k0: enable fstrim, lower gc thresh for kubelet fstrim is nice as it might prevent us from killing SSDs so fast. A lower GC threshold for kubelet is nice as we run non-kubelet services on these nodes, and they need their space. Notably, Ceph's mons tend to be extremely claustrophobic, firing alerts at 70% disk usage or so. Change-Id: I94c1787e62f82a02f107d04a87575327d3d79c01 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1724 Reviewed-by: implr <implr@hackerspace.pl>

commit: a5ba55444657987624e95d3aec1a19a072fd2997 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Wed Oct 11 23:08:39 2023 +0000
committer: q3k <q3k@hackerspace.pl> Fri Oct 13 11:47:36 2023 +0000
tree: 876ebdabec9c7e361c81f50bb2e720a35424cd8e
parent: 4703e55b5c9129444d17de79a775de2a54281006 [diff]
diff --git a/cluster/machines/modules/base.nix b/cluster/machines/modules/base.nix
index 9740d1d..9ad3684 100644
--- a/cluster/machines/modules/base.nix
+++ b/cluster/machines/modules/base.nix

@@ -114,6 +114,13 @@
   
     # Enable the OpenSSH daemon.
     services.openssh.enable = true;
+
+    # Enable fstrim, as we run / on SSDs everywhere.
+    services.fstrim = {
+      enable = true;
+      interval = "daily";
+    };
+
     users.users.root.openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD4VJXAXEHEXZk2dxNwehneuJcEGkfXG/U7z4fO79vDVIENdedtXQUyLyhZJc5RTEfHhQj66FwIqzl7mzBHd9x9PuDp6QAYXrkVNMj48s6JXqZqBvF6H/weRqFMf4a2TZv+hG8D0kpvmLheCwWAVRls7Jofnp/My+yDd57GMdsbG/yFEf6WPMiOnA7hxdSJSVihCsCSw2p8PD4GhBe8CVt7xIuinhutjm9zYBjV78NT8acjDUfJh0B1ODTjs7nuW1CC4jybSe2j/OU3Yczj4AxRxBNWuFxUq+jBo9BfpbKLh+Tt7re+zBkaicM77KM/oV6943JJxgHNBBOsv9scZE7 q3k@amnesia"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG599UildOrAq+LIOQjKqtGMwjgjIxozI1jtQQRKHtCP q3k@mimeomia"

diff --git a/cluster/machines/modules/kube-dataplane.nix b/cluster/machines/modules/kube-dataplane.nix
index 693d633..7e2066f 100644
--- a/cluster/machines/modules/kube-dataplane.nix
+++ b/cluster/machines/modules/kube-dataplane.nix

@@ -80,7 +80,9 @@
         clusterDns = "10.10.12.254";
         kubeconfig = pki.kube.kubelet.config;
         extraOpts = ''
-          --read-only-port=0
+          --read-only-port=0 \
+          --image-gc-high-threshold=60 \
+          --image-gc-low-threshold=40
         '';
         package = config.hscloud.kube.packageKubelet;
       };
commit	a5ba55444657987624e95d3aec1a19a072fd2997	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Wed Oct 11 23:08:39 2023 +0000
committer	q3k <q3k@hackerspace.pl>	Fri Oct 13 11:47:36 2023 +0000
tree	876ebdabec9c7e361c81f50bb2e720a35424cd8e
parent	4703e55b5c9129444d17de79a775de2a54281006 [diff]