340 lines
11 KiB
Groff
340 lines
11 KiB
Groff
.TH "KUBERNETES" "1" " kubernetes User Manuals" "Scott Collier" "October 2014" ""
|
|
|
|
.SH NAME
|
|
.PP
|
|
kubelet \- Processes a container manifest so the containers are launched according to how they are described.
|
|
|
|
.SH SYNOPSIS
|
|
.PP
|
|
\fBkubelet\fP [OPTIONS]
|
|
|
|
.SH DESCRIPTION
|
|
.PP
|
|
The \fBkubernetes\fP kubelet runs on each node. The Kubelet works in terms of a container manifest. A container manifest is a YAML or JSON file that describes a pod. The Kubelet takes a set of manifests that are provided in various mechanisms and ensures that the containers described in those manifests are started and continue running.
|
|
|
|
.PP
|
|
There are 3 ways that a container manifest can be provided to the Kubelet:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
File: Path passed as a flag on the command line. This file is rechecked every 20 seconds (configurable with a flag).
|
|
HTTP endpoint: HTTP endpoint passed as a parameter on the command line. This endpoint is checked every 20 seconds (also configurable with a flag).
|
|
HTTP server: The kubelet can also listen for HTTP and respond to a simple API (underspec'd currently) to submit a new manifest.
|
|
|
|
.fi
|
|
|
|
.SH OPTIONS
|
|
.PP
|
|
\fB\-\-address\fP=0.0.0.0
|
|
The IP address for the info server to serve on (set to 0.0.0.0 for all interfaces)
|
|
|
|
.PP
|
|
\fB\-\-allow\_dynamic\_housekeeping\fP=true
|
|
Whether to allow the housekeeping interval to be dynamic
|
|
|
|
.PP
|
|
\fB\-\-allow\-privileged\fP=false
|
|
If true, allow containers to request privileged mode. [default=false]
|
|
|
|
.PP
|
|
\fB\-\-alsologtostderr\fP=false
|
|
log to standard error as well as files
|
|
|
|
.PP
|
|
\fB\-\-api\-servers\fP=[]
|
|
List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated.
|
|
|
|
.PP
|
|
\fB\-\-boot\_id\_file\fP=/proc/sys/kernel/random/boot\_id
|
|
Comma\-separated list of files to check for boot\-id. Use the first one that exists.
|
|
|
|
.PP
|
|
\fB\-\-cadvisor\-port\fP=4194
|
|
The port of the localhost cAdvisor endpoint
|
|
|
|
.PP
|
|
\fB\-\-cert\-dir\fP="/var/run/kubernetes"
|
|
The directory where the TLS certs are located (by default /var/run/kubernetes). If \-\-tls\_cert\_file and \-\-tls\_private\_key\_file are provided, this flag will be ignored.
|
|
|
|
.PP
|
|
\fB\-\-cgroup\_root\fP=""
|
|
Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
|
|
|
|
.PP
|
|
\fB\-\-cloud\-config\fP=""
|
|
The path to the cloud provider configuration file. Empty string for no configuration file.
|
|
|
|
.PP
|
|
\fB\-\-cloud\-provider\fP=""
|
|
The provider for cloud services. Empty string for no provider.
|
|
|
|
.PP
|
|
\fB\-\-cluster\-dns\fP=
|
|
IP address for a cluster DNS server. If set, kubelet will configure all containers to use this for DNS resolution in addition to the host's DNS servers
|
|
|
|
.PP
|
|
\fB\-\-cluster\-domain\fP=""
|
|
Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains
|
|
|
|
.PP
|
|
\fB\-\-config\fP=""
|
|
Path to the config file or directory of files
|
|
|
|
.PP
|
|
\fB\-\-configure\-cbr0\fP=false
|
|
If true, kubelet will configure cbr0 based on Node.Spec.PodCIDR.
|
|
|
|
.PP
|
|
\fB\-\-container\_hints\fP=/etc/cadvisor/container\_hints.json
|
|
location of the container hints file
|
|
|
|
.PP
|
|
\fB\-\-container\_runtime\fP="docker"
|
|
The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
|
|
|
|
.PP
|
|
\fB\-\-docker\fP=unix:///var/run/docker.sock
|
|
docker endpoint
|
|
|
|
.PP
|
|
\fB\-\-docker\-daemon\-container\fP="/docker\-daemon"
|
|
Optional resource\-only container in which to place the Docker Daemon. Empty for no container (Default: /docker\-daemon).
|
|
|
|
.PP
|
|
\fB\-\-docker\-endpoint\fP=""
|
|
If non\-empty, use this for the docker endpoint to communicate with
|
|
|
|
.PP
|
|
\fB\-\-docker\_only\fP=false
|
|
Only report docker containers in addition to root stats
|
|
|
|
.PP
|
|
\fB\-\-docker\_root\fP=/var/lib/docker
|
|
Absolute path to the Docker state root directory (default: /var/lib/docker)
|
|
|
|
.PP
|
|
\fB\-\-docker\_run\fP=/var/run/docker
|
|
Absolute path to the Docker run directory (default: /var/run/docker)
|
|
|
|
.PP
|
|
\fB\-\-enable\-debugging\-handlers\fP=true
|
|
Enables server endpoints for log collection and local running of containers and commands
|
|
|
|
.PP
|
|
\fB\-\-enable\_load\_reader\fP=false
|
|
Whether to enable cpu load reader
|
|
|
|
.PP
|
|
\fB\-\-enable\-server\fP=true
|
|
Enable the info server
|
|
|
|
.PP
|
|
\fB\-\-event\_storage\_age\_limit\fP=default=24h
|
|
Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non\-specified event types
|
|
|
|
.PP
|
|
\fB\-\-event\_storage\_event\_limit\fP=default=100000
|
|
Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non\-specified event types
|
|
|
|
.PP
|
|
\fB\-\-file\-check\-frequency\fP=20s
|
|
Duration between checking config files for new data
|
|
|
|
.PP
|
|
\fB\-\-global\_housekeeping\_interval\fP=1m0s
|
|
Interval between global housekeepings
|
|
|
|
.PP
|
|
\fB\-\-google\-json\-key\fP=""
|
|
The Google Cloud Platform Service Account JSON Key to use for authentication.
|
|
|
|
.PP
|
|
\fB\-\-healthz\-bind\-address\fP=127.0.0.1
|
|
The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces)
|
|
|
|
.PP
|
|
\fB\-\-healthz\-port\fP=10248
|
|
The port of the localhost healthz endpoint
|
|
|
|
.PP
|
|
\fB\-\-host\-network\-sources\fP="file"
|
|
Comma\-separated list of sources from which the Kubelet allows pods to use of host network. For all sources use "*" [default="file"]
|
|
|
|
.PP
|
|
\fB\-\-hostname\-override\fP=""
|
|
If non\-empty, will use this string as identification instead of the actual hostname.
|
|
|
|
.PP
|
|
\fB\-\-housekeeping\_interval\fP=1s
|
|
Interval between container housekeepings
|
|
|
|
.PP
|
|
\fB\-\-http\-check\-frequency\fP=20s
|
|
Duration between checking http for new data
|
|
|
|
.PP
|
|
\fB\-\-image\-gc\-high\-threshold\fP=90
|
|
The percent of disk usage after which image garbage collection is always run. Default: 90%%
|
|
|
|
.PP
|
|
\fB\-\-image\-gc\-low\-threshold\fP=80
|
|
The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80%%
|
|
|
|
.PP
|
|
\fB\-\-kubeconfig\fP=/var/lib/kubelet/kubeconfig
|
|
Path to a kubeconfig file, specifying how to authenticate to API server (the master location is set by the api\-servers flag).
|
|
|
|
.PP
|
|
\fB\-\-log\_backtrace\_at\fP=:0
|
|
when logging hits line file:N, emit a stack trace
|
|
|
|
.PP
|
|
\fB\-\-log\_cadvisor\_usage\fP=false
|
|
Whether to log the usage of the cAdvisor container
|
|
|
|
.PP
|
|
\fB\-\-log\_dir\fP=
|
|
If non\-empty, write log files in this directory
|
|
|
|
.PP
|
|
\fB\-\-log\_flush\_frequency\fP=5s
|
|
Maximum number of seconds between log flushes
|
|
|
|
.PP
|
|
\fB\-\-logtostderr\fP=true
|
|
log to standard error instead of files
|
|
|
|
.PP
|
|
\fB\-\-low\-diskspace\-threshold\-mb\fP=256
|
|
The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected. Default: 256
|
|
|
|
.PP
|
|
\fB\-\-machine\_id\_file\fP=/etc/machine\-id,/var/lib/dbus/machine\-id
|
|
Comma\-separated list of files to check for machine\-id. Use the first one that exists.
|
|
|
|
.PP
|
|
\fB\-\-manifest\-url\fP=""
|
|
URL for accessing the container manifest
|
|
|
|
.PP
|
|
\fB\-\-master\-service\-namespace\fP="default"
|
|
The namespace from which the kubernetes master services should be injected into pods
|
|
|
|
.PP
|
|
\fB\-\-max\_housekeeping\_interval\fP=1m0s
|
|
Largest interval to allow between container housekeepings
|
|
|
|
.PP
|
|
\fB\-\-max\_pods\fP=100
|
|
Number of Pods that can run on this Kubelet.
|
|
|
|
.PP
|
|
\fB\-\-maximum\-dead\-containers\fP=100
|
|
Maximum number of old instances of a containers to retain globally. Each container takes up some disk space. Default: 100.
|
|
|
|
.PP
|
|
\fB\-\-maximum\-dead\-containers\-per\-container\fP=5
|
|
Maximum number of old instances of a container to retain per container. Each container takes up some disk space. Default: 5.
|
|
|
|
.PP
|
|
\fB\-\-minimum\-container\-ttl\-duration\fP=1m0s
|
|
Minimum age for a finished container before it is garbage collected. Examples: '300ms', '10s' or '2h45m'
|
|
|
|
.PP
|
|
\fB\-\-network\-plugin\fP=""
|
|
The name of the network plugin to be invoked for various events in kubelet/pod lifecycle
|
|
|
|
.PP
|
|
\fB\-\-node\-status\-update\-frequency\fP=10s
|
|
Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s
|
|
|
|
.PP
|
|
\fB\-\-oom\-score\-adj\fP=\-900
|
|
The oom\_score\_adj value for kubelet process. Values must be within the range [\-1000, 1000]
|
|
|
|
.PP
|
|
\fB\-\-pod\-infra\-container\-image\fP="gcr.io/google\_containers/pause:0.8.0"
|
|
The image whose network/ipc namespaces containers in each pod will use.
|
|
|
|
.PP
|
|
\fB\-\-port\fP=10250
|
|
The port for the info server to serve on
|
|
|
|
.PP
|
|
\fB\-\-read\-only\-port\fP=10255
|
|
The read\-only port for the info server to serve on (set to 0 to disable)
|
|
|
|
.PP
|
|
\fB\-\-registry\-burst\fP=10
|
|
Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry\_qps. Only used if \-\-registry\_qps > 0
|
|
|
|
.PP
|
|
\fB\-\-registry\-qps\fP=0
|
|
If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0]
|
|
|
|
.PP
|
|
\fB\-\-resource\-container\fP="/kubelet"
|
|
Absolute name of the resource\-only container to create and run the Kubelet in (Default: /kubelet).
|
|
|
|
.PP
|
|
\fB\-\-root\-dir\fP="/var/lib/kubelet"
|
|
Directory path for managing kubelet files (volume mounts,etc).
|
|
|
|
.PP
|
|
\fB\-\-runonce\fP=false
|
|
If true, exit after spawning pods from local manifests or remote urls. Exclusive with \-\-api\_servers, and \-\-enable\-server
|
|
|
|
.PP
|
|
\fB\-\-stderrthreshold\fP=2
|
|
logs at or above this threshold go to stderr
|
|
|
|
.PP
|
|
\fB\-\-streaming\-connection\-idle\-timeout\fP=0
|
|
Maximum time a streaming connection can be idle before the connection is automatically closed. Example: '5m'
|
|
|
|
.PP
|
|
\fB\-\-sync\-frequency\fP=10s
|
|
Max period between synchronizing running containers and config
|
|
|
|
.PP
|
|
\fB\-\-tls\-cert\-file\fP=""
|
|
File /gmrvcontaining x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If \-\-tls\_cert\_file and \-\-tls\_private\_key\_file are not provided, a self\-signed certificate and key are generated for the public address and saved to the directory passed to \-\-cert\_dir.
|
|
|
|
.PP
|
|
\fB\-\-tls\-private\-key\-file\fP=""
|
|
File containing x509 private key matching \-\-tls\_cert\_file.
|
|
|
|
.PP
|
|
\fB\-\-v\fP=0
|
|
log level for V logs
|
|
|
|
.PP
|
|
\fB\-\-version\fP=false
|
|
Print version information and quit
|
|
|
|
.PP
|
|
\fB\-\-vmodule\fP=
|
|
comma\-separated list of pattern=N settings for file\-filtered logging
|
|
|
|
.SH EXAMPLES
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
/usr/bin/kubelet \-\-logtostderr=true \-\-v=0 \-\-api\_servers=http://127.0.0.1:8080 \-\-address=127.0.0.1 \-\-port=10250 \-\-hostname\_override=127.0.0.1 \-\-allow\-privileged=false
|
|
|
|
.fi
|
|
|
|
.SH HISTORY
|
|
.PP
|
|
October 2014, Originally compiled by Scott Collier (scollier at redhat dot com) based
|
|
on the kubernetes source material and internal work.
|
|
|
|
.PP
|
|
May 2015, Revised by Victor HU(huruifeng at huawei dot com) by kubernetes version 0.17
|
|
|
|
.PP
|
|
[]()
|