Enabling Swap in Kubernetes on AWS EKS for Better Memory Management


Introduction

Running Kubernetes on AWS EKS (Elastic Kubernetes Service) provides a robust and scalable solution for container orchestration. However, managing memory efficiently in containerized environments is a persistent challenge, especially during memory pressure situations. One lesser-used but powerful feature is enabling swap memory. This guide walks you through the why and how of enabling swap on Kubernetes worker nodes within AWS EKS.

What Is Swap and Why Does It Matter?

Swap memory is disk space used when RAM is fully utilized. While it’s slower than physical memory, swap can help:

  • Prevent pods from being killed due to Out-Of-Memory (OOM) errors.

  • Gracefully degrade performance instead of outright crashing.

  • Support memory-intensive workloads with sudden spikes.

By default, Kubernetes turns off swap to prevent performance unpredictability. However, under controlled settings, enabling it can lead to better system resilience.

Challenges of Enabling Swap on EKS

Kubernetes’s kubelet rejects swap-enabled nodes unless explicitly configured. The main challenges of EKS include:

  • Managed AMIs don’t support swap by default.

  • Kubelet flags need customization.

  • AWS managed node groups limit low-level system access.

Key Kubernetes Constraints

You’ll need to bypass the --fail-swap-on kubelet flag, which blocks nodes with active swap. This requires either:

  • Self-managed nodes

  • Bottlerocket customization

  • Amazon EKS with kubeletExtraArgs

Step-by-Step Guide to Enable Swap on AWS EKS Nodes

1. Use Self-Managed Node Groups

Managed node groups on EKS don’t allow swap customization out of the box. For more flexibility, switch to self-managed EC2-based nodes.

2. Modify EC2 User Data to Create a Swap File

In your EC2 user data (used during node bootstrapping), add the following:


#!/bin/bash

fallocate -l 4G /swapfile

chmod 600 /swapfile

mkswap /swapfile

swapon /swapfile

echo '/swapfile none swap sw 0 0' >> /etc/fstab


This creates a persistent 4GB swap space.

3. Set the --fail-swap-on Flag to False

Edit your kubelet service configuration or use a bootstrap script to add:


--fail-swap-on=false


This can be done via the kubelet configuration file or by overriding bootstrap arguments.

4. Configure kubelet Using a Custom Launch Template

You can define a Launch Template for your EC2 nodes to include custom user data and configuration for kubelet. Example:


[Service]

Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"


Place it in /etc/systemd/system/kubelet.service.d/20-extra-args.conf

Reload the daemon and restart kubelet:


systemctl daemon-reexec

systemctl restart kubelet


Considerations and Best Practices

  • Do not rely solely on swap for memory management.

  • Monitor memory and swap usage with CloudWatch or Prometheus.

  • Use swap sparingly in production-grade workloads unless thoroughly tested.

  • Combine swap with Kubernetes QoS classes to protect critical workloads.

Monitoring and Validation

Run the following to check if swap is active:


swapon --show

free -h


And check the kubelet flags:


ps aux | grep kubelet


Ensure that --fail-swap-on=false is active.

Conclusion

While swap isn't a silver bullet for memory problems in Kubernetes, enabling swap on AWS EKS with self-managed nodes offers flexibility during memory stress events. With careful setup and monitoring, swap can help your cluster remain resilient and avoid OOM-related disruptions.

Comments

Post a Comment

Popular posts from this blog

Podcast - How to Obfuscate Code and Protect Your Intellectual Property (IP) Across PHP, JavaScript, Node.js, React, Java, .NET, Android, and iOS Apps

Image
How to Obfuscate Code and Protect Your Intellectual Property (IP) Across PHP, JavaScript, Node.js, React, Java, .NET, Android, and iOS Apps   https://businesscompassllc.com/web   Code obfuscation is essential for  protecting intellectual property (IP) , preventing  reverse engineering , and  securing applications . Whether you're building a  WordPress plugin, Laravel app, React/Vue project, Spring Boot service, .NET application, or mobile app (Android/iOS) , attackers can  decompile or modify  your code if it's not properly obfuscated. This guide covers  how to obfuscate your code  across multiple platforms: PHP  (WordPress, Laravel, Joomla, Drupal, CakePHP, Symfony) Static Websites  (HTML + JavaScript) JavaScript Frameworks  (Node.js, React, Vue, Angular) Java (Spring Boot - Tomcat) .NET Applications Android Mobile Apps (Java/Kotlin) iOS Mobile Apps (Swift/Objective-C)
Read more

YouTube Channel

Follow us on X