assert that number of pods on node does not exceed CIDR address range

The number of pods on a given node is determined by the --max-pods=k directive. When the address space is exhausted, no more pods can be scheduled even if from the --max-pods-perspective, the node still has capacity. The special case that a pod is scheduled and uses the node IP in the host network namespace is too "soft" to derive a guarantee. Comparing kubelet_max_pods with kube_network_node_prefix when given allows to assert that pod limits match the CIDR address space.
2026-02-28 09:39:12 +03:00 · 2018-05-15 14:34:03 +00:00
parent 7c93e71801
commit c1bc4615fe
4 changed files with 20 additions and 0 deletions
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -71,6 +71,10 @@ kube_apiserver_node_port_range: "30000-32767"

 kubelet_load_modules: false

+# Configure the amount of pods able to run on single node
+# default is equal to application default
+kubelet_max_pods: 110
+
 ## Support custom flags to be passed to kubelet
 kubelet_custom_flags: []