Adding pod priority for all the components. (#3361)

* Changes to assign pod priority to kube components.

* Removed the boolean flag pod_priority_assignment

* Created new priorityclass k8s-cluster-critical

* Created new priorityclass k8s-cluster-critical

* Fixed the trailing spaces

* Fixed the trailing spaces

* Added kube version check while creating Priority Class k8s-cluster-critical

* Moved k8s-cluster-critical.yml

* Moved k8s-cluster-critical.yml to kube_config_dir
This commit is contained in:
Kuldip Madnani 2018-09-25 09:50:22 -05:00 committed by k8s-ci-robot
parent 8526c30b63
commit 36898a2c39
37 changed files with 129 additions and 1 deletions

View file

@ -31,6 +31,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
serviceAccountName: dnsmasq
tolerations:
- effect: NoSchedule

View file

@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists

View file

@ -26,6 +26,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master

View file

@ -140,6 +140,9 @@ spec:
labels:
k8s-app: kubernetes-dashboard
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
containers:
- name: kubernetes-dashboard
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}

View file

@ -28,6 +28,9 @@ spec:
labels:
k8s-app: kubedns-autoscaler
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View file

@ -27,6 +27,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View file

@ -12,6 +12,9 @@ spec:
labels:
app: netchecker-agent
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists

View file

@ -18,6 +18,9 @@ spec:
beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
tolerations:
- effect: NoSchedule

View file

@ -11,6 +11,9 @@ spec:
app: netchecker-server
namespace: {{ netcheck_namespace }}
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
containers:
- name: netchecker-server
image: "{{ server_img }}"

View file

@ -0,0 +1,9 @@
---
apiVersion: scheduling.k8s.io/v1beta1
kind: PriorityClass
metadata:
name: k8s-cluster-critical
value: 1000000000
globalDefault: false
description: "This priority class should only be used by the pods installed using kubespray."

View file

@ -174,3 +174,20 @@
when:
- cloud_provider is defined
- cloud_provider == 'oci'
- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml
when:
- kube_version|version_compare('v1.11.1', '>=')
- inventory_hostname == groups['kube-master'][0]
- name: PriorityClass | Create k8s-cluster-critical
kube:
name: k8s-cluster-critical
kubectl: "{{bin_dir}}/kubectl"
resource: "PriorityClass"
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
state: latest
when:
- kube_version|version_compare('v1.11.1', '>=')
- inventory_hostname == groups['kube-master'][0]

View file

@ -19,6 +19,9 @@ spec:
app: cephfs-provisioner
version: {{ cephfs_provisioner_image_tag }}
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccount: cephfs-provisioner
containers:
- name: cephfs-provisioner

View file

@ -18,6 +18,9 @@ spec:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: local-volume-provisioner
tolerations:
- effect: NoSchedule

View file

@ -22,6 +22,9 @@ spec:
release: cert-manager
annotations:
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: cert-manager
containers:
- name: cert-manager

View file

@ -19,6 +19,9 @@ spec:
app.kubernetes.io/name: default-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
terminationGracePeriodSeconds: 60
containers:
- name: default-backend

View file

@ -29,6 +29,9 @@ spec:
nodeSelector:
{{ ingress_nginx_nodeselector | to_nice_yaml }}
{%- endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
containers:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}

View file

@ -29,6 +29,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
containers:
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}

View file

@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
version: v{{ registry_proxy_image_tag }}
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: registry-proxy
containers:
- name: registry-proxy

View file

@ -22,6 +22,9 @@ spec:
version: v{{ registry_image_tag }}
kubernetes.io/cluster-service: "true"
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
serviceAccountName: registry
containers:
- name: registry

View file

@ -13,6 +13,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-apiserver

View file

@ -12,6 +12,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-controller-manager

View file

@ -11,6 +11,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
{% endif %}
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-scheduler

View file

@ -15,6 +15,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}

View file

@ -10,6 +10,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}

View file

@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080
dynamic_kubelet_configuration: false
# define kubelet config dir for dynamic kubelet
#kubelet_config_dir:
# kubelet_config_dir:
default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}"

View file

@ -21,6 +21,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
serviceAccountName: calico-node
tolerations:

View file

@ -18,6 +18,9 @@ spec:
labels:
k8s-app: canal-node
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
serviceAccountName: canal
tolerations:

View file

@ -34,6 +34,9 @@ spec:
prometheus.io/port: "9090"
{% endif %}
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
serviceAccountName: cilium
initContainers:
- name: clean-cilium-state

View file

@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
# The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true

View file

@ -15,6 +15,9 @@ spec:
labels:
k8s-app: contiv-cleanup
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
tolerations:

View file

@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:

View file

@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:

View file

@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true

View file

@ -22,6 +22,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
tolerations:

View file

@ -19,6 +19,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
tolerations:

View file

@ -52,6 +52,9 @@ spec:
tier: node
k8s-app: flannel
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:

View file

@ -115,6 +115,9 @@ items:
labels:
name: weave-net
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
containers:
- name: weave
command: