small-hack/smol-k8s-lab
small-hack/smol-k8s-lab
3
1
Fork 0
Code Issues 14 Pull requests 2 Projects Releases 153 Packages Wiki Activity Actions

[Feature Request] Suppot kubelet and k3s config files when adding a new node #365

New issue
Open
opened 2025-08-19 21:06:56 +00:00 by cloudymax · 0 comments
cloudymax commented 2025-08-19 21:06:56 +00:00 (Migrated from github.com)
Copy link

Describe the feature you'd like, and why

When adding a new node there are some important kubelet and configuration options we should allow the user to specify:

K3s config file

This file is where we can tell the node:

  1. What IP address to use when communicating with the control-plane eg: normal eth0, VPN device wg0, a bridge at br0 etc...

  2. Specify a path the the kubelet config file

  3. Specify a new default data directory - this prevents k3s from using the system's / disk as the primary storage location which can be problematic in most production servers since it is a very common practice to install the OS on a smaller, slower SATA SSD and make a larger RAID disk available via a mount.

Without changing this option nodes can become tainted due to disk-pressure building on / or develop high levels of CPU throttling waiting for IO on the slow disk.

Example config:

/etc/rancher/k3s/config.yaml

node-ip: 192.168.2.218
bind-address: 192.168.2.218
node-external-ip: 192.168.2.218
kubelet-arg:
- config=/etc/kubernetes/kubelet.yaml
data-dir: /mnt/raid1/rancher/k3s

Kubelet config

The kubelet config lets us enable some very important options:

  1. cpuManagerPolicy and its cpuManagerPolicyOptions allows us to pin cpu cores which improve performance by preventing uneeded rescheduling of tasks to new vcores. It also lets us keep workloads in the same core-group on machines with more than one CPU. Very helpful for streaming apps, VPNs, and latency sensitive workloads.

  2. kubeReserved and systemReserved which allow us to specify an amount of CPU/RAM/Storage that is explicitly reserved for the kubelet and for the host-os. This prevents hardware lock-ups if a app without proper limits tries to eat all the resources on the node.

  3. evictionHard lets us specify an minimum-possible amount of CPU/RAM/Storage which - when matched - will prevent new pod from being scheduled to that node as well as hard-evict offending pods. This also is designed to prevent hardware lock-ups during high loads.

  4. node-labels, node-taints we can also set labels and taints here which is helpful for configuring nodes to run specialized apps that need GPUs, zigbee etc...

Example file:

/etc/kubernetes/kubelet.yaml

apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cpuManagerReconcilePeriod: 0s
cpuManagerPolicy: static
cpuManagerPolicyOptions:
  full-pcpus-only: "true"
  distribute-cpus-across-numa: "true"
  align-by-socket: "true"
kubeReserved:
  cpu: "1"
  memory: "1Gi"
  ephemeral-storage: "1Gi"
systemReserved:
  cpu: "1"
  memory: "1Gi"
  ephemeral-storage: "1Gi"
evictionHard:
  memory.available: "500Mi"
  nodefs.available: "10%"
featureGates:
  CPUManagerPolicyAlphaOptions: true
node-labels:
  node-role.kubernetes.io/worker: true
node-taints: 
  node-role.kubernetes.io/worker: "NoSchedule"
## Describe the feature you'd like, and why When adding a new node there are some important kubelet and configuration options we should allow the user to specify: ## K3s config file This file is where we can tell the node: 1. What IP address to use when communicating with the control-plane eg: normal eth0, VPN device wg0, a bridge at br0 etc... 2. Specify a path the the kubelet config file 3. Specify a new default data directory - this prevents k3s from using the system's `/` disk as the primary storage location which can be problematic in most production servers since it is a very common practice to install the OS on a smaller, slower SATA SSD and make a larger RAID disk available via a mount. Without changing this option nodes can become tainted due to disk-pressure building on `/` or develop high levels of CPU throttling waiting for IO on the slow disk. Example config: `/etc/rancher/k3s/config.yaml` ```yaml node-ip: 192.168.2.218 bind-address: 192.168.2.218 node-external-ip: 192.168.2.218 kubelet-arg: - config=/etc/kubernetes/kubelet.yaml data-dir: /mnt/raid1/rancher/k3s ``` ## Kubelet config The kubelet config lets us enable some very important options: 1. `cpuManagerPolicy` and its `cpuManagerPolicyOptions` allows us to pin cpu cores which improve performance by preventing uneeded rescheduling of tasks to new vcores. It also lets us keep workloads in the same core-group on machines with more than one CPU. Very helpful for streaming apps, VPNs, and latency sensitive workloads. 2. `kubeReserved` and `systemReserved` which allow us to specify an amount of CPU/RAM/Storage that is explicitly reserved for the kubelet and for the host-os. This prevents hardware lock-ups if a app without proper limits tries to eat all the resources on the node. 3. `evictionHard` lets us specify an minimum-possible amount of CPU/RAM/Storage which - when matched - will prevent new pod from being scheduled to that node as well as hard-evict offending pods. This also is designed to prevent hardware lock-ups during high loads. 4. `node-labels`, `node-taints` we can also set labels and taints here which is helpful for configuring nodes to run specialized apps that need GPUs, zigbee etc... Example file: `/etc/kubernetes/kubelet.yaml` ```yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cpuManagerReconcilePeriod: 0s cpuManagerPolicy: static cpuManagerPolicyOptions: full-pcpus-only: "true" distribute-cpus-across-numa: "true" align-by-socket: "true" kubeReserved: cpu: "1" memory: "1Gi" ephemeral-storage: "1Gi" systemReserved: cpu: "1" memory: "1Gi" ephemeral-storage: "1Gi" evictionHard: memory.available: "500Mi" nodefs.available: "10%" featureGates: CPUManagerPolicyAlphaOptions: true node-labels: node-role.kubernetes.io/worker: true node-taints: node-role.kubernetes.io/worker: "NoSchedule" ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
go-rewrite
grafana-fixes
gh-pages
cloudymax-patch-1
add-unified-installer
feature/add-pixelfed-app
renovate/textual-1.x
renovate/python-3.x
support-open-bao
update-ingress-nginx
nginx-metrics
v7.0.0b2
v7.0.0b1
v7.0.0a
v6.4.8
v6.4.7
v6.4.6
v6.4.5
v6.4.4
v6.4.3
v6.4.2
v6.4.1
v6.4.0
v6.3.1
v6.3.0
v6.2.0
v6.1.0
v6.0.0
v5.20.4
5.20.3
v5.20.3
v5.20.2
v5.20.1
v5.20.0
v5.19.2
v5.19.1
v5.19.0
v5.18.0
v5.17.4
v5.17.3
v5.17.2
v5.17.1
v5.17.0
v5.16.0
v5.15.0
v5.14.1
v5.14.0
v5.13.3
v5.13.2
v5.13.1
v5.13.0
before-hookshot-removal
v5.12.0
v5.11.0
v5.10.0
v5.9.2
v5.9.1
v5.9.0
v5.8.4
v5.8.3
v5.8.2
v5.8.1
v5.8.0
v5.7.0
v5.6.2
v5.6.1
v5.6.0
v5.5.1
v5.5.0
v5.4.3
v5.4.2
v5.4.1
v5.4.0
v5.3.2
v5.3.1
v5.3.0
v5.2.6
v5.2.5
v5.2.4
v5.2.3
v5.2.2
v5.2.1
v5.2.0
v5.1.0
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.0.2
v4.0.1
v4.0.0
v3.7.1
v3.7.0
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.1
v3.5.0
v3.4.0
v3.3.0
v3.2.2
v3.2.1
v3.2.0
v3.1.0
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.0
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v2.0.0b8
v2.0.0b7
v2.0.0b6
v2.0.0b4
v2.0.0b3
v2.0.0b2
v2.0.0b1
v2.0.0a4
v2.0.0a3
v2.0.0a2
v2.0.0a1
v2.0.0a
v1.0.1
v1.0.0
v0.11.2
v0.11.1
v0.11.0
v0.10.14
v0.10.13
v0.10.12
v0.10.11
v0.10.10
v0.10.9
v0.10.8
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.16
v0.8.15
v0.8.14
v0.8.13
v0.8.12
v0.8.11
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.7.3
v0.8.1
v0.8.0
v0.7.2
v0.7.1
stable
v0.7.0
v0.6.0
v0.5.0
Labels
Clear labels   
🐛 bug

Something isn't working

  
DO THE THING >:(

very important thing

  
blocked

   
dependencies

Pull requests that update a dependency file

  
k3s

   
kind

   
openbao

   
question

Further information is requested

  
secrets

   
wontfix

This will not be worked on

  
enhancement

New feature request

  
🌱good first issue

Good for newcomers

  
📓documentation

Improvements or additions to documentation

  
📕kyverno

everything to do with kyverno, a policy manager for kubernetes

  
🔐 Bitwarden

anything to do with bitwarden

  
🙋help wanted

Extra attention is needed

  
🦩 MinIO

things to do with object store via minio or minio itself

  
🧸 🧸 Duplicate

This issue or pull request already exists

  
🩹 Bug Fix

   
🪠 CICD

Anything to do with continuous integration/continuous deployment pipelines.

No labels
🐛 bug
DO THE THING >:(
blocked
dependencies
k3s
kind
openbao
question
secrets
wontfix
enhancement
🌱good first issue
📓documentation
📕kyverno
🔐 Bitwarden
🙋help wanted
🦩 MinIO
🧸 🧸 Duplicate
🩹 Bug Fix
🪠 CICD
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
small-hack/smol-k8s-lab#365
No description provided.