Replace log entry by a warning event

Signed-off-by: Itamar Holder <iholder@redhat.com>
2025-07-30 15:05:27 +00:00 · 2024-05-15 10:24:15 +03:00 · 2024-05-15 10:24:15 +03:00 · 74f29880bd
commit 74f29880bd
parent 29535c0463
3 changed files with 18 additions and 7 deletions
--- a/pkg/kubelet/cm/container_manager_linux.go
+++ b/pkg/kubelet/cm/container_manager_linux.go
@ -57,6 +57,7 @@ import (
 	cmutil "k8s.io/kubernetes/pkg/kubelet/cm/util"
 	"k8s.io/kubernetes/pkg/kubelet/config"
 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+	"k8s.io/kubernetes/pkg/kubelet/events"
 	"k8s.io/kubernetes/pkg/kubelet/lifecycle"
 	"k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache"
 	"k8s.io/kubernetes/pkg/kubelet/stats/pidlimit"
@ -214,7 +215,11 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I
 		}

 		if !swap.IsTmpfsNoswapOptionSupported(mountUtil) {
-			klog.InfoS("tmpfs noswap option is not supported, hence memory-backed volumes (e.g. secrets, emptyDirs) might be swapped to disk")
+			nodeRef := nodeRefFromNode(string(nodeConfig.NodeName))
+			recorder.Event(nodeRef, v1.EventTypeWarning, events.PossibleMemoryBackedVolumesOnDisk,
+				"The tmpfs noswap option is not supported. Memory-backed volumes (e.g. secrets, emptyDirs, etc.) "+
+					"might be swapped to disk and should no longer be considered secure.",
+			)
 		}
 	}

--- a/pkg/kubelet/cm/node_container_manager_linux.go
+++ b/pkg/kubelet/cm/node_container_manager_linux.go
@ -84,12 +84,7 @@ func (cm *containerManagerImpl) enforceNodeAllocatableCgroups() error {
 	}

 	// Using ObjectReference for events as the node maybe not cached; refer to #42701 for detail.
-	nodeRef := &v1.ObjectReference{
-		Kind:      "Node",
-		Name:      cm.nodeInfo.Name,
-		UID:       types.UID(cm.nodeInfo.Name),
-		Namespace: "",
-	}
+	nodeRef := nodeRefFromNode(cm.nodeInfo.Name)

 	// If Node Allocatable is enforced on a node that has not been drained or is updated on an existing node to a lower value,
 	// existing memory usage across pods might be higher than current Node Allocatable Memory Limits.
@ -265,3 +260,13 @@ func (cm *containerManagerImpl) validateNodeAllocatable() error {
 	}
 	return nil
 }
+
+// Using ObjectReference for events as the node maybe not cached; refer to #42701 for detail.
+func nodeRefFromNode(nodeName string) *v1.ObjectReference {
+	return &v1.ObjectReference{
+		Kind:      "Node",
+		Name:      nodeName,
+		UID:       types.UID(nodeName),
+		Namespace: "",
+	}
+}
--- a/pkg/kubelet/events/event.go
+++ b/pkg/kubelet/events/event.go
@ -75,6 +75,7 @@ const (
 	FailedStatusPodSandBox               = "FailedPodSandBoxStatus"
 	FailedMountOnFilesystemMismatch      = "FailedMountOnFilesystemMismatch"
 	FailedPrepareDynamicResources        = "FailedPrepareDynamicResources"
+	PossibleMemoryBackedVolumesOnDisk    = "PossibleMemoryBackedVolumesOnDisk"
 )

 // Image manager event reason list