Kubeadm kubelet integration doc #9652
Conversation
k8s-ci-robot
added
sig/cluster-lifecycle
|
/assign @Bradamant3 |
This comment has been minimized.
This comment has been minimized.
|
/assign @neolit123 |
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit 52b1f06 https://deploy-preview-9652--kubernetes-io-master-staging.netlify.com |
|
|
||
| Let's say that you have a default service subnet defined as `10.96.0.0/12` and you pass this parameter to kubeadm: | ||
| ```bash | ||
| kubeadm init --service-cidr 10.95.0.0/12 |
There was a problem hiding this comment.
replace 10.95.0.0/12 to 10.96.0.0/12 ?
| ``` | ||
|
|
||
| In this example, the modified value is the subnet used for allocating the Service Virtual IPs. | ||
| This means that the `--cluster-dns` kubelet flag also has to be set, to `10.95.0.10` following this example. |
|
|
||
| - Different kubelet parameters need to be passed depending on what CRI runtime is used. In the case of docker, | ||
| you need to specify flags like `--network-plugin=cni` for it to work, but if you're using some other, external runtime | ||
| you should set `--container-runtime=remote` and specify the CRI endpoint with `--container-runtime-endpoint=<path>`. |
There was a problem hiding this comment.
...., but if you're using some external runtime. you should set ....
| to make the kubelet pick up the latest dynamic flags which were previously written. After that the rest of the regular | ||
| `kubeadm init` workflow continues. | ||
|
|
||
| `kubeadm join` on the other hand, uses the Bootstrap Token credential to download the `kubelet-config-1.X` ConfigMap |
There was a problem hiding this comment.
"on the other hand, kubeadm join .... ", may be seems well
|
thanks for the review, @stewart-yu |
| - The file that can contain user specified flag overrides with `KUBELET_EXTRA_ARGS` is sourced from `/etc/default/kubelet` | ||
| (for debs), or `/etc/systconfig/kubelet` (for rpms). Note that `KUBELET_EXTRA_ARGS` is last in the flag chain, | ||
| therefore it has the highest priority. | ||
|
|
There was a problem hiding this comment.
Here some wrong format output, may be add a blank line below Notes make it work.
https://deploy-preview-9652--kubernetes-io-master-staging.netlify.com/docs/setup/independent/kubelet-integration/
| - `kubelet` - ships the `/usr/bin/kubelet` binary. | ||
| - `kubectl` - ships the `/usr/bin/kubectl` binary. | ||
| - `kubernetes-cni` - ships the official CNI binaries under the `/opt/cni/bin` directory. | ||
| - `cri-tools` - ships the `/usr/bin/crictl` binary from https://github.com/kubernetes-incubator/cri-tools |
|
@stewart-yu |
neolit123
force-pushed
the
kubeadm_kubelet_integration_doc
branch
from
8d241e1
to
7367f87
Compare
Also apply MD formatting fixes.
neolit123
force-pushed
the
kubeadm_kubelet_integration_doc
branch
from
7367f87
to
75e84d1
Compare
|
@stewart-yu |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
k8s-ci-robot
removed
the
lgtm
|
@neolit123 PTAL at the copyedit commit I just added on top of yours. I changed the structure of the file a bit and reworked the prose. Let me know if I accidentally changed any technical meaning with my changes and I'll iterate. Thanks! |
| The default kubeadm deb/rpm packages ship a systemd drop-in file for the kubelet populated with | ||
| some CLI flags so that the kubelet is functional. | ||
| Like any daemon process, the state of the kubelet needs to be maintained using a lifecycle management | ||
| process such as an init system or process manager. When the kubelet is installed using DEBs or RPMs, |
There was a problem hiding this comment.
the original is arguably more technically valid here:
Given the kubelet is a daemon, it needs to be maintained by some kind of a init system or process manager.
| some CLI flags so that the kubelet is functional. | ||
| Like any daemon process, the state of the kubelet needs to be maintained using a lifecycle management | ||
| process such as an init system or process manager. When the kubelet is installed using DEBs or RPMs, | ||
| `systemd` manages the kubelet. You can configure a different process management system to manage the |
There was a problem hiding this comment.
here and across the edit, systemd is not a command to be quoted, but rather a tool / project name like etcd or kubelet. for example, kubeadm is a tool, but kubeadm init is a command line and should be quoted.
| ## Kubelet configuration patterns | ||
|
|
||
| The following sections describe patterns to kubelet configuration that are simplified by | ||
| using kubeadm, rather than managing the kubelet configuration for each Pod manually. |
There was a problem hiding this comment.
a kubelet are per Node, not per Pod.
| `kubeadm init` and/or `kubeadm join` commands. Common scenarios include customizing the Service | ||
| Subnet and using a different CRI runtime. | ||
| If you want your services to use the subnet `10.96.0.0/12` as the default for services, you can pass | ||
| the `--service-cidr` marameter to kubeadm: |
| ### Providing instance-specific configuration details | ||
|
|
||
| Some hosts require specific kubelet configurations, due to differences in hardware, operating system, | ||
| networking, or other host-specific parameters. The following list provices a few examples. |
| named `kubelet-config-1.X`, where `X` is the minor version of the Kubernetes version initialized. `kubeadm init` also | ||
| generates the `/etc/kubernetes/kubelet.conf` KubeConfig file with credentials (client certificates) so that the kubelet | ||
| can talk to the API server. | ||
| When you call `kubeadm init`, the `.kubeletConfiguration.baseConfig` structure is marshalled to disk |
There was a problem hiding this comment.
minor-nit: we might as well remove the extra space before structure here.
| baseline cluster-wide configuration for all kubelets in the cluster. This configuration file | ||
| points to the client certificates that allow the kubelet to communicate with the API server. This | ||
| addresses the need to | ||
| [propogate cluster-level configuration to each kubelet](#propagating-cluster-level-configuration-to-each-kubelet). |
There was a problem hiding this comment.
this is good self-linking 👍
| On the other hand, `kubeadm join` uses the Bootstrap Token credential to download the `kubelet-config-1.X` ConfigMap | ||
| and write it to `/var/lib/kubelet/config.yaml`. | ||
| After marshalling these two files to disk, kubeadm attempts to run the following two | ||
| commands, if you are using systemd to manage your processes: |
There was a problem hiding this comment.
through out the doc, "process manager" and "manage a process" is slightly misused in the case of systemd, because it's more of a "service manager".
a process is not exactly the same as a service in any OS context.
i would omit to manage your processes to dodge this ambiguity.
| is stored in `/etc/kubernetes/kubelet.conf`. As of kubeadm v1.11, `kubeadm join` waits for the `/etc/kubernetes/kubelet.conf` | ||
| file to appear on disk, which means that the kubelet has performed the TLS Bootstrap. | ||
| When you run `kubeadm join`, kubeadm uses the Bootstrap Token credential to download the | ||
| `kubelet-config-1.X` ConfigMap and writes it to `/var/lib/kubelet/config.yaml`. The dynamic |
There was a problem hiding this comment.
and writes it -> and write it ?
There was a problem hiding this comment.
kubeadm (uses the Bootstrap Token credential....) and writes it. :) Subject-verb agreement.
| At that point the Bootstrap Token is used by the kubelet to perform the TLS Bootstrap and to get the unique credential which | ||
| is stored in `/etc/kubernetes/kubelet.conf`. As of kubeadm v1.11, `kubeadm join` waits for the `/etc/kubernetes/kubelet.conf` | ||
| file to appear on disk, which means that the kubelet has performed the TLS Bootstrap. | ||
| When you run `kubeadm join`, kubeadm uses the Bootstrap Token credential to download the |
There was a problem hiding this comment.
the bootstrap token is use to perform a TLS bootstrap which fetches the credential.
the original is more technically accurate.
|
@neolit123 Thanks, I've just pushed a new commit to address your comments. PTAL! |
|
@mistyhacks this is good to go. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mistyhacks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Part of kubernetes/kubeadm#849
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
orginal PR:
#9123
since i cannot push to @luxas branch here are my editorial fixes and also i've moved the file to
setup/independent.