ops: enforce rpi kubelet reservations via systemd
This commit is contained in:
jenkins
parent
c982b86136
commit
a8a17e7978
@ -15,7 +15,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: rpi-resource-reservation
|
app: rpi-resource-reservation
|
||||||
annotations:
|
annotations:
|
||||||
atlas.bstein.dev/reservation-revision: "2026-05-19-2"
|
atlas.bstein.dev/reservation-revision: "2026-05-19-3"
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: node-nofile
|
serviceAccountName: node-nofile
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|||||||
@ -8,6 +8,8 @@ config_dir="${host_root}/etc/rancher/k3s/config.yaml.d"
|
|||||||
config_file="${config_dir}/90-atlas-rpi-reservations.yaml"
|
config_file="${config_dir}/90-atlas-rpi-reservations.yaml"
|
||||||
kubelet_config_dir="${host_root}/var/lib/rancher/k3s/agent/etc/kubelet.conf.d"
|
kubelet_config_dir="${host_root}/var/lib/rancher/k3s/agent/etc/kubelet.conf.d"
|
||||||
kubelet_config_file="${kubelet_config_dir}/90-atlas-rpi-reservations.conf"
|
kubelet_config_file="${kubelet_config_dir}/90-atlas-rpi-reservations.conf"
|
||||||
|
systemd_override_dir="${host_root}/etc/systemd/system/${unit}.service.d"
|
||||||
|
systemd_override_file="${systemd_override_dir}/90-atlas-rpi-reservations.conf"
|
||||||
|
|
||||||
if [ ! -f "${unit_file}" ]; then
|
if [ ! -f "${unit_file}" ]; then
|
||||||
echo "k3s-agent unit not found; this guardrail only manages worker agents"
|
echo "k3s-agent unit not found; this guardrail only manages worker agents"
|
||||||
@ -70,6 +72,28 @@ if [ ! -f "${kubelet_config_file}" ] || ! cmp -s "${kubelet_tmp_file}" "${kubele
|
|||||||
fi
|
fi
|
||||||
rm -f "${kubelet_tmp_file}"
|
rm -f "${kubelet_tmp_file}"
|
||||||
|
|
||||||
|
override_tmp_file="$(mktemp)"
|
||||||
|
cat > "${override_tmp_file}" <<'EOF'
|
||||||
|
[Service]
|
||||||
|
UnsetEnvironment=K3S_KUBELET_ARG
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/local/bin/k3s agent \
|
||||||
|
--kubelet-arg=container-log-max-files=2 \
|
||||||
|
--kubelet-arg=system-reserved=cpu=250m,memory=384Mi,ephemeral-storage=1Gi \
|
||||||
|
--kubelet-arg=kube-reserved=cpu=150m,memory=256Mi,ephemeral-storage=1Gi \
|
||||||
|
--kubelet-arg=eviction-hard=memory.available<512Mi,nodefs.available<10%,imagefs.available<10% \
|
||||||
|
--kubelet-arg=eviction-soft=memory.available<768Mi,nodefs.available<15%,imagefs.available<15% \
|
||||||
|
--kubelet-arg=eviction-soft-grace-period=memory.available=1m,nodefs.available=2m,imagefs.available=2m \
|
||||||
|
--kubelet-arg=eviction-max-pod-grace-period=60
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ ! -f "${systemd_override_file}" ] || ! cmp -s "${override_tmp_file}" "${systemd_override_file}"; then
|
||||||
|
mkdir -p "${systemd_override_dir}"
|
||||||
|
install -m 0644 "${override_tmp_file}" "${systemd_override_file}"
|
||||||
|
changed=1
|
||||||
|
fi
|
||||||
|
rm -f "${override_tmp_file}"
|
||||||
|
|
||||||
if [ "${changed}" -eq 1 ]; then
|
if [ "${changed}" -eq 1 ]; then
|
||||||
delay="$(( (RANDOM % 420) + 30 ))"
|
delay="$(( (RANDOM % 420) + 30 ))"
|
||||||
echo "updated RPi kubelet reservations; restarting ${unit} after ${delay}s"
|
echo "updated RPi kubelet reservations; restarting ${unit} after ${delay}s"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user