Enable garbage collection #509
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for kamaji-documentation canceled.
|
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
|
For some reason, e2e is failing. I'm debugging locally, but in the meantime, I guess it would be good to catch an improvement here: since we're importing the whole Kubernetes code-base, we can take advantage of the advanced defaults for the I'm sharing my patch here, it would be great if you could apply it. diff --git a/internal/kubeadm/uploadconfig.go b/internal/kubeadm/uploadconfig.go
index 0dc9e71..158f54f 100644
--- a/internal/kubeadm/uploadconfig.go
+++ b/internal/kubeadm/uploadconfig.go
@@ -17,7 +17,7 @@ import (
"k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig"
"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
"k8s.io/kubernetes/pkg/apis/rbac"
- pointer "k8s.io/utils/ptr"
+ kubeletv1beta1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1"
"github.com/clastix/kamaji/internal/utilities"
)
@@ -72,58 +72,16 @@ func UploadKubeletConfig(client kubernetes.Interface, config *Configuration) ([]
}
func getKubeletConfigmapContent(kubeletConfiguration KubeletConfiguration) ([]byte, error) {
- zeroDuration := metav1.Duration{Duration: 0}
+ var kc kubelettypes.KubeletConfiguration
- kc := kubelettypes.KubeletConfiguration{
- TypeMeta: metav1.TypeMeta{
- Kind: "KubeletConfiguration",
- APIVersion: "kubelet.config.k8s.io/v1beta1",
- },
- Authentication: kubelettypes.KubeletAuthentication{
- Anonymous: kubelettypes.KubeletAnonymousAuthentication{
- Enabled: pointer.To(false),
- },
- Webhook: kubelettypes.KubeletWebhookAuthentication{
- Enabled: pointer.To(true),
- CacheTTL: zeroDuration,
- },
- X509: kubelettypes.KubeletX509Authentication{
- ClientCAFile: "/etc/kubernetes/pki/ca.crt",
- },
- },
- Authorization: kubelettypes.KubeletAuthorization{
- Mode: kubelettypes.KubeletAuthorizationModeWebhook,
- Webhook: kubelettypes.KubeletWebhookAuthorization{
- CacheAuthorizedTTL: zeroDuration,
- CacheUnauthorizedTTL: zeroDuration,
- },
- },
- CgroupDriver: kubeletConfiguration.TenantControlPlaneCgroupDriver,
- ClusterDNS: kubeletConfiguration.TenantControlPlaneDNSServiceIPs,
- ClusterDomain: kubeletConfiguration.TenantControlPlaneDomain,
- CPUManagerReconcilePeriod: zeroDuration,
- EvictionHard: map[string]string{
- "imagefs.available": "0%",
- "nodefs.available": "0%",
- "nodefs.inodesFree": "0%",
- },
- EvictionPressureTransitionPeriod: zeroDuration,
- FileCheckFrequency: zeroDuration,
- HealthzBindAddress: "127.0.0.1",
- HealthzPort: pointer.To(int32(10248)),
- HTTPCheckFrequency: zeroDuration,
- ImageGCHighThresholdPercent: pointer.To(int32(100)),
- NodeStatusUpdateFrequency: zeroDuration,
- NodeStatusReportFrequency: zeroDuration,
- RotateCertificates: true,
- RuntimeRequestTimeout: zeroDuration,
- ShutdownGracePeriod: zeroDuration,
- ShutdownGracePeriodCriticalPods: zeroDuration,
- StaticPodPath: "/etc/kubernetes/manifests",
- StreamingConnectionIdleTimeout: zeroDuration,
- SyncFrequency: zeroDuration,
- VolumeStatsAggPeriod: zeroDuration,
- }
+ kubeletv1beta1.SetDefaults_KubeletConfiguration(&kc)
+
+ kc.Authentication.X509.ClientCAFile = "/etc/kubernetes/pki/ca.crt"
+ kc.CgroupDriver = kubeletConfiguration.TenantControlPlaneCgroupDriver
+ kc.ClusterDNS = kubeletConfiguration.TenantControlPlaneDNSServiceIPs
+ kc.ClusterDomain = kubeletConfiguration.TenantControlPlaneDomain
+ kc.RotateCertificates = true
+ kc.StaticPodPath = "/etc/kubernetes/manifests"
return utilities.EncodeToYaml(&kc)
}
Once the TCP is ready I can extract the address: 0.0.0.0
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
cgroupDriver: systemd
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
configMapAndSecretChangeDetectionStrategy: Watch
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
containerLogMaxWorkers: 1
containerLogMonitorInterval: 10s
containerRuntimeEndpoint: unix:///run/containerd/containerd.sock
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuCFSQuotaPeriod: 100ms
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebugFlagsHandler: true
enableDebuggingHandlers: true
enableProfilingHandler: true
enableServer: true
enableSystemLogHandler: true
enforceNodeAllocatable:
- pods
eventBurst: 100
eventRecordQPS: 50
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMaximumGCAge: 0s
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kubeAPIBurst: 100
kubeAPIQPS: 50
localStorageCapacityIsolation: true
logging:
flushFrequency: 5s
format: text
options:
json:
infoBufferSize: "0"
text:
infoBufferSize: "0"
verbosity: 0
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
memoryManagerPolicy: None
memorySwap: {}
memoryThrottlingFactor: 0.9
nodeLeaseDurationSeconds: 40
nodeStatusMaxImages: 50
nodeStatusReportFrequency: 5m0s
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podLogsDir: /var/log/pods
podPidsLimit: -1
port: 10250
registerNode: true
registryBurst: 10
registryPullQPS: 5
resolvConf: /etc/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
seccompDefault: false
serializeImagePulls: true
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
topologyManagerPolicy: none
topologyManagerScope: container
volumePluginDir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/
volumeStatsAggPeriod: 1m0s |
kvaps
force-pushed
the
fix-gc
branch
2 times, most recently
from
368248c
to
f47df4a
Compare
|
Hi @prometherion I tried your patch, and found that it is not working for some reason, nodes can't join to the cluster for some reason: Unfortunately I wasn't investigated the reason, just running busy all the time, sorry :0 |
|
@kvaps may I ask you which version gave you that error? Tested my changes with a v1.30 node and it worked smoothly. edit: my proposed changes are working with v1.30, v1.29, v1.28: starting from v1.27 there's a marshaling error:
I found a way to have backward compatibility, if you don't mind @kvaps I would push the changes to your branch: no pressure at all, I can open a different PR if you want to review without losing your contributions. With this, we'll be able still to spin TCP pre and post v1.27 🎉 |
|
I used v1.30. Sorry push or open new PR, I don't mind :) |
|
Thanks for the tests and the contributions, Andrei, just merged #542 which superseded this one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes: #508
downstream: aenix-io/cozystack#263