CMP-4340: Consolidate KubeletConfig remediations for eviction threshold rules#14825
Open
abushkin-redhat wants to merge 1 commit into
Open
Conversation
Collaborator
Author
|
/ok-to-test |
|
This datastream diff is auto generated by the check Click here to see the full diffkubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available
@@ -5,9 +5,4 @@
kubeletConfig:
evictionHard:
imagefs.available: {{.var_kubelet_evictionhard_imagefs_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree
@@ -5,9 +5,4 @@
kubeletConfig:
evictionHard:
imagefs.inodesFree: {{.var_kubelet_evictionhard_imagefs_inodesfree}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available
@@ -5,9 +5,4 @@
kubeletConfig:
evictionHard:
memory.available: {{.var_kubelet_evictionhard_memory_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available
@@ -5,9 +5,4 @@
kubeletConfig:
evictionHard:
nodefs.available: {{.var_kubelet_evictionhard_nodefs_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree
@@ -5,9 +5,4 @@
kubeletConfig:
evictionHard:
nodefs.inodesFree: {{.var_kubelet_evictionhard_nodefs_inodesfree}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available
@@ -5,16 +5,6 @@
kubeletConfig:
evictionSoft:
imagefs.available: {{.var_kubelet_evictionsoft_imagefs_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionSoftGracePeriod:
imagefs.available: "1m30s"
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree
@@ -5,16 +5,6 @@
kubeletConfig:
evictionSoft:
imagefs.inodesFree: {{.var_kubelet_evictionsoft_imagefs_inodesfree}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionSoftGracePeriod:
imagefs.inodesFree: "1m30s"
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available
@@ -5,16 +5,6 @@
kubeletConfig:
evictionSoft:
memory.available: {{.var_kubelet_evictionsoft_memory_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionSoftGracePeriod:
memory.available: "1m30s"
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available
@@ -5,16 +5,6 @@
kubeletConfig:
evictionSoft:
nodefs.available: {{.var_kubelet_evictionsoft_nodefs_available}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionSoftGracePeriod:
nodefs.available: "1m30s"
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s
kubernetes remediation for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree' differs.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree
@@ -5,16 +5,6 @@
kubeletConfig:
evictionSoft:
nodefs.inodesFree: {{.var_kubelet_evictionsoft_nodefs_inodesfree}}
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionSoftGracePeriod:
nodefs.inodesFree: "1m30s"
----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: KubeletConfig
-spec:
- kubeletConfig:
evictionPressureTransitionPeriod: 0s |
|
@abushkin-redhat: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
The fix consolidates each rule's multiple KubeletConfig objects into a single object in all 10
kubernetes/shared.ymlfiles underapplications/openshift/kubelet/kubelet_eviction_thresholds_set_*/. This produces 1ComplianceRemediationper rule instead of 2-3, resulting in a single MCO rollout that completes successfully. Validated on OCP 4.22 CI / RHEL 10 with all 10 soft eviction remediations applied to both master and worker nodes -- all 6 nodes survived and all rules pass after rescan. An additional copy-paste bug was fixed inkubelet_eviction_thresholds_set_soft_nodefs_available/rule.ymlwherexccdf_variable: var_event_record_qps(from a different rule) was replaced with the correct values block.