diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
index 4489e241869b5302f3a024a936cd3f08279cb762..582f6639af9373fc02d300dfde81479566bb0f5f 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
@@ -31,6 +31,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
serviceAccountName: dnsmasq
tolerations:
- effect: NoSchedule
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
index c3a32f02e68989809739cd871220cd0963fe3b63..59ef45ba9a7c65c771c6af4992a65121cc171672 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
@@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index 27c0576a1f7119455db5a13fb1c7dd9ca8ea8df1..02442bcba93aa7f5cfa84d7f225644f5bd45ae31 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -26,6 +26,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index 41f6716e7ff4b28528ea9b3a10d1ede1acae3786..17695a961ea3b6fd14e4ceb3986641d77e5bf465 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -140,6 +140,9 @@ spec:
labels:
k8s-app: kubernetes-dashboard
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
containers:
- name: kubernetes-dashboard
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index e726e8d2a7f78311919eadcbaa9a8e92b35e4c63..1852c4aeab423abafcbc4381d15bf1f7e39ac00e 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -28,6 +28,9 @@ spec:
labels:
k8s-app: kubedns-autoscaler
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 96ef72283effeb0922ecbe1d0ab74374538104fb..e67d3ae3759073dc8e3008f935039bd82c8ab840 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -27,6 +27,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
index a2c4850c442600eb747b4e930bd1d0c9faeefb10..09d9e498d36102a06d7528df25d3141ab6359c8f 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
@@ -12,6 +12,9 @@ spec:
labels:
app: netchecker-agent
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
index f046e8f4b58385428f5d2180113ac5ecfe0df65f..376171c2836e0bef9d356eb38380197fe2f6919a 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
@@ -18,6 +18,9 @@ spec:
beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
tolerations:
- effect: NoSchedule
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
index 1a858683d2af777febbdee0d39664cae27c3b19d..39a1eafa5fa74a8b3a7f014fa522f5e0045dcc68 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
@@ -11,6 +11,9 @@ spec:
app: netchecker-server
namespace: {{ netcheck_namespace }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
containers:
- name: netchecker-server
image: "{{ server_img }}"
diff --git a/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7fe2030316290b265ce2b3fb05f38ec154add916
--- /dev/null
+++ b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml
@@ -0,0 +1,9 @@
+---
+
+apiVersion: scheduling.k8s.io/v1beta1
+kind: PriorityClass
+metadata:
+ name: k8s-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should only be used by the pods installed using kubespray."
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index 229e497e42addd93c2d2b4ecf6e1207b3dc5a1fb..8cd1f5052f4323443e5b218478d122985aa15901 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -174,3 +174,20 @@
when:
- cloud_provider is defined
- cloud_provider == 'oci'
+
+- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
+ copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml
+ when:
+ - kube_version|version_compare('v1.11.1', '>=')
+ - inventory_hostname == groups['kube-master'][0]
+
+- name: PriorityClass | Create k8s-cluster-critical
+ kube:
+ name: k8s-cluster-critical
+ kubectl: "{{bin_dir}}/kubectl"
+ resource: "PriorityClass"
+ filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
+ state: latest
+ when:
+ - kube_version|version_compare('v1.11.1', '>=')
+ - inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
index 197cc8dee2295e37e982283d5d1924ff4426311f..466a56598a9a3739326e913fad9bdb447cc745ee 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
@@ -19,6 +19,9 @@ spec:
app: cephfs-provisioner
version: {{ cephfs_provisioner_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccount: cephfs-provisioner
containers:
- name: cephfs-provisioner
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
index cc73e073d05b34141a1ef4b1346cb269309611c3..487e4f9f346d97fadecd0a6415c998b4335f8969 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
@@ -18,6 +18,9 @@ spec:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: local-volume-provisioner
tolerations:
- effect: NoSchedule
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
index 1fedf42a295673d28e694d2f1daa0cff2ddf19f1..c6e981f7b67b74996e69faaeda136ac42712d94f 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
@@ -22,6 +22,9 @@ spec:
release: cert-manager
annotations:
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: cert-manager
containers:
- name: cert-manager
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
index 0578844f9aacf5c4bf87d9ca42d55d24900497cb..87c6dadfd1f73ed49f12dd359db18d18ec1e8b21 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
@@ -19,6 +19,9 @@ spec:
app.kubernetes.io/name: default-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
terminationGracePeriodSeconds: 60
containers:
- name: default-backend
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 1031798af5caa1c9fc387c08f5202285b64c55d4..a504c1b3a9d8be2eba220c188d23a97e60badee6 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -29,6 +29,9 @@ spec:
nodeSelector:
{{ ingress_nginx_nodeselector | to_nice_yaml }}
{%- endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
containers:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index be690bb0aa80afb45a7e3c185ebc52fc165ec38d..5d26fd7729408f3f9acd9170725e75486347458d 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -29,6 +29,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
containers:
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
diff --git a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
index 0a04c40d13449e3d22e62f8ef68e7914176e8348..0fe493a81c355160fa38a56bcd15871199da2973 100644
--- a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
@@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
version: v{{ registry_proxy_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: registry-proxy
containers:
- name: registry-proxy
diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
index 57e8db6689493a541a5424c3f1fdfe92d463c433..83a1b058cff272982fef8b6ccd8e3d4dbf30e339 100644
--- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
@@ -22,6 +22,9 @@ spec:
version: v{{ registry_image_tag }}
kubernetes.io/cluster-service: "true"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: registry
containers:
- name: registry
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index dbf9f082c4c98b541a2fabd8c2de6b3896d95311..250ca12579fe90ad1ea69c219f7dcdf326709a83 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -13,6 +13,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-apiserver
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index a14d689d014e1581624a63afd8ce691b85f20e6f..23a690ce43a2c5a251b9ac9413cbe4216ac50876 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -12,6 +12,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-controller-manager
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index 813731fa2e7877826605328641a20b909475105f..b42ad7cfb11d315b5de8f4173dc9508afedcba3c 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -11,6 +11,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-scheduler
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index ece9be10cde5e92b324430c6bf9926a7adb89d0f..8ffcfa524ba36e15a9511409ee13909ecaa5e4d0 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -15,6 +15,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 756eba7ee9c5e83550e05e61c16df3e1fd316d5f..ccd2e478629453b826b26d08dee65ef394d1dc89 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -10,6 +10,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 90dea5eb0005cc5b9167bfdb5905112d676cac8a..2f22545c979bc1a6005939d59bc42debd61c812c 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080
dynamic_kubelet_configuration: false
# define kubelet config dir for dynamic kubelet
-#kubelet_config_dir:
+# kubelet_config_dir:
default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}"
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 830c668bf75f7998002b26411ecd30fcc7ae6ac8..539ced8a6867227f7c833f00be7a619d6ae52ad1 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -21,6 +21,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
serviceAccountName: calico-node
tolerations:
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index e1fec660bc5081ba3c3bdd38b9be3276d13bb808..ea34dfa89abcb3aaa0df6361844a92f626cb65dc 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -18,6 +18,9 @@ spec:
labels:
k8s-app: canal-node
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
serviceAccountName: canal
tolerations:
diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
index 5fa75f98f957138ff962b2d45894824344b5fd28..4eff22269e39ee5931b08e25326365859c00150a 100755
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -34,6 +34,9 @@ spec:
prometheus.io/port: "9090"
{% endif %}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
serviceAccountName: cilium
initContainers:
- name: clean-cilium-state
diff --git a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
index 16b8a9713475e6254633581e0a5c83cf9cad3bb5..f37e8384772af00e92c37c7cd187a2338aba003a 100644
--- a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
@@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
# The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
diff --git a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
index 99cbecb7da6baf5b4392118743457e751312074d..8555c133d439f61fba31c9c4127d65b5a710bd6d 100644
--- a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
@@ -15,6 +15,9 @@ spec:
labels:
k8s-app: contiv-cleanup
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
index a4adedd46c71e1bf44578b0d2dfd5b749413faff..7e826a3bfc4bf7243fdf46a3f24129f56dcca2cb 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
@@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
index 9d75028575165afd05dcdad29c5817ca8532ef84..ba17452faad63801896b7560ce13c1f4ed739979 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
@@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
index be0f23360f928f7b09db28698ec87aaee8e1416e..5731d7c5ccb60bb832ee2faec62e45b5b276ae24 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
@@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
index 755e9b204ab9dee39e122fdb21fe1de802962f20..e47f711bf4a665378acaf24257e70b51ca41d470 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
@@ -22,6 +22,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
index 825ab3042a7c519e6010011e0a5e8a3156d6ae07..27090c62f374abff977742256466dd22241cae57 100644
--- a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
@@ -19,6 +19,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
index de9be8d9e173e2bdfa5ae72e5739a91346e61a6a..c872d9893654dee90fc807b0dfa5d986f1b963c6 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -52,6 +52,9 @@ spec:
tier: node
k8s-app: flannel
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2
index 60e7b6325b2f8b9fec7666dc377bbb80a99f26bd..59740e67e4b051c344f9524761b978b38d8800d0 100644
--- a/roles/network_plugin/weave/templates/weave-net.yml.j2
+++ b/roles/network_plugin/weave/templates/weave-net.yml.j2
@@ -115,6 +115,9 @@ items:
labels:
name: weave-net
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: weave
command: