From cafe4f1352fd749c66b46a5602e3f539b5b28d0e Mon Sep 17 00:00:00 2001
From: Louis Tu <92532497+tu1h@users.noreply.github.com>
Date: Fri, 18 Aug 2023 16:26:28 +0800
Subject: [PATCH] Add kubelet topology manager policy on the node (#10370)

Signed-off-by: tu1h <lihai.tu@daocloud.io>
---
 docs/vars.md                                                | 4 ++++
 .../node/templates/kubelet-config.v1beta1.yaml.j2           | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/docs/vars.md b/docs/vars.md
index 875f0db3ca8..32b7eca74cb 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -218,6 +218,10 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 
 * *kubelet_cpu_manager_policy* -  If set to `static`, allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. And it should be set with `kube_reserved` or `system-reserved`, enable this with the following guide:[Control CPU Management Policies on the Node](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/)
 
+* *kubelet_topoloy_manager_policy* - Control the behavior of the allocation of CPU and Memory from different [NUMA](https://en.wikipedia.org/wiki/Non-uniform_memory_access) Nodes. Enable this with the following guide: [Control Topology Management Policies on a node](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager).
+
+* *kubelet_topology_manager_scope* - The Topology Manager can deal with the alignment of resources in a couple of distinct scopes: `container` and `pod`. See [Topology Manager Scopes](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager/#topology-manager-scopes).
+
 * *kubelet_systemd_hardening* - If `true`, provides kubelet systemd service with security features for isolation.
 
   **N.B.** To enable this feature, ensure you are using the **`cgroup v2`** on your system. Check it out with command: `sudo ls -l /sys/fs/cgroup/*.slice`. If directory does not exist, enable this with the following guide: [enable cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2).
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 174bfb75356..701d2f67774 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -161,4 +161,10 @@ seccompDefault: {{ kubelet_seccomp_default | bool }}
 {% endif %}
 {% if kubelet_cpu_manager_policy is defined %}
 cpuManagerPolicy: {{ kubelet_cpu_manager_policy }}
+{% endif %}
+{% if kubelet_topoloy_manager_policy is defined %}
+topologyManagerPolicy: {{ kubelet_topoloy_manager_policy }}
+{% endif %}
+{% if kubelet_topology_manager_scope is defined %}
+topologyManagerScope: {{ kubelet_topology_manager_scope }}
 {% endif %}
\ No newline at end of file