fix kamaji garbage collection (#263)

upstream issue https://github.com/clastix/kamaji/issues/508 Signed-off-by: Andrei Kvapil <kvapss@gmail.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-27 18:18:41 +00:00 · 2024-08-07 12:34:47 +02:00
parent 13c9ec1626
commit 72711dfefc
5 changed files with 77 additions and 0 deletions
--- a/1
+++ b/1
@@ -6,6 +6,7 @@ build:
 	make -C packages/system/cilium image
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
+	make -C packages/system/kamaji image
 	make -C packages/core/installer image
 	make manifests

--- a/packages/system/kamaji/Makefile
+++ b/packages/system/kamaji/Makefile
@@ -1,6 +1,7 @@
 export NAME=kamaji
 export NAMESPACE=cozy-$(NAME)

+include ../../../scripts/common-envs.mk
 include ../../../scripts/package-system.mk

 update:
@@ -8,3 +9,19 @@ update:
 	helm repo add clastix https://clastix.github.io/charts
 	helm repo update clastix
 	helm pull clastix/kamaji --untar --untardir charts
+
+image:
+	docker buildx build images/kamaji \
+		--provenance false \
+		--tag $(REGISTRY)/kamaji:$(call settag,$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/kamaji:latest \
+		--cache-to type=inline \
+		--metadata-file images/kamaji.json \
+		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/aenix-io/cozystack"
+		--load=$(LOAD)
+	REPOSITORY="$(REGISTRY)/kamaji" \
+		yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml
+	TAG=$(TAG)@$$(yq e '."containerimage.digest"' images/kamaji.json -o json -r) \
+		yq -i '.kamaji.image.tag = strenv(TAG)' values.yaml
+	rm -f images/kamaji.json
--- a/packages/system/kamaji/images/kamaji/Dockerfile
+++ b/packages/system/kamaji/images/kamaji/Dockerfile
@@ -0,0 +1,25 @@
+# Build the manager binary
+FROM golang:1.22 as builder
+
+ARG VERSION=v1.0.0
+ARG TARGETOS TARGETARCH
+
+WORKDIR /workspace
+
+RUN curl -sSL https://github.com/clastix/kamaji/archive/refs/tags/v1.0.0.tar.gz | tar -xzvf- --strip=1
+
+COPY patches /patches
+RUN git apply /patches/enable-gc.diff
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \
+    -ldflags "-X github.com/clastix/kamaji/internal.GitRepo=$GIT_REPO -X github.com/clastix/kamaji/internal.GitTag=$GIT_LAST_TAG -X github.com/clastix/kamaji/internal.GitCommit=$GIT_HEAD_COMMIT -X github.com/clastix/kamaji/internal.GitDirty=$GIT_MODIFIED -X github.com/clastix/kamaji/internal.BuildTime=$BUILD_DATE" \
+    -a -o kamaji main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/kamaji .
+USER 65532:65532
+
+ENTRYPOINT ["/kamaji"]
--- a/packages/system/kamaji/images/kamaji/patches/enable-gc.diff
+++ b/packages/system/kamaji/images/kamaji/patches/enable-gc.diff
@@ -0,0 +1,30 @@
+diff --git a/internal/kubeadm/uploadconfig.go b/internal/kubeadm/uploadconfig.go
+index 0dc9e71..e516390 100644
+--- a/internal/kubeadm/uploadconfig.go
+++ b/internal/kubeadm/uploadconfig.go
+@@ -98,21 +98,15 @@ func getKubeletConfigmapContent(kubeletConfiguration KubeletConfiguration) ([]by
+ 				CacheUnauthorizedTTL: zeroDuration,
+ 			},
+ 		},
+-		CgroupDriver:              kubeletConfiguration.TenantControlPlaneCgroupDriver,
+-		ClusterDNS:                kubeletConfiguration.TenantControlPlaneDNSServiceIPs,
+-		ClusterDomain:             kubeletConfiguration.TenantControlPlaneDomain,
+-		CPUManagerReconcilePeriod: zeroDuration,
+-		EvictionHard: map[string]string{
+-			"imagefs.available": "0%",
+-			"nodefs.available":  "0%",
+-			"nodefs.inodesFree": "0%",
+-		},
+		CgroupDriver:                     kubeletConfiguration.TenantControlPlaneCgroupDriver,
+		ClusterDNS:                       kubeletConfiguration.TenantControlPlaneDNSServiceIPs,
+		ClusterDomain:                    kubeletConfiguration.TenantControlPlaneDomain,
+		CPUManagerReconcilePeriod:        zeroDuration,
+ 		EvictionPressureTransitionPeriod: zeroDuration,
+ 		FileCheckFrequency:               zeroDuration,
+ 		HealthzBindAddress:               "127.0.0.1",
+ 		HealthzPort:                      pointer.To(int32(10248)),
+ 		HTTPCheckFrequency:               zeroDuration,
+-		ImageGCHighThresholdPercent:      pointer.To(int32(100)),
+ 		NodeStatusUpdateFrequency:        zeroDuration,
+ 		NodeStatusReportFrequency:        zeroDuration,
+ 		RotateCertificates:               true,
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -1,3 +1,7 @@
 kamaji:
  etcd:
    deploy: false
+  image:
+    pullPolicy: IfNotPresent
+    tag: latest@sha256:f7e4036ed809176dafc671953a5c95a652dc7d637a67470142e625103f91ca3d
+    repository: ghcr.io/aenix-io/cozystack/kamaji