Configure Graceful Node Shutdown and lengthen max inhibitor delay

* Configure Kubelet Graceful Node Shutdown to detect system shutdown events and stop running containers gracefully when possible * Allow up to 30s for critical pods to gracefully shutdown * Allow up to 15s for regular pods to gracefully shutdown * Node will be marked as NotReady promptly, instead of having to wait for health checks * Kubelet uses systemd inhibitor locks to delay shutdown for a limited number of seconds * Raise the default max inhibitor time from 5s to 45s Verify systemd inhibitor locks are present: ``` sudo systemd-inhibit --list WHO UID USER PID COMM WHAT WHY MODE kubelet 0 root 4581 kubelet shutdown Kubelet needs time to handle node shutdown delay ``` Tail journal logs and then shutdown a node via systemctl reboot or via the cloud console to watch container shutdown Rel: * https://kubernetes.io/blog/2021/04/21/graceful-node-shutdown-beta/ * https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ * https://github.com/kubernetes/kubernetes/issues/107043 * https://github.com/coreos/fedora-coreos-tracker/issues/821 * https://www.freedesktop.org/software/systemd/man/systemd-inhibit.html * https://github.com/kubernetes/kubernetes/blob/release-1.24/pkg/kubelet/nodeshutdown/nodeshutdown_manager_linux.go * https://github.com/godbus/dbus/blob/master/conn.go
2025-07-01 08:34:35 +02:00 · 2022-08-28 09:49:28 -07:00
parent 76d92e9c2d
commit 393a38deff
21 changed files with 146 additions and 0 deletions
--- a/azure/fedora-coreos/kubernetes/butane/controller.yaml
+++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml
@ -149,6 +149,8 @@ storage:
          featureGates:
            LocalStorageCapacityIsolationFSQuotaMonitoring: false
          rotateCertificates: true
+          shutdownGracePeriod: 45s
+          shutdownGracePeriodCriticalPods: 30s
          staticPodPath: /etc/kubernetes/manifests
          readOnlyPort: 0
          resolvConf: /run/systemd/resolve/resolv.conf
@ -189,6 +191,11 @@ storage:
             echo "Retry applying manifests"
             sleep 5
          done
+    - path: /etc/systemd/logind.conf.d/inhibitors.conf
+      contents:
+        inline: |
+          [Login]
+          InhibitDelayMaxSec=45s
    - path: /etc/sysctl.d/max-user-watches.conf
      contents:
        inline: |
--- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml
+++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml
@ -117,10 +117,17 @@ storage:
          featureGates:
            LocalStorageCapacityIsolationFSQuotaMonitoring: false
          rotateCertificates: true
+          shutdownGracePeriod: 45s
+          shutdownGracePeriodCriticalPods: 30s
          staticPodPath: /etc/kubernetes/manifests
          readOnlyPort: 0
          resolvConf: /run/systemd/resolve/resolv.conf
          volumePluginDir: /var/lib/kubelet/volumeplugins
+    - path: /etc/systemd/logind.conf.d/inhibitors.conf
+      contents:
+        inline: |
+          [Login]
+          InhibitDelayMaxSec=45s
    - path: /etc/sysctl.d/max-user-watches.conf
      contents:
        inline: |