From 9ef6678b7ec610cabf033278d3a0866e89cd0f95 Mon Sep 17 00:00:00 2001
From: peterw <12556909+pedro-peter@users.noreply.github.com>
Date: Mon, 1 Apr 2024 06:21:33 +0100
Subject: [PATCH] configure crio to use kube reserved cgroups (#11028)

---
 roles/container-engine/cri-o/tasks/main.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 99a3ed278..61105f401 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -90,6 +90,20 @@
     remote_src: true
   notify: Restart crio
 
+- name: Cri-o | configure crio to use kube reserved cgroups
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/crio.service.d/00-slice.conf
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+      [Service]
+      Slice={{ kube_reserved_cgroups_for_service_slice }}
+  notify: Restart crio
+  when:
+    - kube_reserved is defined and kube_reserved is true
+    - kube_reserved_cgroups_for_service_slice is defined
+
 - name: Cri-o | update the bin dir for crio.service file
   replace:
     dest: /etc/systemd/system/crio.service
-- 
GitLab