CAPD: disable image garbage collection in kubelet to align with kind

chrischdi · chrischdi · commit ebe1aa2ae15b · 2025-02-26T16:56:30.000+01:00
diff --git a/test/infrastructure/docker/internal/provisioning/cloudinit/writefiles.go b/test/infrastructure/docker/internal/provisioning/cloudinit/writefiles.go
@@ -133,23 +133,20 @@ func fixNodeRegistration(nodeRegistration *bootstrapv1.NodeRegistrationOptions,
 		nodeRegistration.KubeletExtraArgs = map[string]string{}
 	}
 
-	if _, ok := nodeRegistration.KubeletExtraArgs["eviction-hard"]; !ok {
-		nodeRegistration.KubeletExtraArgs["eviction-hard"] = "nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%"
-	}
-	if _, ok := nodeRegistration.KubeletExtraArgs["fail-swap-on"]; !ok {
-		nodeRegistration.KubeletExtraArgs["fail-swap-on"] = "false"
-	}
+	// Disable disk resource management by default.
+	// The kubelet will see the host disk that the inner container runtime
+	// is ultimately backed by and attempt to recover disk space. We don't want that.
+	// See https://github.com/kubernetes-sigs/cluster-api/issues/11856 for more details.
+	defaultExtraArg(nodeRegistration, "image-gc-high-threshold", "100")
+	defaultExtraArg(nodeRegistration, "eviction-hard", "nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%")
+
+	defaultExtraArg(nodeRegistration, "fail-swap-on", "false")
 
 	if kindMapping.Mode != kind.Mode0_19 {
 		// kindest/node images generated by modo 0.20 and greater require to use CgroupnsMode = "private" when running images;
 		// following settings are complementary to this change.
-
-		if _, ok := nodeRegistration.KubeletExtraArgs["cgroup-root"]; !ok {
-			nodeRegistration.KubeletExtraArgs["cgroup-root"] = "/kubelet"
-		}
-		if _, ok := nodeRegistration.KubeletExtraArgs["runtime-cgroups"]; !ok {
-			nodeRegistration.KubeletExtraArgs["runtime-cgroups"] = "/system.slice/containerd.service"
-		}
+		defaultExtraArg(nodeRegistration, "cgroup-root", "/kubelet")
+		defaultExtraArg(nodeRegistration, "runtime-cgroups", "/system.slice/containerd.service")
 	}
 
 	if version.Compare(kindMapping.KubernetesVersion, cgroupDriverPatchVersionCeiling) == -1 {
@@ -159,6 +156,13 @@ func fixNodeRegistration(nodeRegistration *bootstrapv1.NodeRegistrationOptions,
 	}
 }
 
+// defautExtraArg sets a default value for an extra arg if it is not already set.
+func defaultExtraArg(nodeRegistration *bootstrapv1.NodeRegistrationOptions, arg, value string) {
+	if _, ok := nodeRegistration.KubeletExtraArgs[arg]; !ok {
+		nodeRegistration.KubeletExtraArgs[arg] = value
+	}
+}
+
 // Commands return a list of commands to run on the node.
 // Each command defines the parameters of a shell command necessary to generate a file replicating the cloud-init write_files module.
 func (a *writeFilesAction) Commands() ([]provisioning.Cmd, error) {
diff --git a/test/infrastructure/docker/internal/provisioning/cloudinit/writefiles_test.go b/test/infrastructure/docker/internal/provisioning/cloudinit/writefiles_test.go
@@ -151,6 +151,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
   taints: null
 `,
 				`apiVersion: kubeadm.k8s.io/v1beta3
@@ -162,6 +163,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
   taints: null
 `,
 			},
@@ -210,6 +212,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
     runtime-cgroups: /system.slice/containerd.service
   taints: null
 `,
@@ -223,6 +226,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
     runtime-cgroups: /system.slice/containerd.service
   taints: null
 `,
@@ -272,6 +276,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
   taints: null
 `,
 				`apiVersion: kubeadm.k8s.io/v1beta3
@@ -284,6 +289,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
   taints: null
 `,
 			},
@@ -333,6 +339,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
     runtime-cgroups: /system.slice/containerd.service
   taints: null
 `,
@@ -347,6 +354,7 @@ nodeRegistration:
     cloud-provider: aws
     eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
     fail-swap-on: "false"
+    image-gc-high-threshold: "100"
     runtime-cgroups: /system.slice/containerd.service
   taints: null
 `,
