1. kubelet配置文件

1.1 启动参数

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

比如ack配置：

[root@iZj6c9xktnoxcwok6asqa9Z kubelet.service.d]# cat 10-kubeadm.conf
[Service]
EnvironmentFile=-/etc/kubernetes/kubelet-customized-args.conf
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_SYSTEM_PODS_ARGS=--max-pods 23 --pod-max-pids 16384 --pod-manifest-path=/etc/kubernetes/manifests"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --dynamic-config-dir=/etc/kubernetes/kubelet-config --v=3"
Environment="KUBELET_DNS_ARGS=--enable-controller-attach-detach=true --cluster-dns=192.168.0.10         --pod-infra-container-image=registry-vpc.cn-hongkong.aliyuncs.com/acs/pause:3.2
--enable-load-reader --cluster-domain=demo.local --cloud-provider=external         --hostname-override=cn-hongkong.172.31.34.242 --provider-id=cn-hongkong.i-j6c9xktnoxcwok6asqa9"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --authentication-token-webhook=true --anonymous-auth=false --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
Environment="KUBELET_CERTIFICATE_ARGS=--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_R
SA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 --tls-cert-file=/v
ar/lib/kubelet/pki/kubelet.crt --tls-private-key-file=/var/lib/kubelet/pki/kubelet.key --rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $
KUBELET_EXTRA_ARGS $KUBELET_CUSTOMIZED_ARGS

[root@iZj6c9xktnoxcwok6asqa9Z kubelet.service.d]# cat 10-kubeadm.conf
[Service]
EnvironmentFile=-/etc/kubernetes/kubelet-customized-args.conf
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_SYSTEM_PODS_ARGS=--max-pods 23 --pod-max-pids 16384 --pod-manifest-path=/etc/kubernetes/manifests"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --dynamic-config-dir=/etc/kubernetes/kubelet-config --v=3"
Environment="KUBELET_DNS_ARGS=--enable-controller-attach-detach=true --cluster-dns=192.168.0.10         --pod-infra-container-image=registry-vpc.cn-hongkong.aliyuncs.com/acs/pause:3.2
--enable-load-reader --cluster-domain=demo.local --cloud-provider=external         --hostname-override=cn-hongkong.172.31.34.242 --provider-id=cn-hongkong.i-j6c9xktnoxcwok6asqa9"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --authentication-token-webhook=true --anonymous-auth=false --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
Environment="KUBELET_CERTIFICATE_ARGS=--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_R
SA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 --tls-cert-file=/v
ar/lib/kubelet/pki/kubelet.crt --tls-private-key-file=/var/lib/kubelet/pki/kubelet.key --rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $
KUBELET_EXTRA_ARGS $KUBELET_CUSTOMIZED_ARGS

1.2 生成config.yaml

具体config.yaml配置文件，结构可参考官方文档

https://kubernetes.io/zh/docs/reference/config-api/kubelet-config.v1beta1/

https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/

https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/

1.3 查看默认

https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/

• 启动代理

#在终端中使用 kubectl proxy 启动代理服务器
kubectl proxy


curl -X GET http://127.0.0.1:8001/api/v1/nodes/<node-name>/proxy/configz | jq .

或者，进入容器进行操作
curl -sk https://kubernetes.default.svc/api/v1/nodes/<node-name>/proxy/configz | jq -r

#在终端中使用 kubectl proxy 启动代理服务器
kubectl proxy


curl -X GET http://127.0.0.1:8001/api/v1/nodes/<node-name>/proxy/configz | jq .

或者，进入容器进行操作
curl -sk https://kubernetes.default.svc/api/v1/nodes/<node-name>/proxy/configz | jq -r

1.4 ConfigMap集中管理kubelet

https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/kubelet-integration/

#生成默认
kubeadm config print init-defaults --component-configs

#生成默认
kubeadm config print init-defaults --component-configs

2. kube-proxy配置文件

https://github.com/kubernetes/kube-proxy

https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration

https://kubernetes.io/zh/docs/reference/config-api/kube-proxy-config.v1alpha1/