|
| 1 | +# Kruise v1.7.0-alphal.1 |
| 2 | + |
| 3 | +## Configuration |
| 4 | + |
| 5 | +The following table lists the configurable parameters of the kruise chart and their default values. |
| 6 | + |
| 7 | +### manager parameters |
| 8 | +| Parameter | Description | Default | |
| 9 | +| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- | |
| 10 | +| `featureGates` | Feature gates for Kruise, empty string means all enabled | ` ` | |
| 11 | +| `installation.namespace` | namespace for kruise installation | `kruise-system` | |
| 12 | +| `installation.createNamespace` | Whether to create the installation.namespace | `true` | |
| 13 | +| `manager.log.level` | Log level that kruise-manager printed | `4` | |
| 14 | +| `manager.replicas` | Replicas of kruise-controller-manager deployment | `2` | |
| 15 | +| `manager.image.repository` | Repository for kruise-manager image | `openkruise/kruise-manager` | |
| 16 | +| `manager.image.tag` | Tag for kruise-manager image | `v1.7.0-alphal.1` | |
| 17 | +| `manager.resources.limits.cpu` | CPU resource limit of kruise-manager container | `200m` | |
| 18 | +| `manager.resources.limits.memory` | Memory resource limit of kruise-manager container | `512Mi` | |
| 19 | +| `manager.resources.requests.cpu` | CPU resource request of kruise-manager container | `100m` | |
| 20 | +| `manager.resources.requests.memory` | Memory resource request of kruise-manager container | `256Mi` | |
| 21 | +| `manager.metrics.port` | Port of metrics served | `8080` | |
| 22 | +| `manager.webhook.port` | Port of webhook served | `9443` | |
| 23 | +| `manager.pprofAddr` | Address of pprof served | `localhost:8090` | |
| 24 | +| `manager.nodeAffinity` | Node affinity policy for kruise-manager pod | `{}` | |
| 25 | +| `manager.nodeSelector` | Node labels for kruise-manager pod | `{}` | |
| 26 | +| `manager.tolerations` | Tolerations for kruise-manager pod | `[]` | |
| 27 | +| `webhookConfiguration.timeoutSeconds` | The timeoutSeconds for all webhook configuration | `30` | |
| 28 | +| `crds.managed` | Kruise will not install CRDs with chart if this is false | `true` | |
| 29 | +| `manager.resyncPeriod` | Resync period of informer kruise-manager, defaults no resync | `0` | |
| 30 | +| `manager.hostNetwork` | Whether kruise-manager pod should run with hostnetwork | `false` | |
| 31 | +| `imagePullSecrets` | The list of image pull secrets for kruise image | `false` | |
| 32 | +| `enableKubeCacheMutationDetector` | Whether to enable KUBE_CACHE_MUTATION_DETECTOR | `false` | |
| 33 | + |
| 34 | +### daemon parameters |
| 35 | +| Parameter | Description | Default | |
| 36 | +| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- | |
| 37 | +| `daemon.extraEnvs` | Extra environment variables that will be pass onto pods | `[]` | |
| 38 | +| `daemon.log.level` | Log level that kruise-daemon printed | `4` | |
| 39 | +| `daemon.port` | Port of metrics and healthz that kruise-daemon served | `10221` | |
| 40 | +| `daemon.pprofAddr` | Address of pprof served | `localhost:10222` | |
| 41 | +| `daemon.resources.limits.cpu` | CPU resource limit of kruise-daemon container | `50m` | |
| 42 | +| `daemon.resources.limits.memory` | Memory resource limit of kruise-daemon container | `128Mi` | |
| 43 | +| `daemon.resources.requests.cpu` | CPU resource request of kruise-daemon container | `0` | |
| 44 | +| `daemon.resources.requests.memory` | Memory resource request of kruise-daemon container | `0` | |
| 45 | +| `daemon.affinity` | Affinity policy for kruise-daemon pod | `{}` | |
| 46 | +| `daemon.socketLocation` | Location of the container manager control socket | `/var/run` | |
| 47 | +| `daemon.socketFile` | Specify the socket file name in `socketLocation` (if you are not using containerd/docker/pouch/cri-o) | ` ` | |
| 48 | +| `daemon.credentialProvider.enable` | Whether to enable credential provider for image pull job | `false` | |
| 49 | +| `daemon.credentialProvider.hostPath` | credential provider plugin node dir, will volume mount into kruise-daemon | `credential-provider-plugin` | |
| 50 | +| `daemon.credentialProvider.configmap` | credential provider yaml configmap name in kruise-system ns | `credential-provider-config` | |
| 51 | + |
| 52 | +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, |
| 53 | + |
| 54 | +### Optional: feature-gate |
| 55 | + |
| 56 | +Feature-gate controls some influential features in Kruise: |
| 57 | + |
| 58 | +| Name | Description | Default | Effect (if closed) | |
| 59 | +|---------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| ------- |-------------------------------------------------------------------------------------------------------------------| |
| 60 | +| `PodWebhook` | Whether to open a webhook for Pod **create** | `true` | SidecarSet/KruisePodReadinessGate disabled | |
| 61 | +| `KruiseDaemon` | Whether to deploy `kruise-daemon` DaemonSet | `true` | ImagePulling/ContainerRecreateRequest disabled | |
| 62 | +| `DaemonWatchingPod` | Should each `kruise-daemon` watch pods on the same node | `true` | For in-place update with same imageID or env from labels/annotations | |
| 63 | +| `CloneSetShortHash` | Enables CloneSet controller only set revision hash name to pod label | `false` | CloneSet name can not be longer than 54 characters | |
| 64 | +| `KruisePodReadinessGate` | Enables Kruise webhook to inject 'KruisePodReady' readiness-gate to all Pods during creation | `false` | The readiness-gate will only be injected to Pods created by Kruise workloads | |
| 65 | +| `PreDownloadImageForInPlaceUpdate` | Enables CloneSet controller to create ImagePullJobs to pre-download images for in-place update | `true` | No image pre-download for in-place update | |
| 66 | +| `CloneSetPartitionRollback` | Enables CloneSet controller to rollback Pods to currentRevision when number of updateRevision pods is bigger than (replicas - partition) | `false` | CloneSet will only update Pods to updateRevision | |
| 67 | +| `ResourcesDeletionProtection` | Enables protection for resources deletion | `true` | No protection for resources deletion | |
| 68 | +| `TemplateNoDefaults` | Whether to disable defaults injection for pod/pvc template in workloads | `false` | Should not close this feature if it has open | |
| 69 | +| `PodUnavailableBudgetDeleteGate` | Enables PodUnavailableBudget for pod deletion, eviction | `true` | No protection for pod deletion, eviction | |
| 70 | +| `PodUnavailableBudgetUpdateGate` | Enables PodUnavailableBudget for pod.Spec update | `false` | No protection for in-place update | |
| 71 | +| `WorkloadSpread` | Enables WorkloadSpread to manage multi-domain and elastic deploy | `true` | WorkloadSpread disabled | |
| 72 | +| `InPlaceUpdateEnvFromMetadata` | Enables Kruise to in-place update a container in Pod when its env from labels/annotations changed and pod is in-place updating | `true` | Only container image can be in-place update | |
| 73 | +| `StatefulSetAutoDeletePVC` | Enables policies controlling deletion of PVCs created by a StatefulSet | `true` | No deletion of PVCs by StatefulSet | |
| 74 | +| `PreDownloadImageForDaemonSetUpdate` | Enables DaemonSet controller to create ImagePullJobs to pre-download images for in-place update | `false` | No image pre-download for in-place update | |
| 75 | +| `PodProbeMarkerGate` | Whether to turn on PodProbeMarker ability | `true` | PodProbeMarker disabled | |
| 76 | +| `SidecarSetPatchPodMetadataDefaultsAllowed` | Allow SidecarSet patch any annotations to Pod Object | `false` | Annotations are not allowed to patch randomly and need to be configured via SidecarSet_PatchPodMetadata_WhiteList | |
| 77 | +| `SidecarTerminator` | SidecarTerminator enables SidecarTerminator to stop sidecar containers when all main containers exited | `false` | SidecarTerminator disabled | |
| 78 | +| `CloneSetEventHandlerOptimization` | CloneSetEventHandlerOptimization enable optimization for cloneset-controller to reduce the queuing frequency cased by pod update | `false` | optimization for cloneset-controller to reduce the queuing frequency cased by pod update disabled | |
| 79 | +| `PreparingUpdateAsUpdate` | PreparingUpdateAsUpdate enable CloneSet/Advanced StatefulSet controller to regard preparing-update Pod as updated when calculating update/current revision during scaling. | `false` | Pods at preparing update state will be regarded as current revision instead of update revision | |
| 80 | +| `ImagePullJobGate` | ImagePullJobGate enable imagepulljob-controller execute ImagePullJob | `false` | ImagePullJob and PreDownloadImageForInPlaceUpdate are disabled | |
| 81 | +| `ResourceDistributionGate` | ResourceDistributionGate enable resourcedistribution-controller execute ResourceDistribution. | `false` | ResourceDistribution disabled | |
| 82 | +| `DeletionProtectionForCRDCascadingGate` | DeletionProtectionForCRDCascadingGate enable deletionProtection for crd Cascading | `false` | CustomResourceDefinition deletion protection disabled | |
| 83 | + |
| 84 | +If you want to configure the feature-gate, just set the parameter when install or upgrade. Such as: |
| 85 | + |
| 86 | +```bash |
| 87 | +$ helm install kruise https://... --set featureGates="ResourcesDeletionProtection=true\,PreDownloadImageForInPlaceUpdate=true" |
| 88 | +... |
| 89 | +``` |
| 90 | + |
| 91 | +If you want to enable all feature-gates, set the parameter as `featureGates=AllAlpha=true`. |
| 92 | + |
| 93 | +### Optional: the local image for China |
| 94 | + |
| 95 | +If you are in China and have problem to pull image from official DockerHub, you can use the registry hosted on Alibaba Cloud: |
| 96 | + |
| 97 | +```bash |
| 98 | +$ helm install kruise https://... --set manager.image.repository=openkruise-registry.cn-hangzhou.cr.aliyuncs.com/openkruise/kruise-manager |
| 99 | +... |
| 100 | +``` |
0 commit comments