10 KiB
% KUBERNETES(1) kubernetes User Manuals % Scott Collier % October 2014
NAME
kubelet - Processes a container manifest so the containers are launched according to how they are described.
SYNOPSIS
kubelet [OPTIONS]
DESCRIPTION
The kubernetes kubelet runs on each node. The Kubelet works in terms of a container manifest. A container manifest is a YAML or JSON file that describes a pod. The Kubelet takes a set of manifests that are provided in various mechanisms and ensures that the containers described in those manifests are started and continue running.
There are 3 ways that a container manifest can be provided to the Kubelet:
File: Path passed as a flag on the command line. This file is rechecked every 20 seconds (configurable with a flag).
HTTP endpoint: HTTP endpoint passed as a parameter on the command line. This endpoint is checked every 20 seconds (also configurable with a flag).
HTTP server: The kubelet can also listen for HTTP and respond to a simple API (underspec'd currently) to submit a new manifest.
OPTIONS
--address=0.0.0.0 The IP address for the info server to serve on (set to 0.0.0.0 for all interfaces)
--allow_dynamic_housekeeping=true Whether to allow the housekeeping interval to be dynamic
--allow-privileged=false If true, allow containers to request privileged mode. [default=false]
--alsologtostderr=false log to standard error as well as files
--api-servers=[] List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated.
--boot_id_file=/proc/sys/kernel/random/boot_id Comma-separated list of files to check for boot-id. Use the first one that exists.
--cadvisor-port=4194 The port of the localhost cAdvisor endpoint
--cert-dir="/var/run/kubernetes" The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls_cert_file and --tls_private_key_file are provided, this flag will be ignored.
--cgroup_root="" Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
--cloud-config="" The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider="" The provider for cloud services. Empty string for no provider.
--cluster-dns= IP address for a cluster DNS server. If set, kubelet will configure all containers to use this for DNS resolution in addition to the host's DNS servers
--cluster-domain="" Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains
--config="" Path to the config file or directory of files
--configure-cbr0=false If true, kubelet will configure cbr0 based on Node.Spec.PodCIDR.
--container_hints=/etc/cadvisor/container_hints.json location of the container hints file
--container_runtime="docker" The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
--docker=unix:///var/run/docker.sock docker endpoint
--docker-daemon-container="/docker-daemon" Optional resource-only container in which to place the Docker Daemon. Empty for no container (Default: /docker-daemon).
--docker-endpoint="" If non-empty, use this for the docker endpoint to communicate with
--docker_only=false Only report docker containers in addition to root stats
--docker_root=/var/lib/docker Absolute path to the Docker state root directory (default: /var/lib/docker)
--docker_run=/var/run/docker Absolute path to the Docker run directory (default: /var/run/docker)
--enable-debugging-handlers=true Enables server endpoints for log collection and local running of containers and commands
--enable_load_reader=false Whether to enable cpu load reader
--enable-server=true Enable the info server
--event_storage_age_limit=default=24h Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types
--event_storage_event_limit=default=100000 Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types
--file-check-frequency=20s Duration between checking config files for new data
--global_housekeeping_interval=1m0s Interval between global housekeepings
--google-json-key="" The Google Cloud Platform Service Account JSON Key to use for authentication.
--healthz-bind-address=127.0.0.1 The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces)
--healthz-port=10248 The port of the localhost healthz endpoint
--host-network-sources="file" Comma-separated list of sources from which the Kubelet allows pods to use of host network. For all sources use "*" [default="file"]
--hostname-override="" If non-empty, will use this string as identification instead of the actual hostname.
--housekeeping_interval=1s Interval between container housekeepings
--http-check-frequency=20s Duration between checking http for new data
--image-gc-high-threshold=90 The percent of disk usage after which image garbage collection is always run. Default: 90%%
--image-gc-low-threshold=80 The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80%%
--kubeconfig=/var/lib/kubelet/kubeconfig Path to a kubeconfig file, specifying how to authenticate to API server (the master location is set by the api-servers flag).
--log_backtrace_at=:0 when logging hits line file:N, emit a stack trace
--log_cadvisor_usage=false Whether to log the usage of the cAdvisor container
--log_dir= If non-empty, write log files in this directory
--log_flush_frequency=5s Maximum number of seconds between log flushes
--logtostderr=true log to standard error instead of files
--low-diskspace-threshold-mb=256 The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected. Default: 256
--machine_id_file=/etc/machine-id,/var/lib/dbus/machine-id Comma-separated list of files to check for machine-id. Use the first one that exists.
--manifest-url="" URL for accessing the container manifest
--master-service-namespace="default" The namespace from which the kubernetes master services should be injected into pods
--max_housekeeping_interval=1m0s Largest interval to allow between container housekeepings
--max_pods=100 Number of Pods that can run on this Kubelet.
--maximum-dead-containers=100 Maximum number of old instances of a containers to retain globally. Each container takes up some disk space. Default: 100.
--maximum-dead-containers-per-container=5 Maximum number of old instances of a container to retain per container. Each container takes up some disk space. Default: 5.
--minimum-container-ttl-duration=1m0s Minimum age for a finished container before it is garbage collected. Examples: '300ms', '10s' or '2h45m'
--network-plugin="" The name of the network plugin to be invoked for various events in kubelet/pod lifecycle
--node-status-update-frequency=10s Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s
--oom-score-adj=-900 The oom_score_adj value for kubelet process. Values must be within the range [-1000, 1000]
--pod-infra-container-image="gcr.io/google_containers/pause:0.8.0" The image whose network/ipc namespaces containers in each pod will use.
--port=10250 The port for the info server to serve on
--read-only-port=10255 The read-only port for the info server to serve on (set to 0 to disable)
--registry-burst=10 Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry_qps > 0
--registry-qps=0 If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0]
--resource-container="/kubelet" Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet).
--root-dir="/var/lib/kubelet" Directory path for managing kubelet files (volume mounts,etc).
--runonce=false If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api_servers, and --enable-server
--stderrthreshold=2 logs at or above this threshold go to stderr
--streaming-connection-idle-timeout=0 Maximum time a streaming connection can be idle before the connection is automatically closed. Example: '5m'
--sync-frequency=10s Max period between synchronizing running containers and config
--tls-cert-file="" File /gmrvcontaining x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert_dir.
--tls-private-key-file="" File containing x509 private key matching --tls_cert_file.
--v=0 log level for V logs
--version=false Print version information and quit
--vmodule= comma-separated list of pattern=N settings for file-filtered logging
EXAMPLES
/usr/bin/kubelet --logtostderr=true --v=0 --api_servers=http://127.0.0.1:8080 --address=127.0.0.1 --port=10250 --hostname_override=127.0.0.1 --allow-privileged=false
HISTORY
October 2014, Originally compiled by Scott Collier (scollier at redhat dot com) based on the kubernetes source material and internal work.