From adb54b7663762a90e1f2f0b8d965370943b4e443 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 15 Apr 2021 15:51:46 +0200 Subject: [PATCH] feat: first stab at Kubernetes 1.20 kubeadm config --- .../templates/ClusterConfiguration.yaml | 1 + .../templates/KubeletConfiguration.yaml | 18 ++++++++++-------- charts/kubeadm/templates/_helpers.tpl | 13 +++++-------- charts/kubeadm/templates/patches/etcd0.yaml | 2 +- .../templates/patches/kube-apiserver0.yaml | 2 +- .../patches/kube-controller-manager0.yaml | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/kubeadm/templates/ClusterConfiguration.yaml b/charts/kubeadm/templates/ClusterConfiguration.yaml index 27595ad1..e7da1663 100644 --- a/charts/kubeadm/templates/ClusterConfiguration.yaml +++ b/charts/kubeadm/templates/ClusterConfiguration.yaml @@ -42,6 +42,7 @@ apiServer: audit-log-maxage: "7" audit-log-maxsize: "100" audit-log-maxbackup: "3" + audit-log-compress: "true" tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml {{- if eq .Values.platform "aws" }} diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index d26567ca..c7088453 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -1,3 +1,4 @@ +# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration metadata: @@ -22,14 +23,15 @@ featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform" podsPerCore: 20 # cpuCFSQuotaPeriod: 10ms # Basic OS on Ubuntu 20.04 incl. crio -#systemReserved: -# memory: 256Mi -# This should be dynamic based on number of maxpods and available cores -# https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#memory_cpu -# Below are default minimal for 2 cores and minimum kubelet +systemReserved: + memory: 256Mi + ephemeral-storage: "2Gi" +# kubelet memory should be static as runc,conmon are added to each pod's cgroup kubeReserved: cpu: 70m -# memory: 128Mi + memory: 128Mi # Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems -evictionHard: - memory.available: "484Mi" +#evictionHard: +# memory.available: "484Mi" +imageGCLowThresholdPercent: 70 +kernelMemcgNotification: true diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index 1f0823da..708c2793 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -2,17 +2,14 @@ Feature gates for all control plane components */ -}} {{- define "kubeadm.featuregates" -}} -{{- $gates := dict "DefaultPodTopologySpread" "true" "CustomCPUCFSQuotaPeriod" "true" "GenericEphemeralVolume" "true" }} -{{- if eq .platform "aws" }} -{{- $gates = merge $gates ( dict "CSIMigrationAWS" "true" "CSIMigrationAWSComplete" "true") }} -{{- end }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "GenericEphemeralVolume" "CSIMigrationAWSComplete" "CSIMigrationAzureDiskComplete" "CSIMigrationAzureFileComplete" "CSIMigrationGCEComplete" "CSIMigrationOpenStackComplete" "CSIMigrationvSphereComplete" }} {{- if eq .return "csv" }} -{{- range $key, $val := $gates }} -{{- $key }}={{- $val }}, +{{- range $key := $gates }} +{{- $key }}=true, {{- end }} {{- else }} -{{- range $key, $val := $gates }} - {{ $key }}: {{ $val }} +{{- range $key := $gates }} + {{ $key }}: true {{- end }} {{- end }} {{- end -}} diff --git a/charts/kubeadm/templates/patches/etcd0.yaml b/charts/kubeadm/templates/patches/etcd0.yaml index b17a0e57..1ef4e10c 100644 --- a/charts/kubeadm/templates/patches/etcd0.yaml +++ b/charts/kubeadm/templates/patches/etcd0.yaml @@ -3,5 +3,5 @@ spec: - name: etcd resources: requests: - cpu: 250m + cpu: 200m memory: 192Mi diff --git a/charts/kubeadm/templates/patches/kube-apiserver0.yaml b/charts/kubeadm/templates/patches/kube-apiserver0.yaml index 05c2a189..a5390c41 100644 --- a/charts/kubeadm/templates/patches/kube-apiserver0.yaml +++ b/charts/kubeadm/templates/patches/kube-apiserver0.yaml @@ -3,5 +3,5 @@ spec: - name: kube-apiserver resources: requests: - cpu: 250m + cpu: 200m memory: 1Gi diff --git a/charts/kubeadm/templates/patches/kube-controller-manager0.yaml b/charts/kubeadm/templates/patches/kube-controller-manager0.yaml index cb084091..5771a750 100644 --- a/charts/kubeadm/templates/patches/kube-controller-manager0.yaml +++ b/charts/kubeadm/templates/patches/kube-controller-manager0.yaml @@ -3,5 +3,5 @@ spec: - name: kube-controller-manager resources: requests: - cpu: 200m + cpu: 100m memory: 128Mi