From 1bc61c9f35d17aade956482f52abe337be792097 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Thu, 23 Nov 2023 17:18:47 +0100
Subject: [PATCH] Simplify kubelet-config template

Remove system|kube_master_<resource>_reserved variables.
Those variables are unnecessary because users can simply use the
variables in group_vars if they which to differentiate control plane
nodes from other nodes.

Set conservative defaults for ephemeral-storage and pids for both kube
and system reserved resources.
---
 roles/kubernetes/node/defaults/main.yml       | 26 +++------
 .../templates/kubelet-config.v1beta1.yaml.j2  | 58 +++----------------
 2 files changed, 17 insertions(+), 67 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index bb374f04a..2e0a143de 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -37,29 +37,19 @@ kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} {{ kube_n
 # Whether to run kubelet and container-engine daemons in a dedicated cgroup. (Not required for resource reservations).
 kube_reserved: false
 kube_reserved_cgroups: "/{{ kube_reserved_cgroups_for_service_slice }}"
-kube_memory_reserved: 256Mi
-kube_cpu_reserved: 100m
-# kube_ephemeral_storage_reserved: 2Gi
-# kube_pid_reserved: "1000"
-# Reservation for control plane hosts
-kube_master_memory_reserved: 512Mi
-kube_master_cpu_reserved: 200m
-# kube_master_ephemeral_storage_reserved: 2Gi
-# kube_master_pid_reserved: "1000"
+kube_memory_reserved: "256Mi"
+kube_cpu_reserved: "100m"
+kube_ephemeral_storage_reserved: "500Mi"
+kube_pid_reserved: "1000"
 
 # Set to true to reserve resources for system daemons
 system_reserved: false
 system_reserved_cgroups_for_service_slice: system.slice
 system_reserved_cgroups: "/{{ system_reserved_cgroups_for_service_slice }}"
-system_memory_reserved: 512Mi
-system_cpu_reserved: 500m
-# system_ephemeral_storage_reserved: 2Gi
-# system_pid_reserved: "1000"
-# Reservation for control plane hosts
-system_master_memory_reserved: 256Mi
-system_master_cpu_reserved: 250m
-# system_master_ephemeral_storage_reserved: 2Gi
-# system_master_pid_reserved: "1000"
+system_memory_reserved: "512Mi"
+system_cpu_reserved: "500m"
+system_ephemeral_storage_reserved: "500Mi"
+system_pid_reserved: 1000
 
 ## Eviction Thresholds to avoid system OOMs
 # https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 870383c04..3357aef48 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -60,56 +60,16 @@ clusterDNS:
 - {{ dns_address }}
 {% endfor %}
 {# Node reserved CPU/memory #}
-{% if kube_reserved | bool %}
-kubeReservedCgroup: {{ kube_reserved_cgroups }}
+{% for scope in "kube", "system" %}
+{% if lookup('ansible.builtin.vars', scope + "_reserved") | bool %}
+{{ scope }}ReservedCgroup: {{ lookup('ansible.builtin.vars', scope + '_reserved_cgroups') }}
 {% endif %}
-kubeReserved:
-{% if 'kube_control_plane' in group_names %}
-  cpu: "{{ kube_master_cpu_reserved }}"
-  memory: {{ kube_master_memory_reserved }}
-{% if kube_master_ephemeral_storage_reserved is defined %}
-  ephemeral-storage: {{ kube_master_ephemeral_storage_reserved }}
-{% endif %}
-{% if kube_master_pid_reserved is defined %}
-  pid: "{{ kube_master_pid_reserved }}"
-{% endif %}
-{% else %}
-  cpu: "{{ kube_cpu_reserved }}"
-  memory: {{ kube_memory_reserved }}
-{% if kube_ephemeral_storage_reserved is defined %}
-  ephemeral-storage: {{ kube_ephemeral_storage_reserved }}
-{% endif %}
-{% if kube_pid_reserved is defined %}
-  pid: "{{ kube_pid_reserved }}"
-{% endif %}
-{% endif %}
-{% if system_reserved | bool %}
-systemReservedCgroup: {{ system_reserved_cgroups }}
-systemReserved:
-{% if 'kube_control_plane' in group_names %}
-  cpu: "{{ system_master_cpu_reserved }}"
-  memory: {{ system_master_memory_reserved }}
-{% if system_master_ephemeral_storage_reserved is defined %}
-  ephemeral-storage: {{ system_master_ephemeral_storage_reserved }}
-{% endif %}
-{% if system_master_pid_reserved is defined %}
-  pid: "{{ system_master_pid_reserved }}"
-{% endif %}
-{% else %}
-  cpu: "{{ system_cpu_reserved }}"
-  memory: {{ system_memory_reserved }}
-{% if system_ephemeral_storage_reserved is defined %}
-  ephemeral-storage: {{ system_ephemeral_storage_reserved }}
-{% endif %}
-{% if system_pid_reserved is defined %}
-  pid: "{{ system_pid_reserved }}"
-{% endif %}
-{% endif %}
-{% endif %}
-{% if ('kube_control_plane' in group_names) and (eviction_hard_control_plane is defined) and eviction_hard_control_plane %}
-evictionHard:
-  {{ eviction_hard_control_plane | to_nice_yaml(indent=2) | indent(2) }}
-{% elif ('kube_control_plane' not in group_names) and (eviction_hard is defined) and eviction_hard %}
+{{ scope }}Reserved:
+{% for resource in "cpu", "memory", "ephemeral-storage", "pid" %}
+  {{ resource }}: "{{ lookup('ansible.builtin.vars', scope + '_' ~ (resource | replace('-', '_')) + '_reserved') }}"
+{% endfor %}
+{% endfor %}
+{% if eviction_hard is defined and eviction_hard %}
 evictionHard:
   {{ eviction_hard | to_nice_yaml(indent=2) | indent(2) }}
 {% endif %}
-- 
GitLab