From 1b89d6b1e921d9f20918b56e964e46b883a1752f Mon Sep 17 00:00:00 2001 From: Neeraj Krishna Gopalakrishna Date: Fri, 16 Jan 2026 11:11:33 +0530 Subject: [PATCH] Clarified API behavior for KubeletConfig API doc and adds tests --- .../KubeletConfigSpec.yaml | 288 ++++++++++++++++++ machineconfiguration/v1/types.go | 34 ++- ..._machine-config_01_kubeletconfigs.crd.yaml | 37 ++- .../AAA_ungated.yaml | 37 ++- .../v1/zz_generated.swagger_doc_generated.go | 10 +- ..._machine-config_01_kubeletconfigs.crd.yaml | 37 ++- 6 files changed, 402 insertions(+), 41 deletions(-) create mode 100644 machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/KubeletConfigSpec.yaml diff --git a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/KubeletConfigSpec.yaml b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/KubeletConfigSpec.yaml new file mode 100644 index 00000000000..243f1ae9bc4 --- /dev/null +++ b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/KubeletConfigSpec.yaml @@ -0,0 +1,288 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "KubeletConfig" +crdName: kubeletconfigs.machineconfiguration.openshift.io +tests: + onCreate: + # AutoSizingReserved tests + - name: Should be able to set autoSizingReserved to true + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: true + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: true + - name: Should be able to set autoSizingReserved to false + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: false + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: false + - name: Should be able to omit autoSizingReserved + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + + # LogLevel tests + - name: Should be able to set logLevel to 4 + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 4 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 4 + - name: Should be able to omit logLevel + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + - name: Should be able to set logLevel to 0 + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 0 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 0 + - name: Should be able to set logLevel to 10 + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 10 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 10 + - name: Should reject logLevel less than 0 + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: -1 + expectedError: "Invalid value" + - name: Should reject logLevel greater than 10 + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 11 + expectedError: "Invalid value" + + # MachineConfigPoolSelector tests + - name: Should be able to set machineConfigPoolSelector for worker pool + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/worker: "" + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/worker: "" + - name: Should be able to set machineConfigPoolSelector for master pool + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/master: "" + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/master: "" + - name: Should be able to omit machineConfigPoolSelector + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + + # KubeletConfig tests + - name: Should be able to set kubeletConfig with maxPods + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + kubeletConfig: + maxPods: 250 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + kubeletConfig: + maxPods: 250 + - name: Should be able to omit kubeletConfig + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + + # TLSSecurityProfile tests + - name: Should be able to set tlsSecurityProfile to Old + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Old + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Old + - name: Should be able to set tlsSecurityProfile to Intermediate + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Intermediate + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Intermediate + - name: Should reject tlsSecurityProfile with Modern type + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Modern + expectedError: "only Old and Intermediate TLS profiles are supported for kubelet" + - name: Should reject tlsSecurityProfile with Custom type + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: VersionTLS12 + expectedError: "only Old and Intermediate TLS profiles are supported for kubelet" + - name: Should reject tlsSecurityProfile without type field + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + custom: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: VersionTLS12 + expectedError: "only Old and Intermediate TLS profiles are supported for kubelet" + - name: Should be able to omit tlsSecurityProfile + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + + # Combined fields tests + - name: Should be able to set multiple fields together + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: true + logLevel: 2 + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/worker: "" + kubeletConfig: + maxPods: 250 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: true + logLevel: 2 + machineConfigPoolSelector: + matchLabels: + pools.operator.machineconfiguration.openshift.io/worker: "" + kubeletConfig: + maxPods: 250 + + onUpdate: + # AutoSizingReserved update tests + - name: Should be able to update autoSizingReserved from true to false + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: true + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: false + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + autoSizingReserved: false + + # LogLevel update tests + - name: Should be able to remove logLevel + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + logLevel: 2 + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: {} \ No newline at end of file diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index 6673adeb1b2..4b97d42901b 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -737,27 +737,41 @@ type KubeletConfig struct { Status KubeletConfigStatus `json:"status"` } -// KubeletConfigSpec defines the desired state of KubeletConfig +// KubeletConfigSpec configures the kubelet running on cluster nodes. type KubeletConfigSpec struct { + // autoSizingReserved controls whether system-reserved CPU and memory are automatically + // calculated based on each node's installed capacity. When enabled, prevents node failure + // from resource starvation of system components (kubelet, CRI-O) without manual configuration. + // When unset, defaults to true for worker nodes and false for control plane nodes. + // Set to false to disable and use manual settings. // +optional AutoSizingReserved *bool `json:"autoSizingReserved,omitempty"` + // logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + // Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + // Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + // which is subject to change over time. The current default is 2 (standard informational logging). + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=10 // +optional LogLevel *int32 `json:"logLevel,omitempty"` - // machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - // A nil selector will result in no pools being selected. + // machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + // A nil selector results in no pools being selected, meaning this kubelet configuration + // will not be applied to any nodes in the cluster. // +optional MachineConfigPoolSelector *metav1.LabelSelector `json:"machineConfigPoolSelector,omitempty"` - // kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - // OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - // upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - // for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + // kubeletConfig contains upstream Kubernetes kubelet configuration fields. + // Values are validated by the kubelet itself. Invalid values may render nodes unusable. + // Refer to OpenShift documentation for the Kubernetes version corresponding to your + // OpenShift release to find valid kubelet configuration options. // +optional KubeletConfig *runtime.RawExtension `json:"kubeletConfig,omitempty"` - // If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - // Note that only Old and Intermediate profiles are currently supported, and - // the maximum available minTLSVersion is VersionTLS12. + // tlsSecurityProfile configures TLS settings for the kubelet. + // When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + // When specified, the type field is required and must be set to either "Old" or "Intermediate". + // Modern and Custom TLS profiles are not supported for kubelet; maximum minTLSVersion is VersionTLS12. + // +kubebuilder:validation:XValidation:rule="has(self.type) && (self.type == 'Old' || self.type == 'Intermediate')",message="only Old and Intermediate TLS profiles are supported for kubelet" // +optional TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml index 5d68283c596..834b79946b3 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml @@ -47,22 +47,36 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When enabled, prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When unset, defaults to true for worker nodes and false for control plane nodes. + Set to false to disable and use manual settings. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + A nil selector results in no pools being selected, meaning this kubelet configuration + will not be applied to any nodes in the cluster. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -109,9 +123,10 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field is required and must be set to either "Old" or "Intermediate". + Modern and Custom TLS profiles are not supported for kubelet; maximum minTLSVersion is VersionTLS12. properties: custom: description: |- @@ -252,6 +267,10 @@ spec: - Custom type: string type: object + x-kubernetes-validations: + - message: only Old and Intermediate TLS profiles are supported for + kubelet + rule: has(self.type) && (self.type == 'Old' || self.type == 'Intermediate') type: object status: description: status contains observed information about the kubelet configuration. diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index 1c527d3c9f8..131770727f4 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -48,22 +48,36 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When enabled, prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When unset, defaults to true for worker nodes and false for control plane nodes. + Set to false to disable and use manual settings. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + A nil selector results in no pools being selected, meaning this kubelet configuration + will not be applied to any nodes in the cluster. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +124,10 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field is required and must be set to either "Old" or "Intermediate". + Modern and Custom TLS profiles are not supported for kubelet; maximum minTLSVersion is VersionTLS12. properties: custom: description: |- @@ -253,6 +268,10 @@ spec: - Custom type: string type: object + x-kubernetes-validations: + - message: only Old and Intermediate TLS profiles are supported for + kubelet + rule: has(self.type) && (self.type == 'Old' || self.type == 'Intermediate') type: object status: description: status contains observed information about the kubelet configuration. diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 650fc1709da..a163f6bd74b 100644 --- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -214,10 +214,12 @@ func (KubeletConfigList) SwaggerDoc() map[string]string { } var map_KubeletConfigSpec = map[string]string{ - "": "KubeletConfigSpec defines the desired state of KubeletConfig", - "machineConfigPoolSelector": "machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.", - "kubeletConfig": "kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.", - "tlsSecurityProfile": "If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.", + "": "KubeletConfigSpec configures the kubelet running on cluster nodes.", + "autoSizingReserved": "autoSizingReserved controls whether system-reserved CPU and memory are automatically calculated based on each node's installed capacity. When enabled, prevents node failure from resource starvation of system components (kubelet, CRI-O) without manual configuration. When unset, defaults to true for worker nodes and false for control plane nodes. Set to false to disable and use manual settings.", + "logLevel": "logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, which is subject to change over time. The current default is 2 (standard informational logging).", + "machineConfigPoolSelector": "machineConfigPoolSelector selects which pools the KubeletConfig should apply to. A nil selector results in no pools being selected, meaning this kubelet configuration will not be applied to any nodes in the cluster.", + "kubeletConfig": "kubeletConfig contains upstream Kubernetes kubelet configuration fields. Values are validated by the kubelet itself. Invalid values may render nodes unusable. Refer to OpenShift documentation for the Kubernetes version corresponding to your OpenShift release to find valid kubelet configuration options.", + "tlsSecurityProfile": "tlsSecurityProfile configures TLS settings for the kubelet. When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. When specified, the type field is required and must be set to either \"Old\" or \"Intermediate\". Modern and Custom TLS profiles are not supported for kubelet; maximum minTLSVersion is VersionTLS12.", } func (KubeletConfigSpec) SwaggerDoc() map[string]string { diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml index 5d68283c596..834b79946b3 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml @@ -47,22 +47,36 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When enabled, prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When unset, defaults to true for worker nodes and false for control plane nodes. + Set to false to disable and use manual settings. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + A nil selector results in no pools being selected, meaning this kubelet configuration + will not be applied to any nodes in the cluster. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -109,9 +123,10 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field is required and must be set to either "Old" or "Intermediate". + Modern and Custom TLS profiles are not supported for kubelet; maximum minTLSVersion is VersionTLS12. properties: custom: description: |- @@ -252,6 +267,10 @@ spec: - Custom type: string type: object + x-kubernetes-validations: + - message: only Old and Intermediate TLS profiles are supported for + kubelet + rule: has(self.type) && (self.type == 'Old' || self.type == 'Intermediate') type: object status: description: status contains observed information about the kubelet configuration.