diff --git a/aks-flex-node-sudoers b/aks-flex-node-sudoers index f265705..f830e4d 100644 --- a/aks-flex-node-sudoers +++ b/aks-flex-node-sudoers @@ -99,6 +99,7 @@ aks-flex-node ALL=(root) NOPASSWD:SETENV: /usr/bin/test *, /bin/test * aks-flex-node ALL=(root) NOPASSWD:SETENV: /sbin/sysctl --system aks-flex-node ALL=(root) NOPASSWD:SETENV: /sbin/modprobe overlay aks-flex-node ALL=(root) NOPASSWD:SETENV: /sbin/modprobe br_netfilter +aks-flex-node ALL=(root) NOPASSWD:SETENV: /sbin/swapoff -a # Configuration file management and reading aks-flex-node ALL=(root) NOPASSWD:SETENV: /bin/tee /etc/sysctl.d/k8s.conf diff --git a/pkg/components/system_configuration/system_configuration_installer.go b/pkg/components/system_configuration/system_configuration_installer.go index 24f85df..1eb669b 100644 --- a/pkg/components/system_configuration/system_configuration_installer.go +++ b/pkg/components/system_configuration/system_configuration_installer.go @@ -54,15 +54,19 @@ func (i *Installer) Validate(ctx context.Context) error { // configureSysctl creates and applies sysctl configuration for Kubernetes func (i *Installer) configureSysctl() error { + // Disable swap immediately - kubelet sees no active swap devices + // so it can start successfully. This is a critical step for kubelet compatibility. + if err := i.disableSwap(); err != nil { + return fmt.Errorf("failed to disable swap: %w", err) + } + sysctlConfig := `# Kubernetes sysctl settings net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 vm.overcommit_memory = 1 kernel.panic = 10 -kernel.panic_on_oops = 1 -# Disable swap permanently - required for kubelet -vm.swappiness = 0` +kernel.panic_on_oops = 1` // Create sysctl directory if it doesn't exist if err := utils.RunSystemCommand("mkdir", "-p", sysctlDir); err != nil { @@ -111,6 +115,20 @@ func (i *Installer) configureResolvConf() error { return nil } +// disableSwap disables swap immediately for kubelet compatibility +func (i *Installer) disableSwap() error { + i.logger.Info("Disabling swap for kubelet compatibility") + + // Disable all swap devices immediately + if err := utils.RunSystemCommand("swapoff", "-a"); err != nil { + i.logger.WithError(err).Warning("Failed to disable swap - may not be enabled") + } else { + i.logger.Info("Swap disabled successfully") + } + + return nil +} + // GetName returns the step name func (i *Installer) GetName() string { return "SystemConfigured" diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 103c3d6..80fe053 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -20,7 +20,7 @@ import ( // sudoCommandLists holds the command lists for sudo determination var ( - alwaysNeedsSudo = []string{"apt", "apt-get", "dpkg", "systemctl", "mount", "umount", "modprobe", "sysctl", "azcmagent", "usermod", "kubectl"} + alwaysNeedsSudo = []string{"apt", "apt-get", "dpkg", "systemctl", "mount", "umount", "modprobe", "sysctl", "azcmagent", "usermod", "kubectl", "swapoff"} conditionalSudo = []string{"mkdir", "cp", "chmod", "chown", "mv", "tar", "rm", "bash", "install", "ln", "cat"} systemPaths = []string{"/etc/", "/usr/", "/var/", "/opt/", "/boot/", "/sys/"} )