Skip to content

Commit

Permalink
fix kube_reserved so it only controls kubeReservedCgroup (kubernetes-…
Browse files Browse the repository at this point in the history 
…sigs#11367)
  • Loading branch information
@rptaylor
rptaylor authored Jul 26, 2024
1 parent 2299e49 commit 468c564
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 6 deletions.
7 changes: 4 additions & 3 deletions docs/operations/cgroups.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# cgroups

To avoid the rivals for resources between containers or the impact on the host in Kubernetes, the kubelet components will rely on cgroups to limit the container’s resources usage.
To avoid resource contention between containers and host daemons in Kubernetes, the kubelet components can use cgroups to limit resource usage.

## Enforcing Node Allocatable

Expand All @@ -20,8 +20,9 @@ Here is an example:
```yaml
kubelet_enforce_node_allocatable: "pods,kube-reserved,system-reserved"

# Reserve this space for kube resources
# Set to true to reserve resources for kube daemons
# Set kube_reserved to true to run kubelet and container-engine daemons in a dedicated cgroup.
# This is required if you want to enforce limits on the resource usage of these daemons.
# It is not required if you just want to make resource reservations (kube_memory_reserved, kube_cpu_reserved, etc.)
kube_reserved: true
kube_reserved_cgroups_for_service_slice: kube.slice
kube_reserved_cgroups: "/{{ kube_reserved_cgroups_for_service_slice }}"
Expand Down
2 changes: 1 addition & 1 deletion inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
# kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
# kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"

# Optionally reserve this space for kube daemons.
# Whether to run kubelet and container-engine daemons in a dedicated cgroup.
# kube_reserved: false
## Uncomment to override default values
## The following two items need to be set when kube_reserved is true
Expand Down
2 changes: 1 addition & 1 deletion roles/kubernetes/node/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ kube_node_addresses: >-
kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} {{ kube_node_addresses }}"

# Reserve this space for kube resources
# Set to true to reserve resources for kube daemons
# Whether to run kubelet and container-engine daemons in a dedicated cgroup. (Not required for resource reservations).
kube_reserved: false
kube_reserved_cgroups_for_service_slice: kube.slice
kube_reserved_cgroups: "/{{ kube_reserved_cgroups_for_service_slice }}"
Expand Down
2 changes: 1 addition & 1 deletion roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ clusterDNS:
{# Node reserved CPU/memory #}
{% if kube_reserved | bool %}
kubeReservedCgroup: {{ kube_reserved_cgroups }}
{% endif %}
kubeReserved:
{% if is_kube_master | bool %}
cpu: "{{ kube_master_cpu_reserved }}"
Expand All @@ -82,7 +83,6 @@ kubeReserved:
pid: "{{ kube_pid_reserved }}"
{% endif %}
{% endif %}
{% endif %}
{% if system_reserved | bool %}
systemReservedCgroup: {{ system_reserved_cgroups }}
systemReserved:
Expand Down

0 comments on commit 468c564

Please sign in to comment.