Add an explanation of how the kubeadm kubelet dropin file works and a note about cAdvisor #4229
Conversation
k8s-ci-robot
requested review from
jbeda,
lukemarsden,
roberthbailey and
chenopis
k8s-ci-robot
added
the
cncf-cla: yes
docs/admin/kubeadm.md
Outdated
| @@ -525,6 +525,57 @@ Here `v1.7.x` means the "latest patch release of the v1.7 branch". | |||
|
|
|||
| `${ARCH}` can be one of: `amd64`, `arm`, `arm64`, `ppc64le` or `s390x`. | |||
|
|
|||
| ## Managing the kubeadm dropin file for the kubelet | |||
There was a problem hiding this comment.
change all occurrences of "dropin" to "drop-in"
docs/admin/kubeadm.md
Outdated
| ``` | ||
|
|
||
| A breakdown of what/why: | ||
| - `--kubeconfig=/etc/kubernetes/kubelet.conf` point to the kubeconfig file that |
docs/admin/kubeadm.md
Outdated
| started until `kubeadm init` is run. | ||
| - `--pod-manifest-path=/etc/kubernetes/manifests` specifies from where to read | ||
| Static Pod manifests used for spinning up the control plane | ||
| - `--allow-privileged=true` allow this kubelet to run privileged Pods |
docs/admin/kubeadm.md
Outdated
| - `--pod-manifest-path=/etc/kubernetes/manifests` specifies from where to read | ||
| Static Pod manifests used for spinning up the control plane | ||
| - `--allow-privileged=true` allow this kubelet to run privileged Pods | ||
| - `--network-plugin=cni` use CNI networking |
docs/admin/kubeadm.md
Outdated
| Static Pod manifests used for spinning up the control plane | ||
| - `--allow-privileged=true` allow this kubelet to run privileged Pods | ||
| - `--network-plugin=cni` use CNI networking | ||
| - `--cni-conf-dir=/etc/cni/net.d` where to look for the |
There was a problem hiding this comment.
add "specifies": "--cni-conf-dir=/etc/cni/net.d specifies where to look..."
docs/admin/kubeadm.md
Outdated
| `search` entries in Pods' `/etc/resolv.conf` | ||
| - `--client-ca-file=/etc/kubernetes/pki/ca.crt` authenticate requests to the Kubelet | ||
| API using this CA certificate. | ||
| - `--authorization-mode=Webhook` authorize requests to the Kubelet API by `POST`-ing |
There was a problem hiding this comment.
"authorize" -> "authorizes"
docs/admin/kubeadm.md
Outdated
| API using this CA certificate. | ||
| - `--authorization-mode=Webhook` authorize requests to the Kubelet API by `POST`-ing | ||
| a `SubjectAccessReview` to the API Server | ||
| - `--cadvisor-port=0` disable that cAdvisor listens to `0.0.0.0:4194` by default. |
There was a problem hiding this comment.
suggested edit: "--cadvisor-port=0 disables cAdvisor from listening to 0.0.0.0:4194 by default."
docs/admin/kubeadm.md
Outdated
| a `SubjectAccessReview` to the API Server | ||
| - `--cadvisor-port=0` disable that cAdvisor listens to `0.0.0.0:4194` by default. | ||
| cAdvisor will still be run inside of the kubelet and its API can be accessed at | ||
| `https://{node-ip}:10250/stats/`. If you want to enable that cAdvisor listens on |
There was a problem hiding this comment.
suggested edit: "If you want to enable cAdvisor to listen on a wide-open port, run:"
| ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_EXTRA_ARGS | ||
| ``` | ||
|
|
||
| A breakdown of what/why: |
There was a problem hiding this comment.
You should change these into an unordered (bulleted) list. Markdown is currently rendering them as a single paragraph, see preview: https://deploy-preview-4229--kubernetes-io-master-staging.netlify.com/docs/admin/kubeadm/
docs/admin/kubeadm.md
Outdated
| cAdvisor will still be run inside of the kubelet and its API can be accessed at | ||
| `https://{node-ip}:10250/stats/`. If you want to enable that cAdvisor listens on | ||
| a wide-open port, run: | ||
| ``` |
There was a problem hiding this comment.
Add a newline above this line so that the shell snippet is rendered in a separate block on its own line, see preview: https://deploy-preview-4229--kubernetes-io-master-staging.netlify.com/docs/admin/kubeadm/
|
@luxas Can you rebase this onto |
luxas
force-pushed
the
add_kubeadm_cadvisor_note
branch
2 times, most recently
from
1ec1f02
to
b49eb31
Compare
|
@chenopis Done! |
docs/admin/kubeadm.md
Outdated
| ``` | ||
|
|
||
| A breakdown of what/why: | ||
| * `--kubeconfig=/etc/kubernetes/kubelet.conf` points to the kubeconfig file that |
There was a problem hiding this comment.
I think you need a newline before this line. It's currently not rendering the unordered list correctly. See the preview: https://deploy-preview-4229--kubernetes-io-master-staging.netlify.com/docs/admin/kubeadm/#managing-the-kubeadm-drop-in-file-for-the-kubelet
… note about cAdvisor
luxas
force-pushed
the
add_kubeadm_cadvisor_note
branch
from
b49eb31
to
df25909
Compare
|
@luxas I'm going to merge this. Any additional changes can be done in a follow-up PR. |
/cc @roberthbailey @jbeda @chenopis @lukemarsden
FYI @dchen1107
This was discussed in kubernetes/release#356. I'm adding some context on how the dropin works and information about how the user might revert kubernetes/release#356 if they have to.
This change is