Add documentation for per pod cgroups #2841
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
/cc @vishh PTAL |
docs/admin/node-allocatable.md
Outdated
| `CPU` and `memory` are supported as of now. | ||
| Support for `storage` is expected to be added in the future. | ||
| `Allocatable` on a Kubernetes node is defined as the amount of compute resources | ||
| that are available for pods. The scheduler does not over subscribe |
There was a problem hiding this comment.
over subscribe -> over-subscribe
docs/admin/node-allocatable.md
Outdated
| Support for `storage` is expected to be added in the future. | ||
| `Allocatable` on a Kubernetes node is defined as the amount of compute resources | ||
| that are available for pods. The scheduler does not over subscribe | ||
| `Allocatable`. `CPU` and `memory` are supported as of now. Support for `storage` |
There was a problem hiding this comment.
"as of now" -> "as of Kubernetes version 1.x" (where 1.x is the relevant version).
"Kubernetes will add support for storage in version 1.x." (where 1.x is the relevant version).
There was a problem hiding this comment.
the actual release version where storage will be added is not yet known. depends on a number of factors. we just know we will do more local storage management in the future.
docs/admin/node-allocatable.md
Outdated
|
|
||
| Resources can be reserved for two categories of system daemons in the `kubelet`. | ||
|
|
||
| ### Enabling QoS and Pod level cgroups | ||
|
|
||
| To properly enforce node allocatable constraints on the node, the operator must |
There was a problem hiding this comment.
The operator is the reader, right? Just use "you must."
docs/admin/node-allocatable.md
Outdated
| Since `v1.6`, `kubelet` enforces `Allocatable` on pods using control groups. | ||
| To revert to the old behavior unset `--enforce-node-allocatable` kubelet flag. | ||
| Note that unless `--kube-reserved`, or `--system-reserved` or `--eviction-hard` flags have non-default values, `Allocatable` enforcement does not affect existing deployments. | ||
| Since `v1.2`, it has been possible to **optionally** specify `kube-reserved` and |
There was a problem hiding this comment.
"Since v1.2" -> "As of Kubernetes version 1.2"
Repeat for all version numbers below.
|
@devin-donnelly - thanks for the review, please take a look. |
|
fyi @mburke5678 |
|
Docs LGTM. Still needs a tech review. |
docs/admin/node-allocatable.md
Outdated
| Reserving resources for user login sessions is also recommended (`user.slice` in systemd world). | ||
| `system-reserved` is meant to capture resource reservation for OS system daemons | ||
| like `sshd`, `udev`, etc. `system-reserved` should reserve `memory` for the | ||
| `kernel` too since `kernel` memory is not accounted to pods (yet) in Kubernetes. |
There was a problem hiding this comment.
What do you mean by 'yet' here? Is this a future feature or something that will happen later in this process? Maybe clarify or remove to avoid confusion
There was a problem hiding this comment.
yet in this context meant "it may be in the future". i clarified the text to just say kernel memory is not accounted to pods at this time.
docs/admin/node-allocatable.md
Outdated
| For this reason, resources reserved for evictions are not available for pods. | ||
| Memory pressure at the node level leads to System OOMs which affects the entire | ||
| node and all pods running on it. Nodes can go offline temporarily until memory | ||
| has been reclaimed. To avoid (or reduce the probability) system OOMs kubelet |
There was a problem hiding this comment.
s/To avoid (or reduce the probability) system OOMs kubelet.../To avoid (or reduce the probability of) system OOMs, kubelet...
|
@derekwaynecarr there is inconsistent use of case. Maybe not important for upstream. Some cases of inconsistencies between |
|
@mburke5678 -- we can fix the casing in a follow-on as this was the original content. |
|
@vishh -- can i get a tech review so this makes it out in time for 1.6? |
|
/lgtm |
Improved line wrapping from original source document.
Added text explaining how to enable the new cgroup topology required to enforce node allocatable.
This change is