From 6a6b079f1fd16f3523c575b0d7223b385d32755b Mon Sep 17 00:00:00 2001 From: Alexander Bushkin Date: Wed, 24 Jun 2026 16:08:32 +0200 Subject: [PATCH] CMP-4340: consolidate kubeletconfig remediations for eviction threshold rules --- .../kubernetes/shared.yml | 10 +++++++--- .../kubernetes/shared.yml | 10 +++++++--- .../kubernetes/shared.yml | 10 +++++++--- .../kubernetes/shared.yml | 10 +++++++--- .../kubernetes/shared.yml | 10 +++++++--- .../kubernetes/shared.yml | 14 +++++++++----- .../kubernetes/shared.yml | 14 +++++++++----- .../kubernetes/shared.yml | 14 +++++++++----- .../kubernetes/shared.yml | 14 +++++++++----- .../rule.yml | 4 +++- .../kubernetes/shared.yml | 14 +++++++++----- 11 files changed, 83 insertions(+), 41 deletions(-) diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/kubernetes/shared.yml index f0b622261aeb..e49e8a3cf10a 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_available/kubernetes/shared.yml @@ -1,5 +1,9 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionHard',parameter='imagefs.available', value='var_kubelet_evictionhard_imagefs_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionHard: + imagefs.available: {{.var_kubelet_evictionhard_imagefs_available}} + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_inodesfree/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_inodesfree/kubernetes/shared.yml index 80535cb7d925..cdb3ad8e270f 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_inodesfree/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_imagefs_inodesfree/kubernetes/shared.yml @@ -1,5 +1,9 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionHard',parameter='imagefs.inodesFree', value='var_kubelet_evictionhard_imagefs_inodesfree') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionHard: + imagefs.inodesFree: {{.var_kubelet_evictionhard_imagefs_inodesfree}} + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/kubernetes/shared.yml index ea8755483746..b21ccfa1a403 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_memory_available/kubernetes/shared.yml @@ -1,5 +1,9 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionHard',parameter='memory.available', value='var_kubelet_evictionhard_memory_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionHard: + memory.available: {{.var_kubelet_evictionhard_memory_available}} + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/kubernetes/shared.yml index f175bb39c507..3b2998a93273 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_available/kubernetes/shared.yml @@ -1,5 +1,9 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionHard',parameter='nodefs.available', value='var_kubelet_evictionhard_nodefs_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionHard: + nodefs.available: {{.var_kubelet_evictionhard_nodefs_available}} + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/kubernetes/shared.yml index e0b04645fdf9..0439cb82c7b7 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_hard_nodefs_inodesfree/kubernetes/shared.yml @@ -1,5 +1,9 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionHard',parameter='nodefs.inodesFree', value='var_kubelet_evictionhard_nodefs_inodesfree') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionHard: + nodefs.inodesFree: {{.var_kubelet_evictionhard_nodefs_inodesfree}} + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_available/kubernetes/shared.yml index 3ef1f6da7ce2..aab76fe04aa5 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_available/kubernetes/shared.yml @@ -1,7 +1,11 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionSoft',parameter='imagefs.available', value='var_kubelet_evictionsoft_imagefs_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig.evictionSoftGracePeriod',parameter='imagefs.available', value='"1m30s"') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionSoft: + imagefs.available: {{.var_kubelet_evictionsoft_imagefs_available}} + evictionSoftGracePeriod: + imagefs.available: "1m30s" + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_inodesfree/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_inodesfree/kubernetes/shared.yml index 55c84d9219ef..811b7409f28b 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_inodesfree/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_imagefs_inodesfree/kubernetes/shared.yml @@ -1,7 +1,11 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionSoft',parameter='imagefs.inodesFree', value='var_kubelet_evictionsoft_imagefs_inodesfree') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig.evictionSoftGracePeriod',parameter='imagefs.inodesFree', value='"1m30s"') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionSoft: + imagefs.inodesFree: {{.var_kubelet_evictionsoft_imagefs_inodesfree}} + evictionSoftGracePeriod: + imagefs.inodesFree: "1m30s" + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_memory_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_memory_available/kubernetes/shared.yml index 6f074d37875d..05939603048f 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_memory_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_memory_available/kubernetes/shared.yml @@ -1,7 +1,11 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionSoft',parameter='memory.available', value='var_kubelet_evictionsoft_memory_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig.evictionSoftGracePeriod',parameter='memory.available', value='"1m30s"') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionSoft: + memory.available: {{.var_kubelet_evictionsoft_memory_available}} + evictionSoftGracePeriod: + memory.available: "1m30s" + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/kubernetes/shared.yml index 6e1ace0a3f55..ee80a5d4167f 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/kubernetes/shared.yml @@ -1,7 +1,11 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionSoft',parameter='nodefs.available', value='var_kubelet_evictionsoft_nodefs_available') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig.evictionSoftGracePeriod',parameter='nodefs.available', value='"1m30s"') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionSoft: + nodefs.available: {{.var_kubelet_evictionsoft_nodefs_available}} + evictionSoftGracePeriod: + nodefs.available: "1m30s" + evictionPressureTransitionPeriod: 0s diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/rule.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/rule.yml index 25d2403f2d96..94c30d19718a 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/rule.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_available/rule.yml @@ -72,4 +72,6 @@ template: filepath: '/var/run/compliance-operator/kubeletconfig/openscap-kubeletconfig' yamlpath: ".kubeletconfig.evictionSoft['nodefs.available']" check_existence: "all_exist" - xccdf_variable: var_event_record_qps + values: + - value: "^.+$" + operation: "pattern match" diff --git a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_inodesfree/kubernetes/shared.yml b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_inodesfree/kubernetes/shared.yml index b4e97572f045..3e9d837cfb51 100644 --- a/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_inodesfree/kubernetes/shared.yml +++ b/applications/openshift/kubelet/kubelet_eviction_thresholds_set_soft_nodefs_inodesfree/kubernetes/shared.yml @@ -1,7 +1,11 @@ --- # platform = multi_platform_ocp -{{{ kubelet_config(path='kubeletConfig.evictionSoft',parameter='nodefs.inodesFree', value='var_kubelet_evictionsoft_nodefs_inodesfree') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig.evictionSoftGracePeriod',parameter='nodefs.inodesFree', value='"1m30s"') }}} ---- -{{{ kubelet_config_fixed(path='kubeletConfig',parameter='evictionPressureTransitionPeriod', value='0s') }}} +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +spec: + kubeletConfig: + evictionSoft: + nodefs.inodesFree: {{.var_kubelet_evictionsoft_nodefs_inodesfree}} + evictionSoftGracePeriod: + nodefs.inodesFree: "1m30s" + evictionPressureTransitionPeriod: 0s