From 36898a2c392713b2a403145481a8d95eac705781 Mon Sep 17 00:00:00 2001 From: Kuldip Madnani Date: Tue, 25 Sep 2018 09:50:22 -0500 Subject: [PATCH] Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir --- .../dnsmasq/templates/dnsmasq-autoscaler.yml.j2 | 3 +++ roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 | 3 +++ .../ansible/templates/coredns-deployment.yml.j2 | 3 +++ .../ansible/templates/dashboard.yml.j2 | 3 +++ .../ansible/templates/kubedns-autoscaler.yml.j2 | 3 +++ .../ansible/templates/kubedns-deploy.yml.j2 | 3 +++ .../templates/netchecker-agent-ds.yml.j2 | 3 +++ .../netchecker-agent-hostnet-ds.yml.j2 | 3 +++ .../netchecker-server-deployment.yml.j2 | 3 +++ .../files/k8s-cluster-critical-pc.yml | 9 +++++++++ .../cluster_roles/tasks/main.yml | 17 +++++++++++++++++ .../templates/deploy-cephfs-provisioner.yml.j2 | 3 +++ .../local-volume-provisioner-ds.yml.j2 | 3 +++ .../templates/deploy-cert-manager.yml.j2 | 3 +++ .../templates/deploy-default-backend.yml.j2 | 3 +++ .../ds-ingress-nginx-controller.yml.j2 | 3 +++ .../templates/calico-kube-controllers.yml.j2 | 3 +++ .../registry/templates/registry-proxy-ds.yml.j2 | 3 +++ .../registry/templates/registry-rs.yml.j2 | 3 +++ .../manifests/kube-apiserver.manifest.j2 | 3 +++ .../kube-controller-manager.manifest.j2 | 3 +++ .../manifests/kube-scheduler.manifest.j2 | 3 +++ .../templates/manifests/kube-proxy.manifest.j2 | 3 +++ .../templates/manifests/nginx-proxy.manifest.j2 | 3 +++ roles/kubespray-defaults/defaults/main.yaml | 2 +- .../calico/templates/calico-node.yml.j2 | 3 +++ .../canal/templates/canal-node.yaml.j2 | 3 +++ .../cilium/templates/cilium-ds.yml.j2 | 3 +++ .../contiv/templates/contiv-api-proxy.yml.j2 | 3 +++ .../contiv/templates/contiv-cleanup.yml.j2 | 3 +++ .../contiv/templates/contiv-etcd-proxy.yml.j2 | 3 +++ .../contiv/templates/contiv-etcd.yml.j2 | 3 +++ .../contiv/templates/contiv-netmaster.yml.j2 | 3 +++ .../contiv/templates/contiv-netplugin.yml.j2 | 3 +++ .../contiv/templates/contiv-ovs.yml.j2 | 3 +++ .../flannel/templates/cni-flannel.yml.j2 | 3 +++ .../weave/templates/weave-net.yml.j2 | 3 +++ 37 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 index 4489e2418..582f6639a 100644 --- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 +++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 @@ -31,6 +31,9 @@ spec: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} serviceAccountName: dnsmasq tolerations: - effect: NoSchedule diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 index c3a32f02e..59ef45ba9 100644 --- a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 +++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 @@ -21,6 +21,9 @@ spec: kubernetes.io/cluster-service: "true" kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}" spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} tolerations: - effect: NoSchedule operator: Exists diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 index 27c0576a1..02442bcba 100644 --- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 @@ -26,6 +26,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 index 41f6716e7..17695a961 100644 --- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 @@ -140,6 +140,9 @@ spec: labels: k8s-app: kubernetes-dashboard spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} containers: - name: kubernetes-dashboard image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }} diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 index e726e8d2a..1852c4aea 100644 --- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 @@ -28,6 +28,9 @@ spec: labels: k8s-app: kubedns-autoscaler spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: beta.kubernetes.io/os: linux diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 index 96ef72283..e67d3ae37 100644 --- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 @@ -27,6 +27,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: beta.kubernetes.io/os: linux diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 index a2c4850c4..09d9e498d 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 @@ -12,6 +12,9 @@ spec: labels: app: netchecker-agent spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} tolerations: - effect: NoSchedule operator: Exists diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 index f046e8f4b..376171c28 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 @@ -18,6 +18,9 @@ spec: beta.kubernetes.io/os: linux {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirstWithHostNet +{% endif %} +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}} {% endif %} tolerations: - effect: NoSchedule diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 index 1a858683d..39a1eafa5 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 @@ -11,6 +11,9 @@ spec: app: netchecker-server namespace: {{ netcheck_namespace }} spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} containers: - name: netchecker-server image: "{{ server_img }}" diff --git a/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml new file mode 100644 index 000000000..7fe203031 --- /dev/null +++ b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml @@ -0,0 +1,9 @@ +--- + +apiVersion: scheduling.k8s.io/v1beta1 +kind: PriorityClass +metadata: + name: k8s-cluster-critical +value: 1000000000 +globalDefault: false +description: "This priority class should only be used by the pods installed using kubespray." diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml index 229e497e4..8cd1f5052 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml @@ -174,3 +174,20 @@ when: - cloud_provider is defined - cloud_provider == 'oci' + +- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file + copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml + when: + - kube_version|version_compare('v1.11.1', '>=') + - inventory_hostname == groups['kube-master'][0] + +- name: PriorityClass | Create k8s-cluster-critical + kube: + name: k8s-cluster-critical + kubectl: "{{bin_dir}}/kubectl" + resource: "PriorityClass" + filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml" + state: latest + when: + - kube_version|version_compare('v1.11.1', '>=') + - inventory_hostname == groups['kube-master'][0] diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 index 197cc8dee..466a56598 100644 --- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 +++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 @@ -19,6 +19,9 @@ spec: app: cephfs-provisioner version: {{ cephfs_provisioner_image_tag }} spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} serviceAccount: cephfs-provisioner containers: - name: cephfs-provisioner diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 index cc73e073d..487e4f9f3 100644 --- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 +++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 @@ -18,6 +18,9 @@ spec: k8s-app: local-volume-provisioner version: {{ local_volume_provisioner_image_tag }} spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} serviceAccountName: local-volume-provisioner tolerations: - effect: NoSchedule diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 index 1fedf42a2..c6e981f7b 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 @@ -22,6 +22,9 @@ spec: release: cert-manager annotations: spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} serviceAccountName: cert-manager containers: - name: cert-manager diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 index 0578844f9..87c6dadfd 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 @@ -19,6 +19,9 @@ spec: app.kubernetes.io/name: default-backend app.kubernetes.io/part-of: ingress-nginx spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} terminationGracePeriodSeconds: 60 containers: - name: default-backend diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 1031798af..a504c1b3a 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -29,6 +29,9 @@ spec: nodeSelector: {{ ingress_nginx_nodeselector | to_nice_yaml }} {%- endif %} +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} containers: - name: ingress-nginx-controller image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }} diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 index be690bb0a..5d26fd772 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 @@ -29,6 +29,9 @@ spec: tolerations: - effect: NoSchedule operator: Exists +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-cluster-critical +{% endif %} containers: - name: calico-kube-controllers image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} diff --git a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 index 0a04c40d1..0fe493a81 100644 --- a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 +++ b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 @@ -21,6 +21,9 @@ spec: kubernetes.io/cluster-service: "true" version: v{{ registry_proxy_image_tag }} spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} serviceAccountName: registry-proxy containers: - name: registry-proxy diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 index 57e8db668..83a1b058c 100644 --- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 +++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 @@ -22,6 +22,9 @@ spec: version: v{{ registry_image_tag }} kubernetes.io/cluster-service: "true" spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} +{% endif %} serviceAccountName: registry containers: - name: registry diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index dbf9f082c..250ca1257 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -13,6 +13,9 @@ spec: hostNetwork: true {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst +{% endif %} +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical {% endif %} containers: - name: kube-apiserver diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 index a14d689d0..23a690ce4 100644 --- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 @@ -12,6 +12,9 @@ spec: hostNetwork: true {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst +{% endif %} +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical {% endif %} containers: - name: kube-controller-manager diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 index 813731fa2..b42ad7cfb 100644 --- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 @@ -11,6 +11,9 @@ spec: hostNetwork: true {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirst +{% endif %} +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical {% endif %} containers: - name: kube-scheduler diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 index ece9be10c..8ffcfa524 100644 --- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 +++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 @@ -15,6 +15,9 @@ spec: # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: beta.kubernetes.io/os: linux +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} containers: - name: kube-proxy image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 index 756eba7ee..ccd2e4786 100644 --- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 +++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 @@ -10,6 +10,9 @@ spec: # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: beta.kubernetes.io/os: linux +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} containers: - name: nginx-proxy image: {{ nginx_image_repo }}:{{ nginx_image_tag }} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 90dea5eb0..2f22545c9 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080 dynamic_kubelet_configuration: false # define kubelet config dir for dynamic kubelet -#kubelet_config_dir: +# kubelet_config_dir: default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir" dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}" diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 830c668bf..539ced8a6 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -21,6 +21,9 @@ spec: scheduler.alpha.kubernetes.io/critical-pod: '' kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}" spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true serviceAccountName: calico-node tolerations: diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2 index e1fec660b..ea34dfa89 100644 --- a/roles/network_plugin/canal/templates/canal-node.yaml.j2 +++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2 @@ -18,6 +18,9 @@ spec: labels: k8s-app: canal-node spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true serviceAccountName: canal tolerations: diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 index 5fa75f98f..4eff22269 100755 --- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 @@ -34,6 +34,9 @@ spec: prometheus.io/port: "9090" {% endif %} spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} serviceAccountName: cilium initContainers: - name: clean-cilium-state diff --git a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 index 16b8a9713..f37e83847 100644 --- a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 @@ -18,6 +18,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} # The API proxy must run in the host network namespace so that # it isn't governed by policy that would prevent it from working. hostNetwork: true diff --git a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 index 99cbecb7d..8555c133d 100644 --- a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 @@ -15,6 +15,9 @@ spec: labels: k8s-app: contiv-cleanup spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true hostPID: true tolerations: diff --git a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 index a4adedd46..7e826a3bf 100644 --- a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 @@ -17,6 +17,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true hostPID: true nodeSelector: diff --git a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 index 9d7502857..ba17452fa 100644 --- a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 @@ -17,6 +17,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true hostPID: true nodeSelector: diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 index be0f23360..5731d7c5c 100644 --- a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 @@ -18,6 +18,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} # The netmaster must run in the host network namespace so that # it isn't governed by policy that would prevent it from working. hostNetwork: true diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 index 755e9b204..e47f711bf 100644 --- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 @@ -22,6 +22,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true hostPID: true tolerations: diff --git a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 index 825ab3042..27090c62f 100644 --- a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 @@ -19,6 +19,9 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} hostNetwork: true hostPID: true tolerations: diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 index de9be8d9e..c872d9893 100644 --- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 +++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 @@ -52,6 +52,9 @@ spec: tier: node k8s-app: flannel spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} serviceAccountName: flannel # When having win nodes in cluster without this patch, this pod cloud try to be created in windows nodeSelector: diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2 index 60e7b6325..59740e67e 100644 --- a/roles/network_plugin/weave/templates/weave-net.yml.j2 +++ b/roles/network_plugin/weave/templates/weave-net.yml.j2 @@ -115,6 +115,9 @@ items: labels: name: weave-net spec: +{% if kube_version|version_compare('v1.11.1', '>=') %} + priorityClassName: system-node-critical +{% endif %} containers: - name: weave command: