openshift-start-kubernetes-kubelet man page

openshift start kubernetes kubelet — Launch the Kubelet (kubelet)

Synopsis

openshift start kubernetes kubelet [Options]

Description

Start Kubelet

This command launches a Kubelet. All options are exposed. Use 'openshift start node' for starting from a configuration file.

Options

--address=0.0.0.0

The IP address for the Kubelet to serve on (set to 0.0.0.0 for all interfaces)

--allow-privileged=false

If true, allow containers to request privileged mode. [default=false]

--anonymous-auth=true

Enables anonymous requests to the Kubelet server. Requests that are not rejected by another authentication method are treated as anonymous requests. Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated.

--api-servers=[]

List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated.

--auth-path=""

Path to .kubernetes_auth file, specifying how to authenticate to API server.

--authentication-token-webhook=false

Use the TokenReview API to determine authentication for bearer tokens.

--authentication-token-webhook-cache-ttl=0

The duration to cache responses from the webhook token authenticator.

--authorization-mode="AlwaysAllow"

Authorization mode for Kubelet server. Valid options are AlwaysAllow or Webhook. Webhook mode uses the SubjectAccessReview API to determine authorization.

--authorization-webhook-cache-authorized-ttl=0

The duration to cache 'authorized' responses from the webhook authorizer.

--authorization-webhook-cache-unauthorized-ttl=0

The duration to cache 'unauthorized' responses from the webhook authorizer.

--babysit-daemons=false

If true, the node has babysitter process monitoring docker and kubelet.

--cadvisor-port=4194

The port of the localhost cAdvisor endpoint

--cert-dir="/var/run/kubernetes"

The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.

--cgroup-driver="cgroupfs"

Driver that the kubelet uses to manipulate cgroups on the host.  Possible values: 'cgroupfs', 'systemd'

--cgroup-root=""

Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.

--chaos-chance=0

If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0]

--client-ca-file=""

If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.

--cloud-config=""

The path to the cloud provider configuration file.  Empty string for no configuration file.

--cloud-provider="auto-detect"

The provider for cloud services. By default, kubelet will attempt to auto-detect the cloud provider. Specify empty string for running with no cloud provider. [default=auto-detect]

--cluster-dns=""

IP address for a cluster DNS server.  This value is used for containers' DNS server in case of Pods with "dnsPolicy=ClusterFirst"

--cluster-domain=""

Domain for this cluster.  If set, kubelet will configure all containers to search this domain in addition to the host's search domains

--cni-bin-dir=""

<Warning: Alpha feature> The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin

--cni-conf-dir=""

<Warning: Alpha feature> The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d

--config=""

Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file.

--container-runtime="docker"

The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.

--container-runtime-endpoint=""

[Experimental] The unix socket endpoint of remote runtime service. The endpoint is used only when CRI integration is enabled (--experimental-cri)

--containerized=false

Experimental support for running kubelet in a container.  Intended for testing. [default=false]

--cpu-cfs-quota=true

Enable CPU CFS quota enforcement for containers that specify CPU limits

--docker-endpoint="unix:///var/run/docker.sock"

Use this for the docker endpoint to communicate with

--docker-exec-handler="native"

Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'.

--enable-controller-attach-detach=true

Enables the Attach/Detach controller to manage attachment/detachment of volumes scheduled to this node, and disables kubelet from executing any attach/detach operations

--enable-custom-metrics=false

Support for gathering custom metrics.

--enable-debugging-handlers=true

Enables server endpoints for log collection and local running of containers and commands

--enable-server=true

Enable the Kubelet's server

--event-burst=10

Maximum size of a bursty event records, temporarily allows event records to burst to this number, while still not exceeding event-qps. Only used if --event-qps > 0

--event-qps=5

If > 0, limit event creations per second to this value. If 0, unlimited.

--eviction-hard="memory.available<100Mi"

A set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a pod eviction.

--eviction-max-pod-grace-period=0

Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met.  If negative, defer to pod specified value.

--eviction-minimum-reclaim=""

A set of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.

--eviction-pressure-transition-period=0

Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition.

--eviction-soft=""

A set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a pod eviction.

--eviction-soft-grace-period=""

A set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a pod eviction.

--exit-on-lock-contention=false

Whether kubelet should exit upon lock-file contention.

--experimental-allowed-unsafe-sysctls=[]

Comma-separated whitelist of unsafe sysctls or unsafe sysctl patterns (ending in *). Use these at your own risk.

--experimental-bootstrap-kubeconfig=""

<Warning: Experimental feature> Path to a kubeconfig file that will be used to get client certificate for kubelet. If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated key and obtained certificate is written to the path specified by --kubeconfig. The certificate and key file will be stored in the directory pointed by --cert-dir.

--experimental-cgroups-per-qos=false

Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created.

--experimental-check-node-capabilities-before-mount=false

[Experimental] if set true, the kubelet will check the underlying node for required componenets (binaries, etc.) before performing the mount

--experimental-cri=false

[Experimental] Enable the Container Runtime Interface (CRI) integration. If --container-runtime is set to "remote", Kubelet will communicate with the runtime/image CRI server listening on the endpoint specified by --remote-runtime-endpoint/--remote-image-endpoint. If --container-runtime is set to "docker", Kubelet will launch a in-process CRI server on behalf of docker, and communicate over a default endpoint.

--experimental-fail-swap-on=false

Makes the Kubelet fail to start if swap is enabled on the node. This is a temporary opton to maintain legacy behavior, failing due to swap enabled will happen by default in v1.6.

--experimental-kernel-memcg-notification=false

If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling.

--experimental-mounter-path=""

[Experimental] Path of mounter binary. Leave empty to use the default mount.

--experimental-nvidia-gpus=0

Number of NVIDIA GPU devices on this node. Only 0 (default) and 1 are currently supported.

--feature-gates=""

A set of key=value pairs that describe feature gates for alpha/experimental features. Options are: AllAlpha=true|false (ALPHA - default=false) AllowExtTrafficLocalEndpoints=true|false (BETA - default=true) AppArmor=true|false (BETA - default=true) DynamicKubeletConfig=true|false (ALPHA - default=false) DynamicVolumeProvisioning=true|false (ALPHA - default=true) ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false) StreamingProxyRedirects=true|false (ALPHA - default=false)

--file-check-frequency=0

Duration between checking config files for new data

--hairpin-mode="promiscuous-bridge"

How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should try to access their own Service. Valid values are "promiscuous-bridge", "hairpin-veth" and "none".

--healthz-bind-address=127.0.0.1

The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces)

--healthz-port=10248

The port of the localhost healthz endpoint

--host-ipc-sources=[]

Comma-separated list of sources from which the Kubelet allows pods to use the host ipc namespace. [default=""]

--host-network-sources=[]

Comma-separated list of sources from which the Kubelet allows pods to use of host network. [default=""]

--host-pid-sources=[]

Comma-separated list of sources from which the Kubelet allows pods to use the host pid namespace. [default=""]

--hostname-override=""

If non-empty, will use this string as identification instead of the actual hostname.

--http-check-frequency=0

Duration between checking http for new data

--image-gc-high-threshold=85

The percent of disk usage after which image garbage collection is always run. Default: 85%

--image-gc-low-threshold=80

The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80%

--image-service-endpoint=""

[Experimental] The unix socket endpoint of remote image service. If not specified, it will be the same with container-runtime-endpoint by default. The endpoint is used only when CRI integration is enabled (--experimental-cri)

--iptables-drop-bit=15

The bit of the fwmark space to mark packets for dropping. Must be within the range [0, 31].

--iptables-masquerade-bit=14

The bit of the fwmark space to mark packets for SNAT. Must be within the range [0, 31]. Please match this parameter with corresponding parameter in kube-proxy.

--keep-terminated-pod-volumes=false

Keep terminated pod volumes mounted to the node after the pod terminates.  Can be useful for debugging volume related issues.

--kube-api-burst=10

Burst to use while talking with kubernetes apiserver

--kube-api-content-type="application/vnd.kubernetes.protobuf"

Content type of requests sent to apiserver.

--kube-api-qps=5

QPS to use while talking with kubernetes apiserver

--kube-reserved=

A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for kubernetes system components. Currently only cpu and memory are supported. See  ⟨http://kubernetes.io/docs/user-guide/compute-resources⟩ for more detail. [default=none]

--kubeconfig="/var/lib/kubelet/kubeconfig"

Path to a kubeconfig file, specifying how to connect to the API server. --api-servers will be used for the location unless --require-kubeconfig is set.

--kubelet-cgroups=""

Optional absolute name of cgroups to create and run the Kubelet in.

--lock-file=""

<Warning: Alpha feature> The path to file for kubelet to use as a lock file.

--low-diskspace-threshold-mb=256

The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected. Default: 256

--make-iptables-util-chains=true

If true, kubelet will ensure iptables utility rules are present on host.

--manifest-url=""

URL for accessing the container manifest

--manifest-url-header=""

HTTP header to use when accessing the manifest URL, with the key separated from the value with a ':', as in 'key:value'

--master-service-namespace="default"

The namespace from which the kubernetes master services should be injected into pods

--max-open-files=1000000

Number of files that can be opened by Kubelet process. [default=1000000]

--max-pods=110

Number of Pods that can run on this Kubelet.

--maximum-dead-containers=-1

Maximum number of old instances of containers to retain globally.  Each container takes up some disk space. To disable, set to a negative number.  Default: -1.

--maximum-dead-containers-per-container=1

Maximum number of old instances to retain per container.  Each container takes up some disk space.  Default: 1.

--minimum-container-ttl-duration=0

Minimum age for a finished container before it is garbage collected.  Examples: '300ms', '10s' or '2h45m'

--minimum-image-ttl-duration=0

Minimum age for an unused image before it is garbage collected.  Examples: '300ms', '10s' or '2h45m'. Default: '2m'

--network-plugin=""

<Warning: Alpha feature> The name of the network plugin to be invoked for various events in kubelet/pod lifecycle

--network-plugin-dir=""

<Warning: Alpha feature> The full path of the directory in which to search for network plugins or CNI config

--network-plugin-mtu=0

<Warning: Alpha feature> The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.

--node-ip=""

IP address of the node. If set, kubelet will use this IP address for the node

--node-labels=

<Warning: Alpha feature> Labels to add when registering the node in the cluster.  Labels must be key=value pairs separated by ','.

--node-status-update-frequency=0

Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s

--non-masquerade-cidr="10.0.0.0/8"

Traffic to IPs outside this range will use IP masquerade.

--oom-score-adj=-999

The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000]

--outofdisk-transition-frequency=0

Duration for which the kubelet has to wait before transitioning out of out-of-disk node condition status. Default: 5m0s

--pod-cidr=""

The CIDR to use for pod IP addresses, only used in standalone mode.  In cluster mode, this is obtained from the master.

--pod-infra-container-image="gcr.io/google_containers/pause-amd64:3.0"

The image whose network/ipc namespaces containers in each pod will use.

--pod-manifest-path=""

Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file.

--pods-per-core=0

Number of Pods per core that can run on this Kubelet. The total number of Pods on this Kubelet cannot exceed max-pods, so max-pods will be used if this calculation results in a larger number of Pods allowed on the Kubelet. A value of 0 disables this limit.

--port=10250

The port for the Kubelet to serve on.

--protect-kernel-defaults=false

Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults.

--read-only-port=10255

The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable)

--really-crash-for-testing=false

If true, when panics occur crash. Intended for testing.

--reconcile-cidr=true

Reconcile node CIDR with the CIDR specified by the API server. This flag has no function anymore.

--register-node=true

Register the node with the apiserver (defaults to true if --api-servers is set)

--register-schedulable=true

Register the node as schedulable. Won't have any effect if register-node is false. [default=true]

--registry-burst=10

Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps.  Only used if --registry-qps > 0

--registry-qps=5

If > 0, limit registry pull QPS to this value.  If 0, unlimited. [default=5.0]

--require-kubeconfig=false

If true the Kubelet will exit if there are configuration errors, and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.

--resolv-conf="/etc/resolv.conf"

Resolver configuration file used as the basis for the container DNS resolution configuration.

--resource-container=""

Optional absolute name of the resource-only container to create and run the Kubelet in.

--rkt-api-endpoint="localhost:15441"

The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.

--rkt-path=""

Path of rkt binary. Leave empty to use the first rkt in $PATH.  Only used if --container-runtime='rkt'.

--rkt-stage1-image=""

image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.

--root-dir="/var/lib/kubelet"

Directory path for managing kubelet files (volume mounts,etc).

--runonce=false

If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server

--runtime-cgroups=""

Optional absolute name of cgroups to create and run the runtime in.

--runtime-request-timeout=0

Timeout of all runtime requests except long running request - pull, logs, exec and attach. When timeout exceeded, kubelet will cancel the request, throw out an error and retry later. Default: 2m0s

--seccomp-profile-root="/var/lib/kubelet/seccomp"

Directory path for seccomp profiles.

--serialize-image-pulls=true

Pull images one at a time. We recommend not changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. [default=true]

--streaming-connection-idle-timeout=0

Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m'

--sync-frequency=0

Max period between synchronizing running containers and config

--system-cgroups=""

Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under /. Empty for no container. Rolling back the flag requires a reboot. (Default: "").

--system-container=""

Optional resource-only container in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. (Default: "").

--system-reserved=

A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for non-kubernetes components. Currently only cpu and memory are supported. See  ⟨http://kubernetes.io/docs/user-guide/compute-resources⟩ for more detail. [default=none]

--tls-cert-file=""

File containing x509 Certificate for HTTPS.  (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.

--tls-private-key-file=""

File containing x509 private key matching --tls-cert-file.

--volume-plugin-dir="/usr/libexec/kubernetes/kubelet-plugins/volume/exec/"

<Warning: Alpha feature> The full path of the directory in which to search for additional third party volume plugins

--volume-stats-agg-period=0

Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes.  To disable volume calculations, set to 0.  Default: '1m'

Options Inherited from Parent Commands

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--log-flush-frequency=0

Maximum number of seconds between log flushes

See Also

openshift-start-kubernetes(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-start-kubernetes(1).

Openshift CLI User Manuals June 2016