From ee882fa462d2f2ec97b3b009908df8e94a798f1d Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Tue, 30 Nov 2021 10:52:56 +0200 Subject: [PATCH] Add capability to use swap, requires Kube 1.22 (#8241) * Alpha-NodeSwap: allow nodes to use swap * CI: Add Fedora 35 with experimental swap job --- .gitlab-ci/packet.yml | 5 +++++ docs/ci.md | 2 +- .../node/templates/kubelet-config.v1beta1.yaml.j2 | 4 ++++ .../kubernetes/preinstall/tasks/0010-swapoff.yml | 10 ++++++++-- .../files/packet_fedora35-calico-swap-selinux.yml | 15 +++++++++++++++ 5 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 tests/files/packet_fedora35-calico-swap-selinux.yml diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index 9dc7b5713..c502a805c 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -229,6 +229,11 @@ packet_fedora34-calico-selinux: extends: .packet_periodic when: on_success +packet_fedora35-calico-swap-selinux: + stage: deploy-part2 + extends: .packet_pr + when: manual + packet_amazon-linux-2-aio: stage: deploy-part2 extends: .packet_pr diff --git a/docs/ci.md b/docs/ci.md index 46309339f..39b05f990 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -14,7 +14,7 @@ debian11 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | fedora33 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora34 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | -fedora35 | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | +fedora35 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 index 13ed5f4c4..83e5a7176 100644 --- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 @@ -106,3 +106,7 @@ eventRecordQPS: {{ kubelet_event_record_qps }} shutdownGracePeriod: {{ kubelet_shutdown_grace_period }} shutdownGracePeriodCriticalPods: {{ kubelet_shutdown_grace_period_critical_pods }} {% endif %} +{% if not kubelet_fail_swap_on|default(true) %} +memorySwap: + swapBehavior: {{ kubelet_swap_behavior|default("LimitedSwap") }} +{% endif %} diff --git a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml index 3efc99b8c..4ea91d83e 100644 --- a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml +++ b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml @@ -13,11 +13,17 @@ command: /sbin/swapon -s register: swapon changed_when: no + - name: Disable swap command: /sbin/swapoff -a - when: swapon.stdout + when: + - swapon.stdout + - kubelet_fail_swap_on | default(True) ignore_errors: "{{ ansible_check_mode }}" # noqa ignore-errors - name: Disable swapOnZram for Fedora command: touch /etc/systemd/zram-generator.conf - when: swapon.stdout and ansible_distribution in ['Fedora'] + when: + - swapon.stdout + - ansible_distribution in ['Fedora'] + - kubelet_fail_swap_on | default(True) diff --git a/tests/files/packet_fedora35-calico-swap-selinux.yml b/tests/files/packet_fedora35-calico-swap-selinux.yml new file mode 100644 index 000000000..ba6d58a59 --- /dev/null +++ b/tests/files/packet_fedora35-calico-swap-selinux.yml @@ -0,0 +1,15 @@ +--- +# Instance settings +cloud_image: fedora-35 +mode: default + +# Kubespray settings +auto_renew_certificates: true + +# Test with SELinux in enforcing mode +preinstall_selinux_state: enforcing + +# Test Alpha swap feature by leveraging zswap default config in Fedora 35 +kubelet_fail_swap_on: False +kube_feature_gates: + - "NodeSwap=True"