Kubelet custom path monitoring

7/12/2018

I'm running kubernetes 1.8.5 and was wondering if there is a way to tell the Kubelet to monitor /var/lib/docker instead of / on the host.

-- Michael Koro
kubelet
kubernetes
ubuntu-16.04

1 Answer

7/13/2018

According to the Kubelet documentation page:

Other than from a PodSpec from the apiserver, there are three ways that a container manifest can be provided to the Kubelet.

  • File: Path passed as a flag on the command line. Files under this path will be monitored periodically for updates. The monitoring period is 20s by default and is configurable via a flag.

  • HTTP endpoint: HTTP endpoint passed as a parameter on the command line. This endpoint is checked every 20 seconds (also configurable with a flag).

  • HTTP server: The kubelet can also listen for HTTP and respond to a simple API (underspec’d currently) to submit a new manifest.

It is not quite clear what do you mean by "monitoring", so here is a list of all path-related command line arguments to the Kubelet binary:

--boot-id-file string Comma-separated list of files to check for boot-id. Use the first one that exists. (default "/proc/sys/kernel/random/boot_id")

--bootstrap-checkpoint-path string Path to the directory where the checkpoints are stored

--bootstrap-kubeconfig string Path to a kubeconfig file that will be used to get client certificate for kubelet. If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. The client certificate and key file will be stored in the directory pointed by --cert-dir.

--cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default /var/lib/kubelet/pki)

--cloud-config string The path to the cloud provider configuration file.

--cni-bin-dir string The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin

--cni-conf-dir string The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d

--container-hints string location of the container hints file (default /etc/cadvisor/container_hints.json)

--docker-tls-ca string path to trusted CA (default ca.pem)

--docker-tls-cert string path to client certificate (default cert.pem)

--docker-tls-key string path to private key (default key.pem)

--dynamic-config-dir string The Kubelet will use this directory for checkpointing downloaded configurations and tracking configuration health. The Kubelet will create this directory if it does not already exist. The path may be absolute or relative; relative paths start at the Kubelet's current working directory. Providing this flag enables dynamic Kubelet configuration. Presently, you must also enable the DynamicKubeletConfig feature gate to pass this flag.

--experimental-mounter-path string [Experimental] Path of mounter binary. Leave empty to use the default mount.

--init-config-dir string The Kubelet will look in this directory for the init configuration. The path may be absolute or relative; relative paths start at the Kubelet's current working directory. Omit this argument to use the built-in default configuration values. Presently, you must also enable the KubeletConfigFile feature gate to pass this flag.

--kubeconfig string Path to a kubeconfig file, specifying how to connect to the API server. (default /var/lib/kubelet/kubeconfig)

--lock-file string The path to file for kubelet to use as a lock file.

--log-dir string If non-empty, write log files in this directory

--pod-manifest-path string Path to the directory containing pod manifest files to run, or the path to a single pod manifest file. Files starting with dots will be ignored.

--resolv-conf string Resolver configuration file used as the basis for the container DNS resolution configuration. (default /etc/resolv.conf)

--rkt-path string Path of rkt binary. Leave empty to use the first rkt in $PATH.

--root-dir string Directory path for managing kubelet files (volume mounts,etc). (default /var/lib/kubelet)

--seccomp-profile-root string Directory path for seccomp profiles. (default /var/lib/kubelet/seccomp)

--tls-cert-file string File containing x509 Certificate used for serving HTTPS (with intermediate certs, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.

--tls-private-key-file string File containing x509 private key matching --tls-cert-file.

You can set the Kubelet configuration by providing a config file with the --config parameter during the Kubelet start.

To modify existing Kubelet parameters(CentOS example):

  1. Edit /usr/lib/systemd/syste/kubelet.service
  2. Restart the Kubelet:

    systemctl daemon-reload  
    systemctl restart kubelet
-- VAS
Source: StackOverflow