fix(k8s): allow disabling swap checks
diff --git a/roles/kubernetes/defaults/main.yml b/roles/kubernetes/defaults/main.yml
index 1cbfc72..02ece9b 100644
--- a/roles/kubernetes/defaults/main.yml
+++ b/roles/kubernetes/defaults/main.yml
@@ -76,3 +76,7 @@
# Node IP address
kubernetes_node_ip: "{{ ansible_default_ipv4.address }}"
+
+# Allow usage of swap memory for the Kubelet (Do not enable this unless you
+# know what you are doing).
+kubernetes_allow_unsafe_swap: false
diff --git a/roles/kubernetes/tasks/bootstrap-cluster.yml b/roles/kubernetes/tasks/bootstrap-cluster.yml
index c3981d9..ddc8528 100644
--- a/roles/kubernetes/tasks/bootstrap-cluster.yml
+++ b/roles/kubernetes/tasks/bootstrap-cluster.yml
@@ -48,7 +48,8 @@
- name: Initialize cluster
throttle: 1
ansible.builtin.shell: |
- kubeadm init --config /etc/kubernetes/kubeadm.yaml --upload-certs
+ kubeadm init --config /etc/kubernetes/kubeadm.yaml --upload-certs \
+ --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests{% if kubernetes_allow_unsafe_swap %},Swap{% endif %}
args:
creates: /etc/kubernetes/admin.conf
environment:
diff --git a/roles/kubernetes/tasks/join-cluster.yml b/roles/kubernetes/tasks/join-cluster.yml
index 8b29c39..3c3661a 100644
--- a/roles/kubernetes/tasks/join-cluster.yml
+++ b/roles/kubernetes/tasks/join-cluster.yml
@@ -59,7 +59,7 @@
- name: Join cluster
ansible.builtin.shell: |
kubeadm join --config /etc/kubernetes/kubeadm.yaml \
- --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
+ --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests{% if kubernetes_allow_unsafe_swap %},Swap{% endif %}
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
args:
diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
index b9d55f5..7582de7 100644
--- a/roles/kubernetes/tasks/main.yml
+++ b/roles/kubernetes/tasks/main.yml
@@ -75,35 +75,38 @@
state: present
loop: "{{ kubernetes_sysctls }}"
-- name: Check swap status
- ansible.builtin.command: /sbin/swapon -s
- changed_when: false
- register: _swapon
+- name: Disable swap on the host
+ when: kubernetes_allow_unsafe_swap == false
+ block:
+ - name: Check swap status
+ ansible.builtin.command: /sbin/swapon -s
+ changed_when: false
+ register: _swapon
-- name: Disable swap
- ansible.builtin.command: /sbin/swapoff -a
- changed_when: true
- ignore_errors: "{{ ansible_check_mode }}"
- when:
- - _swapon.stdout
+ - name: Disable swap
+ ansible.builtin.command: /sbin/swapoff -a
+ changed_when: true
+ ignore_errors: "{{ ansible_check_mode }}"
+ when:
+ - _swapon.stdout
-- name: Remove swapfile from /etc/fstab
- ansible.posix.mount:
- name: "{{ item }}"
- fstype: swap
- state: absent
- with_items:
- - swap
- - none
+ - name: Remove swapfile from /etc/fstab
+ ansible.posix.mount:
+ name: "{{ item }}"
+ fstype: swap
+ state: absent
+ with_items:
+ - swap
+ - none
-- name: Create noswap systemd service config file
- ansible.builtin.copy:
- src: noswap.service
- dest: /etc/systemd/system/noswap.service
- owner: root
- group: root
- mode: "0644"
- notify: Enable noswap service
+ - name: Create noswap systemd service config file
+ ansible.builtin.copy:
+ src: noswap.service
+ dest: /etc/systemd/system/noswap.service
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Enable noswap service
- name: Configure short hostname
ansible.builtin.hostname:
diff --git a/roles/kubernetes/templates/kubeadm.yaml.j2 b/roles/kubernetes/templates/kubeadm.yaml.j2
index 86f404a..4464fa3 100644
--- a/roles/kubernetes/templates/kubeadm.yaml.j2
+++ b/roles/kubernetes/templates/kubeadm.yaml.j2
@@ -6,6 +6,9 @@
bindPort: 16443
nodeRegistration:
kubeletExtraArgs:
+{% if kubernetes_allow_unsafe_swap %}
+ fail-swap-on: "false"
+{% endif %}
cgroups-per-qos: "false"
enforce-node-allocatable: ""
node-ip: "{{ kubernetes_node_ip }}"
@@ -16,6 +19,9 @@
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
+{% if kubernetes_allow_unsafe_swap %}
+ fail-swap-on: "false"
+{% endif %}
cgroups-per-qos: "false"
enforce-node-allocatable: ""
node-ip: "{{ kubernetes_node_ip }}"