Replace swap vars with single kubelet_fail_swap_on (#10036)

kubernetes-sigs · May 11, 2023 · 2b75552 · 2b75552
1 parent 951face
commit 2b75552
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 13 deletions.
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
@@ -20,9 +20,6 @@ kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"
 kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
 kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
 
-### fail with swap on (default true)
-kubelet_fail_swap_on: true
-
 # Set systemd service hardening features
 kubelet_systemd_hardening: false
 

diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -1,7 +1,7 @@
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 nodeStatusUpdateFrequency: "{{ kubelet_status_update_frequency }}"
-failSwapOn: {{ kubelet_fail_swap_on|default(true) }}
+failSwapOn: {{ kubelet_fail_swap_on }}
 authentication:
   anonymous:
     enabled: false
@@ -140,9 +140,9 @@ eventRecordQPS: {{ kubelet_event_record_qps }}
 {% endif %}
 shutdownGracePeriod: {{ kubelet_shutdown_grace_period }}
 shutdownGracePeriodCriticalPods: {{ kubelet_shutdown_grace_period_critical_pods }}
-{% if not kubelet_fail_swap_on|default(true) %}
+{% if not kubelet_fail_swap_on %}
 memorySwap:
-  swapBehavior: {{ kubelet_swap_behavior|default("LimitedSwap") }}
+  swapBehavior: {{ kubelet_swap_behavior }}
 {% endif %}
 {% if kubelet_streaming_connection_idle_timeout is defined %}
 streamingConnectionIdleTimeout: {{ kubelet_streaming_connection_idle_timeout }}

diff --git a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml
@@ -4,7 +4,7 @@
     name: "{{ item }}"
     fstype: swap
     state: absent
-  with_items:
+  loop:
     - swap
     - none
 
@@ -18,12 +18,10 @@
   command: /sbin/swapoff -a
   when:
     - swapon.stdout
-    - kubelet_fail_swap_on | default(True)
   ignore_errors: "{{ ansible_check_mode }}"  # noqa ignore-errors
 
 - name: Disable swapOnZram for Fedora
   command: touch /etc/systemd/zram-generator.conf
   when:
     - swapon.stdout
     - ansible_distribution in ['Fedora']
-    - kubelet_fail_swap_on | default(True)
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
@@ -3,7 +3,7 @@
 - import_tasks: 0010-swapoff.yml
   when:
     - not dns_late
-    - disable_swap
+    - kubelet_fail_swap_on
 
 - import_tasks: 0020-set_facts.yml
   tags:

diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
@@ -11,8 +11,9 @@ kube_api_anonymous_auth: true
 # Default value, but will be set to true automatically if detected
 is_fedora_coreos: false
 
-# optional disable the swap
-disable_swap: true
+# Swap settings
+kubelet_fail_swap_on: true
+kubelet_swap_behavior: LimitedSwap
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
 kube_version: v1.26.3

diff --git a/tests/files/packet_fedora35-calico-swap-selinux.yml b/tests/files/packet_fedora35-calico-swap-selinux.yml
@@ -14,6 +14,6 @@ kube_proxy_mode: iptables
 preinstall_selinux_state: enforcing
 
 # Test Alpha swap feature by leveraging zswap default config in Fedora 35
-kubelet_fail_swap_on: False
+kubelet_fail_swap_on: false
 kube_feature_gates:
   - "NodeSwap=True"