Adding pod priority for all the components. (#3361)
* Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
This commit is contained in:
parent
8526c30b63
commit
36898a2c39
37 changed files with 129 additions and 1 deletions
|
@ -31,6 +31,9 @@ spec:
|
|||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
serviceAccountName: dnsmasq
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
|
|
|
@ -21,6 +21,9 @@ spec:
|
|||
kubernetes.io/cluster-service: "true"
|
||||
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
|
|
@ -26,6 +26,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
serviceAccountName: coredns
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
|
|
|
@ -140,6 +140,9 @@ spec:
|
|||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: kubernetes-dashboard
|
||||
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}
|
||||
|
|
|
@ -28,6 +28,9 @@ spec:
|
|||
labels:
|
||||
k8s-app: kubedns-autoscaler
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
|
|
|
@ -27,6 +27,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
|
|
|
@ -12,6 +12,9 @@ spec:
|
|||
labels:
|
||||
app: netchecker-agent
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
beta.kubernetes.io/os: linux
|
||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{% endif %}
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
|
|
|
@ -11,6 +11,9 @@ spec:
|
|||
app: netchecker-server
|
||||
namespace: {{ netcheck_namespace }}
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: netchecker-server
|
||||
image: "{{ server_img }}"
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
apiVersion: scheduling.k8s.io/v1beta1
|
||||
kind: PriorityClass
|
||||
metadata:
|
||||
name: k8s-cluster-critical
|
||||
value: 1000000000
|
||||
globalDefault: false
|
||||
description: "This priority class should only be used by the pods installed using kubespray."
|
|
@ -174,3 +174,20 @@
|
|||
when:
|
||||
- cloud_provider is defined
|
||||
- cloud_provider == 'oci'
|
||||
|
||||
- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
|
||||
copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml
|
||||
when:
|
||||
- kube_version|version_compare('v1.11.1', '>=')
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: PriorityClass | Create k8s-cluster-critical
|
||||
kube:
|
||||
name: k8s-cluster-critical
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "PriorityClass"
|
||||
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
|
||||
state: latest
|
||||
when:
|
||||
- kube_version|version_compare('v1.11.1', '>=')
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
app: cephfs-provisioner
|
||||
version: {{ cephfs_provisioner_image_tag }}
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
serviceAccount: cephfs-provisioner
|
||||
containers:
|
||||
- name: cephfs-provisioner
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
k8s-app: local-volume-provisioner
|
||||
version: {{ local_volume_provisioner_image_tag }}
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
serviceAccountName: local-volume-provisioner
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
|
|
|
@ -22,6 +22,9 @@ spec:
|
|||
release: cert-manager
|
||||
annotations:
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
serviceAccountName: cert-manager
|
||||
containers:
|
||||
- name: cert-manager
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
app.kubernetes.io/name: default-backend
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
terminationGracePeriodSeconds: 60
|
||||
containers:
|
||||
- name: default-backend
|
||||
|
|
|
@ -29,6 +29,9 @@ spec:
|
|||
nodeSelector:
|
||||
{{ ingress_nginx_nodeselector | to_nice_yaml }}
|
||||
{%- endif %}
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: ingress-nginx-controller
|
||||
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
|
||||
|
|
|
@ -29,6 +29,9 @@ spec:
|
|||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-cluster-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: calico-kube-controllers
|
||||
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
|
||||
|
|
|
@ -21,6 +21,9 @@ spec:
|
|||
kubernetes.io/cluster-service: "true"
|
||||
version: v{{ registry_proxy_image_tag }}
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
serviceAccountName: registry-proxy
|
||||
containers:
|
||||
- name: registry-proxy
|
||||
|
|
|
@ -22,6 +22,9 @@ spec:
|
|||
version: v{{ registry_image_tag }}
|
||||
kubernetes.io/cluster-service: "true"
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
{% endif %}
|
||||
serviceAccountName: registry
|
||||
containers:
|
||||
- name: registry
|
||||
|
|
|
@ -13,6 +13,9 @@ spec:
|
|||
hostNetwork: true
|
||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||
dnsPolicy: ClusterFirst
|
||||
{% endif %}
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: kube-apiserver
|
||||
|
|
|
@ -12,6 +12,9 @@ spec:
|
|||
hostNetwork: true
|
||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||
dnsPolicy: ClusterFirst
|
||||
{% endif %}
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: kube-controller-manager
|
||||
|
|
|
@ -11,6 +11,9 @@ spec:
|
|||
hostNetwork: true
|
||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||
dnsPolicy: ClusterFirst
|
||||
{% endif %}
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: kube-scheduler
|
||||
|
|
|
@ -15,6 +15,9 @@ spec:
|
|||
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
||||
|
|
|
@ -10,6 +10,9 @@ spec:
|
|||
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: nginx-proxy
|
||||
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
|
||||
|
|
|
@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080
|
|||
dynamic_kubelet_configuration: false
|
||||
|
||||
# define kubelet config dir for dynamic kubelet
|
||||
#kubelet_config_dir:
|
||||
# kubelet_config_dir:
|
||||
default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
|
||||
dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}"
|
||||
|
||||
|
|
|
@ -21,6 +21,9 @@ spec:
|
|||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
serviceAccountName: calico-node
|
||||
tolerations:
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
labels:
|
||||
k8s-app: canal-node
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
serviceAccountName: canal
|
||||
tolerations:
|
||||
|
|
|
@ -34,6 +34,9 @@ spec:
|
|||
prometheus.io/port: "9090"
|
||||
{% endif %}
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
serviceAccountName: cilium
|
||||
initContainers:
|
||||
- name: clean-cilium-state
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
# The API proxy must run in the host network namespace so that
|
||||
# it isn't governed by policy that would prevent it from working.
|
||||
hostNetwork: true
|
||||
|
|
|
@ -15,6 +15,9 @@ spec:
|
|||
labels:
|
||||
k8s-app: contiv-cleanup
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
tolerations:
|
||||
|
|
|
@ -17,6 +17,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
nodeSelector:
|
||||
|
|
|
@ -17,6 +17,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
nodeSelector:
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
# The netmaster must run in the host network namespace so that
|
||||
# it isn't governed by policy that would prevent it from working.
|
||||
hostNetwork: true
|
||||
|
|
|
@ -22,6 +22,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
tolerations:
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
tolerations:
|
||||
|
|
|
@ -52,6 +52,9 @@ spec:
|
|||
tier: node
|
||||
k8s-app: flannel
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
serviceAccountName: flannel
|
||||
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||
nodeSelector:
|
||||
|
|
|
@ -115,6 +115,9 @@ items:
|
|||
labels:
|
||||
name: weave-net
|
||||
spec:
|
||||
{% if kube_version|version_compare('v1.11.1', '>=') %}
|
||||
priorityClassName: system-node-critical
|
||||
{% endif %}
|
||||
containers:
|
||||
- name: weave
|
||||
command:
|
||||
|
|
Loading…
Reference in a new issue