From 6bb3463e7c743b901ab4bd44643137a85e1e5014 Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Thu, 24 Aug 2017 10:04:25 +0100 Subject: [PATCH] Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass. --- .../dnsmasq/templates/dnsmasq-autoscaler.yml | 35 ++++++++++--------- roles/dnsmasq/templates/dnsmasq-deploy.yml | 3 ++ .../templates/kubedns-autoscaler.yml.j2 | 6 +++- .../ansible/templates/kubedns-deploy.yml.j2 | 2 ++ .../templates/netchecker-agent-ds.yml.j2 | 3 ++ .../netchecker-agent-hostnet-ds.yml.j2 | 3 ++ .../efk/fluentd/templates/fluentd-ds.yml.j2 | 3 ++ .../templates/calico-policy-controller.yml.j2 | 3 ++ .../canal/templates/canal-node.yml.j2 | 3 ++ .../flannel/templates/flannel-pod.yml | 3 ++ .../weave/templates/weave-net.yml.j2 | 2 +- 11 files changed, 48 insertions(+), 18 deletions(-) diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml index aff99f08d..85b357950 100644 --- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml +++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml @@ -31,20 +31,23 @@ spec: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: + tolerations: + - effect: NoSchedule + operator: Exists containers: - - name: autoscaler - image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1 - resources: - requests: - cpu: "20m" - memory: "10Mi" - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=dnsmasq-autoscaler - - --target=Deployment/dnsmasq - # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate. - # If using small nodes, "nodesPerReplica" should dominate. - - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}} - - --logtostderr=true - - --v={{ kube_log_level }} + - name: autoscaler + image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1 + resources: + requests: + cpu: "20m" + memory: "10Mi" + command: + - /cluster-proportional-autoscaler + - --namespace=kube-system + - --configmap=dnsmasq-autoscaler + - --target=Deployment/dnsmasq + # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate. + # If using small nodes, "nodesPerReplica" should dominate. + - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}} + - --logtostderr=true + - --v={{ kube_log_level }} diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml index 6f11363b3..94b15206b 100644 --- a/roles/dnsmasq/templates/dnsmasq-deploy.yml +++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml @@ -21,6 +21,9 @@ spec: kubernetes.io/cluster-service: "true" kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}" spec: + tolerations: + - effect: NoSchedule + operator: Exists containers: - name: dnsmasq image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}" diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 index 04f93fd84..fb87d5a50 100644 --- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 @@ -29,11 +29,15 @@ spec: k8s-app: kubedns-autoscaler annotations: scheduler.alpha.kubernetes.io/critical-pod: '' - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: containers: - name: autoscaler image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}" + tolerations: + - effect: NoSchedule + operator: Exists + - effect: CriticalAddonsOnly + operator: exists resources: requests: cpu: "20m" diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 index 149a16ebd..682bdf491 100644 --- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 @@ -30,6 +30,8 @@ spec: tolerations: - key: "CriticalAddonsOnly" operator: "Exists" + - effect: NoSchedule + operator: Exists volumes: - name: kube-dns-config configMap: diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 index df0b8ba90..8b16e0c30 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 @@ -12,6 +12,9 @@ spec: labels: app: netchecker-agent spec: + tolerations: + - effect: NoSchedule + operator: Exists containers: - name: netchecker-agent image: "{{ agent_img }}" diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 index 10a74da84..6064d8e68 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 @@ -16,6 +16,9 @@ spec: {% if kube_version | version_compare('v1.6', '>=') %} dnsPolicy: ClusterFirstWithHostNet {% endif %} + tolerations: + - effect: NoSchedule + operator: Exists containers: - name: netchecker-agent image: "{{ agent_img }}" diff --git a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 index 77ed3c4ff..838ebf1e6 100644 --- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 +++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 @@ -17,6 +17,9 @@ spec: kubernetes.io/cluster-service: "true" version: "v{{ fluentd_version }}" spec: + tolerations: + - effect: NoSchedule + operator: Exists containers: - name: fluentd-es image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}" diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 index 322d3a37b..4722cbc53 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 @@ -21,6 +21,9 @@ spec: k8s-app: calico-policy spec: hostNetwork: true + tolerations: + - effect: NoSchedule + operator: Exists containers: - name: calico-policy-controller image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2 index 37baf06e0..b749d4d32 100644 --- a/roles/network_plugin/canal/templates/canal-node.yml.j2 +++ b/roles/network_plugin/canal/templates/canal-node.yml.j2 @@ -18,6 +18,9 @@ spec: k8s-app: canal-node spec: hostNetwork: true + tolerations: + - effect: NoSchedule + operator: Exists volumes: # Used by calico/node. - name: lib-modules diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml index 5ca78ae1d..a6e075b8c 100644 --- a/roles/network_plugin/flannel/templates/flannel-pod.yml +++ b/roles/network_plugin/flannel/templates/flannel-pod.yml @@ -8,6 +8,9 @@ metadata: app: "flannel" version: "v0.1" spec: + tolerations: + - effect: NoSchedule + operator: Exists volumes: - name: "subnetenv" hostPath: diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2 index ba1f07929..691b4cf02 100644 --- a/roles/network_plugin/weave/templates/weave-net.yml.j2 +++ b/roles/network_plugin/weave/templates/weave-net.yml.j2 @@ -153,4 +153,4 @@ items: path: /var/lib/dbus - name: lib-modules hostPath: - path: /lib/modules \ No newline at end of file + path: /lib/modules