Kubernetes (kubeadm) Add-On

Kubernetes is installed using kubeadm, the cluster management tool built by the core Kubernetes team and owned by sig-cluster-lifecycle. kubeadm brings up the Kubernetes control plane before other add-ons are applied.

Host Package Requirements

The following host packages are required for Red Hat Enterprise Linux 9 and Rocky Linux 9:

  • conntrack-tools
  • ethtool
  • glibc
  • iproute
  • iptables-nft
  • socat
  • util-linux

Advanced Install Options

Flag Usage
version The version of kubernetes to be installed.
serviceCIDR Customize the range of virtual IPs assigned to services.
serviceCidrRange The size of the CIDR for Kubernetes (can be presented as just a number or with a preceding slash).
bootstrapToken Authentication token used by kubernetes when adding nodes. The default is an auto-generated token.
bootstrapTokenTTL TTL of the bootstrap-token. The default is 24 hours.
certKey A secret needed for new primary nodes to join an existing cluster (read-only).
controlPlane Used during a join script to indicate that the node will be an additional primary (read-only).
containerLogMaxSize A quantity defining the maximum size of the container log file before it is rotated. For example: "5Mi" or "256Ki". This does not work with Docker. For Docker, check out https://docs.docker.com/config/containers/logging/json-file.
containerLogMaxFiles Specifies the maximum number of container log files that can be present for a container. This does not work with Docker. For Docker, check out https://docs.docker.com/config/containers/logging/json-file.
kubeadmToken Generated during the install script, used for nodes joining (read-only).
kubeadmTokenCAHash Generated during the install script, used for nodes joining (read-only).
loadBalancerAddress Used for High Availability installs, indicates the address of the external load balancer.
masterAddress The address of the internal Kubernetes API server, used during join scripts (read-only).
HACluster Create the cluster as a high availability cluster (note that this needs a valid load balancer address and additional nodes to be a truly HA cluster.
cisCompliance Indicates if this install should meet all CIS compliance requirements. See CIS compliance.
kubeReserved Reserved CPU, memory and disk for kubernetes.
evictionThresholdResources Provided as evictionHard to kubelet configuration as described in the kubelet configuration section of the Kubernetes documentation.
systemReservedResources Provided as systemReserved to kubelet configuration as described in the kubelet configuration section of the Kubernetes documentation.
clusterName The name of the Kubernetes cluster (default "kubernetes").

Kube Reserved

CPU, memory, and disk resources are reserved for Kubernetes system daemons when the kubeReserved flag is set to true.

Allocatable resources are calculated using the following equation:
ALLOCATABLE = CAPACITY - RESERVED - EVICTION-THRESHOLD

For memory resources, kURL reserves the following:

  • 255 MiB of memory for machines with less than 1 GiB of memory
  • 25% of the first 4 GiB of memory
  • 20% of the next 4 GiB of memory (up to 8 GiB)
  • 10% of the next 8 GiB of memory (up to 16 GiB)
  • 6% of the next 112 GiB of memory (up to 128 GiB)
  • 2% of any memory above 128 GiB

For CPU resources, kURL reserves the following:

  • 6% of the first core
  • 1% of the next core (up to 2 cores)
  • 0.5% of the next 2 cores (up to 4 cores)
  • 0.25% of any cores above 4 cores

For ephemeral storage, kURL reserves 1Gi.

kURL uses the CPU and memory ranges from GKE cluster architecture.