diff --git a/roles/kube-node/defaults/main.yml b/roles/kube-node/defaults/main.yml index cfadfb6..c5bdbbb 100644 --- a/roles/kube-node/defaults/main.yml +++ b/roles/kube-node/defaults/main.yml @@ -14,6 +14,9 @@ MAX_PODS: 110 # 配置为kube组件(kubelet,kube-proxy,dockerd等)预留的资源量 KUBE_RESERVED_ENABLED: "yes" KUBE_RESERVED: "cpu=200m,memory=500Mi,ephemeral-storage=1Gi" +# k8s 官方不建议草率开启 system-reserved, 除非你基于长期监控,了解系统的资源占用状况;并且随着系统运行时间,需要适当增加资源预留 +SYS_RESERVED_ENABLED: "no" +# 以下系统预留设置基于 4c/8g 虚机,最小化安装系统服务,如果使用高性能物理机请适当增加数值 SYS_RESERVED: "cpu=200m,memory=500Mi,ephemeral-storage=1Gi" # 配置kubelet的hard eviction条件 diff --git a/roles/kube-node/templates/kubelet.service.j2 b/roles/kube-node/templates/kubelet.service.j2 index 451a5f8..e324b3b 100644 --- a/roles/kube-node/templates/kubelet.service.j2 +++ b/roles/kube-node/templates/kubelet.service.j2 @@ -4,7 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] WorkingDirectory=/var/lib/kubelet -{% if KUBE_RESERVED_ENABLED == "yes" %} +{% if KUBE_RESERVED_ENABLED == "yes" or SYS_RESERVED_ENABLED == "yes" %} ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/hugetlb/system.slice/kubelet.service ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/memory/system.slice/kubelet.service @@ -38,10 +38,12 @@ ExecStart={{ bin_dir }}/kubelet \ --tls-private-key-file={{ ca_dir }}/kubelet-key.pem \ --cgroups-per-qos=true \ --cgroup-driver=cgroupfs \ + --enforce-node-allocatable=pods{% if KUBE_RESERVED_ENABLED == "yes" %},kube-reserved{% endif %}{% if SYS_RESERVED_ENABLED == "yes" %},system-reserved{% endif %} \ {% if KUBE_RESERVED_ENABLED == "yes" %} - --enforce-node-allocatable=pods,kube-reserved,system-reserved \ --kube-reserved={{ KUBE_RESERVED }} \ --kube-reserved-cgroup=/system.slice/kubelet.service \ +{% endif %} +{% if SYS_RESERVED_ENABLED == "yes" %} --system-reserved={{ SYS_RESERVED }} \ --system-reserved-cgroup=/system.slice \ {% endif %}