From 2b75552d1c0d1688fe7556022f9ab646a50e881e Mon Sep 17 00:00:00 2001
From: Manuelraa <manuel@bloodycrystals.de>
Date: Thu, 11 May 2023 19:53:04 +0200
Subject: [PATCH] Replace swap vars with single `kubelet_fail_swap_on` (#10036)

---
 roles/kubernetes/node/defaults/main.yml                     | 3 ---
 .../node/templates/kubelet-config.v1beta1.yaml.j2           | 6 +++---
 roles/kubernetes/preinstall/tasks/0010-swapoff.yml          | 4 +---
 roles/kubernetes/preinstall/tasks/main.yml                  | 2 +-
 roles/kubespray-defaults/defaults/main.yaml                 | 5 +++--
 tests/files/packet_fedora35-calico-swap-selinux.yml         | 2 +-
 6 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 55045d414..611801318 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -20,9 +20,6 @@ kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"
 kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
 kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
 
-### fail with swap on (default true)
-kubelet_fail_swap_on: true
-
 # Set systemd service hardening features
 kubelet_systemd_hardening: false
 
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index cdaae67b7..d8cc557f4 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -1,7 +1,7 @@
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 nodeStatusUpdateFrequency: "{{ kubelet_status_update_frequency }}"
-failSwapOn: {{ kubelet_fail_swap_on|default(true) }}
+failSwapOn: {{ kubelet_fail_swap_on }}
 authentication:
   anonymous:
     enabled: false
@@ -140,9 +140,9 @@ eventRecordQPS: {{ kubelet_event_record_qps }}
 {% endif %}
 shutdownGracePeriod: {{ kubelet_shutdown_grace_period }}
 shutdownGracePeriodCriticalPods: {{ kubelet_shutdown_grace_period_critical_pods }}
-{% if not kubelet_fail_swap_on|default(true) %}
+{% if not kubelet_fail_swap_on %}
 memorySwap:
-  swapBehavior: {{ kubelet_swap_behavior|default("LimitedSwap") }}
+  swapBehavior: {{ kubelet_swap_behavior }}
 {% endif %}
 {% if kubelet_streaming_connection_idle_timeout is defined %}
 streamingConnectionIdleTimeout: {{ kubelet_streaming_connection_idle_timeout }}
diff --git a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml
index 4ea91d83e..c3c5e9e91 100644
--- a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml
+++ b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml
@@ -4,7 +4,7 @@
     name: "{{ item }}"
     fstype: swap
     state: absent
-  with_items:
+  loop:
     - swap
     - none
 
@@ -18,7 +18,6 @@
   command: /sbin/swapoff -a
   when:
     - swapon.stdout
-    - kubelet_fail_swap_on | default(True)
   ignore_errors: "{{ ansible_check_mode }}"  # noqa ignore-errors
 
 - name: Disable swapOnZram for Fedora
@@ -26,4 +25,3 @@
   when:
     - swapon.stdout
     - ansible_distribution in ['Fedora']
-    - kubelet_fail_swap_on | default(True)
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 95aa4c638..8e12636ec 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -3,7 +3,7 @@
 - import_tasks: 0010-swapoff.yml
   when:
     - not dns_late
-    - disable_swap
+    - kubelet_fail_swap_on
 
 - import_tasks: 0020-set_facts.yml
   tags:
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index eb8fbaa11..aed6c7e0a 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -11,8 +11,9 @@ kube_api_anonymous_auth: true
 # Default value, but will be set to true automatically if detected
 is_fedora_coreos: false
 
-# optional disable the swap
-disable_swap: true
+# Swap settings
+kubelet_fail_swap_on: true
+kubelet_swap_behavior: LimitedSwap
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
 kube_version: v1.26.3
diff --git a/tests/files/packet_fedora35-calico-swap-selinux.yml b/tests/files/packet_fedora35-calico-swap-selinux.yml
index 1535642cc..c8f058eff 100644
--- a/tests/files/packet_fedora35-calico-swap-selinux.yml
+++ b/tests/files/packet_fedora35-calico-swap-selinux.yml
@@ -14,6 +14,6 @@ kube_proxy_mode: iptables
 preinstall_selinux_state: enforcing
 
 # Test Alpha swap feature by leveraging zswap default config in Fedora 35
-kubelet_fail_swap_on: False
+kubelet_fail_swap_on: false
 kube_feature_gates:
   - "NodeSwap=True"
-- 
GitLab