External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-18 11:40:10 -03:30
Code Issues Packages Projects Releases Wiki Activity

kubelet: conditionalize staticPodPath location (#12433)

Browse Source 
Add variable to set kubelet staticPodPath location.
It can be set to empty so that we can choose to disable it for some nodes.
STIG recommendation is to disable it.

Signed-off-by: Shaleen Bathla <shaleenbathla@gmail.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
This commit is contained in:
Shaleen Bathla
2025-08-18 19:21:11 +05:30
committed by GitHub
parent bae7278fa8
commit 082507cff2
3 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/node/defaults/main.yml
View File

@@ -188,6 +188,8 @@ conntrack_modules:
- nf_conntrack
- nf_conntrack_ipv4
# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md)
kubelet_static_pod_path: "{{ kube_manifest_dir }}"
## Enable distributed tracing for kubelet
kubelet_tracing: false

2
roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
View File

@@ -22,7 +22,7 @@ enforceNodeAllocatable:
- {{ item }}
{% endfor %}
{% endif %}
staticPodPath: {{ kube_manifest_dir }}
staticPodPath: "{{ kubelet_static_pod_path }}"
cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }}
containerLogMaxFiles: {{ kubelet_logfiles_max_nr }}
containerLogMaxSize: {{ kubelet_logfiles_max_size }}