Although OpenKruise now can work with Kubernetes version >=
1.13, we strongly recommend you to use Kruise with Kubernetes version >= 1.16.
- For Kubernetes 1.13 and 1.14, users must enable
CustomResourceWebhookConversionfeature-gate in kube-apiserver before install or upgrade Kruise.
- To install it in Kubernetes >= 1.22, you have to use the latest version.
Kruise can be simply installed by helm v3.1+, which is a simple command-line tool and you can get it from here.
# Firstly add openkruise charts repository if you haven't do this.$ helm repo add openkruise https://openkruise.github.io/charts/ # [Optional]$ helm repo update # Install the stable version.# Note that if the Kubernetes version < 1.15, you may need to add --disable-openapi-validation$ helm install kruise openkruise/kruise --version 0.10.0
If you are using Kruise with an old version, it is recommended that you should upgrade to the latest version for safety and more features:
# Firstly add openkruise charts repository if you haven't do this.$ helm repo add openkruise https://openkruise.github.io/charts/ # [Optional]$ helm repo update # Upgrade the latest version.# Note that if the Kubernetes version < 1.15, you may need to add --disable-openapi-validation$ helm upgrade kruise openkruise/kruise --version 0.10.0
- Before upgrade, you must firstly read the Change Log to make sure that you have understand the breaking changes in the new version.
- If you want to drop the chart parameters you configured for the old release or set some new parameters,
it is recommended to add
If you have problem with connecting to
https://openkruise.github.io/charts/ in production, you might need to download the chart from here manually and install or upgrade with it.
Charts releases: https://github.com/openkruise/charts/releases
Note that installing this chart directly means it will use the default template values for Kruise.
You may have to set your specific configurations if it is deployed into a production cluster, or you want to configure feature-gates.
The following table lists the configurable parameters of the chart and their default values.
|Feature gates for Kruise, empty string means all by default||``|
|namespace for kruise installation|
|Log level that kruise-manager printed|
|Replicas of kruise-controller-manager deployment|
|Repository for kruise-manager image|
|Tag for kruise-manager image|
|CPU resource limit of kruise-manager container|
|Memory resource limit of kruise-manager container|
|CPU resource request of kruise-manager container|
|Memory resource request of kruise-manager container|
|Port of metrics served|
|Port of webhook served|
|Node affinity policy for kruise-manager pod|
|Node labels for kruise-manager pod|
|Tolerations for kruise-manager pod|
|Log level that kruise-daemon printed|
|Port of metrics and healthz that kruise-daemon served|
|CPU resource limit of kruise-daemon container|
|Memory resource limit of kruise-daemon container|
|CPU resource request of kruise-daemon container|
|Memory resource request of kruise-daemon container|
|Affinity policy for kruise-daemon pod|
|Location of the container manager control socket|
|The failurePolicy for pods in mutating webhook configuration|
|The timeoutSeconds for all webhook configuration|
|Kruise will not install CRDs with chart if this is false|
Specify each parameter using the
--set key=value[,key=value] argument to
helm install or
Feature-gate controls some influential features in Kruise:
|Name||Description||Default||Effect (if closed)|
|Whether to open a webhook for Pod create||SidecarSet/KruisePodReadinessGate disabled|
|Whether to deploy ||ImagePulling/ContainerRecreateRequest disabled|
|Should each ||For in-place update with same imageID or env from labels/annotations|
|Enables CloneSet controller only set revision hash name to pod label||CloneSet name can not be longer than 54 characters|
|Enables Kruise webhook to inject 'KruisePodReady' readiness-gate to all Pods during creation||The readiness-gate will only be injected to Pods created by Kruise workloads|
|Enables CloneSet controller to create ImagePullJobs to pre-download images for in-place update||No image pre-download for in-place update|
|Enables CloneSet controller to rollback Pods to currentRevision when number of updateRevision pods is bigger than (replicas - partition)||CloneSet will only update Pods to updateRevision|
|Enables protection for resources deletion||No protection for resources deletion|
|Whether to disable defaults injection for pod/pvc template in workloads||Should not close this feature if it has open|
|Enables PodUnavailableBudget for pod deletion, eviction||No protection for pod deletion, eviction|
|Enables PodUnavailableBudget for pod.Spec update||No protection for in-place update|
|Enables WorkloadSpread to manage multi-domain and elastic deploy||WorkloadSpread disabled|
If you want to configure the feature-gate, just set the parameter when install or upgrade. Such as:
$ helm install kruise https://... --set featureGates="ResourcesDeletionProtection=true\,PreDownloadImageForInPlaceUpdate=true"
If you want to enable all feature-gates, set the parameter as
If you are in China and have problem to pull image from official DockerHub, you can use the registry hosted on Alibaba Cloud:
$ helm install kruise https://... --set manager.image.repository=openkruise-registry.cn-hangzhou.cr.aliyuncs.com/openkruise/kruise-manager
Note that this will lead to all resources created by Kruise, including webhook configurations, services, namespace, CRDs, CR instances and Pods managed by Kruise controller, to be deleted!
Please do this ONLY when you fully understand the consequence.
To uninstall kruise if it is installed with helm charts:
$ helm uninstall kruiserelease "kruise" uninstalled