kubelet: add image GC threshold settings

README.md

@@ -411,6 +411,8 @@ The following settings are optional and allow you to further configure your clus
 * `settings.kubernetes.topology-manager-policy`: Specifies the topology manager policy. Possible values are `none`, `restricted`, `best-effort`, and `single-numa-node`. Defaults to `none`.
 * `settings.kubernetes.topology-manager-scope`: Specifies the topology manager scope. Possible values are `container` and `pod`. Defaults to `container`. If you want to group all containers in a pod to a common set of NUMA nodes, you can set this setting to `pod`.
 * `settings.kubernetes.pod-pids-limit`: The maximum number of processes per pod.
+* `settings.kubernetes.image-gc-high-threshold-percent`: The percent of disk usage after which image garbage collection is always run.
+* `settings.kubernetes.image-gc-low-threshold-percent`: The percent of disk usage before which image garbage collection is never run.
 * `settings.kubernetes.provider-id`: This sets the unique ID of the instance that an external provider (i.e. cloudprovider) can use to identify a specific node.
 
 You can also optionally specify static pods for your node with the following settings.

Release.toml

@@ -134,4 +134,5 @@ version = "1.8.0"
     "migrate_v1.9.0_ntp-affected-services.lz4",
     "migrate_v1.9.0_shibaken-admin-userdata-semantics.lz4",
     "migrate_v1.9.0_shibaken-send-metrics.lz4",
+    "migrate_v1.9.0_image-gc-thresholds.lz4",
 ]

packages/kubernetes-1.19/kubelet-config

@@ -93,6 +93,12 @@ topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{#if settings.kubernetes.pod-pids-limit includeZero=true}}
 podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
 {{/if}}
+{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}}
+imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}}
+{{/if}}
+{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}}
+imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}}
+{{/if}}
 {{#if settings.kubernetes.provider-id}}
 providerID: {{settings.kubernetes.provider-id}}
 {{/if}}

packages/kubernetes-1.20/kubelet-config

@@ -93,6 +93,12 @@ topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{#if settings.kubernetes.pod-pids-limit includeZero=true}}
 podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
 {{/if}}
+{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}}
+imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}}
+{{/if}}
+{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}}
+imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}}
+{{/if}}
 {{#if settings.kubernetes.provider-id}}
 providerID: {{settings.kubernetes.provider-id}}
 {{/if}}

packages/kubernetes-1.21/kubelet-config

@@ -93,6 +93,12 @@ topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{#if settings.kubernetes.pod-pids-limit includeZero=true}}
 podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
 {{/if}}
+{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}}
+imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}}
+{{/if}}
+{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}}
+imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}}
+{{/if}}
 {{#if settings.kubernetes.provider-id}}
 providerID: {{settings.kubernetes.provider-id}}
 {{/if}}

packages/kubernetes-1.22/kubelet-config

@@ -93,6 +93,12 @@ topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{#if settings.kubernetes.pod-pids-limit includeZero=true}}
 podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
 {{/if}}
+{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}}
+imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}}
+{{/if}}
+{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}}
+imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}}
+{{/if}}
 {{#if settings.kubernetes.provider-id}}
 providerID: {{settings.kubernetes.provider-id}}
 {{/if}}

packages/kubernetes-1.23/kubelet-config

@@ -93,6 +93,12 @@ topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{#if settings.kubernetes.pod-pids-limit includeZero=true}}
 podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
 {{/if}}
+{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}}
+imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}}
+{{/if}}
+{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}}
+imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}}
+{{/if}}
 {{#if settings.kubernetes.provider-id}}
 providerID: {{settings.kubernetes.provider-id}}
 {{/if}}

sources/Cargo.toml

@@ -64,6 +64,7 @@ members = [
     "api/migration/migrations/v1.9.0/ntp-affected-services",
     "api/migration/migrations/v1.9.0/shibaken-admin-userdata-semantics",
     "api/migration/migrations/v1.9.0/shibaken-send-metrics",
+    "api/migration/migrations/v1.9.0/image-gc-thresholds",
 
     "bottlerocket-release",
 

sources/api/migration/migrations/v1.9.0/image-gc-thresholds/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "image-gc-thresholds"
+version = "0.1.0"
+edition = "2018"
+authors = ["Mahdi Chaker <[email protected]>"]
+license = "Apache-2.0 OR MIT"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"}

sources/api/migration/migrations/v1.9.0/image-gc-thresholds/src/main.rs

@@ -0,0 +1,26 @@
+#![deny(rust_2018_idioms)]
+
+use migration_helpers::common_migrations::AddSettingsMigration;
+use migration_helpers::{migrate, Result};
+use std::process;
+
+/// We added a new setting for configuring kubelet's image-gc-high-threshold-percent
+/// and image-gc-low-threshold-percent options,
+/// `settings.kubernetes.image-gc-high-threshold-percent` and
+/// `settings.kubernetes.image-gc-low-threshold-percent`
+fn run() -> Result<()> {
+    migrate(AddSettingsMigration(&[
+        "settings.kubernetes.image-gc-high-threshold-percent",
+        "settings.kubernetes.image-gc-low-threshold-percent",
+    ]))
+}
+
+// Returning a Result from main makes it print a Debug representation of the error, but with Snafu
+// we have nice Display representations of the error, so we wrap "main" (run) and print any error.
+// https://github.com/shepmaster/snafu/issues/110
+fn main() {
+    if let Err(e) = run() {
+        eprintln!("{}", e);
+        process::exit(1);
+    }
+}

sources/models/src/lib.rs

@@ -162,13 +162,13 @@ use crate::de::{deserialize_mirrors, deserialize_node_taints};
 use crate::modeled_types::{
     BootConfigKey, BootConfigValue, BootstrapContainerMode, CpuManagerPolicy, DNSDomain,
     ECSAgentImagePullBehavior, ECSAgentLogLevel, ECSAttributeKey, ECSAttributeValue,
-    EtcHostsEntries, FriendlyVersion, Identifier, KubernetesAuthenticationMode,
-    KubernetesBootstrapToken, KubernetesCloudProvider, KubernetesClusterDnsIp,
-    KubernetesClusterName, KubernetesDurationValue, KubernetesEvictionHardKey, KubernetesLabelKey,
-    KubernetesLabelValue, KubernetesQuantityValue, KubernetesReservedResourceKey,
-    KubernetesTaintValue, KubernetesThresholdValue, Lockdown, PemCertificateString,
-    SingleLineString, SysctlKey, TopologyManagerPolicy, TopologyManagerScope, Url, ValidBase64,
-    ValidLinuxHostname,
+    EtcHostsEntries, FriendlyVersion, Identifier, ImageGCHighThresholdPercent,
+    ImageGCLowThresholdPercent, KubernetesAuthenticationMode, KubernetesBootstrapToken,
+    KubernetesCloudProvider, KubernetesClusterDnsIp, KubernetesClusterName,
+    KubernetesDurationValue, KubernetesEvictionHardKey, KubernetesLabelKey, KubernetesLabelValue,
+    KubernetesQuantityValue, KubernetesReservedResourceKey, KubernetesTaintValue,
+    KubernetesThresholdValue, Lockdown, PemCertificateString, SingleLineString, SysctlKey,
+    TopologyManagerPolicy, TopologyManagerScope, Url, ValidBase64, ValidLinuxHostname,
 };
 
 // Kubernetes static pod manifest settings
@@ -218,6 +218,8 @@ struct KubernetesSettings {
     topology_manager_scope: TopologyManagerScope,
     topology_manager_policy: TopologyManagerPolicy,
     pod_pids_limit: i64,
+    image_gc_high_threshold_percent: ImageGCHighThresholdPercent,
+    image_gc_low_threshold_percent: ImageGCLowThresholdPercent,
     provider_id: Url,
 
     // Settings where we generate a value based on the runtime environment.  The user can specify a

sources/models/src/modeled_types/kubernetes.rs

@@ -11,6 +11,10 @@ use std::fmt;
 use std::net::IpAddr;
 use std::ops::Deref;
 
+// Declare constant values usable by any type
+const IMAGE_GC_THRESHOLD_MAX: i32 = 100;
+const IMAGE_GC_THRESHOLD_MIN: i32 = 0;
+
 /// KubernetesName represents a string that contains a valid Kubernetes resource name.  It stores
 /// the original string and makes it accessible through standard traits.
 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
@@ -1002,6 +1006,145 @@ mod test_topology_manager_policy {
 
 // =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
 
+/// imageGCHighThresholdPercent is the percent of disk usage after which image
+/// garbage collection is always run. The percent is calculated by dividing this
+/// field value by 100, so this field must be between 0 and 100, inclusive. When
+/// specified, the value must be greater than imageGCLowThresholdPercent.
+/// Default: 85
+/// https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
+
+#[derive(Debug, Clone, Eq, PartialEq, Hash)]
+pub struct ImageGCHighThresholdPercent {
+    inner: String,
+}
+
+impl TryFrom<&str> for ImageGCHighThresholdPercent {
+    type Error = error::Error;
+
+    fn try_from(input: &str) -> Result<Self, Self::Error> {
+        let parsed_input: i32 = input
+            .parse::<i32>()
+            .context(error::ParseIntSnafu { input })?;
+        ensure!(
+            !input.is_empty(),
+            error::InvalidImageGCHighThresholdPercentSnafu {
+                input,
+                msg: "must not be empty",
+            }
+        );
+        ensure!(
+            (IMAGE_GC_THRESHOLD_MIN..=IMAGE_GC_THRESHOLD_MAX).contains(&parsed_input),
+            error::InvalidImageGCHighThresholdPercentSnafu {
+                input,
+                msg: "must be between 0 and 100 (inclusive)"
+            }
+        );
+
+        Ok(ImageGCHighThresholdPercent {
+            inner: input.to_owned(),
+        })
+    }
+}
+string_impls_for!(ImageGCHighThresholdPercent, "ImageGCHighThresholdPercent");
+
+#[cfg(test)]
+mod test_image_gc_high_threshold_percent {
+    use super::ImageGCHighThresholdPercent;
+    use std::convert::TryFrom;
+
+    // test 1: good values should succeed
+    #[test]
+    fn image_gc_high_threshold_percent_between_0_and_100_inclusive() {
+        for ok in &["0", "1", "99", "100"] {
+            ImageGCHighThresholdPercent::try_from(*ok).unwrap();
+        }
+    }
+
+    // test 2: values too low should return Errors
+    #[test]
+    fn image_gc_high_threshold_percent_less_than_0_fails() {
+        ImageGCHighThresholdPercent::try_from("-1").unwrap_err();
+    }
+
+    // test 3: values too high should return Errors
+    #[test]
+    fn image_gc_high_threshold_percent_greater_than_100_fails() {
+        ImageGCHighThresholdPercent::try_from("101").unwrap_err();
+    }
+}
+
+// =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
+
+/// imageGCLowThresholdPercent is the percent of disk usage before which image
+/// garbage collection is never run. Lowest disk usage to garbage collect to.
+/// The percent is calculated by dividing this field value by 100, so the field
+/// value must be between 0 and 100, inclusive. When specified, the value must
+/// be less than imageGCHighThresholdPercent.
+/// Default: 80
+/// https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
+
+#[derive(Debug, Clone, Eq, PartialEq, Hash)]
+pub struct ImageGCLowThresholdPercent {
+    inner: String,
+}
+
+impl TryFrom<&str> for ImageGCLowThresholdPercent {
+    type Error = error::Error;
+
+    fn try_from(input: &str) -> Result<Self, Self::Error> {
+        let parsed_input: i32 = input
+            .parse::<i32>()
+            .context(error::ParseIntSnafu { input })?;
+        ensure!(
+            !input.is_empty(),
+            error::InvalidImageGCLowThresholdPercentSnafu {
+                input,
+                msg: "must not be empty",
+            }
+        );
+        ensure!(
+            (IMAGE_GC_THRESHOLD_MIN..=IMAGE_GC_THRESHOLD_MAX).contains(&parsed_input),
+            error::InvalidImageGCLowThresholdPercentSnafu {
+                input,
+                msg: "must be between 0 and 100 (inclusive)"
+            }
+        );
+
+        Ok(ImageGCLowThresholdPercent {
+            inner: input.to_owned(),
+        })
+    }
+}
+string_impls_for!(ImageGCLowThresholdPercent, "ImageGCLowThresholdPercent");
+
+#[cfg(test)]
+mod test_image_gc_low_threshold_percent {
+    use super::ImageGCLowThresholdPercent;
+    use std::convert::TryFrom;
+
+    // test 1: good values should succeed
+    #[test]
+    fn image_gc_low_threshold_percent_between_0_and_100_inclusive() {
+        for ok in &["0", "1", "99", "100"] {
+            ImageGCLowThresholdPercent::try_from(*ok).unwrap();
+        }
+    }
+
+    // test 2: values too low should return Errors
+    #[test]
+    fn image_gc_low_threshold_percent_less_than_0_fails() {
+        ImageGCLowThresholdPercent::try_from("-1").unwrap_err();
+    }
+
+    // test 3: values too high should return Errors
+    #[test]
+    fn image_gc_low_threshold_percent_greater_than_100_fails() {
+        ImageGCLowThresholdPercent::try_from("101").unwrap_err();
+    }
+}
+
+// =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
+
 /// KubernetesClusterDnsIp represents the --cluster-dns settings for kubelet.
 ///
 /// This model allows the value to be either a list of IPs, or a single IP string

sources/models/src/modeled_types/mod.rs

@@ -128,6 +128,18 @@ pub mod error {
             input: String,
             source: serde_plain::Error,
         },
+
+        #[snafu(display("Invalid imageGCHighThresholdPercent '{}': {}", input, msg))]
+        InvalidImageGCHighThresholdPercent { input: String, msg: String },
+
+        #[snafu(display("Invalid imageGCLowThresholdPercent '{}': {}", input, msg))]
+        InvalidImageGCLowThresholdPercent { input: String, msg: String },
+
+        #[snafu(display("Could not parse '{}' as an integer", input))]
+        ParseInt {
+            input: String,
+            source: std::num::ParseIntError,
+        },
     }
 }