WINC-1374,WINC-926,WINC-1373: Adjust kubelet configuration for NodeAllocatable, EvictionHard and System Memory

pkg/nodeconfig/nodeconfig.go

@@ -444,14 +444,6 @@ func createKubeletConf(clusterServiceCIDR string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	// Replace last character ('}') with comma
-	kubeletConfigData[len(kubeletConfigData)-1] = ','
-	// Appending this option is needed here instead of in the kubelet configuration object. Otherwise, when marshalling,
-	// the empty value will be omitted, so it would end up being incorrectly populated at service start time.
-	// Can be moved to kubelet configuration object with https://issues.redhat.com/browse/WINC-926
-	enforceNodeAllocatable := []byte("\"enforceNodeAllocatable\":[]}")
-	kubeletConfigData = append(kubeletConfigData, enforceNodeAllocatable...)
-
 	return string(kubeletConfigData), nil
 }
 
@@ -674,10 +666,24 @@ func generateKubeletConfiguration(clusterDNS string) kubeletconfig.KubeletConfig
 			"RotateKubeletServerCertificate": true,
 		},
 		ContainerLogMaxSize: "50Mi",
+		EnforceNodeAllocatable: []string{
+			"none",
+		},
+		// hard-eviction is not yet fully supported on Windows, but the values passed are subtracted from Capacity
+		// to calculate the node allocatable. The recommendation is to explicitly set the supported signals available
+		// for Windows.
+		// See https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/#eviction-signals
+		EvictionHard: map[string]string{
+			"nodefs.available":  "10%",
+			"imagefs.available": "15%",
+			// containerfs.available works for Windows, but does not support overrides for thresholds
+		},
 		SystemReserved: map[string]string{
-			"cpu":               "500m",
-			"ephemeral-storage": "1Gi",
-			"memory":            "1Gi",
+			string(core.ResourceCPU):              "500m",
+			string(core.ResourceEphemeralStorage): "1Gi",
+			// Reserve at least 2GiB of memory
+			// See https://kubernetes.io/docs/concepts/configuration/windows-resource-management/#resource-reservation
+			string(core.ResourceMemory): "2Gi",
 		},
 		ContainerRuntimeEndpoint: "npipe://./pipe/containerd-containerd",
 		// Registers the Kubelet with Windows specific taints so that linux pods won't get scheduled onto

pkg/nodeconfig/nodeconfig_test.go

@@ -84,7 +84,7 @@ func TestCreateKubeletConf(t *testing.T) {
 		{
 			name:         "valid cidr",
 			cidr:         "10.0.128.8/24",
-			expectedSpec: "{\"kind\":\"KubeletConfiguration\",\"apiVersion\":\"kubelet.config.k8s.io/v1beta1\",\"syncFrequency\":\"0s\",\"fileCheckFrequency\":\"0s\",\"httpCheckFrequency\":\"0s\",\"rotateCertificates\":true,\"serverTLSBootstrap\":true,\"authentication\":{\"x509\":{\"clientCAFile\":\"C:\\\\k\\\\kubelet-ca.crt\"},\"webhook\":{\"cacheTTL\":\"0s\"},\"anonymous\":{\"enabled\":false}},\"authorization\":{\"webhook\":{\"cacheAuthorizedTTL\":\"0s\",\"cacheUnauthorizedTTL\":\"0s\"}},\"clusterDomain\":\"cluster.local\",\"clusterDNS\":[\"10.0.128.10\"],\"streamingConnectionIdleTimeout\":\"0s\",\"nodeStatusUpdateFrequency\":\"0s\",\"nodeStatusReportFrequency\":\"0s\",\"imageMinimumGCAge\":\"0s\",\"imageMaximumGCAge\":\"0s\",\"volumeStatsAggPeriod\":\"0s\",\"cgroupsPerQOS\":false,\"cpuManagerReconcilePeriod\":\"0s\",\"runtimeRequestTimeout\":\"10m0s\",\"maxPods\":250,\"resolvConf\":\"\",\"kubeAPIQPS\":50,\"kubeAPIBurst\":100,\"serializeImagePulls\":false,\"evictionPressureTransitionPeriod\":\"0s\",\"featureGates\":{\"RotateKubeletServerCertificate\":true},\"memorySwap\":{},\"containerLogMaxSize\":\"50Mi\",\"systemReserved\":{\"cpu\":\"500m\",\"ephemeral-storage\":\"1Gi\",\"memory\":\"1Gi\"},\"logging\":{\"flushFrequency\":0,\"verbosity\":0,\"options\":{\"text\":{\"infoBufferSize\":\"0\"},\"json\":{\"infoBufferSize\":\"0\"}}},\"enableSystemLogQuery\":true,\"shutdownGracePeriod\":\"0s\",\"shutdownGracePeriodCriticalPods\":\"0s\",\"crashLoopBackOff\":{},\"registerWithTaints\":[{\"key\":\"os\",\"value\":\"Windows\",\"effect\":\"NoSchedule\"}],\"registerNode\":true,\"containerRuntimeEndpoint\":\"npipe://./pipe/containerd-containerd\",\"enforceNodeAllocatable\":[]}",
+			expectedSpec: "{\"kind\":\"KubeletConfiguration\",\"apiVersion\":\"kubelet.config.k8s.io/v1beta1\",\"syncFrequency\":\"0s\",\"fileCheckFrequency\":\"0s\",\"httpCheckFrequency\":\"0s\",\"rotateCertificates\":true,\"serverTLSBootstrap\":true,\"authentication\":{\"x509\":{\"clientCAFile\":\"C:\\\\k\\\\kubelet-ca.crt\"},\"webhook\":{\"cacheTTL\":\"0s\"},\"anonymous\":{\"enabled\":false}},\"authorization\":{\"webhook\":{\"cacheAuthorizedTTL\":\"0s\",\"cacheUnauthorizedTTL\":\"0s\"}},\"clusterDomain\":\"cluster.local\",\"clusterDNS\":[\"10.0.128.10\"],\"streamingConnectionIdleTimeout\":\"0s\",\"nodeStatusUpdateFrequency\":\"0s\",\"nodeStatusReportFrequency\":\"0s\",\"imageMinimumGCAge\":\"0s\",\"imageMaximumGCAge\":\"0s\",\"volumeStatsAggPeriod\":\"0s\",\"cgroupsPerQOS\":false,\"cpuManagerReconcilePeriod\":\"0s\",\"runtimeRequestTimeout\":\"10m0s\",\"maxPods\":250,\"resolvConf\":\"\",\"kubeAPIQPS\":50,\"kubeAPIBurst\":100,\"serializeImagePulls\":false,\"evictionHard\":{\"imagefs.available\":\"15%\",\"nodefs.available\":\"10%\"},\"evictionPressureTransitionPeriod\":\"0s\",\"featureGates\":{\"RotateKubeletServerCertificate\":true},\"memorySwap\":{},\"containerLogMaxSize\":\"50Mi\",\"systemReserved\":{\"cpu\":\"500m\",\"ephemeral-storage\":\"1Gi\",\"memory\":\"2Gi\"},\"enforceNodeAllocatable\":[\"none\"],\"logging\":{\"flushFrequency\":0,\"verbosity\":0,\"options\":{\"text\":{\"infoBufferSize\":\"0\"},\"json\":{\"infoBufferSize\":\"0\"}}},\"enableSystemLogQuery\":true,\"shutdownGracePeriod\":\"0s\",\"shutdownGracePeriodCriticalPods\":\"0s\",\"crashLoopBackOff\":{},\"registerWithTaints\":[{\"key\":\"os\",\"value\":\"Windows\",\"effect\":\"NoSchedule\"}],\"registerNode\":true,\"containerRuntimeEndpoint\":\"npipe://./pipe/containerd-containerd\"}",
 			expectedErr:  false,
 		},
 		{