node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834)

* node: fix default kubelet/runtime cgroups when kube_reserved is false (default) Commit 1c4db6132d introduced a notion of kube_reserved. This introduced a breaking change defaulting to use kube.slice for the container_manager and the kubelet as if kube_reserved was always enabled whereas it is disabled by default. This commit fixes this by bringing back system.slice whenever kube_reserved is disabled. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * inventory/sample: change false for kube_reserved as its the default Changing the commented value in sample inventory to the actual default value. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-06 03:48:58 +01:00 · 2023-03-06 03:48:58 +01:00 · 9e2104c7d3
parent 1d9502e01d
commit 9e2104c7d3
2 changed files with 6 additions and 5 deletions
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@ -264,15 +264,15 @@ podsecuritypolicy_enabled: false
 # kubelet_enforce_node_allocatable: pods

 ## Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
-# kubelet_runtime_cgroups: "{{ kube_reserved_cgroups }}/{{ container_manager }}.service"
-# kubelet_kubelet_cgroups: "{{ kube_reserved_cgroups }}/kubelet.service"
+# kubelet_runtime_cgroups: "/{{ kube_service_cgroups }}/{{ container_manager }}.service"
+# kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"

 ## Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
 # kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
 # kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"

 # Optionally reserve this space for kube daemons.
-# kube_reserved: true
+# kube_reserved: false
 ## Uncomment to override default values
 ## The following two items need to be set when kube_reserved is true
 # kube_reserved_cgroups_for_service_slice: kube.slice
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -12,8 +12,9 @@ kube_resolv_conf: "/etc/resolv.conf"
 kubelet_enforce_node_allocatable: "\"\""

 # Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
-kubelet_runtime_cgroups: "{{ kube_reserved_cgroups }}/{{ container_manager }}.service"
-kubelet_kubelet_cgroups: "{{ kube_reserved_cgroups }}/kubelet.service"
+kube_service_cgroups: "{% if kube_reserved %}{{ kube_reserved_cgroups_for_service_slice }}{% else %}system.slice{% endif %}"
+kubelet_runtime_cgroups: "/{{ kube_service_cgroups }}/{{ container_manager }}.service"
+kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"

 # Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
 kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"