field | Description |
|---|---|
kubeconfig [Required]+ string
+ |
+
+ kubeconfig is the path to a KubeConfig file. + |
+
acceptContentTypes [Required]+ string
+ |
+
+ acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the +default value of 'application/json'. This field will control all connections to the server used by a particular +client. + |
+
contentType [Required]+ string
+ |
+
+ contentType is the content type used when sending data to the server from this client. + |
+
qps [Required]+ float32
+ |
+
+ qps controls the number of queries per second allowed for this connection. + |
+
burst [Required]+ int32
+ |
+
+ burst allows extra queries to accumulate when a client is exceeding its rate. + |
+
DebuggingConfiguration holds configuration for Debugging related features.
+ + +| Field | Description |
|---|---|
enableProfiling [Required]+ bool
+ |
+
+ enableProfiling enables profiling via web interface host:port/debug/pprof/ + |
+
enableContentionProfiling [Required]+ bool
+ |
+
+ enableContentionProfiling enables block profiling, if +enableProfiling is true. + |
+
LeaderElectionConfiguration defines the configuration of leader election +clients for components that can run with leader election enabled.
+ + +| Field | Description |
|---|---|
leaderElect [Required]+ bool
+ |
+
+ leaderElect enables a leader election client to gain leadership +before executing the main loop. Enable this when running replicated +components for high availability. + |
+
leaseDuration [Required]+ meta/v1.Duration
+ |
+
+ leaseDuration is the duration that non-leader candidates will wait +after observing a leadership renewal until attempting to acquire +leadership of a led but unrenewed leader slot. This is effectively the +maximum duration that a leader can be stopped before it is replaced +by another candidate. This is only applicable if leader election is +enabled. + |
+
renewDeadline [Required]+ meta/v1.Duration
+ |
+
+ renewDeadline is the interval between attempts by the acting master to +renew a leadership slot before it stops leading. This must be less +than or equal to the lease duration. This is only applicable if leader +election is enabled. + |
+
retryPeriod [Required]+ meta/v1.Duration
+ |
+
+ retryPeriod is the duration the clients should wait between attempting +acquisition and renewal of a leadership. This is only applicable if +leader election is enabled. + |
+
resourceLock [Required]+ string
+ |
+
+ resourceLock indicates the resource object type that will be used to lock +during leader election cycles. + |
+
resourceName [Required]+ string
+ |
+
+ resourceName indicates the name of resource object that will be used to lock +during leader election cycles. + |
+
resourceNamespace [Required]+ string
+ |
+
+ resourceName indicates the namespace of resource object that will be used to lock +during leader election cycles. + |
+
delayCacheUntilActive [Required]bool
+DelayCacheUntilActive specifies when to start caching. If this is true and leader election is enabled, +the scheduler will wait to fill informer caches until it is the leader. Doing so will have slower +failover with the benefit of lower memory overhead while waiting to become leader. +Defaults to false.
+addedAffinitycore/v1.NodeAffinity
+core/v1.NodeAffinity
AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -309,7 +501,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m
defaultConstraints[]core/v1.TopologySpreadConstraint
+[]core/v1.TopologySpreadConstraint
DefaultConstraints defines topology spread constraints to be applied to @@ -1089,192 +1281,4 @@ Weight defaults to 1 if not specified or explicitly set to 0.
ClientConnectionConfiguration contains details for constructing a client.
- - -| Field | Description |
|---|---|
kubeconfig [Required]- string
- |
-
- kubeconfig is the path to a KubeConfig file. - |
-
acceptContentTypes [Required]- string
- |
-
- acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the -default value of 'application/json'. This field will control all connections to the server used by a particular -client. - |
-
contentType [Required]- string
- |
-
- contentType is the content type used when sending data to the server from this client. - |
-
qps [Required]- float32
- |
-
- qps controls the number of queries per second allowed for this connection. - |
-
burst [Required]- int32
- |
-
- burst allows extra queries to accumulate when a client is exceeding its rate. - |
-
DebuggingConfiguration holds configuration for Debugging related features.
- - -| Field | Description |
|---|---|
enableProfiling [Required]- bool
- |
-
- enableProfiling enables profiling via web interface host:port/debug/pprof/ - |
-
enableContentionProfiling [Required]- bool
- |
-
- enableContentionProfiling enables block profiling, if -enableProfiling is true. - |
-
LeaderElectionConfiguration defines the configuration of leader election -clients for components that can run with leader election enabled.
- - -| Field | Description |
|---|---|
leaderElect [Required]- bool
- |
-
- leaderElect enables a leader election client to gain leadership -before executing the main loop. Enable this when running replicated -components for high availability. - |
-
leaseDuration [Required]- meta/v1.Duration
- |
-
- leaseDuration is the duration that non-leader candidates will wait -after observing a leadership renewal until attempting to acquire -leadership of a led but unrenewed leader slot. This is effectively the -maximum duration that a leader can be stopped before it is replaced -by another candidate. This is only applicable if leader election is -enabled. - |
-
renewDeadline [Required]- meta/v1.Duration
- |
-
- renewDeadline is the interval between attempts by the acting master to -renew a leadership slot before it stops leading. This must be less -than or equal to the lease duration. This is only applicable if leader -election is enabled. - |
-
retryPeriod [Required]- meta/v1.Duration
- |
-
- retryPeriod is the duration the clients should wait between attempting -acquisition and renewal of a leadership. This is only applicable if -leader election is enabled. - |
-
resourceLock [Required]- string
- |
-
- resourceLock indicates the resource object type that will be used to lock -during leader election cycles. - |
-
resourceName [Required]- string
- |
-
- resourceName indicates the name of resource object that will be used to lock -during leader election cycles. - |
-
resourceNamespace [Required]- string
- |
-
- resourceName indicates the namespace of resource object that will be used to lock -during leader election cycles. - |
-
DefaultPreemptionArgs holds arguments used to configure the -DefaultPreemption plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | DefaultPreemptionArgs |
minCandidateNodesPercentage [Required]- int32
- |
-
- MinCandidateNodesPercentage is the minimum number of candidates to -shortlist when dry running preemption as a percentage of number of nodes. -Must be in the range [0, 100]. Defaults to 10% of the cluster size if -unspecified. - |
-
minCandidateNodesAbsolute [Required]- int32
- |
-
- MinCandidateNodesAbsolute is the absolute minimum number of candidates to -shortlist. The likely number of candidates enumerated for dry running -preemption is given by the formula: -numCandidates = max(numNodes * minCandidateNodesPercentage, minCandidateNodesAbsolute) -We say "likely" because there are other factors such as PDB violations -that play a role in the number of candidates shortlisted. Must be at least -0 nodes. Defaults to 100 nodes if unspecified. - |
-
InterPodAffinityArgs holds arguments used to configure the InterPodAffinity plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | InterPodAffinityArgs |
hardPodAffinityWeight [Required]- int32
- |
-
- HardPodAffinityWeight is the scoring weight for existing pods with a -matching hard affinity to the incoming pod. - |
-
ignorePreferredTermsOfExistingPods [Required]- bool
- |
-
- IgnorePreferredTermsOfExistingPods configures the scheduler to ignore existing pods' preferred affinity -rules when scoring candidate nodes, unless the incoming pod has inter-pod affinities. - |
-
KubeSchedulerConfiguration configures a scheduler
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | KubeSchedulerConfiguration |
parallelism [Required]- int32
- |
-
- Parallelism defines the amount of parallelism in algorithms for scheduling a Pods. Must be greater than 0. Defaults to 16 - |
-
leaderElection [Required]- LeaderElectionConfiguration
- |
-
- LeaderElection defines the configuration of leader election client. - |
-
clientConnection [Required]- ClientConnectionConfiguration
- |
-
- ClientConnection specifies the kubeconfig file and client connection -settings for the proxy server to use when communicating with the apiserver. - |
-
healthzBindAddress [Required]- string
- |
-
- Note: Both HealthzBindAddress and MetricsBindAddress fields are deprecated. -Only empty address or port 0 is allowed. Anything else will fail validation. -HealthzBindAddress is the IP address and port for the health check server to serve on. - |
-
metricsBindAddress [Required]- string
- |
-
- MetricsBindAddress is the IP address and port for the metrics server to serve on. - |
-
DebuggingConfiguration [Required]- DebuggingConfiguration
- |
-(Members of DebuggingConfiguration are embedded into this type.)
- DebuggingConfiguration holds configuration for Debugging related features -TODO: We might wanna make this a substruct like Debugging componentbaseconfigv1alpha1.DebuggingConfiguration - |
-
percentageOfNodesToScore [Required]- int32
- |
-
- PercentageOfNodesToScore is the percentage of all nodes that once found feasible -for running a pod, the scheduler stops its search for more feasible nodes in -the cluster. This helps improve scheduler's performance. Scheduler always tries to find -at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is. -Example: if the cluster size is 500 nodes and the value of this flag is 30, -then scheduler stops finding further feasible nodes once it finds 150 feasible ones. -When the value is 0, default percentage (5%--50% based on the size of the cluster) of the -nodes will be scored. - |
-
podInitialBackoffSeconds [Required]- int64
- |
-
- PodInitialBackoffSeconds is the initial backoff for unschedulable pods. -If specified, it must be greater than 0. If this value is null, the default value (1s) -will be used. - |
-
podMaxBackoffSeconds [Required]- int64
- |
-
- PodMaxBackoffSeconds is the max backoff for unschedulable pods. -If specified, it must be greater than podInitialBackoffSeconds. If this value is null, -the default value (10s) will be used. - |
-
profiles [Required]- []KubeSchedulerProfile
- |
-
- Profiles are scheduling profiles that kube-scheduler supports. Pods can -choose to be scheduled under a particular profile by setting its associated -scheduler name. Pods that don't specify any scheduler name are scheduled -with the "default-scheduler" profile, if present here. - |
-
extenders [Required]- []Extender
- |
-
- Extenders are the list of scheduler extenders, each holding the values of how to communicate -with the extender. These extenders are shared by all scheduler profiles. - |
-
NodeAffinityArgs holds arguments to configure the NodeAffinity plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | NodeAffinityArgs |
addedAffinity- core/v1.NodeAffinity
- |
-
- AddedAffinity is applied to all Pods additionally to the NodeAffinity -specified in the PodSpec. That is, Nodes need to satisfy AddedAffinity -AND .spec.NodeAffinity. AddedAffinity is empty by default (all Nodes -match). -When AddedAffinity is used, some Pods with affinity requirements that match -a specific Node (such as Daemonset Pods) might remain unschedulable. - |
-
NodeResourcesBalancedAllocationArgs holds arguments used to configure NodeResourcesBalancedAllocation plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | NodeResourcesBalancedAllocationArgs |
resources [Required]- []ResourceSpec
- |
-
- Resources to be managed, the default is "cpu" and "memory" if not specified. - |
-
NodeResourcesFitArgs holds arguments used to configure the NodeResourcesFit plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | NodeResourcesFitArgs |
ignoredResources [Required]- []string
- |
-
- IgnoredResources is the list of resources that NodeResources fit filter -should ignore. This doesn't apply to scoring. - |
-
ignoredResourceGroups [Required]- []string
- |
-
- IgnoredResourceGroups defines the list of resource groups that NodeResources fit filter should ignore. -e.g. if group is ["example.com"], it will ignore all resource names that begin -with "example.com", such as "example.com/aaa" and "example.com/bbb". -A resource group name can't contain '/'. This doesn't apply to scoring. - |
-
scoringStrategy [Required]- ScoringStrategy
- |
-
- ScoringStrategy selects the node resource scoring strategy. -The default strategy is LeastAllocated with an equal "cpu" and "memory" weight. - |
-
PodTopologySpreadArgs holds arguments used to configure the PodTopologySpread plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | PodTopologySpreadArgs |
defaultConstraints- []core/v1.TopologySpreadConstraint
- |
-
- DefaultConstraints defines topology spread constraints to be applied to
-Pods that don't define any in |
-
defaultingType- PodTopologySpreadConstraintsDefaulting
- |
-
- DefaultingType determines how .defaultConstraints are deduced. Can be one -of "System" or "List". -
Defaults to "System". - |
-
VolumeBindingArgs holds arguments used to configure the VolumeBinding plugin.
- - -| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta2 |
kindstring | VolumeBindingArgs |
bindTimeoutSeconds [Required]- int64
- |
-
- BindTimeoutSeconds is the timeout in seconds in volume binding operation. -Value must be non-negative integer. The value zero indicates no waiting. -If this value is nil, the default value (600) will be used. - |
-
shape- []UtilizationShapePoint
- |
-
- Shape specifies the points defining the score function shape, which is -used to score nodes based on the utilization of statically provisioned -PVs. The utilization is calculated by dividing the total requested -storage of the pod by the total capacity of feasible PVs on each node. -Each point contains utilization (ranges from 0 to 100) and its -associated score (ranges from 0 to 10). You can turn the priority by -specifying different scores for different utilization numbers. -The default shape points are: -
|
-
Extender holds the parameters used to communicate with the extender. If a verb is unspecified/empty, -it is assumed that the extender chose not to provide that extension.
- - -| Field | Description |
|---|---|
urlPrefix [Required]- string
- |
-
- URLPrefix at which the extender is available - |
-
filterVerb [Required]- string
- |
-
- Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender. - |
-
preemptVerb [Required]- string
- |
-
- Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender. - |
-
prioritizeVerb [Required]- string
- |
-
- Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender. - |
-
weight [Required]- int64
- |
-
- The numeric multiplier for the node scores that the prioritize call generates. -The weight should be a positive integer - |
-
bindVerb [Required]- string
- |
-
- Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender. -If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender -can implement this function. - |
-
enableHTTPS [Required]- bool
- |
-
- EnableHTTPS specifies whether https should be used to communicate with the extender - |
-
tlsConfig [Required]- ExtenderTLSConfig
- |
-
- TLSConfig specifies the transport layer security config - |
-
httpTimeout [Required]- meta/v1.Duration
- |
-
- HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize -timeout is ignored, k8s/other extenders priorities are used to select the node. - |
-
nodeCacheCapable [Required]- bool
- |
-
- NodeCacheCapable specifies that the extender is capable of caching node information, -so the scheduler should only send minimal information about the eligible nodes -assuming that the extender already cached full details of all nodes in the cluster - |
-
managedResources- []ExtenderManagedResource
- |
-
- ManagedResources is a list of extended resources that are managed by -this extender. -
|
-
ignorable [Required]- bool
- |
-
- Ignorable specifies if the extender is ignorable, i.e. scheduling should not -fail when the extender returns an error or is not reachable. - |
-
ExtenderManagedResource describes the arguments of extended resources -managed by an extender.
- - -| Field | Description |
|---|---|
name [Required]- string
- |
-
- Name is the extended resource name. - |
-
ignoredByScheduler [Required]- bool
- |
-
- IgnoredByScheduler indicates whether kube-scheduler should ignore this -resource when applying predicates. - |
-
ExtenderTLSConfig contains settings to enable TLS with extender
- - -| Field | Description |
|---|---|
insecure [Required]- bool
- |
-
- Server should be accessed without verifying the TLS certificate. For testing only. - |
-
serverName [Required]- string
- |
-
- ServerName is passed to the server for SNI and is used in the client to check server -certificates against. If ServerName is empty, the hostname used to contact the -server is used. - |
-
certFile [Required]- string
- |
-
- Server requires TLS client certificate authentication - |
-
keyFile [Required]- string
- |
-
- Server requires TLS client certificate authentication - |
-
caFile [Required]- string
- |
-
- Trusted root certificates for server - |
-
certData [Required]- []byte
- |
-
- CertData holds PEM-encoded bytes (typically read from a client certificate file). -CertData takes precedence over CertFile - |
-
keyData [Required]- []byte
- |
-
- KeyData holds PEM-encoded bytes (typically read from a client certificate key file). -KeyData takes precedence over KeyFile - |
-
caData [Required]- []byte
- |
-
- CAData holds PEM-encoded bytes (typically read from a root certificates bundle). -CAData takes precedence over CAFile - |
-
KubeSchedulerProfile is a scheduling profile.
- - -| Field | Description |
|---|---|
schedulerName [Required]- string
- |
-
- SchedulerName is the name of the scheduler associated to this profile. -If SchedulerName matches with the pod's "spec.schedulerName", then the pod -is scheduled with this profile. - |
-
plugins [Required]- Plugins
- |
-
- Plugins specify the set of plugins that should be enabled or disabled. -Enabled plugins are the ones that should be enabled in addition to the -default plugins. Disabled plugins are any of the default plugins that -should be disabled. -When no enabled or disabled plugin is specified for an extension point, -default plugins for that extension point will be used if there is any. -If a QueueSort plugin is specified, the same QueueSort Plugin and -PluginConfig must be specified for all profiles. - |
-
pluginConfig [Required]- []PluginConfig
- |
-
- PluginConfig is an optional set of custom plugin arguments for each plugin. -Omitting config args for a plugin is equivalent to using the default config -for that plugin. - |
-
Plugin specifies a plugin name and its weight when applicable. Weight is used only for Score plugins.
- - -| Field | Description |
|---|---|
name [Required]- string
- |
-
- Name defines the name of plugin - |
-
weight [Required]- int32
- |
-
- Weight defines the weight of plugin, only used for Score plugins. - |
-
PluginConfig specifies arguments that should be passed to a plugin at the time of initialization. -A plugin that is invoked at multiple extension points is initialized once. Args can have arbitrary structure. -It is up to the plugin to process these Args.
- - -| Field | Description |
|---|---|
name [Required]- string
- |
-
- Name defines the name of plugin being configured - |
-
args [Required]- k8s.io/apimachinery/pkg/runtime.RawExtension
- |
-
- Args defines the arguments passed to the plugins at the time of initialization. Args can have arbitrary structure. - |
-
PluginSet specifies enabled and disabled plugins for an extension point. -If an array is empty, missing, or nil, default plugins at that extension point will be used.
- - -| Field | Description |
|---|---|
enabled [Required]- []Plugin
- |
-
- Enabled specifies plugins that should be enabled in addition to default plugins. -If the default plugin is also configured in the scheduler config file, the weight of plugin will -be overridden accordingly. -These are called after default plugins and in the same order specified here. - |
-
disabled [Required]- []Plugin
- |
-
- Disabled specifies default plugins that should be disabled. -When all default plugins need to be disabled, an array containing only one "*" should be provided. - |
-
Plugins include multiple extension points. When specified, the list of plugins for -a particular extension point are the only ones enabled. If an extension point is -omitted from the config, then the default set of plugins is used for that extension point. -Enabled plugins are called in the order specified here, after default plugins. If they need to -be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order.
- - -| Field | Description |
|---|---|
preEnqueue [Required]- PluginSet
- |
-
- PreEnqueue is a list of plugins that should be invoked before adding pods to the scheduling queue. - |
-
queueSort [Required]- PluginSet
- |
-
- QueueSort is a list of plugins that should be invoked when sorting pods in the scheduling queue. - |
-
preFilter [Required]- PluginSet
- |
-
- PreFilter is a list of plugins that should be invoked at "PreFilter" extension point of the scheduling framework. - |
-
filter [Required]- PluginSet
- |
-
- Filter is a list of plugins that should be invoked when filtering out nodes that cannot run the Pod. - |
-
postFilter [Required]- PluginSet
- |
-
- PostFilter is a list of plugins that are invoked after filtering phase, but only when no feasible nodes were found for the pod. - |
-
preScore [Required]- PluginSet
- |
-
- PreScore is a list of plugins that are invoked before scoring. - |
-
score [Required]- PluginSet
- |
-
- Score is a list of plugins that should be invoked when ranking nodes that have passed the filtering phase. - |
-
reserve [Required]- PluginSet
- |
-
- Reserve is a list of plugins invoked when reserving/unreserving resources -after a node is assigned to run the pod. - |
-
permit [Required]- PluginSet
- |
-
- Permit is a list of plugins that control binding of a Pod. These plugins can prevent or delay binding of a Pod. - |
-
preBind [Required]- PluginSet
- |
-
- PreBind is a list of plugins that should be invoked before a pod is bound. - |
-
bind [Required]- PluginSet
- |
-
- Bind is a list of plugins that should be invoked at "Bind" extension point of the scheduling framework. -The scheduler call these plugins in order. Scheduler skips the rest of these plugins as soon as one returns success. - |
-
postBind [Required]- PluginSet
- |
-
- PostBind is a list of plugins that should be invoked after a pod is successfully bound. - |
-
multiPoint [Required]- PluginSet
- |
-
- MultiPoint is a simplified config section to enable plugins for all valid extension points. - |
-
PodTopologySpreadConstraintsDefaulting defines how to set default constraints -for the PodTopologySpread plugin.
- - - - -## `RequestedToCapacityRatioParam` {#kubescheduler-config-k8s-io-v1beta2-RequestedToCapacityRatioParam} - - -**Appears in:** - -- [ScoringStrategy](#kubescheduler-config-k8s-io-v1beta2-ScoringStrategy) - - -RequestedToCapacityRatioParam define RequestedToCapacityRatio parameters
- - -| Field | Description |
|---|---|
shape [Required]- []UtilizationShapePoint
- |
-
- Shape is a list of points defining the scoring function shape. - |
-
ResourceSpec represents a single resource.
- - -| Field | Description |
|---|---|
name [Required]- string
- |
-
- Name of the resource. - |
-
weight [Required]- int64
- |
-
- Weight of the resource. - |
-
ScoringStrategy define ScoringStrategyType for node resource plugin
- - -| Field | Description |
|---|---|
type [Required]- ScoringStrategyType
- |
-
- Type selects which strategy to run. - |
-
resources [Required]- []ResourceSpec
- |
-
- Resources to consider when scoring. -The default resource set includes "cpu" and "memory" with an equal weight. -Allowed weights go from 1 to 100. -Weight defaults to 1 if not specified or explicitly set to 0. - |
-
requestedToCapacityRatio [Required]- RequestedToCapacityRatioParam
- |
-
- Arguments specific to RequestedToCapacityRatio strategy. - |
-
ScoringStrategyType the type of scoring strategy used in NodeResourcesFit plugin.
- - - - -## `UtilizationShapePoint` {#kubescheduler-config-k8s-io-v1beta2-UtilizationShapePoint} - - -**Appears in:** - -- [VolumeBindingArgs](#kubescheduler-config-k8s-io-v1beta2-VolumeBindingArgs) - -- [RequestedToCapacityRatioParam](#kubescheduler-config-k8s-io-v1beta2-RequestedToCapacityRatioParam) - - -UtilizationShapePoint represents single point of priority function shape.
- - -| Field | Description |
|---|---|
utilization [Required]- int32
- |
-
- Utilization (x axis). Valid values are 0 to 100. Fully utilized node maps to 100. - |
-
score [Required]- int32
- |
-
- Score assigned to given utilization (y axis). Valid values are 0 to 10. - |
-
ClientConnectionConfiguration contains details for constructing a client.
- - -| Field | Description |
|---|---|
kubeconfig [Required]- string
- |
-
- kubeconfig is the path to a KubeConfig file. - |
-
acceptContentTypes [Required]- string
- |
-
- acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the -default value of 'application/json'. This field will control all connections to the server used by a particular -client. - |
-
contentType [Required]- string
- |
-
- contentType is the content type used when sending data to the server from this client. - |
-
qps [Required]- float32
- |
-
- qps controls the number of queries per second allowed for this connection. - |
-
burst [Required]- int32
- |
-
- burst allows extra queries to accumulate when a client is exceeding its rate. - |
-
DebuggingConfiguration holds configuration for Debugging related features.
- - -| Field | Description |
|---|---|
enableProfiling [Required]- bool
- |
-
- enableProfiling enables profiling via web interface host:port/debug/pprof/ - |
-
enableContentionProfiling [Required]- bool
- |
-
- enableContentionProfiling enables block profiling, if -enableProfiling is true. - |
-
LeaderElectionConfiguration defines the configuration of leader election -clients for components that can run with leader election enabled.
- - -| Field | Description |
|---|---|
leaderElect [Required]- bool
- |
-
- leaderElect enables a leader election client to gain leadership -before executing the main loop. Enable this when running replicated -components for high availability. - |
-
leaseDuration [Required]- meta/v1.Duration
- |
-
- leaseDuration is the duration that non-leader candidates will wait -after observing a leadership renewal until attempting to acquire -leadership of a led but unrenewed leader slot. This is effectively the -maximum duration that a leader can be stopped before it is replaced -by another candidate. This is only applicable if leader election is -enabled. - |
-
renewDeadline [Required]- meta/v1.Duration
- |
-
- renewDeadline is the interval between attempts by the acting master to -renew a leadership slot before it stops leading. This must be less -than or equal to the lease duration. This is only applicable if leader -election is enabled. - |
-
retryPeriod [Required]- meta/v1.Duration
- |
-
- retryPeriod is the duration the clients should wait between attempting -acquisition and renewal of a leadership. This is only applicable if -leader election is enabled. - |
-
resourceLock [Required]- string
- |
-
- resourceLock indicates the resource object type that will be used to lock -during leader election cycles. - |
-
resourceName [Required]- string
- |
-
- resourceName indicates the name of resource object that will be used to lock -during leader election cycles. - |
-
resourceNamespace [Required]- string
- |
-
- resourceName indicates the namespace of resource object that will be used to lock -during leader election cycles. - |
-
addedAffinitycore/v1.NodeAffinity
+core/v1.NodeAffinity
AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -309,7 +309,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m
defaultConstraints[]core/v1.TopologySpreadConstraint
+[]core/v1.TopologySpreadConstraint
DefaultConstraints defines topology spread constraints to be applied to @@ -1083,8 +1083,6 @@ Weight defaults to 1 if not specified or explicitly set to 0.
**Appears in:** -- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration) - - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration) @@ -1141,8 +1139,6 @@ client. **Appears in:** -- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration) - - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration) @@ -1177,8 +1173,6 @@ enableProfiling is true. **Appears in:** -- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration) - - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration) diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md index 2e7fd8319d..3972691620 100644 --- a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md +++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md @@ -62,7 +62,7 @@ customization). provided by kubeadm includes also enforcing consistency of values across components when required (e.g.--cluster-cidr flag on controller manager and clusterCIDR on kube-proxy).
Users are always allowed to override default values, with the only exception of a small subset of setting with -relevance for security (e.g. enforce authorization-mode Node and RBAC on api server)
+relevance for security (e.g. enforce authorization-mode Node and RBAC on api server).If the user provides a configuration types that is not expected for the action you are performing, kubeadm will ignore those types and print a warning.
pathTypecore/v1.HostPathType
+core/v1.HostPathType
pathType is the type of the hostPath.
criSocket is used to retrieve container runtime info.
-This information will be annotated to the Node API object, for later re-use
taints [Required][]core/v1.Taint
+[]core/v1.Taint
taints specifies the taints the Node API object should be registered with.
@@ -1184,11 +1184,12 @@ command line except without leading dash(es).
ignorePreflightErrors provides a list of pre-flight errors to be ignored when
-the current node is registered.
IsPrevilegedUser,Swap.
+Value all ignores errors from all checks.
imagePullPolicycore/v1.PullPolicy
+core/v1.PullPolicy
imagePullPolicy specifies the policy for image pulling during kubeadm "init" and
@@ -1281,7 +1282,7 @@ for, so other administrators can know its purpose.
expiresmeta/v1.Time
+meta/v1.Time
expires specifies the timestamp when this token expires. Defaults to being set
diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md
new file mode 100644
index 0000000000..f7349db30c
--- /dev/null
+++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md
@@ -0,0 +1,1428 @@
+---
+title: kubeadm Configuration (v1beta4)
+content_type: tool-reference
+package: kubeadm.k8s.io/v1beta4
+auto_generated: true
+---
+
Package v1beta4 defines the v1beta4 version of the kubeadm configuration file format. +This version improves on the v1beta3 format by fixing some minor issues and adding a few new fields.
+A list of changes since v1beta3:
+ClusterConfiguration.
+Use APIServer.ExtraEnvs, ControllerManager.ExtraEnvs, Scheduler.ExtraEnvs,
+Etcd.Local.ExtraEnvs.ResetConfiguration API type is now supported in v1beta4.
+Users are able to reset a node by passing a --config file to kubeadm reset.The preferred way to configure kubeadm is to pass an YAML configuration file with +the `--config“ option. Some of the configuration options defined in the kubeadm +config file are also available as command line flags, but only the most +common/simple use case are supported with this approach.
+A kubeadm config file could contain multiple configuration types separated using three dashes (---).
kubeadm supports the following configuration types:
+apiVersion: kubeadm.k8s.io/v1beta4
+kind: InitConfiguration
+
+apiVersion: kubeadm.k8s.io/v1beta4
+kind: ClusterConfiguration
+
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+
+apiVersion: kubeadm.k8s.io/v1beta4
+kind: JoinConfiguration
+To print the defaults for "init" and "join" actions use the following commands:
+kubeadm config print init-defaults +kubeadm config print join-defaults +
The list of configuration types that must be included in a configuration file depends by the action you are
+performing (init or join`) and by the configuration options you are going to use (defaults or advanced customization).
If some configuration types are not provided, or provided only partially, kubeadm will use default values; defaults
+provided by kubeadm includes also enforcing consistency of values across components when required (e.g.
+--cluster-cidr flag on controller manager and clusterCIDR on kube-proxy).
Users are always allowed to override default values, with the only exception of a small subset of setting with +relevance for security (e.g. enforce authorization-mode Node and RBAC on api server).
+If the user provides a configuration types that is not expected for the action you are performing, kubeadm will +ignore those types and print a warning.
+When executing kubeadm init with the `--config“ option, the following configuration types could be used: +InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration, but only one +between InitConfiguration and ClusterConfiguration is mandatory.
+apiVersion: kubeadm.k8s.io/v1beta4 +kind: InitConfiguration +bootstrapTokens: + + ... + +nodeRegistration: + + ... + +
The InitConfiguration type should be used to configure runtime settings, that in case of kubeadm init +are the configuration of the bootstrap token and all the setting which are specific to the node where kubeadm +is executed, including:
+NodeRegistration, that holds fields that relate to registering the new node to the cluster; +use it to customize the node name, the CRI socket to use or any other settings that should apply to this +node only (e.g. the node ip).
+LocalAPIEndpoint, that represents the endpoint of the instance of the API server to be deployed on this node; +use it e.g. to customize the API server advertise address.
+apiVersion: kubeadm.k8s.io/v1beta4 +kind: ClusterConfiguration +networking: + + ... + +etcd: + + ... + +apiServer: + + extraArgs: + ... + extraVolumes: + ... + +... +
The ClusterConfiguration type should be used to configure cluster-wide settings, +including settings for:
+networking that holds configuration for the networking topology of the cluster; use it e.g. to customize
+Pod subnet or services subnet.
etcd: use it e.g. to customize the local etcd or to configure the API server
+for using an external etcd cluster.
kube-apiserver, kube-scheduler, kube-controller-manager configurations; use it to customize control-plane +components by adding customized setting or overriding kubeadm default settings.
+apiVersion: kubeproxy.config.k8s.io/v1alpha1 +kind: KubeProxyConfiguration + + ... + +
The KubeProxyConfiguration type should be used to change the configuration passed to kube-proxy instances deployed +in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ or +https://pkg.go.dev/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration +for kube-proxy official documentation.
+apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration + + ... + +
The KubeletConfiguration type should be used to change the configurations that will be passed to all kubelet instances +deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ or +https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration +for kubelet official documentation.
+Here is a fully populated example of a single YAML file containing multiple
+configuration types to be used during a kubeadm init run.
apiVersion: kubeadm.k8s.io/v1beta4 +kind: InitConfiguration +bootstrapTokens: + - token: "9a08jv.c0izixklcxtmnze7" + description: "kubeadm bootstrap token" + ttl: "24h" + - token: "783bde.3f89s0fje9f38fhf" + description: "another bootstrap token" + usages: + - authentication + - signing + groups: + - system:bootstrappers:kubeadm:default-node-token + +nodeRegistration: + + name: "ec2-10-100-0-1" + criSocket: "unix:///var/run/containerd/containerd.sock" + taints: + - key: "kubeadmNode" + value: "someValue" + effect: "NoSchedule" + kubeletExtraArgs: + v: 4 + ignorePreflightErrors: + - IsPrivilegedUser + imagePullPolicy: "IfNotPresent" + +localAPIEndpoint: + + advertiseAddress: "10.100.0.1" + bindPort: 6443 + +certificateKey: "e6a2eb8581237ab72a4f494f30285ec12a9694d750b9785706a83bfcbbbd2204" +skipPhases: + - addon/kube-proxy + +--- +apiVersion: kubeadm.k8s.io/v1beta4 +kind: ClusterConfiguration +etcd: + + # one of local or external + local: + imageRepository: "registry.k8s.io" + imageTag: "3.2.24" + dataDir: "/var/lib/etcd" + extraArgs: + listen-client-urls: "http://10.100.0.1:2379" + serverCertSANs: + - "ec2-10-100-0-1.compute-1.amazonaws.com" + peerCertSANs: + - "10.100.0.1" + # external: + # endpoints: + # - "10.100.0.1:2379" + # - "10.100.0.2:2379" + # caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt" + # certFile: "/etcd/kubernetes/pki/etcd/etcd.crt" + # keyFile: "/etcd/kubernetes/pki/etcd/etcd.key" + +networking: + + serviceSubnet: "10.96.0.0/16" + podSubnet: "10.244.0.0/24" + dnsDomain: "cluster.local" + +kubernetesVersion: "v1.21.0" +controlPlaneEndpoint: "10.100.0.1:6443" +apiServer: + + extraArgs: + authorization-mode: "Node,RBAC" + extraVolumes: + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File + certSANs: + - "10.100.1.1" + - "ec2-10-100-0-1.compute-1.amazonaws.com" + timeoutForControlPlane: 4m0s + +controllerManager: + + extraArgs: + "node-cidr-mask-size": "20" + extraVolumes: + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File + +scheduler: + + extraArgs: + address: "10.100.0.1" + extraVolumes: + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File + +certificatesDir: "/etc/kubernetes/pki" +imageRepository: "registry.k8s.io" +clusterName: "example-cluster" +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +# kubelet specific options here +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +kind: KubeProxyConfiguration +# kube-proxy specific options here +
When executing kubeadm join with the --config option, the JoinConfiguration type should be provided.
+apiVersion: kubeadm.k8s.io/v1beta4 +kind: JoinConfiguration + + ... + +
The JoinConfiguration type should be used to configure runtime settings, that in case of kubeadm join +are the discovery method used for accessing the cluster info and all the setting which are specific +to the node where kubeadm is executed, including:
+nodeRegistration, that holds fields that relate to registering the new node to the cluster;
+use it to customize the node name, the CRI socket to use or any other settings that should apply to this
+node only (e.g. the node ip).
`apiEndpoint“, that represents the endpoint of the instance of the API server to be eventually deployed on this node.
+ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster
+ + +| Field | Description |
|---|---|
apiVersionstring | kubeadm.k8s.io/v1beta4 |
kindstring | ClusterConfiguration |
etcd+ Etcd
+ |
+
+ Etcd holds configuration for etcd. + |
+
networking+ Networking
+ |
+
+ Networking holds configuration for the networking topology of the cluster. + |
+
kubernetesVersion+ string
+ |
+
+ KubernetesVersion is the target version of the control plane. + |
+
controlPlaneEndpoint+ string
+ |
+
+ ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it +can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. +In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort +are used; in case the ControlPlaneEndpoint is specified but without a TCP port, +the BindPort is used. +Possible usages are: +e.g. In a cluster with more than one control plane instances, this field should be +assigned the address of the external load balancer in front of the +control plane instances. +e.g. in environments with enforced node recycling, the ControlPlaneEndpoint +could be used for assigning a stable DNS to the control plane. + |
+
apiServer+ APIServer
+ |
+
+ APIServer contains extra settings for the API server control plane component + |
+
controllerManager+ ControlPlaneComponent
+ |
+
+ ControllerManager contains extra settings for the controller manager control plane component + |
+
scheduler+ ControlPlaneComponent
+ |
+
+ Scheduler contains extra settings for the scheduler control plane component + |
+
dns+ DNS
+ |
+
+ DNS defines the options for the DNS add-on installed in the cluster. + |
+
certificatesDir+ string
+ |
+
+ CertificatesDir specifies where to store or look for all required certificates. + |
+
imageRepository+ string
+ |
+
+ ImageRepository sets the container registry to pull images from.
+If empty, |
+
featureGates+ map[string]bool
+ |
+
+ FeatureGates enabled by the user. + |
+
clusterName+ string
+ |
+
+ The cluster name + |
+
InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime +information.
+ + +| Field | Description |
|---|---|
apiVersionstring | kubeadm.k8s.io/v1beta4 |
kindstring | InitConfiguration |
bootstrapTokens+ []invalid type
+ |
+
+ BootstrapTokens is respected at |
+
nodeRegistration+ NodeRegistrationOptions
+ |
+
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster + |
+
localAPIEndpoint+ APIEndpoint
+ |
+
+ LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node +In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint +is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This +configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible +on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process +fails you may set the desired value here. + |
+
certificateKey+ string
+ |
+
+ CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in +a secret in the cluster during the uploadcerts init phase. + |
+
skipPhases+ []string
+ |
+
+ SkipPhases is a list of phases to skip during command execution. +The list of phases can be obtained with the "kubeadm init --help" command. +The flag "--skip-phases" takes precedence over this field. + |
+
patches+ Patches
+ |
+
+ Patches contains options related to applying patches to components deployed by kubeadm during +"kubeadm init". + |
+
JoinConfiguration contains elements describing a particular node.
+ + +| Field | Description |
|---|---|
apiVersionstring | kubeadm.k8s.io/v1beta4 |
kindstring | JoinConfiguration |
nodeRegistration+ NodeRegistrationOptions
+ |
+
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster + |
+
caCertPath+ string
+ |
+
+ CACertPath is the path to the SSL certificate authority used to +secure comunications between node and control-plane. +Defaults to "/etc/kubernetes/pki/ca.crt". + |
+
discovery [Required]+ Discovery
+ |
+
+ Discovery specifies the options for the kubelet to use during the TLS Bootstrap process + |
+
controlPlane+ JoinControlPlane
+ |
+
+ ControlPlane defines the additional control plane instance to be deployed on the joining node. +If nil, no additional control plane instance will be deployed. + |
+
skipPhases+ []string
+ |
+
+ SkipPhases is a list of phases to skip during command execution. +The list of phases can be obtained with the "kubeadm join --help" command. +The flag "--skip-phases" takes precedence over this field. + |
+
patches+ Patches
+ |
+
+ Patches contains options related to applying patches to components deployed by kubeadm during +"kubeadm join". + |
+
ResetConfiguration contains a list of fields that are specifically "kubeadm reset"-only runtime information.
+ + +| Field | Description |
|---|---|
apiVersionstring | kubeadm.k8s.io/v1beta4 |
kindstring | ResetConfiguration |
cleanupTmpDir+ bool
+ |
+
+ CleanupTmpDir specifies whether the "/etc/kubernetes/tmp" directory should be cleaned during the reset process. + |
+
certificatesDir+ string
+ |
+
+ CertificatesDir specifies the directory where the certificates are stored. If specified, it will be cleaned during the reset process. + |
+
criSocket+ string
+ |
+
+ CRISocket is used to retrieve container runtime info and used for the removal of the containers. +If CRISocket is not specified by flag or config file, kubeadm will try to detect one valid CRISocket instead. + |
+
dryRun+ bool
+ |
+
+ DryRun tells if the dry run mode is enabled, don't apply any change if it is and just output what would be done. + |
+
force+ bool
+ |
+
+ Force flag instructs kubeadm to reset the node without prompting for confirmation. + |
+
ignorePreflightErrors+ []string
+ |
+
+ IgnorePreflightErrors provides a slice of pre-flight errors to be ignored during the reset process, e.g. 'IsPrivilegedUser,Swap'. +Value 'all' ignores errors from all checks. + |
+
skipPhases+ []string
+ |
+
+ SkipPhases is a list of phases to skip during command execution. +The list of phases can be obtained with the "kubeadm reset phase --help" command. + |
+
APIEndpoint struct contains elements of API server instance deployed on a node.
+ + +| Field | Description |
|---|---|
advertiseAddress+ string
+ |
+
+ AdvertiseAddress sets the IP address for the API server to advertise. + |
+
bindPort+ int32
+ |
+
+ BindPort sets the secure port for the API Server to bind to. +Defaults to 6443. + |
+
APIServer holds settings necessary for API server deployments in the cluster
+ + +| Field | Description |
|---|---|
ControlPlaneComponent [Required]+ ControlPlaneComponent
+ |
+(Members of ControlPlaneComponent are embedded into this type.)
+ No description provided. |
+
certSANs+ []string
+ |
+
+ CertSANs sets extra Subject Alternative Names for the API Server signing cert. + |
+
timeoutForControlPlane+ meta/v1.Duration
+ |
+
+ TimeoutForControlPlane controls the timeout that we use for API server to appear + |
+
BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery
+ + +| Field | Description |
|---|---|
token [Required]+ string
+ |
+
+ Token is a token used to validate cluster information +fetched from the control-plane. + |
+
apiServerEndpoint+ string
+ |
+
+ APIServerEndpoint is an IP or domain name to the API server from which info will be fetched. + |
+
caCertHashes+ []string
+ |
+
+ CACertHashes specifies a set of public key pins to verify +when token-based discovery is used. The root CA found during discovery +must match one of these values. Specifying an empty set disables root CA +pinning, which can be unsafe. Each hash is specified as ":", +where the only currently supported type is "sha256". This is a hex-encoded +SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded +ASN.1. These hashes can be calculated using, for example, OpenSSL. + |
+
unsafeSkipCAVerification+ bool
+ |
+
+ UnsafeSkipCAVerification allows token-based discovery +without CA verification via CACertHashes. This can weaken +the security of kubeadm since other nodes can impersonate the control-plane. + |
+
ControlPlaneComponent holds settings common to control plane component of the cluster
+ + +| Field | Description |
|---|---|
extraArgs+ map[string]string
+ |
+
+ ExtraArgs is an extra set of flags to pass to the control plane component. +A key in this map is the flag name as it appears on the +command line except without leading dash(es). +TODO: This is temporary and ideally we would like to switch all components to +use ComponentConfig + ConfigMaps. + |
+
extraVolumes+ []HostPathMount
+ |
+
+ ExtraVolumes is an extra set of host volumes, mounted to the control plane component. + |
+
extraEnvs+ []core/v1.EnvVar
+ |
+
+ ExtraEnvs is an extra set of environment variables to pass to the control plane component. +Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + |
+
DNS defines the DNS addon that should be used in the cluster
+ + +| Field | Description |
|---|---|
ImageMeta [Required]+ ImageMeta
+ |
+(Members of ImageMeta are embedded into this type.)
+ ImageMeta allows to customize the image used for the DNS component + |
+
Discovery specifies the options for the kubelet to use during the TLS Bootstrap process
+ + +| Field | Description |
|---|---|
bootstrapToken+ BootstrapTokenDiscovery
+ |
+
+ BootstrapToken is used to set the options for bootstrap token based discovery +BootstrapToken and File are mutually exclusive + |
+
file+ FileDiscovery
+ |
+
+ File is used to specify a file or URL to a kubeconfig file from which to load cluster information +BootstrapToken and File are mutually exclusive + |
+
tlsBootstrapToken+ string
+ |
+
+ TLSBootstrapToken is a token used for TLS bootstrapping. +If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. +If .File is set, this field must be set in case the KubeConfigFile does not contain any other authentication information + |
+
timeout+ meta/v1.Duration
+ |
+
+ Timeout modifies the discovery timeout + |
+
Etcd contains elements describing Etcd configuration.
+ + +| Field | Description |
|---|---|
local+ LocalEtcd
+ |
+
+ Local provides configuration knobs for configuring the local etcd instance +Local and External are mutually exclusive + |
+
external+ ExternalEtcd
+ |
+
+ External describes how to connect to an external etcd cluster +Local and External are mutually exclusive + |
+
ExternalEtcd describes an external etcd cluster. +Kubeadm has no knowledge of where certificate files live and they must be supplied.
+ + +| Field | Description |
|---|---|
endpoints [Required]+ []string
+ |
+
+ Endpoints of etcd members. Required for ExternalEtcd. + |
+
caFile [Required]+ string
+ |
+
+ CAFile is an SSL Certificate Authority file used to secure etcd communication. +Required if using a TLS connection. + |
+
certFile [Required]+ string
+ |
+
+ CertFile is an SSL certification file used to secure etcd communication. +Required if using a TLS connection. + |
+
keyFile [Required]+ string
+ |
+
+ KeyFile is an SSL key file used to secure etcd communication. +Required if using a TLS connection. + |
+
FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ + +| Field | Description |
|---|---|
kubeConfigPath [Required]+ string
+ |
+
+ KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information + |
+
HostPathMount contains elements describing volumes that are mounted from the +host.
+ + +| Field | Description |
|---|---|
name [Required]+ string
+ |
+
+ Name of the volume inside the pod template. + |
+
hostPath [Required]+ string
+ |
+
+ HostPath is the path in the host that will be mounted inside +the pod. + |
+
mountPath [Required]+ string
+ |
+
+ MountPath is the path inside the pod where hostPath will be mounted. + |
+
readOnly+ bool
+ |
+
+ ReadOnly controls write access to the volume + |
+
pathType+ core/v1.HostPathType
+ |
+
+ PathType is the type of the HostPath. + |
+
ImageMeta allows to customize the image used for components that are not +originated from the Kubernetes/Kubernetes release process
+ + +| Field | Description |
|---|---|
imageRepository+ string
+ |
+
+ ImageRepository sets the container registry to pull images from. +if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + |
+
imageTag+ string
+ |
+
+ ImageTag allows to specify a tag for the image. +In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + |
+
JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
+ + +| Field | Description |
|---|---|
localAPIEndpoint+ APIEndpoint
+ |
+
+ LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. + |
+
certificateKey+ string
+ |
+
+ CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret +upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. + |
+
LocalEtcd describes that kubeadm should run an etcd cluster locally
+ + +| Field | Description |
|---|---|
ImageMeta [Required]+ ImageMeta
+ |
+(Members of ImageMeta are embedded into this type.)
+ ImageMeta allows to customize the container used for etcd + |
+
dataDir [Required]+ string
+ |
+
+ DataDir is the directory etcd will place its data. +Defaults to "/var/lib/etcd". + |
+
extraArgs+ map[string]string
+ |
+
+ ExtraArgs are extra arguments provided to the etcd binary +when run inside a static pod. +A key in this map is the flag name as it appears on the +command line except without leading dash(es). + |
+
extraEnvs+ []core/v1.EnvVar
+ |
+
+ ExtraEnvs is an extra set of environment variables to pass to the control plane component. +Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. + |
+
serverCertSANs+ []string
+ |
+
+ ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert. + |
+
peerCertSANs+ []string
+ |
+
+ PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. + |
+
Networking contains elements describing cluster's networking configuration
+ + +| Field | Description |
|---|---|
serviceSubnet+ string
+ |
+
+ ServiceSubnet is the subnet used by k8s services. Defaults to "10.96.0.0/12". + |
+
podSubnet+ string
+ |
+
+ PodSubnet is the subnet used by pods. + |
+
dnsDomain+ string
+ |
+
+ DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local". + |
+
NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join"
+ + +| Field | Description |
|---|---|
name+ string
+ |
+
+ Name is the |
+
criSocket+ string
+ |
+
+ CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + |
+
taints [Required]+ []core/v1.Taint
+ |
+
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil,
+it will be defaulted with a control-plane taint for control-plane nodes. If you don't want to taint your control-plane
+node, set this field to an empty slice, i.e. |
+
kubeletExtraArgs+ map[string]string
+ |
+
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file +kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config ConfigMap +Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. +A key in this map is the flag name as it appears on the +command line except without leading dash(es). + |
+
ignorePreflightErrors+ []string
+ |
+
+ IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. +Value 'all' ignores errors from all checks. + |
+
imagePullPolicy+ core/v1.PullPolicy
+ |
+
+ ImagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. +The value of this field must be one of "Always", "IfNotPresent" or "Never". +If this field is unset kubeadm will default it to "IfNotPresent", or pull the required images if not present on the host. + |
+
Patches contains options related to applying patches to components deployed by kubeadm.
+ + +| Field | Description |
|---|---|
directory+ string
+ |
+
+ Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". +For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of +"kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". +"patchtype" can be one of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. +The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". +"suffix" is an optional string that can be used to determine which patches are applied +first alpha-numerically. + |
+
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
+ + +| Field | Description |
|---|---|
token [Required]+ BootstrapTokenString
+ |
+
+
|
+
description+ string
+ |
+
+
|
+
ttl+ meta/v1.Duration
+ |
+
+
|
+
expires+ meta/v1.Time
+ |
+
+
|
+
usages+ []string
+ |
+
+
|
+
groups+ []string
+ |
+
+
|
+
BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used
+for both validation of the practically of the API server from a joining node's point
+of view and as an authentication method for the node in the bootstrap phase of
+"kubeadm join". This token is and should be short-lived.
| Field | Description |
|---|---|
- [Required]+ string
+ |
++ No description provided. | +
- [Required]+ string
+ |
++ No description provided. | +
Each entry in matchImages is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like *.k8s.io or k8s.*.io, and top-level-domains such as k8s.*.
-Matching partial subdomains like app*.k8s.io is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.
A match exists between an image and a matchImage when all of the below are true:
*.io does not match *.
Example values of matchImages:
- 123456789.dkr.ecr.us-east-1.amazonaws.com
-- *.azurecr.io
+- *.azurecr.io
- gcr.io
-- *.*.registry.io
+- ..registry.io
- registry.io:8080/path
tlsCipherSuites is the list of allowed cipher suites for the server. +Note that TLS 1.3 ciphersuites are not configurable. Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). Default: nil
KubeletAuthentication
authentication specifies how requests to the Kubelet's server are authenticated.
-Defaults:
-authentication specifies how requests to the Kubelet's server are authenticated.
+Defaults:
anonymous:
- enabled: false
+enabled: false
webhook:
- enabled: true
- cacheTTL: "2m"
-
+
authorizationcpuManagerPolicy is the name of the policy to use. Requires the CPUManager feature gate to be enabled. -Default: "none"
+Default: "None"cpuManagerPolicyOptionscpuManagerReconcilePeriod is the reconciliation period for the CPU Manager. +Requires the CPUManager feature gate to be enabled. Default: "10s"
bool
makeIPTablesUtilChains, if true, causes the Kubelet ensures a set of iptables rules -are present on host. -These rules will serve as utility rules for various components, e.g. kube-proxy. -The rules will be created based on iptablesMasqueradeBit and iptablesDropBit. +
makeIPTablesUtilChains, if true, causes the Kubelet to create the +KUBE-IPTABLES-HINT chain in iptables as a hint to other components about the +configuration of iptables on the system. Default: true
int32
iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT. -Values must be within the range [0, 31]. Must be different from other mark bits. -Warning: Please match the value of the corresponding parameter in kube-proxy. -TODO: clean up IPTablesMasqueradeBit in kube-proxy. +
iptablesMasqueradeBit formerly controlled the creation of the KUBE-MARK-MASQ +chain. +Deprecated: no longer has any effect. Default: 14
int32
iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. -Values must be within the range [0, 31]. Must be different from other mark bits. +
iptablesDropBit formerly controlled the creation of the KUBE-MARK-DROP chain. +Deprecated: no longer has any effect. Default: 15
[]string
A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in *).
-Unsafe sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*,
-and net.*. For example: "kernel.msg*,net.ipv4.route.min_pmtu"
+
A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in *).
+Unsafe sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*,
+and net.*. For example: "kernel.msg*,net.ipv4.route.min_pmtu"
Default: []
registerWithTaints[]core/v1.Taint
+[]core/v1.Taint
registerWithTaints are an array of taints to add to a node object when @@ -1257,7 +1255,7 @@ It exists in the kubeletconfig API group because it is classified as a versioned
sourcecore/v1.NodeConfigSource
+core/v1.NodeConfigSource
source is the source that we are serializing.
@@ -1303,9 +1301,9 @@ to provide credentials. Images are expected to contain the registry domain and URL path.Each entry in matchImages is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like *.k8s.io or k8s.*.io, and top-level-domains such as k8s.*.
-Matching partial subdomains like app*.k8s.io is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.
A match exists between an image and a matchImage when all of the below are true:
*.io does not match *.
Example values of matchImages:
- 123456789.dkr.ecr.us-east-1.amazonaws.com
-- *.azurecr.io
+- *.azurecr.io
- gcr.io
-- *.*.registry.io
+- ..registry.io
- registry.io:8080/path
limits [Required]core/v1.ResourceList
+core/v1.ResourceList
text
flushFrequency [Required]time.Duration
+TimeOrMetaDuration
Maximum number of nanoseconds (i.e. 1s = 1000000000) between log -flushes. Ignored if the selected logging backend writes log -messages without buffering.
+Maximum time between log flushes. +If a string, parsed as a duration (i.e. "1s") +If an int, the maximum number of nanoseconds (i.e. 1s = 1000000000). +Ignored if the selected logging backend writes log messages without buffering.
verbosity [Required]LoggingOptions can be used with ValidateAndApplyWithOptions to override +certain global defaults.
+ + +| Field | Description |
|---|---|
ErrorStream [Required]+ io.Writer
+ |
+
+ ErrorStream can be used to override the os.Stderr default. + |
+
InfoStream [Required]+ io.Writer
+ |
+
+ InfoStream can be used to override the os.Stdout default. + |
+
TimeOrMetaDuration is present only for backwards compatibility for the +flushFrequency field, and new fields should use metav1.Duration.
+ + +| Field | Description |
|---|---|
Duration [Required]+ meta/v1.Duration
+ |
+
+ Duration holds the duration + |
+
- [Required]+ bool
+ |
+
+ SerializeAsString controls whether the value is serialized as a string or an integer + |
+
Each key in the map is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like *.k8s.io or k8s.*.io, and top-level-domains such as k8s.*.
-Matching partial subdomains like app*.k8s.io is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.
The kubelet will match images against the key when all of the below are true:
Example keys:
Each key in the map is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like *.k8s.io or k8s.*.io, and top-level-domains such as k8s.*.
-Matching partial subdomains like app*.k8s.io is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.
The kubelet will match images against the key when all of the below are true:
Example keys:
Each key in the map is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like *.k8s.io or k8s.*.io, and top-level-domains such as k8s.*.
-Matching partial subdomains like app*.k8s.io is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.
The kubelet will match images against the key when all of the below are true:
Example keys: