apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "{{ networking.infra_internal.ip }}"
authentication:
  x509:
    clientCAFile: "/etc/openssl/ca.pem"
  webhook:
    enabled: true
  anonymous:
    enabled: false
authorization:
  mode: "AlwaysAllow"
cgroupsPerQOS: true
cgroupRoot: "/"
cgroupDriver: cgroupfs
clusterDNS:
- {{ caas.dns_svc_ip }}
clusterDomain: {{ caas.dns_domain }}
evictionHard:
  memory.available: "{{ caas_hard_eviction_threshold }}"
evictionMinimumReclaim:
  memory.available: "512Mi"
evictionSoft:
  memory.available: "{{ caas_soft_eviction_threshold }}"
evictionSoftGracePeriod:
  memory.available: "30s"
kubeReserved:
  cpu: "{{ kube_reserved_cpu }}"
rotateCertificates: true
runtimeRequestTimeout: 5m0s
staticPodPath: "/etc/kubernetes/manifests"
streamingConnectionIdleTimeout: 5m0s
systemReserved:
  cpu: "{{ system_reserved_cpu }}"
  memory: "{{ system_reserved_memory }}"
tlsCertFile: "/etc/kubernetes/ssl/kubelet-server.pem"
tlsPrivateKeyFile: "/etc/kubernetes/ssl/kubelet-server-key.pem"