packages/KubeOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
KubeOS/0005-docs-add-description-of-the-configuration.patch

111 lines
4.8 KiB
Diff
Raw Normal View History

KubeOS: sync from upstream Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
2024-12-03 17:27:39 +08:00
From c53a851af1460b037c1dd22e434318963717eabc Mon Sep 17 00:00:00 2001
From: liyuanr <liyuanrong1@huawei.com>
Date: Wed, 27 Nov 2024 15:46:31 +0800
Subject: [PATCH 05/11] docs: add description of the configuration
add description of the configuration of kubelet,
containerd and pam limts
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
---
.../figures/kubeos-architecture_2024.png | Bin 0 -> 241051 bytes
.../config/crd/upgrade.openeuler.org_os.yaml | 2 +-
docs/quick-start.md | 65 ++++++++++++++++++
3 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 docs/design/figures/kubeos-architecture_2024.png
diff --git a/docs/design/figures/kubeos-architecture_2024.png b/docs/design/figures/kubeos-architecture_2024.png
new file mode 100644
index 00000000..1862a1c4
Binary files /dev/null and b/docs/design/figures/kubeos-architecture_2024.png differ
diff --git a/docs/example/config/crd/upgrade.openeuler.org_os.yaml b/docs/example/config/crd/upgrade.openeuler.org_os.yaml
index 97d0d27b..0ec657b2 100644
--- a/docs/example/config/crd/upgrade.openeuler.org_os.yaml
+++ b/docs/example/config/crd/upgrade.openeuler.org_os.yaml
@@ -147,7 +147,7 @@ spec:
operation:
type: string
value:
- type: string
+ x-kubernetes-preserve-unknown-fields: true
type: object
type: array
model:
diff --git a/docs/quick-start.md b/docs/quick-start.md
index 6c5f47a2..5730c164 100644
--- a/docs/quick-start.md
+++ b/docs/quick-start.md
@@ -767,3 +767,68 @@ hostshell
operation: delete
- key: crash_kexec_post_notifiers
```
+### kubelet配置
+* kuberntes.kubelet: 配置节点kubelet的配置文件中的参数参数说明和约束如下
+ * 仅支持```KubeletConfiguration```中的配置参数。
+ * 节点kubelet配置文件需要为yaml格式的文件。
+ * 如不指定configpath默认配置文件路径为```/var/lib/kubelet/config.yaml```并且需要注意的是配置文件的路径需要与kubelet启动时的```-- config```参数指定的路径一致才能生效。
+ * 如配置存在嵌套,则通过```'.'```连接嵌套的key值例如如果修改如下yaml示例中```cacheAuthorizedTTL```参数为1s。
+ ```
+ authorization:
+ mode: Webhook
+ webhook:
+ cacheAuthorizedTTL: 0s
+ ```
+ 参数配置示例如下:
+ ```
+ configs:
+ - model: kuberntes.kubelet
+ configpath: /etc/test.yaml
+ contents:
+ - key: authorization.webhook.cacheAuthorizedTTL
+ value: 1s
+ ```
+ * kubernetes.kubelet进行删除时不对value与配置文件中的值进行比较
+### containerd配置
+* container.containerd: 配置节点上containerd的配置文件中的参数参数说明和约束如下
+ * containerd需要配置文件为toml格式所以key为toml中该参数的表头.键名例如希望修改如下toml示例中```no_shim```为true。
+ ```
+ [plugins."io.containerd.runtime.v1.linux"]
+ no_shim=false
+ runtime="runc"
+ runtime_root="
+ ```
+ 参数配置示例如下:
+ ```
+ configs:
+ - model: container.containerd
+ configpath: /etc/test.toml
+ contents:
+ - key: plugins."io.containerd.runtime.v1.linux".no_shim
+ value: true
+ ```
+ * toml使用```"."```分割键os-agent识别时与toml保持一致所以当键名中包含```"."```时,该键名需要使用```""```,例如上例中的```"io.containerd.runtime.v1.linux"```为一个键
+ * 如不指定configpath默认配置文件路径为```/etc/containerd/config.toml```
+ * container.conatainerd配置的key和value均不能为空
+ * container.containerd进行删除时不对value与配置文件中的值进行比较
+### Pam Limits配置
+* pam.limits配置节点上/etc/security/limits.conf文件
+ * key为domain值value的格式需要为type.item.valuelimits.conf文件要求每行格式为\<domain\> \<type\> \<item\> \<value\>),例如:
+ ```
+ configs:
+ - model: pam.limits
+ contents:
+ - key: ftp
+ value: soft.core.0
+ ```
+ * 更新时如不需要对type/item/value更新时可以使用```"_"```忽略对此参数的更新但value必须为点隔的三段式例如
+ ```
+ configs:
+ - model: pam.limits
+ contents:
+ - key: ftp
+ value: hard._.1
+ ```
+ * pam.limits新增时value中不允许包含```"_"```
+ * pam.limits删除时会对value进行校验当value与配置文件中的值不同时删除失败
+ * pam.limits配置的key和value均不能为空
\ No newline at end of file
--
2.39.5 (Apple Git-154)
Reference in New Issue Copy Permalink