mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-08 14:23:30 +00:00
fbe2d15f8c
Automatic merge from submit-queue Enforce Node Allocatable via cgroups This PR enforces node allocatable across all pods using a top level cgroup as described in https://github.com/kubernetes/community/pull/348 This PR also provides an option to enforce `kubeReserved` and `systemReserved` on user specified cgroups. This PR will by default make kubelet create top level cgroups even if `kubeReserved` and `systemReserved` is not specified and hence `Allocatable = Capacity`. ```release-note New Kubelet flag `--enforce-node-allocatable` with a default value of `pods` is added which will make kubelet create a top level cgroup for all pods to enforce Node Allocatable. Optionally, `system-reserved` & `kube-reserved` values can also be specified separated by comma to enforce node allocatable on cgroups specified via `--system-reserved-cgroup` & `--kube-reserved-cgroup` respectively. Note the default value of the latter flags are "". This feature requires a **Node Drain** prior to upgrade failing which pods will be restarted if possible or terminated if they have a `RestartNever` policy. ``` cc @kubernetes/sig-node-pr-reviews @kubernetes/sig-node-feature-requests TODO: - [x] Adjust effective Node Allocatable to subtract hard eviction thresholds - [x] Add unit tests - [x] Complete pending e2e tests - [x] Manual testing - [x] Get the proposal merged @dashpole is working on adding support for evictions for enforcing Node allocatable more gracefully. That work will show up in a subsequent PR for v1.6