Skip to content

Commit

Permalink
Merge pull request #9895 from k8s-infra-cherrypick-robot/cherry-pick-…
Browse files Browse the repository at this point in the history
…9894-to-release-1.6

[release-1.6] 🐛 capd: fix ignition to also set the kube-proxy configuration to skip setting sysctls
  • Loading branch information
k8s-ci-robot authored Dec 18, 2023
2 parents 6ddbb14 + d1810b5 commit 42a26d5
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,17 @@ spec:
kubeletExtraArgs:
eviction-hard: 'nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%'
fail-swap-on: "false"
cgroup-root: "/kubelet"
runtime-cgroups: "/system.slice/containerd.service"
joinConfiguration:
nodeRegistration:
# We have to set the criSocket to containerd as kubeadm defaults to docker runtime if both containerd and docker sockets are found
criSocket: unix:///var/run/containerd/containerd.sock
kubeletExtraArgs:
eviction-hard: 'nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%'
fail-swap-on: "false"
cgroup-root: "/kubelet"
runtime-cgroups: "/system.slice/containerd.service"
---
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
Expand All @@ -45,3 +49,5 @@ spec:
kubeletExtraArgs:
eviction-hard: 'nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%'
fail-swap-on: "false"
cgroup-root: "/kubelet"
runtime-cgroups: "/system.slice/containerd.service"
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,18 @@ import (
"sigs.k8s.io/cluster-api/test/infrastructure/docker/internal/provisioning"
)

const (
kubeproxyComponentConfig = `
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
conntrack:
# Skip setting sysctl value "net.netfilter.nf_conntrack_max"
# It is a global variable that affects other namespaces
maxPerCore: 0
`
)

// RawIgnitionToProvisioningCommands converts an Ignition YAML document to a slice of commands.
func RawIgnitionToProvisioningCommands(config []byte) ([]provisioning.Cmd, error) {
// Ensure Ignition is a valid YAML document.
Expand Down Expand Up @@ -76,6 +88,10 @@ func getActions(userData []byte) ([]provisioning.Cmd, error) {
contents = hackKubeadmIgnoreErrors(contents)
}

if f.Path == "/etc/kubeadm.yml" {
contents = hackKubeProxySysctlWorkaround(contents)
}

commands = append(commands, []provisioning.Cmd{
// Idempotently create the directory.
{Cmd: "mkdir", Args: []string{"-p", filepath.Dir(f.Path)}},
Expand Down Expand Up @@ -118,6 +134,13 @@ func hackKubeadmIgnoreErrors(s string) string {
return strings.Join(lines, "\n")
}

// hackKubeProxySysctlWorkaround adds kube-proxy configuration for kubeadm so it
// to skips setting the sysctl value for "net.netfilter.nf_conntrack_max"
// which would fail on kind clusters because of the sysctls being read-only.
func hackKubeProxySysctlWorkaround(s string) string {
return s + kubeproxyComponentConfig
}

// decodeFileContents accepts a string representing the contents of a file encoded in Ignition
// format and returns a decoded version of the string.
func decodeFileContents(s string) (string, error) {
Expand Down

0 comments on commit 42a26d5

Please sign in to comment.