0.0.0.0
or ::
for listening on all interfaces and IP address families) (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)*
). Use these at your own risk. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)system:anonymous
, and a group name of system:unauthenticated
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)TokenReview
API to determine authentication for bearer tokens. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)2m0s
--config
flag. See kubelet-config-file for more information.)AlwaysAllow
AlwaysAllow
" or "Webhook
". Webhook mode uses the SubjectAccessReview
API to determine authorization. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)5m0s
--config
flag. See kubelet-config-file for more information.)30s
--config
flag. See kubelet-config-file for more information.)--kubeconfig
does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig
. The client certificate and key file will be stored in the directory pointed by --cert-dir
./var/lib/kubelet/pki
--tls-cert-file
and --tls-private-key-file
are provided, this flag will be ignored.cgroupfs
cgroupfs
", "systemd
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)''
--config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)CommonName
of the client certificate. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)dnsPolicy: ClusterFirst
".Note: all DNS servers appearing in the list MUST serve the same set of records otherwise name resolution within the cluster may not work correctly. There is no guarantee as to which DNS server may be contacted for name resolution. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's
--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)Note: Set the '
KUBELET_CONFIG_DROPIN_DIR_ALPHA
' environment variable to specify the directory.--config
flag. See kubelet-config-file for more information.)10Mi
10Mi
) of container log file before it is rotated. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)"unix:///run/containerd/containerd.sock"
'unix:///path/to/runtime.sock'
, 'npipe:////./pipe/runtime'
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)100ms
cpu.cfs_period_us
, defaults to Linux Kernel default. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)none
none
", "static
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)10s
10s
", or "1m
". If not supplied, defaults to node status update frequency. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)pods
none
", "pods
", "system-reserved
", and "kube-reserved
". If the latter two options are specified, --system-reserved-cgroup
and --kube-reserved-cgroup
must also be set, respectively. If "none
" is specified, no additional options should be set. See official documentation for more details. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--event-qps
. The number must be >= 0. If 0 will use default burst (100). (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)imagefs.available<15%,memory.available<100Mi,nodefs.available<10%
memory.available<1Gi
") that if met would trigger a pod eviction. On a Linux node, the default value also includes "nodefs.inodesFree<5%
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)imagefs.available=2Gi
") that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)5m0s
--config
flag. See kubelet-config-file for more information.)memory.available<1.5Gi
") that if met over a corresponding grace period would trigger a pod eviction. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)memory.available=1m30s
") that correspond to how long a soft eviction threshold must hold before triggering a pod eviction. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)false
true
, hard eviction thresholds will be ignored while calculating node allocatable. See here for more details. (DEPRECATED: will be removed in 1.25 or later)mount
mount
. (DEPRECATED: will be removed in 1.24 or later, in favor of using CSI.)true
--config
flag. See kubelet-config-file for more information.)key=value
pairs that describe feature gates for alpha/experimental features. Options are:APIResponseCompression=true|false (BETA - default=true)
APIServerIdentity=true|false (BETA - default=true)
APIServerTracing=true|false (BETA - default=true)
AdmissionWebhookMatchConditions=true|false (BETA - default=true)
AggregatedDiscoveryEndpoint=true|false (BETA - default=true)
AllAlpha=true|false (ALPHA - default=false)
AllBeta=true|false (BETA - default=false)
AnyVolumeDataSource=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
CPUManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
CPUManagerPolicyBetaOptions=true|false (BETA - default=true)
CPUManagerPolicyOptions=true|false (BETA - default=true)
CRDValidationRatcheting=true|false (ALPHA - default=false)
CSIMigrationPortworx=true|false (BETA - default=false)
CSIVolumeHealth=true|false (ALPHA - default=false)
CloudControllerManagerWebhook=true|false (ALPHA - default=false)
CloudDualStackNodeIPs=true|false (BETA - default=true)
ClusterTrustBundle=true|false (ALPHA - default=false)
ClusterTrustBundleProjection=true|false (ALPHA - default=false)
ComponentSLIs=true|false (BETA - default=true)
ConsistentListFromCache=true|false (ALPHA - default=false)
ContainerCheckpoint=true|false (ALPHA - default=false)
ContextualLogging=true|false (ALPHA - default=false)
CronJobsScheduledAnnotation=true|false (BETA - default=true)
CrossNamespaceVolumeDataSource=true|false (ALPHA - default=false)
CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
DevicePluginCDIDevices=true|false (BETA - default=true)
DisableCloudProviders=true|false (BETA - default=true)
DisableKubeletCloudCredentialProviders=true|false (BETA - default=true)
DisableNodeKubeProxyVersion=true|false (ALPHA - default=false)
DynamicResourceAllocation=true|false (ALPHA - default=false)
ElasticIndexedJob=true|false (BETA - default=true)
EventedPLEG=true|false (BETA - default=false)
GracefulNodeShutdown=true|false (BETA - default=true)
GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - default=true)
HPAContainerMetrics=true|false (BETA - default=true)
HPAScaleToZero=true|false (ALPHA - default=false)
HonorPVReclaimPolicy=true|false (ALPHA - default=false)
ImageMaximumGCAge=true|false (ALPHA - default=false)
InPlacePodVerticalScaling=true|false (ALPHA - default=false)
InTreePluginAWSUnregister=true|false (ALPHA - default=false)
InTreePluginAzureDiskUnregister=true|false (ALPHA - default=false)
InTreePluginAzureFileUnregister=true|false (ALPHA - default=false)
InTreePluginGCEUnregister=true|false (ALPHA - default=false)
InTreePluginOpenStackUnregister=true|false (ALPHA - default=false)
InTreePluginPortworxUnregister=true|false (ALPHA - default=false)
InTreePluginvSphereUnregister=true|false (ALPHA - default=false)
JobBackoffLimitPerIndex=true|false (BETA - default=true)
JobPodFailurePolicy=true|false (BETA - default=true)
JobPodReplacementPolicy=true|false (BETA - default=true)
KubeProxyDrainingTerminatingNodes=true|false (ALPHA - default=false)
KubeletCgroupDriverFromCRI=true|false (ALPHA - default=false)
KubeletInUserNamespace=true|false (ALPHA - default=false)
KubeletPodResourcesDynamicResources=true|false (ALPHA - default=false)
KubeletPodResourcesGet=true|false (ALPHA - default=false)
KubeletSeparateDiskGC=true|false (ALPHA - default=false)
KubeletTracing=true|false (BETA - default=true)
LegacyServiceAccountTokenCleanUp=true|false (BETA - default=true)
LoadBalancerIPMode=true|false (ALPHA - default=false)
LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - default=false)
LogarithmicScaleDown=true|false (BETA - default=true)
LoggingAlphaOptions=true|false (ALPHA - default=false)
LoggingBetaOptions=true|false (BETA - default=true)
MatchLabelKeysInPodAffinity=true|false (ALPHA - default=false)
MatchLabelKeysInPodTopologySpread=true|false (BETA - default=true)
MaxUnavailableStatefulSet=true|false (ALPHA - default=false)
MemoryManager=true|false (BETA - default=true)
MemoryQoS=true|false (ALPHA - default=false)
MinDomainsInPodTopologySpread=true|false (BETA - default=true)
MultiCIDRServiceAllocator=true|false (ALPHA - default=false)
NFTablesProxyMode=true|false (ALPHA - default=false)
NewVolumeManagerReconstruction=true|false (BETA - default=true)
NodeInclusionPolicyInPodTopologySpread=true|false (BETA - default=true)
NodeLogQuery=true|false (ALPHA - default=false)
NodeSwap=true|false (BETA - default=false)
OpenAPIEnums=true|false (BETA - default=true)
PDBUnhealthyPodEvictionPolicy=true|false (BETA - default=true)
PersistentVolumeLastPhaseTransitionTime=true|false (BETA - default=true)
PodAndContainerStatsFromCRI=true|false (ALPHA - default=false)
PodDeletionCost=true|false (BETA - default=true)
PodDisruptionConditions=true|false (BETA - default=true)
PodHostIPs=true|false (BETA - default=true)
PodIndexLabel=true|false (BETA - default=true)
PodLifecycleSleepAction=true|false (ALPHA - default=false)
PodReadyToStartContainersCondition=true|false (BETA - default=true)
PodSchedulingReadiness=true|false (BETA - default=true)
ProcMountType=true|false (ALPHA - default=false)
QOSReserved=true|false (ALPHA - default=false)
RecoverVolumeExpansionFailure=true|false (ALPHA - default=false)
RotateKubeletServerCertificate=true|false (BETA - default=true)
RuntimeClassInImageCriApi=true|false (ALPHA - default=false)
SELinuxMountReadWriteOncePod=true|false (BETA - default=true)
SchedulerQueueingHints=true|false (BETA - default=false)
SecurityContextDeny=true|false (ALPHA - default=false)
SeparateTaintEvictionController=true|false (BETA - default=true)
ServiceAccountTokenJTI=true|false (ALPHA - default=false)
ServiceAccountTokenNodeBinding=true|false (ALPHA - default=false)
ServiceAccountTokenNodeBindingValidation=true|false (ALPHA - default=false)
ServiceAccountTokenPodNodeInfo=true|false (ALPHA - default=false)
SidecarContainers=true|false (BETA - default=true)
SizeMemoryBackedVolumes=true|false (BETA - default=true)
StableLoadBalancerNodeSet=true|false (BETA - default=true)
StatefulSetAutoDeletePVC=true|false (BETA - default=true)
StatefulSetStartOrdinal=true|false (BETA - default=true)
StorageVersionAPI=true|false (ALPHA - default=false)
StorageVersionHash=true|false (BETA - default=true)
StructuredAuthenticationConfiguration=true|false (ALPHA - default=false)
StructuredAuthorizationConfiguration=true|false (ALPHA - default=false)
TopologyAwareHints=true|false (BETA - default=true)
TopologyManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
TopologyManagerPolicyBetaOptions=true|false (BETA - default=true)
TopologyManagerPolicyOptions=true|false (BETA - default=true)
TranslateStreamCloseWebsocketRequests=true|false (ALPHA - default=false)
UnauthenticatedHTTP2DOSMitigation=true|false (BETA - default=true)
UnknownVersionInteroperabilityProxy=true|false (ALPHA - default=false)
UserNamespacesPodSecurityStandards=true|false (ALPHA - default=false)
UserNamespacesSupport=true|false (ALPHA - default=false)
ValidatingAdmissionPolicy=true|false (BETA - default=false)
VolumeAttributesClass=true|false (ALPHA - default=false)
VolumeCapacityPriority=true|false (ALPHA - default=false)
WatchList=true|false (ALPHA - default=false)
WinDSR=true|false (ALPHA - default=false)
WinOverlay=true|false (BETA - default=true)
WindowsHostNetwork=true|false (ALPHA - default=true)
ZeroLimitedNominalConcurrencyShares=true|false (BETA - default=false)
(DEPRECATED: This parameter should be set via the config file specified by the kubelet's
--config
flag. See kubelet-config-file for more information.)20s
--config
flag. See kubelet-config-file for more information.)promiscuous-bridge
promiscuous-bridge
", "hairpin-veth
" and "none
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)127.0.0.1
0.0.0.0
" or "::
" for listening in all interfaces and IP families). (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)0
to disable). (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--cloud-provider
is set, the cloud provider determines the name of the node (consult cloud provider documentation to determine if and how the hostname is used).20s
--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--image-gc-high-threshold
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--container-runtime-endpoint
by default. UNIX domain socket are supported on Linux, while `npipe` and `tcp` endpoints are supported on Windows. Examples: unix:///path/to/runtime.sock
, npipe:////./pipe/runtime
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)application/vnd.kubernetes.protobuf
--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)<resource name>=<resource quantity>
(e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'
") pairs that describe resources reserved for kubernetes system components. Currently cpu
, memory
and local ephemeral-storage
for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)''
--kube-reserved
flag. Ex. "/kube-reserved
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--kubeconfig
enables API server mode, omitting --kubeconfig
enables standalone mode.--config
flag. See kubelet-config-file for more information.)true
--config
flag. See kubelet-config-file for more information.)5s
'0'
LoggingAlphaOptions
feature gate to use this. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)LoggingAlphaOptions
feature gate to use this. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)text
json
" (gated by LoggingBetaOptions
, "text
"). (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)true
iptables
utility rules are present on host. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--manifest-url
. Multiple headers with the same name will be added in the same order provided. This flag can be repeatedly invoked. For example: --manifest-url-header 'a:hello,b:again,c:world' --manifest-url-header 'b:beautiful'
(DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--eviction-hard
or --eviction-soft
instead. Will be removed in a future version.)--eviction-hard
or --eviction-soft
instead. Will be removed in a future version.)None
None
", "Static
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)300ms
", "10s
" or "2h45m
". (DEPRECATED: Use --eviction-hard
or --eviction-soft
instead. Will be removed in a future version.)2m0s
300ms
", "10s
" or "2h45m
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)::
" to make it prefer the default IPv6 address rather than the default IPv4 address.key=value
pairs separated by ','
. Labels in the 'kubernetes.io'
namespace must begin with an allowed prefix ('kubelet.kubernetes.io'
, 'node.kubernetes.io'
) or be in the specifically allowed set ('beta.kubernetes.io/arch'
, 'beta.kubernetes.io/instance-type'
, 'beta.kubernetes.io/os'
, 'failure-domain.beta.kubernetes.io/region'
, 'failure-domain.beta.kubernetes.io/zone'
, 'kubernetes.io/arch'
, 'kubernetes.io/hostname'
, 'kubernetes.io/os'
, 'node.kubernetes.io/instance-type'
, 'topology.kubernetes.io/region'
, 'topology.kubernetes.io/zone'
)node.status.images
. If -1
is specified, no cap will be applied. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)10s
nodeMonitorGracePeriod
in Node controller. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)oom-score-adj
value for kubelet process. Values must be within the range [-1000, 1000]. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)registry.k8s.io/pause:3.9
--config
flag. See kubelet-config-file for more information.)-1
, the kubelet defaults to the node allocatable PID capacity. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--max-pods
, so --max-pods
will be used if this calculation results in a larger number of pods allowed on the kubelet. A value of 0
disables this limit. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)<resource name>=<percentage>
(e.g. "memory=50%
") pairs that describe how pod resource requests are reserved at the QoS level. Currently only memory
is supported. Requires the QOSReserved
feature gate to be enabled. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)0
to disable). (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)true
--kubeconfig
is not provided, this flag is irrelevant, as the kubelet won't have an API server to register with. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)true
--register-node
is false
. (DEPRECATED: will be removed in a future version)<key>=<value>:<effect>
). No-op if --register-node
is false
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--registry-qps
. Only used if --registry-qps
is greater than 0. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)0
, unlimited. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--system-reserved
and --kube-reserved
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--reserved-memory 0:memory=1Gi,hugepages-1M=2Gi --reserved-memory 1:memory=2Gi
"). The total sum for each memory type should be equal to the sum of --kube-reserved
, --system-reserved
and --eviction-threshold
. See here for more details. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)/etc/resolv.conf
--config
flag. See kubelet-config-file for more information.)/var/lib/kubelet
kube-apiserver
when the certificate expiration approaches. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)kube-apiserver
when the certificate expiration approaches. Requires the RotateKubeletServerCertificate
feature gate to be enabled, and approval of the submitted CertificateSigningRequest
objects. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)true
, exit after spawning pods from local manifests or remote urls. Exclusive with --enable-server
(DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)2m0s
pull
, logs
, exec
and attach
. When timeout exceeded, kubelet will cancel the request, throw out an error and retry later. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)RuntimeDefault
as the default seccomp profile for all workloads.true
aufs
storage backend. Issue #10959 has more details. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)4h0m0s
0
indicates no timeout. Example: 5m
. Note: All connections to the kubelet server have a maximum duration of 4 hours. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)1m0s
--config
flag. See kubelet-config-file for more information.)'/'
. Empty for no container. Rolling back the flag requires a reboot. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)<resource name>=<resource quantity>
(e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'
") pairs that describe resources reserved for non-kubernetes components. Currently only cpu
and memory
and local ephemeral storage for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)''
--system-reserved
flag. Ex. /system-reserved
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--tls-cert-file
and --tls-private-key-file
are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)Preferred values:
TLS_AES_128_GCM_SHA256
, TLS_AES_256_GCM_SHA384
, TLS_CHACHA20_POLY1305_SHA256
, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
, TLS_RSA_WITH_AES_128_CBC_SHA
, TLS_RSA_WITH_AES_128_GCM_SHA256
, TLS_RSA_WITH_AES_256_CBC_SHA
, TLS_RSA_WITH_AES_256_GCM_SHA384
Insecure values:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
, TLS_ECDHE_RSA_WITH_RC4_128_SHA
, TLS_RSA_WITH_3DES_EDE_CBC_SHA
, TLS_RSA_WITH_AES_128_CBC_SHA256
, TLS_RSA_WITH_RC4_128_SHA
.(DEPRECATED: This parameter should be set via the config file specified by the kubelet's
--config
flag. See kubelet-config-file for more information.)VersionTLS10
", "VersionTLS11
", "VersionTLS12
", "VersionTLS13
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--tls-cert-file
. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)'none'
none
", "best-effort
", "restricted
", "single-numa-node
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--config
flag. See kubelet-config-file for more information.)container
container
", "pod
". (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config
flag. See kubelet-config-file for more information.)--version=vX.Y.Z...
sets the reported version.pattern=N
settings for file-filtered logging (only works for text log format)./usr/libexec/kubernetes/kubelet-plugins/volume/exec/
--config
flag. See kubelet-config-file for more information.)1m0s
--config
flag. See kubelet-config-file for more information.)