c0d2cca45d
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a chance of overcommitment - Add a possibility to modify Kubelet node-status-update-frequency - Add a posibility to configure node-monitor-grace-period, node-monitor-period, pod-eviction-timeout for Kubernetes controller manager - Add Kubernetes Relaibility Documentation with recomendations for various scenarios. Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
70 lines
2.4 KiB
Django/Jinja
70 lines
2.4 KiB
Django/Jinja
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-controller-manager
|
|
namespace: {{system_namespace}}
|
|
labels:
|
|
k8s-app: kube-controller
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-controller-manager
|
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
resources:
|
|
limits:
|
|
cpu: {{ kube_controller_cpu_limit }}
|
|
memory: {{ kube_controller_memory_limit }}
|
|
requests:
|
|
cpu: {{ kube_controller_cpu_requests }}
|
|
memory: {{ kube_controller_memory_requests }}
|
|
command:
|
|
- /hyperkube
|
|
- controller-manager
|
|
- --master={{ kube_apiserver_endpoint }}
|
|
- --leader-elect=true
|
|
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
|
- --root-ca-file={{ kube_cert_dir }}/ca.pem
|
|
- --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
|
|
- --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem
|
|
- --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }}
|
|
- --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
|
|
- --node-monitor-period={{ kube_controller_node_monitor_period }}
|
|
- --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
|
|
- --v={{ kube_log_level }}
|
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %}
|
|
- --cloud-provider={{cloud_provider}}
|
|
- --cloud-config={{ kube_config_dir }}/cloud_config
|
|
{% elif cloud_provider is defined and cloud_provider == "aws" %}
|
|
- --cloud-provider={{cloud_provider}}
|
|
{% endif %}
|
|
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
|
|
- --allocate-node-cidrs=true
|
|
- --configure-cloud-routes=true
|
|
- --cluster-cidr={{ kube_pods_subnet }}
|
|
{% endif %}
|
|
livenessProbe:
|
|
httpGet:
|
|
host: 127.0.0.1
|
|
path: /healthz
|
|
port: 10252
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 10
|
|
volumeMounts:
|
|
- mountPath: {{ kube_cert_dir }}
|
|
name: ssl-certs-kubernetes
|
|
readOnly: true
|
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %}
|
|
- mountPath: {{ kube_config_dir }}/cloud_config
|
|
name: cloudconfig
|
|
readOnly: true
|
|
{% endif %}
|
|
volumes:
|
|
- hostPath:
|
|
path: {{ kube_cert_dir }}
|
|
name: ssl-certs-kubernetes
|
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %}
|
|
- hostPath:
|
|
path: {{ kube_config_dir }}/cloud_config
|
|
name: cloudconfig
|
|
{% endif %}
|