packages/KubeOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
KubeOS/0005-docs-add-description-of-the-configuration.patch
Yuhang Wei a82fa3bcaa KubeOS: sync from upstream 
Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
2024-12-03 20:55:16 +08:00

111 lines
4.8 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From c53a851af1460b037c1dd22e434318963717eabc Mon Sep 17 00:00:00 2001
From: liyuanr <liyuanrong1@huawei.com>
Date: Wed, 27 Nov 2024 15:46:31 +0800
Subject: [PATCH 05/11] docs: add description of the configuration
add description of the configuration of kubelet,
containerd and pam limts
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
---
.../figures/kubeos-architecture_2024.png | Bin 0 -> 241051 bytes
.../config/crd/upgrade.openeuler.org_os.yaml | 2 +-
docs/quick-start.md | 65 ++++++++++++++++++
3 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 docs/design/figures/kubeos-architecture_2024.png
diff --git a/docs/design/figures/kubeos-architecture_2024.png b/docs/design/figures/kubeos-architecture_2024.png
new file mode 100644
index 00000000..1862a1c4
Binary files /dev/null and b/docs/design/figures/kubeos-architecture_2024.png differ
diff --git a/docs/example/config/crd/upgrade.openeuler.org_os.yaml b/docs/example/config/crd/upgrade.openeuler.org_os.yaml
index 97d0d27b..0ec657b2 100644
--- a/docs/example/config/crd/upgrade.openeuler.org_os.yaml
+++ b/docs/example/config/crd/upgrade.openeuler.org_os.yaml
@@ -147,7 +147,7 @@ spec:
operation:
type: string
value:
- type: string
+ x-kubernetes-preserve-unknown-fields: true
type: object
type: array
model:
diff --git a/docs/quick-start.md b/docs/quick-start.md
index 6c5f47a2..5730c164 100644
--- a/docs/quick-start.md
+++ b/docs/quick-start.md
@@ -767,3 +767,68 @@ hostshell
operation: delete
- key: crash_kexec_post_notifiers
```
+### kubelet配置
+* kuberntes.kubelet: 配置节点kubelet的配置文件中的参数参数说明和约束如下
+ * 仅支持```KubeletConfiguration```中的配置参数。
+ * 节点kubelet配置文件需要为yaml格式的文件。
+ * 如不指定configpath默认配置文件路径为```/var/lib/kubelet/config.yaml```并且需要注意的是配置文件的路径需要与kubelet启动时的```-- config```参数指定的路径一致才能生效。
+ * 如配置存在嵌套,则通过```'.'```连接嵌套的key值例如如果修改如下yaml示例中```cacheAuthorizedTTL```参数为1s。
+ ```
+ authorization:
+ mode: Webhook
+ webhook:
+ cacheAuthorizedTTL: 0s
+ ```
+ 参数配置示例如下:
+ ```
+ configs:
+ - model: kuberntes.kubelet
+ configpath: /etc/test.yaml
+ contents:
+ - key: authorization.webhook.cacheAuthorizedTTL
+ value: 1s
+ ```
+ * kubernetes.kubelet进行删除时不对value与配置文件中的值进行比较
+### containerd配置
+* container.containerd: 配置节点上containerd的配置文件中的参数参数说明和约束如下
+ * containerd需要配置文件为toml格式所以key为toml中该参数的表头.键名例如希望修改如下toml示例中```no_shim```为true。
+ ```
+ [plugins."io.containerd.runtime.v1.linux"]
+ no_shim=false
+ runtime="runc"
+ runtime_root="
+ ```
+ 参数配置示例如下:
+ ```
+ configs:
+ - model: container.containerd
+ configpath: /etc/test.toml
+ contents:
+ - key: plugins."io.containerd.runtime.v1.linux".no_shim
+ value: true
+ ```
+ * toml使用```"."```分割键os-agent识别时与toml保持一致所以当键名中包含```"."```时,该键名需要使用```""```,例如上例中的```"io.containerd.runtime.v1.linux"```为一个键
+ * 如不指定configpath默认配置文件路径为```/etc/containerd/config.toml```
+ * container.conatainerd配置的key和value均不能为空
+ * container.containerd进行删除时不对value与配置文件中的值进行比较
+### Pam Limits配置
+* pam.limits配置节点上/etc/security/limits.conf文件
+ * key为domain值value的格式需要为type.item.valuelimits.conf文件要求每行格式为\<domain\> \<type\> \<item\> \<value\>),例如:
+ ```
+ configs:
+ - model: pam.limits
+ contents:
+ - key: ftp
+ value: soft.core.0
+ ```
+ * 更新时如不需要对type/item/value更新时可以使用```"_"```忽略对此参数的更新但value必须为点隔的三段式例如
+ ```
+ configs:
+ - model: pam.limits
+ contents:
+ - key: ftp
+ value: hard._.1
+ ```
+ * pam.limits新增时value中不允许包含```"_"```
+ * pam.limits删除时会对value进行校验当value与配置文件中的值不同时删除失败
+ * pam.limits配置的key和value均不能为空
\ No newline at end of file
--
2.39.5 (Apple Git-154)
Reference in New Issue View Git Blame Copy Permalink