From 53ddb98eb96085b32f7237efb5fc6a59c4b73662 Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Fri, 9 Aug 2024 17:25:05 +0200
Subject: [PATCH] chore: stop services and reboot to reload containerd service

---
 .../management-cluster/clusterClass/_helpers.tpl  |  4 ++--
 .../kubeadmControlPlaneTemplate/_helpers.tpl      |  2 +-
 .../clusterClass/patches/_kubelet.tpl             | 15 ++++++++-------
 .../clusterClass/systemdOverrides/_overrides.tpl  |  2 +-
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
index 049e00e83d..923b5ab606 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
@@ -18,7 +18,7 @@ openstack
 
 {{- define "t8s-cluster.clusterClass.preKubeadmCommands" -}}
   {{- $_ := mustMerge . (pick .context "Values") -}}
-  {{- $commands := list -}}
+  {{- $commands := list "systemctl stop kubelet.service" "systemctl disable --now snapd.service snapd.socket" -}}
   {{- if .Values.global.injectedCertificateAuthorities -}}
     {{- $commands = append $commands "update-ca-certificates" -}}
   {{- end -}}
@@ -26,7 +26,7 @@ openstack
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.postKubeadmCommands" -}}
-  {{- $commands := list "systemctl disable --now snapd.service snapd.socket" -}}
+  {{- $commands := list "systemctl reboot" -}}
   {{- toYaml $commands }}
 {{- end -}}
 
diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl
index ac92f581ff..6e5dfe4a44 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl
@@ -9,7 +9,7 @@
 {{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.preKubeadmCommands" -}}
   {{- $_ := mustMerge . (pick .context "Values") -}}
   {{- $commands := list -}}
-  {{- $commands = append $commands "bash /etc/kube-proxy-patch.sh" -}}
+  {{- $commands = append $commands "/etc/kube-proxy-patch.sh" -}}
   {{- if .Values.global.injectedCertificateAuthorities -}}
     {{- $commands = append $commands "update-ca-certificates" -}}
   {{- end -}}
diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl
index c672aa6492..9bf20100a6 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl
@@ -17,19 +17,20 @@
   {{- $options = set $options "protectKernelDefaults" true -}}
   {{- $options = set $options "tlsCipherSuites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray) -}}
   {{- $options = set $options "seccompDefault" true -}}
-{{/*  {{- $options = set $options "enforceNodeAllocatable" (list "pods" "system-reserved" "kube-reserved") -}}*/}}
-  {{- $options = set $options "enforceNodeAllocatable" (list "pods") -}}
-{{/*  {{- $options = set $options "kubeReservedCgroup" (include "t8s-cluster.clusterClass.systemdOverride.slice.runtime" (dict) | trimSuffix ".slice") -}}*/}}
-{{/*  {{- $options = set $options "systemReservedCgroup" "system" -}}*/}}
+  {{- $options = set $options "enforceNodeAllocatable" (list "pods" "system-reserved" "kube-reserved") -}}
+{{/*  {{- $options = set $options "enforceNodeAllocatable" (list "pods") -}}*/}}
+  {{- $options = set $options "kubeReservedCgroup" (include "t8s-cluster.clusterClass.systemdOverride.slice.runtime" (dict) | trimSuffix ".slice") -}}
+  {{- $options = set $options "systemReservedCgroup" "system" -}}
+  {{/* the *Reserved need to include the memory.available, see https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/#node-pressure-eviction-good-practices */}}
   {{- $options = set $options "kubeReserved" (dict
-    "memory" "0.2Gi"
+    "memory" "0.6Gi"
     "ephemeral-storage" "1Gi"
   ) -}}
   {{- $options = set $options "systemReserved" (dict
-    "memory" "0.4Gi"
+    "memory" "0.3Gi"
     "ephemeral-storage" "1Gi"
   ) -}}
-  {{- $options = set $options "evictionHard" (dict "memory.available" "64Mi" "nodefs.available" "2Gi") -}}
+  {{- $options = set $options "evictionHard" (dict "memory.available" "128Mi" "nodefs.available" "2Gi") -}}
   {{- $options | toYaml -}}
 {{- end -}}
 
diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_overrides.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_overrides.tpl
index 0c9dd24fb1..8ac1790345 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_overrides.tpl
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/systemdOverrides/_overrides.tpl
@@ -1,7 +1,7 @@
 {{- define "t8s-cluster.clusterClass.node.systemdOverrides" -}}
   {{- $files := list -}}
 {{/* TODO: containerd is already running when this is set, therefore this is not working {{- range $service := list "containerd" "kubelet" -}}*/}}
-  {{- range $service := list "kubelet" -}}
+  {{- range $service := list "containerd" "kubelet" -}}
     {{- $files = append $files (dict "content" (include (printf "t8s-cluster.clusterClass.node.systemdOverride.%s" $service) (dict)) "path" (printf "/etc/systemd/system/%s.service.d/slice.conf" $service)) -}}
   {{- end -}}
   {{- $files | toYaml -}}