Set Kubelet Parameters Via A Configuration File

Before you begin

Some steps in this page use the jq tool. If you don’t have jq, you can install it via your operating system’s software sources, or fetch it from https://jqlang.github.io/jq/.

Some steps also involve installing curl, which can be installed via your operating system’s software sources.

A subset of the kubelet’s configuration parameters may be set via an on-disk config file, as a substitute for command-line flags.

Providing parameters via a config file is the recommended approach because it simplifies node deployment and configuration management.

Create the config file

The subset of the kubelet’s configuration that can be configured via a file is defined by the KubeletConfiguration struct.

The configuration file must be a JSON or YAML representation of the parameters in this struct. Make sure the kubelet has read permissions on the file.

Here is an example of what this file might look like:

  1. apiVersion: kubelet.config.k8s.io/v1beta1
  2. kind: KubeletConfiguration
  3. address: "192.168.0.8"
  4. port: 20250
  5. serializeImagePulls: false
  6. evictionHard:
  7. memory.available: "100Mi"
  8. nodefs.available: "10%"
  9. nodefs.inodesFree: "5%"
  10. imagefs.available: "15%"

In this example, the kubelet is configured with the following settings:

  1. address: The kubelet will serve on IP address 192.168.0.8.

  2. port: The kubelet will serve on port 20250.

  3. serializeImagePulls: Image pulls will be done in parallel.

  4. evictionHard: The kubelet will evict Pods under one of the following conditions:

    • When the node’s available memory drops below 100MiB.
    • When the node’s main filesystem’s available space is less than 10%.
    • When the image filesystem’s available space is less than 15%.
    • When more than 95% of the node’s main filesystem’s inodes are in use.

Note:

In the example, by changing the default value of only one parameter for evictionHard, the default values of other parameters will not be inherited and will be set to zero. In order to provide custom values, you should provide all the threshold values respectively.

The imagefs is an optional filesystem that container runtimes use to store container images and container writable layers.

Start a kubelet process configured via the config file

Note:

If you use kubeadm to initialize your cluster, use the kubelet-config while creating your cluster with kubeadm init. See configuring kubelet using kubeadm for details.

Start the kubelet with the --config flag set to the path of the kubelet’s config file. The kubelet will then load its config from this file.

Note that command line flags which target the same value as a config file will override that value. This helps ensure backwards compatibility with the command-line API.

Note that relative file paths in the kubelet config file are resolved relative to the location of the kubelet config file, whereas relative paths in command line flags are resolved relative to the kubelet’s current working directory.

Note that some default values differ between command-line flags and the kubelet config file. If --config is provided and the values are not specified via the command line, the defaults for the KubeletConfiguration version apply. In the above example, this version is kubelet.config.k8s.io/v1beta1.

Drop-in directory for kubelet configuration files

FEATURE STATE: Kubernetes v1.30 [beta]

You can specify a drop-in configuration directory for the kubelet. By default, the kubelet does not look for drop-in configuration files anywhere - you must specify a path. For example: --config-dir=/etc/kubernetes/kubelet.conf.d

For Kubernetes v1.28 to v1.29, you can only specify --config-dir if you also set the environment variable KUBELET_CONFIG_DROPIN_DIR_ALPHA for the kubelet process (the value of that variable does not matter).

Note:

The suffix of a valid kubelet drop-in configuration file must be .conf. For instance: 99-kubelet-address.conf

The kubelet processes files in its config drop-in directory by sorting the entire file name alphanumerically. For instance, 00-kubelet.conf is processed first, and then overridden with a file named 01-kubelet.conf.

These files may contain partial configurations but should not be invalid and must include type metadata, specifically apiVersion and kind. Validation is only performed on the final resulting configuration structure stored internally in the kubelet. This offers flexibility in managing and merging kubelet configurations from different sources while preventing undesirable configurations. However, it is important to note that behavior varies based on the data type of the configuration fields.

Different data types in the kubelet configuration structure merge differently. See the reference document for more information.

Kubelet configuration merging order

On startup, the kubelet merges configuration from:

  • Feature gates specified over the command line (lowest precedence).
  • The kubelet configuration.
  • Drop-in configuration files, according to sort order.
  • Command line arguments excluding feature gates (highest precedence).

Note:

The config drop-in dir mechanism for the kubelet is similar but different from how the kubeadm tool allows you to patch configuration. The kubeadm tool uses a specific patching strategy for its configuration, whereas the only patch strategy for kubelet configuration drop-in files is replace. The kubelet determines the order of merges based on sorting the suffixes alphanumerically, and replaces every field present in a higher priority file.

Viewing the kubelet configuration

Since the configuration could now be spread over multiple files with this feature, if someone wants to inspect the final actuated configuration, they can follow these steps to inspect the kubelet configuration:

  1. Start a proxy server using kubectl proxy in your terminal.

    1. kubectl proxy

    Which gives output like:

    1. Starting to serve on 127.0.0.1:8001
  2. Open another terminal window and use curl to fetch the kubelet configuration. Replace <node-name> with the actual name of your node:

    1. curl -X GET http://127.0.0.1:8001/api/v1/nodes/<node-name>/proxy/configz | jq .
    1. {
    2. "kubeletconfig": {
    3. "enableServer": true,
    4. "staticPodPath": "/var/run/kubernetes/static-pods",
    5. "syncFrequency": "1m0s",
    6. "fileCheckFrequency": "20s",
    7. "httpCheckFrequency": "20s",
    8. "address": "192.168.1.16",
    9. "port": 10250,
    10. "readOnlyPort": 10255,
    11. "tlsCertFile": "/var/lib/kubelet/pki/kubelet.crt",
    12. "tlsPrivateKeyFile": "/var/lib/kubelet/pki/kubelet.key",
    13. "rotateCertificates": true,
    14. "authentication": {
    15. "x509": {
    16. "clientCAFile": "/var/run/kubernetes/client-ca.crt"
    17. },
    18. "webhook": {
    19. "enabled": true,
    20. "cacheTTL": "2m0s"
    21. },
    22. "anonymous": {
    23. "enabled": true
    24. }
    25. },
    26. "authorization": {
    27. "mode": "AlwaysAllow",
    28. "webhook": {
    29. "cacheAuthorizedTTL": "5m0s",
    30. "cacheUnauthorizedTTL": "30s"
    31. }
    32. },
    33. "registryPullQPS": 5,
    34. "registryBurst": 10,
    35. "eventRecordQPS": 50,
    36. "eventBurst": 100,
    37. "enableDebuggingHandlers": true,
    38. "healthzPort": 10248,
    39. "healthzBindAddress": "127.0.0.1",
    40. "oomScoreAdj": -999,
    41. "clusterDomain": "cluster.local",
    42. "clusterDNS": [
    43. "10.0.0.10"
    44. ],
    45. "streamingConnectionIdleTimeout": "4h0m0s",
    46. "nodeStatusUpdateFrequency": "10s",
    47. "nodeStatusReportFrequency": "5m0s",
    48. "nodeLeaseDurationSeconds": 40,
    49. "imageMinimumGCAge": "2m0s",
    50. "imageMaximumGCAge": "0s",
    51. "imageGCHighThresholdPercent": 85,
    52. "imageGCLowThresholdPercent": 80,
    53. "volumeStatsAggPeriod": "1m0s",
    54. "cgroupsPerQOS": true,
    55. "cgroupDriver": "systemd",
    56. "cpuManagerPolicy": "none",
    57. "cpuManagerReconcilePeriod": "10s",
    58. "memoryManagerPolicy": "None",
    59. "topologyManagerPolicy": "none",
    60. "topologyManagerScope": "container",
    61. "runtimeRequestTimeout": "2m0s",
    62. "hairpinMode": "promiscuous-bridge",
    63. "maxPods": 110,
    64. "podPidsLimit": -1,
    65. "resolvConf": "/run/systemd/resolve/resolv.conf",
    66. "cpuCFSQuota": true,
    67. "cpuCFSQuotaPeriod": "100ms",
    68. "nodeStatusMaxImages": 50,
    69. "maxOpenFiles": 1000000,
    70. "contentType": "application/vnd.kubernetes.protobuf",
    71. "kubeAPIQPS": 50,
    72. "kubeAPIBurst": 100,
    73. "serializeImagePulls": true,
    74. "evictionHard": {
    75. "imagefs.available": "15%",
    76. "memory.available": "100Mi",
    77. "nodefs.available": "10%",
    78. "nodefs.inodesFree": "5%"
    79. },
    80. "evictionPressureTransitionPeriod": "1m0s",
    81. "enableControllerAttachDetach": true,
    82. "makeIPTablesUtilChains": true,
    83. "iptablesMasqueradeBit": 14,
    84. "iptablesDropBit": 15,
    85. "featureGates": {
    86. "AllAlpha": false
    87. },
    88. "failSwapOn": false,
    89. "memorySwap": {},
    90. "containerLogMaxSize": "10Mi",
    91. "containerLogMaxFiles": 5,
    92. "configMapAndSecretChangeDetectionStrategy": "Watch",
    93. "enforceNodeAllocatable": [
    94. "pods"
    95. ],
    96. "volumePluginDir": "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/",
    97. "logging": {
    98. "format": "text",
    99. "flushFrequency": "5s",
    100. "verbosity": 3,
    101. "options": {
    102. "json": {
    103. "infoBufferSize": "0"
    104. }
    105. }
    106. },
    107. "enableSystemLogHandler": true,
    108. "enableSystemLogQuery": false,
    109. "shutdownGracePeriod": "0s",
    110. "shutdownGracePeriodCriticalPods": "0s",
    111. "enableProfilingHandler": true,
    112. "enableDebugFlagsHandler": true,
    113. "seccompDefault": false,
    114. "memoryThrottlingFactor": 0.9,
    115. "registerNode": true,
    116. "localStorageCapacityIsolation": true,
    117. "containerRuntimeEndpoint": "unix:///var/run/crio/crio.sock"
    118. }
    119. }

What’s next