feat: first stab at Kubernetes 1.20 kubeadm config

2021-04-15 15:51:46 +02:00 · 2021-04-15 15:51:46 +02:00 · 84f3749eeb
parent 7d1ac072db
commit 84f3749eeb
6 changed files with 19 additions and 19 deletions
--- a/charts/kubeadm/templates/ClusterConfiguration.yaml
+++ b/charts/kubeadm/templates/ClusterConfiguration.yaml
@ -42,6 +42,7 @@ apiServer:
    audit-log-maxage: "7"
    audit-log-maxsize: "100"
    audit-log-maxbackup: "3"
+    audit-log-compress: "true"
    tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
    admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml
    {{- if eq .Values.platform "aws" }}
--- a/charts/kubeadm/templates/KubeletConfiguration.yaml
+++ b/charts/kubeadm/templates/KubeletConfiguration.yaml
@ -1,3 +1,4 @@
+# https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 metadata:
@ -22,14 +23,15 @@ featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform"
 podsPerCore: 20
 # cpuCFSQuotaPeriod: 10ms
 # Basic OS on Ubuntu 20.04 incl. crio
-#systemReserved:
-#  memory: 256Mi
-# This should be dynamic based on number of maxpods and available cores
-# https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#memory_cpu
-# Below are default minimal for 2 cores and minimum kubelet 
+systemReserved:
+  memory: 256Mi
+  ephemeral-storage: "2Gi"
+# kubelet memory should be static as runc,conmon are added to each pod's cgroup
 kubeReserved:
  cpu: 70m
-#  memory: 128Mi
+  memory: 128Mi
 # Lets use below to reserve memory for system processes as kubeReserved/sytemReserved doesnt go well with systemd it seems
-evictionHard:
-  memory.available: "484Mi"
+#evictionHard:
+#  memory.available: "484Mi"
+imageGCLowThresholdPercent: 70
+kernelMemcgNotification: true
--- a/charts/kubeadm/templates/_helpers.tpl
+++ b/charts/kubeadm/templates/_helpers.tpl
@ -2,17 +2,14 @@
 Feature gates for all control plane components
 */ -}}
 {{- define "kubeadm.featuregates" -}}
-{{- $gates := dict "DefaultPodTopologySpread" "true" "CustomCPUCFSQuotaPeriod" "true" "GenericEphemeralVolume" "true" }}
-{{- if eq .platform "aws" }}
-{{- $gates = merge $gates ( dict "CSIMigrationAWS" "true" "CSIMigrationAWSComplete" "true") }}
-{{- end }}
+{{- $gates := list "CustomCPUCFSQuotaPeriod" "GenericEphemeralVolume" "CSIMigrationAWSComplete" "CSIMigrationAzureDiskComplete" "CSIMigrationAzureFileComplete" "CSIMigrationGCEComplete" "CSIMigrationOpenStackComplete" "CSIMigrationvSphereComplete" }}
 {{- if eq .return "csv" }}
-{{- range $key, $val := $gates }}
-{{- $key }}={{- $val }},
+{{- range $key := $gates }}
+{{- $key }}=true,
 {{- end }}
 {{- else }}
-{{- range $key, $val := $gates }}
-  {{ $key }}: {{ $val }}
+{{- range $key := $gates }}
+  {{ $key }}: true
 {{- end }}
 {{- end }}
 {{- end -}}
--- a/charts/kubeadm/templates/patches/etcd0.yaml
+++ b/charts/kubeadm/templates/patches/etcd0.yaml
@ -3,5 +3,5 @@ spec:
  - name: etcd
    resources:
      requests:
-        cpu: 250m
+        cpu: 200m
        memory: 192Mi
--- a/charts/kubeadm/templates/patches/kube-apiserver0.yaml
+++ b/charts/kubeadm/templates/patches/kube-apiserver0.yaml
@ -3,5 +3,5 @@ spec:
  - name: kube-apiserver
    resources:
      requests:
-        cpu: 250m
+        cpu: 200m
        memory: 1Gi
--- a/charts/kubeadm/templates/patches/kube-controller-manager0.yaml
+++ b/charts/kubeadm/templates/patches/kube-controller-manager0.yaml
@ -3,5 +3,5 @@ spec:
  - name: kube-controller-manager
    resources:
      requests:
-        cpu: 200m
+        cpu: 100m
        memory: 128Mi