Skip to content

Commit

Permalink
feat(t8s-cluster/management-cluster): add memory safety net for kubelet
Browse files Browse the repository at this point in the history
  • Loading branch information
@cwrau
cwrau committed Aug 9, 2024
1 parent 4307b0b commit c6e1598
Show file tree
Hide file tree
Showing 8 changed files with 41 additions and 7 deletions.
9 changes: 6 additions & 3 deletions charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ openstack
{{- end -}}

{{- define "t8s-cluster.clusterClass.postKubeadmCommands" -}}
{{- $commands := list -}}
{{- $commands := list "systemctl disable --now snapd.service snapd.socket" -}}
{{- toYaml $commands }}
{{- end -}}

Expand Down Expand Up @@ -109,9 +109,9 @@ server = {{ printf "https://%s" .registry | quote }}

{{- define "t8s-cluster.clusterClass.configTemplate.files" -}}
{{- $_ := mustMerge . (pick .context "Values") -}}
{{- $files := list -}}
{{- $files := include "t8s-cluster.clusterClass.node.systemdOverrides" (dict) | fromYamlArray -}}
{{- if not .excludePatches -}}
{{- $files = concat $files (include "t8s-cluster.patches.kubelet.patches" (dict "context" .context) | fromYamlArray) -}}
{{- $files = concat $files (include "t8s-cluster.patches.kubelet" (dict "context" .context) | fromYamlArray) -}}
{{- end -}}
{{- if .Values.containerRegistryMirror.mirrorEndpoint -}}
{{- $files = concat $files (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" .context) | fromYamlArray) -}}
Expand All @@ -120,6 +120,9 @@ server = {{ printf "https://%s" .registry | quote }}
{{- if .Values.global.injectedCertificateAuthorities }}
{{- $files = append $files (dict "content" .Values.global.injectedCertificateAuthorities "path" "/usr/local/share/ca-certificates/injected-ca-certs.crt" ) -}}
{{- end }}
{{- range $file := $files -}}
{{- $_ := set $file "content" (get $file "content" | trim) -}}
{{- end -}}
{{- $files | toYaml -}}
{{- end -}}

Expand Down
1 change: 0 additions & 1 deletion ...s/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
{{- define "t8s-cluster.clusterClass.bootstrapConfigTemplate.kubeadm.spec" -}}
{{- $_ := mustMerge . (pick .context "Values") -}}
joinConfiguration:
nodeRegistration:
kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .context) | nindent 6 }}
Expand Down
4 changes: 2 additions & 2 deletions ...luster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
{{- $files = append $files (dict "content" ($.Files.Get (printf "files/%s" $file)) "path" $path) -}}
{{- end -}}
{{- $files = append $files (dict "content" (.Files.Get "files/kube-proxy.patch.sh") "path" "/etc/kube-proxy-patch.sh" "permissions" "0700") -}}
{{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) -}}
{{- $files = append $files (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) -}}
{{- range $file := $files -}}
{{- $_ := set $file "content" (get $file "content" | trim) -}}
{{- end -}}
{{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) -}}
{{- $files = append $files (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) -}}
{{- $files | toYaml -}}
{{- end -}}
15 changes: 14 additions & 1 deletion charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,19 @@
{{- $options = set $options "protectKernelDefaults" true -}}
{{- $options = set $options "tlsCipherSuites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray) -}}
{{- $options = set $options "seccompDefault" true -}}
{{/* {{- $options = set $options "enforceNodeAllocatable" (list "pods" "system-reserved" "kube-reserved") -}}*/}}
{{- $options = set $options "enforceNodeAllocatable" (list "pods") -}}
{{/* {{- $options = set $options "kubeReservedCgroup" (include "t8s-cluster.clusterClass.systemdOverride.slice.runtime" (dict) | trimSuffix ".slice") -}}*/}}
{{/* {{- $options = set $options "systemReservedCgroup" "system" -}}*/}}
{{- $options = set $options "kubeReserved" (dict
"memory" "0.2Gi"
"ephemeral-storage" "1Gi"
) -}}
{{- $options = set $options "systemReserved" (dict
"memory" "0.4Gi"
"ephemeral-storage" "1Gi"
) -}}
{{- $options = set $options "evictionHard" (dict "memory.available" "64Mi" "nodefs.available" "2Gi") -}}
{{- $options | toYaml -}}
{{- end -}}

Expand All @@ -29,7 +42,7 @@
{{- include "t8s-cluster.patches.patchFile" (dict "values" $values "target" "kubeletconfiguration" "component" "default") -}}
{{- end -}}

{{- define "t8s-cluster.patches.kubelet.patches" -}}
{{- define "t8s-cluster.patches.kubelet" -}}
{{- $_ := mustMerge . (pick .context "Values") -}}
{{- $patches := list (include "t8s-cluster.patches.kubelet.default" (dict) | fromYaml) -}}
{{- with include "t8s-cluster.patches.kubelet.imagePulls" (dict "context" .context) | fromYaml -}}
Expand Down
4 changes: 4 additions & 0 deletions .../templates/management-cluster/clusterClass/systemdOverrides/_containerd_override.conf.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{{- define "t8s-cluster.clusterClass.node.systemdOverride.containerd" -}}
[Service]
Slice={{- include "t8s-cluster.clusterClass.systemdOverride.slice.runtime" (dict) -}}
{{- end -}}
4 changes: 4 additions & 0 deletions ...ter/templates/management-cluster/clusterClass/systemdOverrides/_kubelet_override.conf.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{{- define "t8s-cluster.clusterClass.node.systemdOverride.kubelet" -}}
[Service]
Slice={{- include "t8s-cluster.clusterClass.systemdOverride.slice.runtime" (dict) -}}
{{- end -}}
8 changes: 8 additions & 0 deletions charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_overrides.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{{- define "t8s-cluster.clusterClass.node.systemdOverrides" -}}
{{- $files := list -}}
{{/* TODO: containerd is already running when this is set, therefore this is not working {{- range $service := list "containerd" "kubelet" -}}*/}}
{{- range $service := list "kubelet" -}}
{{- $files = append $files (dict "content" (include (printf "t8s-cluster.clusterClass.node.systemdOverride.%s" $service) (dict)) "path" (printf "/etc/systemd/system/%s.service.d/slice.conf" $service)) -}}
{{- end -}}
{{- $files | toYaml -}}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_slices.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{{- define "t8s-cluster.clusterClass.systemdOverride.slice.runtime" -}}
runtime.slice
{{- end -}}

0 comments on commit c6e1598

Please sign in to comment.