From 9e2104c7d32d7143623d5cea22206a6bf1abc6e2 Mon Sep 17 00:00:00 2001
From: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Date: Mon, 6 Mar 2023 03:48:58 +0100
Subject: [PATCH] node: fix default kubelet/runtime cgroups when kube_reserved
 is false (#9834)

* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)

Commit 1c4db6132d9a2bf79e8d72c09cbdb12f3fef572a introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.

This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* inventory/sample: change false for kube_reserved as its the default

Changing the commented value in sample inventory to the actual default
value.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---
 inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml | 6 +++---
 roles/kubernetes/node/defaults/main.yml                 | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index 8f9790695..c8dafd522 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -264,15 +264,15 @@ podsecuritypolicy_enabled: false
 # kubelet_enforce_node_allocatable: pods
 
 ## Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
-# kubelet_runtime_cgroups: "{{ kube_reserved_cgroups }}/{{ container_manager }}.service"
-# kubelet_kubelet_cgroups: "{{ kube_reserved_cgroups }}/kubelet.service"
+# kubelet_runtime_cgroups: "/{{ kube_service_cgroups }}/{{ container_manager }}.service"
+# kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"
 
 ## Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
 # kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
 # kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
 
 # Optionally reserve this space for kube daemons.
-# kube_reserved: true
+# kube_reserved: false
 ## Uncomment to override default values
 ## The following two items need to be set when kube_reserved is true
 # kube_reserved_cgroups_for_service_slice: kube.slice
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 9e786594f..88278ff1e 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -12,8 +12,9 @@ kube_resolv_conf: "/etc/resolv.conf"
 kubelet_enforce_node_allocatable: "\"\""
 
 # Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
-kubelet_runtime_cgroups: "{{ kube_reserved_cgroups }}/{{ container_manager }}.service"
-kubelet_kubelet_cgroups: "{{ kube_reserved_cgroups }}/kubelet.service"
+kube_service_cgroups: "{% if kube_reserved %}{{ kube_reserved_cgroups_for_service_slice }}{% else %}system.slice{% endif %}"
+kubelet_runtime_cgroups: "/{{ kube_service_cgroups }}/{{ container_manager }}.service"
+kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"
 
 # Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
 kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
-- 
GitLab