github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

kubelet: introduce --protect-kernel-defaults to make the KernelTunableBehavior configurable

Browse Source
This commit is contained in:
Jan Chaloupka 2016-07-26 12:21:17 +02:00
parent 7bd2db47f9
commit eb967ad143
7 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kubelet/app/options/options.go
View File

@ -181,4 +181,5 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
fs.Int32Var(&s.EvictionMaxPodGracePeriod, "eviction-max-pod-grace-period", s.EvictionMaxPodGracePeriod, "Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. If negative, defer to pod specified value.") fs.Int32Var(&s.EvictionMaxPodGracePeriod, "eviction-max-pod-grace-period", s.EvictionMaxPodGracePeriod, "Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. If negative, defer to pod specified value.")
fs.StringVar(&s.EvictionMinimumReclaim, "eviction-minimum-reclaim", s.EvictionMinimumReclaim, "A set of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.") fs.StringVar(&s.EvictionMinimumReclaim, "eviction-minimum-reclaim", s.EvictionMinimumReclaim, "A set of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.")
fs.Int32Var(&s.PodsPerCore, "pods-per-core", s.PodsPerCore, "Number of Pods per core that can run on this Kubelet. The total number of Pods on this Kubelet cannot exceed max-pods, so max-pods will be used if this calculation results in a larger number of Pods allowed on the Kubelet. A value of 0 disables this limit.") fs.Int32Var(&s.PodsPerCore, "pods-per-core", s.PodsPerCore, "Number of Pods per core that can run on this Kubelet. The total number of Pods on this Kubelet cannot exceed max-pods, so max-pods will be used if this calculation results in a larger number of Pods allowed on the Kubelet. A value of 0 disables this limit.")
fs.BoolVar(&s.ProtectKernelDefaults, "protect-kernel-defaults", s.ProtectKernelDefaults, "Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults.")
} }

23
cmd/kubelet/app/server.go
View File

@ -280,9 +280,10 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) {
HairpinMode: s.HairpinMode, HairpinMode: s.HairpinMode,
BabysitDaemons: s.BabysitDaemons, BabysitDaemons: s.BabysitDaemons,
ExperimentalFlannelOverlay: s.ExperimentalFlannelOverlay, ExperimentalFlannelOverlay: s.ExperimentalFlannelOverlay,
NodeIP: net.ParseIP(s.NodeIP), NodeIP: net.ParseIP(s.NodeIP),
EvictionConfig: evictionConfig, EvictionConfig: evictionConfig,
PodsPerCore: int(s.PodsPerCore), PodsPerCore: int(s.PodsPerCore),
ProtectKernelDefaults: s.ProtectKernelDefaults,
}, nil }, nil
} }
@ -370,12 +371,13 @@ func run(s *options.KubeletServer, kcfg *KubeletConfig) (err error) {
return fmt.Errorf("invalid configuration: system container was specified and cgroup root was not specified") return fmt.Errorf("invalid configuration: system container was specified and cgroup root was not specified")
} }
kcfg.ContainerManager, err = cm.NewContainerManager(kcfg.Mounter, kcfg.CAdvisorInterface, cm.NodeConfig{ kcfg.ContainerManager, err = cm.NewContainerManager(kcfg.Mounter, kcfg.CAdvisorInterface, cm.NodeConfig{
RuntimeCgroupsName: kcfg.RuntimeCgroups, RuntimeCgroupsName: kcfg.RuntimeCgroups,
SystemCgroupsName: kcfg.SystemCgroups, SystemCgroupsName: kcfg.SystemCgroups,
KubeletCgroupsName: kcfg.KubeletCgroups, KubeletCgroupsName: kcfg.KubeletCgroups,
ContainerRuntime: kcfg.ContainerRuntime, ContainerRuntime: kcfg.ContainerRuntime,
CgroupsPerQOS: kcfg.CgroupsPerQOS, CgroupsPerQOS: kcfg.CgroupsPerQOS,
CgroupRoot: kcfg.CgroupRoot, CgroupRoot: kcfg.CgroupRoot,
ProtectKernelDefaults: kcfg.ProtectKernelDefaults,
}) })
if err != nil { if err != nil {
return err return err
@ -624,6 +626,7 @@ func SimpleKubelet(client *clientset.Clientset,
OutOfDiskTransitionFrequency: outOfDiskTransitionFrequency, OutOfDiskTransitionFrequency: outOfDiskTransitionFrequency,
EvictionConfig: evictionConfig, EvictionConfig: evictionConfig,
PodsPerCore: podsPerCore, PodsPerCore: podsPerCore,
ProtectKernelDefaults: false,
} }
return &kcfg return &kcfg
} }
@ -876,6 +879,8 @@ type KubeletConfig struct {
HairpinMode string HairpinMode string
BabysitDaemons bool BabysitDaemons bool
Options []kubelet.Option Options []kubelet.Option
ProtectKernelDefaults bool
} }
func CreateAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.PodConfig, err error) { func CreateAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.PodConfig, err error) {

1
hack/verify-flags/known-flags.txt
View File

@ -369,6 +369,7 @@ portal-net
prepull-images prepull-images
private-mountns private-mountns
prom-push-gateway prom-push-gateway
protect-kernel-defaults
proto-import proto-import
proxy-bindall proxy-bindall
proxy-kubeconfig proxy-kubeconfig

2
pkg/apis/componentconfig/types.go
View File

@ -396,6 +396,8 @@ type KubeletConfiguration struct {
// Currently only cpu and memory are supported. [default=none] // Currently only cpu and memory are supported. [default=none]
// See http://releases.k8s.io/HEAD/docs/user-guide/compute-resources.md for more detail. // See http://releases.k8s.io/HEAD/docs/user-guide/compute-resources.md for more detail.
KubeReserved utilconfig.ConfigurationMap `json:"kubeReserved"` KubeReserved utilconfig.ConfigurationMap `json:"kubeReserved"`
// Default behaviour for kernel tuning
ProtectKernelDefaults bool `json:"protectKernelDefaults"`
} }
type KubeSchedulerConfiguration struct { type KubeSchedulerConfiguration struct {

2
pkg/apis/componentconfig/v1alpha1/types.go
View File

@ -451,4 +451,6 @@ type KubeletConfiguration struct {
// Currently only cpu and memory are supported. [default=none] // Currently only cpu and memory are supported. [default=none]
// See http://releases.k8s.io/HEAD/docs/user-guide/compute-resources.md for more detail. // See http://releases.k8s.io/HEAD/docs/user-guide/compute-resources.md for more detail.
KubeReserved map[string]string `json:"kubeReserved"` KubeReserved map[string]string `json:"kubeReserved"`
// Default behaviour for kernel tuning
ProtectKernelDefaults bool `json:"protectKernelDefaults"`
} }

13
pkg/kubelet/cm/container_manager.go
View File

@ -39,12 +39,13 @@ type ContainerManager interface {
} }
type NodeConfig struct { type NodeConfig struct {
RuntimeCgroupsName string RuntimeCgroupsName string
SystemCgroupsName string SystemCgroupsName string
KubeletCgroupsName string KubeletCgroupsName string
ContainerRuntime string ContainerRuntime string
CgroupsPerQOS bool CgroupsPerQOS bool
CgroupRoot string CgroupRoot string
ProtectKernelDefaults bool
} }
type Status struct { type Status struct {

8
pkg/kubelet/cm/container_manager_linux.go
View File

@ -199,7 +199,6 @@ func createManager(containerName string) *fs.Manager {
} }
} }
// TODO: plumb this up as a flag to Kubelet in a future PR
type KernelTunableBehavior string type KernelTunableBehavior string
const ( const (
@ -288,8 +287,11 @@ func (cm *containerManagerImpl) setupNode() error {
if !f.cpuHardcapping { if !f.cpuHardcapping {
cm.status.SoftRequirements = fmt.Errorf("CPU hardcapping unsupported") cm.status.SoftRequirements = fmt.Errorf("CPU hardcapping unsupported")
} }
// TODO: plumb kernel tunable options into container manager, right now, we modify by default b := KernelTunableModify
if err := setupKernelTunables(KernelTunableModify); err != nil { if cm.GetNodeConfig().ProtectKernelDefaults {
b = KernelTunableError
}
if err := setupKernelTunables(b); err != nil {
return err return err
} }