From 575e0ca457e7c5e40f9cb0de984afa1ec8e21244 Mon Sep 17 00:00:00 2001
From: cyril-corbon <corboncyril@gmail.com>
Date: Mon, 24 Jan 2022 09:13:57 +0100
Subject: [PATCH] feat: add eviction hard to kubelet config (#8421)

Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
---
 inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml    | 5 +++++
 roles/kubernetes/node/defaults/main.yml                    | 5 +++++
 .../node/templates/kubelet-config.v1beta1.yaml.j2          | 7 +++++++
 3 files changed, 17 insertions(+)

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index ea1930887..a1e6953f2 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -254,6 +254,11 @@ podsecuritypolicy_enabled: false
 # system_master_memory_reserved: 256Mi
 # system_master_cpu_reserved: 250m
 
+## Eviction Thresholds to avoid system OOMs
+# https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds
+# eviction_hard: {}
+# eviction_hard_control_plane: {}
+
 # An alternative flexvolume plugin directory
 # kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
 
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index d42fa555a..9610abd71 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -40,6 +40,11 @@ system_cpu_reserved: 500m
 system_master_memory_reserved: 256Mi
 system_master_cpu_reserved: 250m
 
+## Eviction Thresholds to avoid system OOMs
+# https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds
+eviction_hard: {}
+eviction_hard_control_plane: {}
+
 kubelet_status_update_frequency: 10s
 
 # Requests for load balancer app
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 83e5a7176..5bf8b1766 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -77,6 +77,13 @@ systemReserved:
   memory: {{ system_memory_reserved }}
 {% endif %}
 {% endif %}
+{% if is_kube_master|bool and eviction_hard_control_plane is defined and eviction_hard_control_plane %}
+evictionHard:
+  {{ eviction_hard_control_plane | to_nice_yaml(indent=2) }}
+{% elif not is_kube_master|bool and eviction_hard is defined and eviction_hard %}
+evictionHard:
+  {{ eviction_hard | to_nice_yaml(indent=2) }}
+{% endif %}
 resolvConf: "{{ kube_resolv_conf }}"
 {% if kubelet_config_extra_args %}
 {{ kubelet_config_extra_args | to_nice_yaml(indent=2) }}
-- 
GitLab