From c58515cbced124f5fd22542a16c683f3a2827ef9 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Sun, 1 Dec 2024 11:30:24 +0100
Subject: [PATCH] Add more configuration to enable swap

---
 tasks/cluster_kubeadm.yml                          | 14 ++++++++++++++
 templates/etc/rancher/k3s/config.yaml.j2           |  3 +++
 .../system/kubelet.service.d/20-allow-swap.conf.j2 |  1 +
 templates/kubeadm-config.yaml.j2                   |  3 +++
 4 files changed, 21 insertions(+)
 create mode 100644 templates/etc/systemd/system/kubelet.service.d/20-allow-swap.conf.j2

diff --git a/tasks/cluster_kubeadm.yml b/tasks/cluster_kubeadm.yml
index 830bd2d..c11bf3a 100644
--- a/tasks/cluster_kubeadm.yml
+++ b/tasks/cluster_kubeadm.yml
@@ -172,6 +172,20 @@
     - ansible_service_mgr == "systemd"
     - kubernetes_cri == "cri-o"
 
+- name: Enable Swap for kubelet service
+  ansible.builtin.template:
+    src: "etc/{{ item }}.j2"
+    dest: "/etc/{{ item }}"
+    group: root
+    owner: root
+    mode: 0644
+  with_items:
+    - "systemd/system/kubelet.service.d/20-allow-swap.conf"
+  when:
+    - ansible_service_mgr == "systemd"
+    - kubernetes_swap_enabled is defined
+    - kubernetes_swap_enabled|bool
+
 - name: Configure kubelet service
   ansible.builtin.template:
     src: "etc/{{ item }}.j2"
diff --git a/templates/etc/rancher/k3s/config.yaml.j2 b/templates/etc/rancher/k3s/config.yaml.j2
index 2c7c64f..e55fb12 100644
--- a/templates/etc/rancher/k3s/config.yaml.j2
+++ b/templates/etc/rancher/k3s/config.yaml.j2
@@ -34,6 +34,9 @@ token: ${NODE_TOKEN}
 kubelet-arg:
   - 'streaming-connection-idle-timeout=5m'
   - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
+{% if false %}
+  - 'feature-gates=NodeSwap=true,CloudDualStackNodeIPs=true'
+{% endif %}
 {% if ansible_os_family == "RedHat" %}
 selinux: true
 {% endif %}
diff --git a/templates/etc/systemd/system/kubelet.service.d/20-allow-swap.conf.j2 b/templates/etc/systemd/system/kubelet.service.d/20-allow-swap.conf.j2
new file mode 100644
index 0000000..3f54876
--- /dev/null
+++ b/templates/etc/systemd/system/kubelet.service.d/20-allow-swap.conf.j2
@@ -0,0 +1 @@
+[Service] Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index 7d833b5..2adf101 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -126,6 +126,9 @@ nodeRegistration:
 #    read-only-port: "10255"
   ignorePreflightErrors:
   - SystemVerification
+{% if kubernetes_swap_enabled is defined and kubernetes_swap_enabled|bool %}
+  - Swap
+{% endif %}
 {% if (kubernetes_master|bool and not kubernetes_master_taint|bool) %}
   - NumCPU
 {% endif %}