Kubelet Configuration
The kubelet configuration is defined in the Shoot manifest under spec.kubernetes.kubelet and applies to all worker nodes in the cluster. Any change to this section triggers a rolling node restart.
spec:
kubernetes:
kubelet:
# example configuration
kubeReserved:
cpu: 80m
memory: 1Gi
pid: 20k
imageGCHighThresholdPercent: 50
imageGCLowThresholdPercent: 40
serializeImagePulls: false
cpuManagerPolicy: none
Resource Reservations
| Field | Type | Description |
|---|
kubeReserved.cpu | string | CPU reserved for Kubernetes system components (e.g. 80m) |
kubeReserved.memory | string | Memory reserved for Kubernetes system components (e.g. 1Gi) |
kubeReserved.pid | string | Process IDs reserved for Kubernetes system components (e.g. 20k) |
systemReserved.cpu | string | CPU reserved for the operating system |
systemReserved.memory | string | Memory reserved for the operating system |
systemReserved.pid | string | Process IDs reserved for the operating system |
Resource reservations reduce the capacity available to workloads on a node. The effective allocatable memory is: Node RAM − kubeReserved − systemReserved − evictionThreshold.
Eviction
| Field | Type | Description |
|---|
evictionHard | map | Thresholds below which pods are evicted immediately (e.g. memory.available: "100Mi") |
evictionSoft | map | Thresholds below which a grace period applies before eviction |
evictionSoftGracePeriod | map | Grace period per eviction signal (e.g. memory.available: "1m30s") |
evictionMinimumReclaim | map | Minimum amount to reclaim after an eviction event |
evictionPressureTransitionPeriod | duration | Time the node must wait before transitioning out of an eviction pressure condition |
Image Garbage Collection
| Field | Type | Default | Description |
|---|
imageGCHighThresholdPercent | integer | 50 | Disk usage percentage at which image garbage collection is triggered |
imageGCLowThresholdPercent | integer | 40 | Target disk usage after image garbage collection |
Image Pulls
| Field | Type | Default | Description |
|---|
serializeImagePulls | boolean | true | Pull images sequentially. Set to false to parallelize pulls — recommended for nodes running many pods |
CPU Management
| Field | Type | Default | Description |
|---|
cpuManagerPolicy | string | none | CPU manager policy: none (default CFS scheduling) or static (exclusive CPUs for pods with Guaranteed QoS and integer CPU requests). Validated since PSKE 1.35. |
Log Rotation
| Field | Type | Default | Description |
|---|
containerLogMaxSize | string | 100Mi | Maximum size of a container log file before rotation |
containerLogMaxFiles | integer | 5 | Maximum number of rotated log files per container |
Miscellaneous
| Field | Type | Default | Description |
|---|
failSwapOn | boolean | true | Kubelet will not start if swap is enabled on the node |
podPidsLimit | integer | — | Maximum number of PIDs per pod |
protectKernelDefaults | boolean | false | Kubelet checks whether kernel tuning parameters match expected values |
streamingConnectionIdleTimeout | duration | 4h | Timeout for idle streaming connections (e.g. kubectl exec) |
Notes
- Changes to
spec.kubernetes.kubelet always trigger a rolling node restart since PSKE 1.34. cpuManagerPolicy: static requires affected pods to have Guaranteed QoS with integer CPU requests — otherwise they will not be scheduled onto exclusive CPUs.- Setting
kubeReserved values too low can cause system components to be killed by the OOM killer.