From 532cd5f84c6b8a0431ace11323723415a72c000b Mon Sep 17 00:00:00 2001
From: Itamar Holder <iholder@redhat.com>
Date: Sun, 2 Jun 2024 12:05:55 +0300
Subject: [PATCH] Exclude critical pods from having swap access

Signed-off-by: Itamar Holder <iholder@redhat.com>
---
 pkg/kubelet/kuberuntime/kuberuntime_container_linux.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
index 132ff43cfe7..b2920d82a31 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
@@ -180,6 +180,11 @@ func (m *kubeGenericRuntimeManager) configureContainerSwapResources(lcr *runtime
 		return
 	}
 
+	if kubelettypes.IsCriticalPod(pod) {
+		swapConfigurationHelper.ConfigureNoSwap(lcr)
+		return
+	}
+
 	// NOTE(ehashman): Behavior is defined in the opencontainers runtime spec:
 	// https://github.com/opencontainers/runtime-spec/blob/1c3f411f041711bbeecf35ff7e93461ea6789220/config-linux.md#memory
 	switch m.memorySwapBehavior {