user [Required]authentication/v1.UserInfo
+authentication/v1.UserInfo
Authenticated user information.
impersonatedUserauthentication/v1.UserInfo
+authentication/v1.UserInfo
Impersonated user information.
@@ -117,7 +117,7 @@ Does not apply for List-type requests, or non-resource requests.responseStatusmeta/v1.Status
+meta/v1.Status
The response status, populated even when the ResponseObject is not a Status type. @@ -145,14 +145,14 @@ at Response Level.
requestReceivedTimestampmeta/v1.MicroTime
+meta/v1.MicroTime
Time the request reached the apiserver.
stageTimestampmeta/v1.MicroTime
+meta/v1.MicroTime
Time the request reached current audit stage.
@@ -189,7 +189,7 @@ should be short. Annotations are included in the Metadata level.metadatameta/v1.ListMeta
+meta/v1.ListMeta
metadatameta/v1.ObjectMeta
+meta/v1.ObjectMeta
ObjectMeta is included for interoperability with API infrastructure.
@@ -279,7 +279,7 @@ in a rule will override the global default.metadatameta/v1.ListMeta
+meta/v1.ListMeta
disable-compressionbool
+DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful +to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on +compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296.
+configk8s.io/apimachinery/pkg/runtime.RawExtension
expirationTimestampmeta/v1.Time
+meta/v1.Time
ExpirationTimestamp indicates a time when the provided credentials expire.
diff --git a/content/en/docs/reference/config-api/client-authentication.v1beta1.md b/content/en/docs/reference/config-api/client-authentication.v1beta1.md index 15029d106e..09aa4dcc87 100644 --- a/content/en/docs/reference/config-api/client-authentication.v1beta1.md +++ b/content/en/docs/reference/config-api/client-authentication.v1beta1.md @@ -108,6 +108,15 @@ If empty, system roots should be used. cluster.disable-compressionbool
+DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful +to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on +compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296.
+configk8s.io/apimachinery/pkg/runtime.RawExtension
expirationTimestampmeta/v1.Time
+meta/v1.Time
ExpirationTimestamp indicates a time when the provided credentials expire.
diff --git a/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md b/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md index f420623559..0eaa8f14ad 100644 --- a/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md +++ b/content/en/docs/reference/config-api/imagepolicy.v1alpha1.md @@ -29,7 +29,7 @@ auto_generated: truemetadatameta/v1.ObjectMeta
+meta/v1.ObjectMeta
Standard object's metadata. diff --git a/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md b/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md index 6d6c0b13e6..6dfcb913e9 100644 --- a/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md +++ b/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md @@ -136,14 +136,6 @@ the range [-1000, 1000]
in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.udpIdleTimeout [Required]meta/v1.Duration
-udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s'). -Must be greater than 0. Only applicable for proxyMode=userspace.
-conntrack [Required]KubeProxyConntrackConfiguration
masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode.
localhostNodePorts [Required]bool
+LocalhostNodePorts tells kube-proxy to allow service NodePorts to be accessed via +localhost (iptables mode only)
+syncPeriod [Required]meta/v1.Duration
ProxyMode represents modes used by the Kubernetes proxy server.
-Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables' -(newer, faster), 'ipvs'(newest, better in performance and scalability).
-Two modes of proxy are available in Windows platform: 'userspace'(older, stable) and 'kernelspace' (newer, faster).
-In Linux platform, if proxy mode is blank, use the best-available proxy (currently iptables, but may change in the -future). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are -insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to 'ipvs', -and the fall back path is firstly iptables and then userspace.
-In Windows platform, if proxy mode is blank, use the best-available proxy (currently userspace, but may change in the -future). If winkernel proxy is selected, regardless of how, but the Windows kernel can't support this mode of proxy, -this always falls back to the userspace proxy.
+Currently, two modes of proxy are available on Linux platforms: 'iptables' and 'ipvs'. +One mode of proxy is available on Windows platforms: 'kernelspace'.
+If the proxy mode is unspecified, the best-available proxy mode will be used (currently this
+is iptables on Linux and kernelspace on Windows). If the selected proxy mode cannot be
+used (due to lack of kernel support, missing userspace components, etc) then kube-proxy
+will exit with an error.
podInitialBackoffSeconds [Required]addedAffinitycore/v1.NodeAffinity
+core/v1.NodeAffinity
AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -301,7 +301,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m
defaultConstraints[]core/v1.TopologySpreadConstraint
+[]core/v1.TopologySpreadConstraint
DefaultConstraints defines topology spread constraints to be applied to @@ -635,6 +635,21 @@ If SchedulerName matches with the pod's "spec.schedulerName", then the is scheduled with this profile.
percentageOfNodesToScore [Required]int32
+PercentageOfNodesToScore is the percentage of all nodes that once found feasible +for running a pod, the scheduler stops its search for more feasible nodes in +the cluster. This helps improve scheduler's performance. Scheduler always tries to find +at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is. +Example: if the cluster size is 500 nodes and the value of this flag is 30, +then scheduler stops finding further feasible nodes once it finds 150 feasible ones. +When the value is 0, default percentage (5%--50% based on the size of the cluster) of the +nodes will be scored. It will override global PercentageOfNodesToScore. If it is empty, +global PercentageOfNodesToScore will be used.
+plugins [Required]Plugins
preEnqueue [Required]PluginSet
+PreEnqueue is a list of plugins that should be invoked before adding pods to the scheduling queue.
+queueSort [Required]PluginSet
LeaderElectionConfiguration defines the configuration of leader election clients for components that can run with leader election enabled.
diff --git a/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md b/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md index 8a4c735b32..edf1071e18 100644 --- a/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md +++ b/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md @@ -218,7 +218,7 @@ with the extender. These extenders are shared by all scheduler profiles.addedAffinitycore/v1.NodeAffinity
+core/v1.NodeAffinity
AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -317,7 +317,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m
defaultConstraints[]core/v1.TopologySpreadConstraint
+[]core/v1.TopologySpreadConstraint
DefaultConstraints defines topology spread constraints to be applied to @@ -803,6 +803,13 @@ be invoked before default plugins, default plugins must be disabled and re-enabl
preEnqueue [Required]PluginSet
+PreEnqueue is a list of plugins that should be invoked before adding pods to the scheduling queue.
+queueSort [Required]PluginSet
addedAffinitycore/v1.NodeAffinity
+core/v1.NodeAffinity
AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -301,7 +301,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m
defaultConstraints[]core/v1.TopologySpreadConstraint
+[]core/v1.TopologySpreadConstraint
DefaultConstraints defines topology spread constraints to be applied to @@ -787,6 +787,13 @@ be invoked before default plugins, default plugins must be disabled and re-enabl
preEnqueue [Required]PluginSet
+PreEnqueue is a list of plugins that should be invoked before adding pods to the scheduling queue.
+queueSort [Required]PluginSet
Package v1beta2 has been DEPRECATED by v1beta3.
Package v1beta2 defines the v1beta2 version of the kubeadm configuration file format. This version improves on the v1beta1 format by fixing some minor issues and adding a few new fields.
A list of changes since v1beta1:
@@ -15,7 +16,7 @@ This version improves on the v1beta1 format by fixing some minor issues and addiSee the Kubernetes 1.15 changelog for further details.
-Migration from old kubeadm config versions
+Please convert your v1beta1 configuration files to v1beta2 using the "kubeadm config migrate" command of kubeadm v1.15.x (conversion from older releases of kubeadm config files requires older release of kubeadm as well e.g.
apiServer, that represents the endpoint of the instance of the API server to be deployed on this node;
+
localAPIEndpoint, that represents the endpoint of the instance of the API server to be deployed on this node;
use it e.g. to customize the API server advertise address.
apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration networking: - ... + ... etcd: - ... + ... apiServer: extraArgs: ... @@ -109,7 +110,7 @@ components by adding customized setting or overriding kubeadm default settings.<apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration - ... + ...The KubeProxyConfiguration type should be used to change the configuration passed to kube-proxy instances deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
See https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ or @@ -117,7 +118,7 @@ https://pkg.go.dev/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration for kube proxy official documentation.
apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration - ... + ...The KubeletConfiguration type should be used to change the configurations that will be passed to all kubelet instances deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ or @@ -228,18 +229,18 @@ configuration types to be used during a
kubeadm initrun.When executing kubeadm join with the
--configoption, the JoinConfiguration type should be provided.apiVersion: kubeadm.k8s.io/v1beta2 kind: JoinConfiguration - ... + ...The JoinConfiguration type should be used to configure runtime settings, that in case of
kubeadm joinare the discovery method used for accessing the cluster info and all the setting which are specific to the node where kubeadm is executed, including:@@ -637,7 +638,7 @@ for, so other administrators can know its purpose.
- -
NodeRegistration, that holds fields that relate to registering the new node to the cluster; +
nodeRegistration, that holds fields that relate to registering the new node to the cluster; use it to customize the node name, the CRI socket to use or any other settings that should apply to this node only (e.g. the node IP).- -
+
APIEndpoint, that represents the endpoint of the instance of the API server to be eventually deployed on this node.
apiEndpoint, that represents the endpoint of the instance of the API server to be eventually deployed on this node.
expires [Required]meta/v1.Time
+meta/v1.Time
expires specifies the timestamp when this token expires. Defaults to being set
@@ -948,7 +949,7 @@ Kubeadm has no knowledge of where certificate files live and they must be suppli
[]string
endpoints of etcd members.
endpoints of etcd members. Required for external etcd.
caFile [Required]pathType [Required]core/v1.HostPathType
+core/v1.HostPathType
pathType is the type of the HostPath.
taints [Required][]core/v1.Taint
+[]core/v1.Taint
taints specifies the taints the Node API object should be registered with.
diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
index c631b359fa..8abeb61fe3 100644
--- a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
+++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
@@ -137,23 +137,23 @@ configuration types to be used during a kubeadm init run.
apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration bootstrapTokens: -- token: "9a08jv.c0izixklcxtmnze7" - description: "kubeadm bootstrap token" - ttl: "24h" -- token: "783bde.3f89s0fje9f38fhf" - description: "another bootstrap token" - usages: - - authentication - - signing - groups: - - system:bootstrappers:kubeadm:default-node-token + - token: "9a08jv.c0izixklcxtmnze7" + description: "kubeadm bootstrap token" + ttl: "24h" + - token: "783bde.3f89s0fje9f38fhf" + description: "another bootstrap token" + usages: + - authentication + - signing + groups: + - system:bootstrappers:kubeadm:default-node-token nodeRegistration: name: "ec2-10-100-0-1" criSocket: "/var/run/dockershim.sock" taints: - - key: "kubeadmNode" - value: "someValue" - effect: "NoSchedule" + - key: "kubeadmNode" + value: "someValue" + effect: "NoSchedule" kubeletExtraArgs: v: 4 ignorePreflightErrors: @@ -177,9 +177,9 @@ configuration types to be used during akubeadm initrun. extraArgs: listen-client-urls: "http://10.100.0.1:2379" serverCertSANs: - - "ec2-10-100-0-1.compute-1.amazonaws.com" + - "ec2-10-100-0-1.compute-1.amazonaws.com" peerCertSANs: - - "10.100.0.1" + - "10.100.0.1" # external: # endpoints: # - "10.100.0.1:2379" @@ -197,33 +197,33 @@ configuration types to be used during akubeadm initrun. extraArgs: authorization-mode: "Node,RBAC" extraVolumes: - - name: "some-volume" - hostPath: "/etc/some-path" - mountPath: "/etc/some-pod-path" - readOnly: false - pathType: File + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File certSANs: - - "10.100.1.1" - - "ec2-10-100-0-1.compute-1.amazonaws.com" + - "10.100.1.1" + - "ec2-10-100-0-1.compute-1.amazonaws.com" timeoutForControlPlane: 4m0s controllerManager: extraArgs: "node-cidr-mask-size": "20" extraVolumes: - - name: "some-volume" - hostPath: "/etc/some-path" - mountPath: "/etc/some-pod-path" - readOnly: false - pathType: File + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File scheduler: extraArgs: address: "10.100.0.1" extraVolumes: - - name: "some-volume" - hostPath: "/etc/some-path" - mountPath: "/etc/some-pod-path" - readOnly: false - pathType: File + - name: "some-volume" + hostPath: "/etc/some-path" + mountPath: "/etc/some-pod-path" + readOnly: false + pathType: File certificatesDir: "/etc/kubernetes/pki" imageRepository: "registry.k8s.io" clusterName: "example-cluster" @@ -264,6 +264,109 @@ node only (e.g. the node ip). +## `BootstrapToken` {#BootstrapToken} + + +**Appears in:** + +- [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration) + + +BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
+ + ++
+ +## `BootstrapTokenString` {#BootstrapTokenString} + + +**Appears in:** + +- [BootstrapToken](#BootstrapToken) + + ++ + + + Field Description + + token[Required]
+BootstrapTokenString++ ++
tokenis used for establishing bidirectional trust between nodes and control-planes. +Used for joining nodes in the cluster.+ + description
+string++ ++
descriptionsets a human-friendly message why this token exists and what it's used +for, so other administrators can know its purpose.+ + ttl
+meta/v1.Duration++ ++
ttldefines the time to live for this token. Defaults to24h. +expiresandttlare mutually exclusive.+ + expires
+meta/v1.Time++ ++
expiresspecifies the timestamp when this token expires. Defaults to being set +dynamically at runtime based on thettl.expiresandttlare mutually exclusive.+ + usages
+[]string++ ++
usagesdescribes the ways in which this token can be used. Can by default be used +for establishing bidirectional trust, but that can be changed here.+ + + groups
+[]string++ ++
groupsspecifies the extra groups that this token will authenticate as when/if +used for authenticationBootstrapTokenString is a token of the format
+ + +abcdef.abcdef0123456789that is used +for both validation of the practically of the API server from a joining node's point +of view and as an authentication method for the node in the bootstrap phase of +"kubeadm join". This token is and should be short-lived.+
+ + + ## `ClusterConfiguration` {#kubeadm-k8s-io-v1beta3-ClusterConfiguration} @@ -641,7 +744,7 @@ information will be fetched.+ + + + Field Description + + -[Required]
+string++ No description provided. ++ + + -[Required]
+string++ No description provided. +
caCertHashesspecifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. -Each hash is specified as ":", where the only currently supported type is +Each hash is specified as<type>:<value>, where the only currently supported type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL.
pathTypecore/v1.HostPathType
+core/v1.HostPathType
pathType is the type of the hostPath.
taints [Required][]core/v1.Taint
+[]core/v1.Taint
taints specifies the taints the Node API object should be registered with.
-If this field is unset, i.e. nil, in the kubeadm init process it will be defaulted
-with a control-plane taint for control-plane nodes.
+If this field is unset, i.e. nil, it will be defaulted with a control-plane taint for control-plane nodes.
If you don't want to taint your control-plane node, set this field to an empty list,
i.e. taints: [] in the YAML file. This field is solely used for Node registration.
taints: [] in the YAML file. This field is solely used for Nod
kubeletExtraArgs passes through extra arguments to the kubelet.
The arguments here are passed to the kubelet command line via the environment file
kubeadm writes at runtime for the kubelet to source.
-This overrides the generic base-level configuration in the 'kubelet-config-1.X' ConfigMap.
+This overrides the generic base-level configuration in the kubelet-config ConfigMap.
Flags have higher priority when parsing. These values are local and specific to the node
kubeadm is executing on. A key in this map is the flag name as it appears on the
command line except without leading dash(es).
imagePullPolicycore/v1.PullPolicy
+core/v1.PullPolicy
imagePullPolicy specifies the policy for image pulling during kubeadm "init" and
"join" operations.
The value of this field must be one of "Always", "IfNotPresent" or "Never".
-If this field is unset kubeadm will default it to "IfNotPresent", or pull the required
+If this field is not set, kubeadm will default it to "IfNotPresent", or pull the required
images if not present on the host.
BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
- - -| Field | Description |
|---|---|
token [Required]- BootstrapTokenString
- |
-
-
|
-
description- string
- |
-
-
|
-
ttl- meta/v1.Duration
- |
-
-
|
-
expires- meta/v1.Time
- |
-
-
|
-
usages- []string
- |
-
-
|
-
groups- []string
- |
-
-
|
-
BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used
-for both validation of the practically of the API server from a joining node's point
-of view and as an authentication method for the node in the bootstrap phase of
-"kubeadm join". This token is and should be short-lived.
| Field | Description |
|---|---|
- [Required]- string
- |
-- No description provided. | -
- [Required]- string
- |
-- No description provided. | -
CredentialProviderConfig is the configuration containing information about +each exec credential provider. Kubelet reads this configuration from disk and enables +each provider as specified by the CredentialProvider type.
+ + +| Field | Description |
|---|---|
apiVersionstring | kubelet.config.k8s.io/v1 |
kindstring | CredentialProviderConfig |
providers [Required]+ []CredentialProvider
+ |
+
+ providers is a list of credential provider plugins that will be enabled by the kubelet. +Multiple providers may match against a single image, in which case credentials +from all providers will be returned to the kubelet. If multiple providers are called +for a single image, the results are combined. If providers return overlapping +auth keys, the value from the provider earlier in this list is used. + |
+
CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only +invoked when an image being pulled matches the images handled by the plugin (see matchImages).
+ + +| Field | Description |
|---|---|
name [Required]+ string
+ |
+
+ name is the required name of the credential provider. It must match the name of the +provider executable as seen by the kubelet. The executable must be in the kubelet's +bin directory (set by the --image-credential-provider-bin-dir flag). + |
+
matchImages [Required]+ []string
+ |
+
+ matchImages is a required list of strings used to match against images in order to +determine if this provider should be invoked. If one of the strings matches the +requested image from the kubelet, the plugin will be invoked and given a chance +to provide credentials. Images are expected to contain the registry domain +and URL path. +Each entry in matchImages is a pattern which can optionally contain a port and a path. +Globs can be used in the domain, but not in the port or the path. Globs are supported +as subdomains like '.k8s.io' or 'k8s..io', and top-level-domains such as 'k8s.'. +Matching partial subdomains like 'app.k8s.io' is also supported. Each glob can only match +a single subdomain segment, so *.io does not match *.k8s.io. +A match exists between an image and a matchImage when all of the below are true: +
Example values of matchImages: +
|
+
defaultCacheDuration [Required]+ meta/v1.Duration
+ |
+
+ defaultCacheDuration is the default duration the plugin will cache credentials in-memory +if a cache duration is not provided in the plugin response. This field is required. + |
+
apiVersion [Required]+ string
+ |
+
+ Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse +MUST use the same encoding version as the input. Current supported values are: +
|
+
args+ []string
+ |
+
+ Arguments to pass to the command when executing it. + |
+
env+ []ExecEnvVar
+ |
+
+ Env defines additional environment variables to expose to the process. These +are unioned with the host's environment, as well as variables client-go uses +to pass argument to the plugin. + |
+
ExecEnvVar is used for setting environment variables when executing an exec-based +credential plugin.
+ + +| Field | Description |
|---|---|
name [Required]+ string
+ |
++ No description provided. | +
value [Required]+ string
+ |
++ No description provided. | +
FormatOptions contains options for the different logging formats.
+ + +| Field | Description |
|---|---|
json [Required]+ JSONOptions
+ |
+
+ [Alpha] JSON contains options for logging format "json". +Only available when the LoggingAlphaOptions feature gate is enabled. + |
+
JSONOptions contains options for logging format "json".
+ + +| Field | Description |
|---|---|
splitStream [Required]+ bool
+ |
+
+ [Alpha] SplitStream redirects error messages to stderr while +info messages go to stdout, with buffering. The default is to write +both to stdout, without buffering. Only available when +the LoggingAlphaOptions feature gate is enabled. + |
+
infoBufferSize [Required]+ k8s.io/apimachinery/pkg/api/resource.QuantityValue
+ |
+
+ [Alpha] InfoBufferSize sets the size of the info stream when +using split streams. The default is zero, which disables buffering. +Only available when the LoggingAlphaOptions feature gate is enabled. + |
+
LogFormatFactory provides support for a certain additional, +non-default log format.
+ + + + +## `LoggingConfiguration` {#LoggingConfiguration} + + +**Appears in:** + +- [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration) + + +LoggingConfiguration contains logging options.
+ + +| Field | Description |
|---|---|
format [Required]+ string
+ |
+
+ Format Flag specifies the structure of log messages.
+default value of format is |
+
flushFrequency [Required]+ time.Duration
+ |
+
+ Maximum number of nanoseconds (i.e. 1s = 1000000000) between log +flushes. Ignored if the selected logging backend writes log +messages without buffering. + |
+
verbosity [Required]+ VerbosityLevel
+ |
+
+ Verbosity is the threshold that determines which log messages are +logged. Default is zero which logs only the most important +messages. Higher values enable additional messages. Error messages +are always logged. + |
+
vmodule [Required]+ VModuleConfiguration
+ |
+
+ VModule overrides the verbosity threshold for individual files. +Only supported for "text" log format. + |
+
options [Required]+ FormatOptions
+ |
+
+ [Alpha] Options holds additional parameters that are specific +to the different logging formats. Only the options for the selected +format get used, but all of them get validated. +Only available when the LoggingAlphaOptions feature gate is enabled. + |
+
TracingConfiguration provides versioned configuration for OpenTelemetry tracing clients.
+ + +| Field | Description |
|---|---|
endpoint+ string
+ |
+
+ Endpoint of the collector this component will report traces to. +The connection is insecure, and does not currently support TLS. +Recommended is unset, and endpoint is the otlp grpc default, localhost:4317. + |
+
samplingRatePerMillion+ int32
+ |
+
+ SamplingRatePerMillion is the number of samples to collect per million spans. +Recommended is unset. If unset, sampler respects its parent span's sampling +rate, but otherwise never samples. + |
+
VModuleConfiguration is a collection of individual file names or patterns +and the corresponding verbosity threshold.
+ + + + +## `VerbosityLevel` {#VerbosityLevel} + +(Alias of `uint32`) + +**Appears in:** + +- [LoggingConfiguration](#LoggingConfiguration) + + + +VerbosityLevel represents a klog or logr verbosity threshold.
+ + diff --git a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md index 2d415c617a..a11c179a58 100644 --- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md +++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md @@ -547,6 +547,16 @@ that topology manager requests and hint providers generate. Valid values include Default: "container" +topologyManagerPolicyOptionsmap[string]string
+TopologyManagerPolicyOptions is a set of key=value which allows to set extra options +to fine tune the behaviour of the topology manager policies. +Requires both the "TopologyManager" and "TopologyManagerPolicyOptions" feature gates to be enabled. +Default: nil
+qosReservedmap[string]string
cpuCFSQuotaPeriod is the CPU CFS quota period value, cpu.cfs_period_us.
-The value must be between 1 us and 1 second, inclusive.
+The value must be between 1 ms and 1 second, inclusive.
Requires the CustomCPUCFSQuotaPeriod feature gate to be enabled.
Default: "100ms"
registerWithTaints[]core/v1.Taint
+[]core/v1.Taint
registerWithTaints are an array of taints to add to a node object when @@ -1172,7 +1182,7 @@ Default: true
Tracing specifies the versioned configuration for OpenTelemetry tracing clients. -See http://kep.k8s.io/2832 for more details.
+See https://kep.k8s.io/2832 for more details.localStorageCapacityIsolationsourcecore/v1.NodeConfigSource
+core/v1.NodeConfigSource
source is the source that we are serializing.
@@ -1571,7 +1581,7 @@ and groups corresponding to the Organization in the client certificate. No description provided.limits [Required]core/v1.ResourceList
+core/v1.ResourceList
CredentialProviderRequest includes the image that the kubelet requires authentication for. +Kubelet will pass this request object to the plugin via stdin. In general, plugins should +prefer responding with the same apiVersion they were sent.
+ + +| Field | Description |
|---|---|
apiVersionstring | credentialprovider.kubelet.k8s.io/v1 |
kindstring | CredentialProviderRequest |
image [Required]+ string
+ |
+
+ image is the container image that is being pulled as part of the +credential provider plugin request. Plugins may optionally parse the image +to extract any information required to fetch credentials. + |
+
CredentialProviderResponse holds credentials that the kubelet should use for the specified +image provided in the original request. Kubelet will read the response from the plugin via stdout. +This response should be set to the same apiVersion as CredentialProviderRequest.
+ + +| Field | Description |
|---|---|
apiVersionstring | credentialprovider.kubelet.k8s.io/v1 |
kindstring | CredentialProviderResponse |
cacheKeyType [Required]+ PluginCacheKeyType
+ |
+
+ cacheKeyType indiciates the type of caching key to use based on the image provided +in the request. There are three valid values for the cache key type: Image, Registry, and +Global. If an invalid value is specified, the response will NOT be used by the kubelet. + |
+
cacheDuration+ meta/v1.Duration
+ |
+
+ cacheDuration indicates the duration the provided credentials should be cached for. +The kubelet will use this field to set the in-memory cache duration for credentials +in the AuthConfig. If null, the kubelet will use defaultCacheDuration provided in +CredentialProviderConfig. If set to 0, the kubelet will not cache the provided AuthConfig. + |
+
auth+ map[string]k8s.io/kubelet/pkg/apis/credentialprovider/v1.AuthConfig
+ |
+
+ auth is a map containing authentication information passed into the kubelet. +Each key is a match image string (more on this below). The corresponding authConfig value +should be valid for all images that match against this key. A plugin should set +this field to null if no valid credentials can be returned for the requested image. +Each key in the map is a pattern which can optionally contain a port and a path. +Globs can be used in the domain, but not in the port or the path. Globs are supported +as subdomains like '.k8s.io' or 'k8s..io', and top-level-domains such as 'k8s.'. +Matching partial subdomains like 'app.k8s.io' is also supported. Each glob can only match +a single subdomain segment, so *.io does not match *.k8s.io. +The kubelet will match images against the key when all of the below are true: +
When multiple keys are returned, the kubelet will traverse all keys in reverse order so that: +
For any given match, the kubelet will attempt an image pull with the provided credentials, +stopping after the first successfully authenticated pull. +Example keys: +
|
+
AuthConfig contains authentication information for a container registry. +Only username/password based authentication is supported today, but more authentication +mechanisms may be added in the future.
+ + +| Field | Description |
|---|---|
username [Required]+ string
+ |
+
+ username is the username used for authenticating to the container registry +An empty username is valid. + |
+
password [Required]+ string
+ |
+
+ password is the password used for authenticating to the container registry +An empty password is valid. + |
+