Adding pod priority for all the components. (#3361)

* Changes to assign pod priority to kube components.

* Removed the boolean flag pod_priority_assignment

* Created new priorityclass k8s-cluster-critical

* Created new priorityclass k8s-cluster-critical

* Fixed the trailing spaces

* Fixed the trailing spaces

* Added kube version check while creating Priority Class k8s-cluster-critical

* Moved k8s-cluster-critical.yml

* Moved k8s-cluster-critical.yml to kube_config_dir
This commit is contained in:
Kuldip Madnani 2018-09-25 09:50:22 -05:00 committed by k8s-ci-robot
parent 8526c30b63
commit 36898a2c39
37 changed files with 129 additions and 1 deletions

View file

@ -31,6 +31,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
serviceAccountName: dnsmasq serviceAccountName: dnsmasq
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule

View file

@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}" kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists

View file

@ -26,6 +26,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
serviceAccountName: coredns serviceAccountName: coredns
tolerations: tolerations:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master

View file

@ -140,6 +140,9 @@ spec:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
containers: containers:
- name: kubernetes-dashboard - name: kubernetes-dashboard
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }} image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}

View file

@ -28,6 +28,9 @@ spec:
labels: labels:
k8s-app: kubedns-autoscaler k8s-app: kubedns-autoscaler
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows # When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux

View file

@ -27,6 +27,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows # When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux

View file

@ -12,6 +12,9 @@ spec:
labels: labels:
app: netchecker-agent app: netchecker-agent
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists

View file

@ -18,6 +18,9 @@ spec:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %} {% endif %}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule

View file

@ -11,6 +11,9 @@ spec:
app: netchecker-server app: netchecker-server
namespace: {{ netcheck_namespace }} namespace: {{ netcheck_namespace }}
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
containers: containers:
- name: netchecker-server - name: netchecker-server
image: "{{ server_img }}" image: "{{ server_img }}"

View file

@ -0,0 +1,9 @@
---
apiVersion: scheduling.k8s.io/v1beta1
kind: PriorityClass
metadata:
name: k8s-cluster-critical
value: 1000000000
globalDefault: false
description: "This priority class should only be used by the pods installed using kubespray."

View file

@ -174,3 +174,20 @@
when: when:
- cloud_provider is defined - cloud_provider is defined
- cloud_provider == 'oci' - cloud_provider == 'oci'
- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml
when:
- kube_version|version_compare('v1.11.1', '>=')
- inventory_hostname == groups['kube-master'][0]
- name: PriorityClass | Create k8s-cluster-critical
kube:
name: k8s-cluster-critical
kubectl: "{{bin_dir}}/kubectl"
resource: "PriorityClass"
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
state: latest
when:
- kube_version|version_compare('v1.11.1', '>=')
- inventory_hostname == groups['kube-master'][0]

View file

@ -19,6 +19,9 @@ spec:
app: cephfs-provisioner app: cephfs-provisioner
version: {{ cephfs_provisioner_image_tag }} version: {{ cephfs_provisioner_image_tag }}
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccount: cephfs-provisioner serviceAccount: cephfs-provisioner
containers: containers:
- name: cephfs-provisioner - name: cephfs-provisioner

View file

@ -18,6 +18,9 @@ spec:
k8s-app: local-volume-provisioner k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }} version: {{ local_volume_provisioner_image_tag }}
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: local-volume-provisioner serviceAccountName: local-volume-provisioner
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule

View file

@ -22,6 +22,9 @@ spec:
release: cert-manager release: cert-manager
annotations: annotations:
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: cert-manager serviceAccountName: cert-manager
containers: containers:
- name: cert-manager - name: cert-manager

View file

@ -19,6 +19,9 @@ spec:
app.kubernetes.io/name: default-backend app.kubernetes.io/name: default-backend
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- name: default-backend - name: default-backend

View file

@ -29,6 +29,9 @@ spec:
nodeSelector: nodeSelector:
{{ ingress_nginx_nodeselector | to_nice_yaml }} {{ ingress_nginx_nodeselector | to_nice_yaml }}
{%- endif %} {%- endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
containers: containers:
- name: ingress-nginx-controller - name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }} image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}

View file

@ -29,6 +29,9 @@ spec:
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
containers: containers:
- name: calico-kube-controllers - name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}

View file

@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
version: v{{ registry_proxy_image_tag }} version: v{{ registry_proxy_image_tag }}
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: registry-proxy serviceAccountName: registry-proxy
containers: containers:
- name: registry-proxy - name: registry-proxy

View file

@ -22,6 +22,9 @@ spec:
version: v{{ registry_image_tag }} version: v{{ registry_image_tag }}
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: registry serviceAccountName: registry
containers: containers:
- name: registry - name: registry

View file

@ -13,6 +13,9 @@ spec:
hostNetwork: true hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %} {% endif %}
containers: containers:
- name: kube-apiserver - name: kube-apiserver

View file

@ -12,6 +12,9 @@ spec:
hostNetwork: true hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %} {% endif %}
containers: containers:
- name: kube-controller-manager - name: kube-controller-manager

View file

@ -11,6 +11,9 @@ spec:
hostNetwork: true hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %} {% endif %}
containers: containers:
- name: kube-scheduler - name: kube-scheduler

View file

@ -15,6 +15,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows # When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers: containers:
- name: kube-proxy - name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}

View file

@ -10,6 +10,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows # When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers: containers:
- name: nginx-proxy - name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }} image: {{ nginx_image_repo }}:{{ nginx_image_tag }}

View file

@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080
dynamic_kubelet_configuration: false dynamic_kubelet_configuration: false
# define kubelet config dir for dynamic kubelet # define kubelet config dir for dynamic kubelet
#kubelet_config_dir: # kubelet_config_dir:
default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir" default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}" dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}"

View file

@ -21,6 +21,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}" kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
serviceAccountName: calico-node serviceAccountName: calico-node
tolerations: tolerations:

View file

@ -18,6 +18,9 @@ spec:
labels: labels:
k8s-app: canal-node k8s-app: canal-node
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
serviceAccountName: canal serviceAccountName: canal
tolerations: tolerations:

View file

@ -34,6 +34,9 @@ spec:
prometheus.io/port: "9090" prometheus.io/port: "9090"
{% endif %} {% endif %}
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
serviceAccountName: cilium serviceAccountName: cilium
initContainers: initContainers:
- name: clean-cilium-state - name: clean-cilium-state

View file

@ -18,6 +18,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
# The API proxy must run in the host network namespace so that # The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working. # it isn't governed by policy that would prevent it from working.
hostNetwork: true hostNetwork: true

View file

@ -15,6 +15,9 @@ spec:
labels: labels:
k8s-app: contiv-cleanup k8s-app: contiv-cleanup
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:

View file

@ -17,6 +17,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
nodeSelector: nodeSelector:

View file

@ -17,6 +17,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
nodeSelector: nodeSelector:

View file

@ -18,6 +18,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
# The netmaster must run in the host network namespace so that # The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working. # it isn't governed by policy that would prevent it from working.
hostNetwork: true hostNetwork: true

View file

@ -22,6 +22,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:

View file

@ -19,6 +19,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:

View file

@ -52,6 +52,9 @@ spec:
tier: node tier: node
k8s-app: flannel k8s-app: flannel
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
serviceAccountName: flannel serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows # When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector: nodeSelector:

View file

@ -115,6 +115,9 @@ items:
labels: labels:
name: weave-net name: weave-net
spec: spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers: containers:
- name: weave - name: weave
command: command: