From 36898a2c392713b2a403145481a8d95eac705781 Mon Sep 17 00:00:00 2001
From: Kuldip Madnani <k.madnani84@gmail.com>
Date: Tue, 25 Sep 2018 09:50:22 -0500
Subject: [PATCH] Adding pod priority for all the components. (#3361)
* Changes to assign pod priority to kube components.
* Removed the boolean flag pod_priority_assignment
* Created new priorityclass k8s-cluster-critical
* Created new priorityclass k8s-cluster-critical
* Fixed the trailing spaces
* Fixed the trailing spaces
* Added kube version check while creating Priority Class k8s-cluster-critical
* Moved k8s-cluster-critical.yml
* Moved k8s-cluster-critical.yml to kube_config_dir
---
.../dnsmasq/templates/dnsmasq-autoscaler.yml.j2 | 3 +++
roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 | 3 +++
.../ansible/templates/coredns-deployment.yml.j2 | 3 +++
.../ansible/templates/dashboard.yml.j2 | 3 +++
.../ansible/templates/kubedns-autoscaler.yml.j2 | 3 +++
.../ansible/templates/kubedns-deploy.yml.j2 | 3 +++
.../templates/netchecker-agent-ds.yml.j2 | 3 +++
.../netchecker-agent-hostnet-ds.yml.j2 | 3 +++
.../netchecker-server-deployment.yml.j2 | 3 +++
.../files/k8s-cluster-critical-pc.yml | 9 +++++++++
.../cluster_roles/tasks/main.yml | 17 +++++++++++++++++
.../templates/deploy-cephfs-provisioner.yml.j2 | 3 +++
.../local-volume-provisioner-ds.yml.j2 | 3 +++
.../templates/deploy-cert-manager.yml.j2 | 3 +++
.../templates/deploy-default-backend.yml.j2 | 3 +++
.../ds-ingress-nginx-controller.yml.j2 | 3 +++
.../templates/calico-kube-controllers.yml.j2 | 3 +++
.../registry/templates/registry-proxy-ds.yml.j2 | 3 +++
.../registry/templates/registry-rs.yml.j2 | 3 +++
.../manifests/kube-apiserver.manifest.j2 | 3 +++
.../kube-controller-manager.manifest.j2 | 3 +++
.../manifests/kube-scheduler.manifest.j2 | 3 +++
.../templates/manifests/kube-proxy.manifest.j2 | 3 +++
.../templates/manifests/nginx-proxy.manifest.j2 | 3 +++
roles/kubespray-defaults/defaults/main.yaml | 2 +-
.../calico/templates/calico-node.yml.j2 | 3 +++
.../canal/templates/canal-node.yaml.j2 | 3 +++
.../cilium/templates/cilium-ds.yml.j2 | 3 +++
.../contiv/templates/contiv-api-proxy.yml.j2 | 3 +++
.../contiv/templates/contiv-cleanup.yml.j2 | 3 +++
.../contiv/templates/contiv-etcd-proxy.yml.j2 | 3 +++
.../contiv/templates/contiv-etcd.yml.j2 | 3 +++
.../contiv/templates/contiv-netmaster.yml.j2 | 3 +++
.../contiv/templates/contiv-netplugin.yml.j2 | 3 +++
.../contiv/templates/contiv-ovs.yml.j2 | 3 +++
.../flannel/templates/cni-flannel.yml.j2 | 3 +++
.../weave/templates/weave-net.yml.j2 | 3 +++
37 files changed, 129 insertions(+), 1 deletion(-)
create mode 100644 roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml
diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
index 4489e2418..582f6639a 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
@@ -31,6 +31,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
serviceAccountName: dnsmasq
tolerations:
- effect: NoSchedule
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2 b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
index c3a32f02e..59ef45ba9 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2
@@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index 27c0576a1..02442bcba 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -26,6 +26,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index 41f6716e7..17695a961 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -140,6 +140,9 @@ spec:
labels:
k8s-app: kubernetes-dashboard
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
containers:
- name: kubernetes-dashboard
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index e726e8d2a..1852c4aea 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -28,6 +28,9 @@ spec:
labels:
k8s-app: kubedns-autoscaler
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 96ef72283..e67d3ae37 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -27,6 +27,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
index a2c4850c4..09d9e498d 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
@@ -12,6 +12,9 @@ spec:
labels:
app: netchecker-agent
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
index f046e8f4b..376171c28 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
@@ -18,6 +18,9 @@ spec:
beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
{% endif %}
tolerations:
- effect: NoSchedule
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
index 1a858683d..39a1eafa5 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
@@ -11,6 +11,9 @@ spec:
app: netchecker-server
namespace: {{ netcheck_namespace }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
containers:
- name: netchecker-server
image: "{{ server_img }}"
diff --git a/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml
new file mode 100644
index 000000000..7fe203031
--- /dev/null
+++ b/roles/kubernetes-apps/cluster_roles/files/k8s-cluster-critical-pc.yml
@@ -0,0 +1,9 @@
+---
+
+apiVersion: scheduling.k8s.io/v1beta1
+kind: PriorityClass
+metadata:
+ name: k8s-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should only be used by the pods installed using kubespray."
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index 229e497e4..8cd1f5052 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -174,3 +174,20 @@
when:
- cloud_provider is defined
- cloud_provider == 'oci'
+
+- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
+ copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml
+ when:
+ - kube_version|version_compare('v1.11.1', '>=')
+ - inventory_hostname == groups['kube-master'][0]
+
+- name: PriorityClass | Create k8s-cluster-critical
+ kube:
+ name: k8s-cluster-critical
+ kubectl: "{{bin_dir}}/kubectl"
+ resource: "PriorityClass"
+ filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
+ state: latest
+ when:
+ - kube_version|version_compare('v1.11.1', '>=')
+ - inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
index 197cc8dee..466a56598 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
@@ -19,6 +19,9 @@ spec:
app: cephfs-provisioner
version: {{ cephfs_provisioner_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccount: cephfs-provisioner
containers:
- name: cephfs-provisioner
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
index cc73e073d..487e4f9f3 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2
@@ -18,6 +18,9 @@ spec:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: local-volume-provisioner
tolerations:
- effect: NoSchedule
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
index 1fedf42a2..c6e981f7b 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/deploy-cert-manager.yml.j2
@@ -22,6 +22,9 @@ spec:
release: cert-manager
annotations:
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if cert_manager_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: cert-manager
containers:
- name: cert-manager
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
index 0578844f9..87c6dadfd 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/deploy-default-backend.yml.j2
@@ -19,6 +19,9 @@ spec:
app.kubernetes.io/name: default-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
terminationGracePeriodSeconds: 60
containers:
- name: default-backend
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 1031798af..a504c1b3a 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -29,6 +29,9 @@ spec:
nodeSelector:
{{ ingress_nginx_nodeselector | to_nice_yaml }}
{%- endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
containers:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index be690bb0a..5d26fd772 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -29,6 +29,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-cluster-critical
+{% endif %}
containers:
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
diff --git a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
index 0a04c40d1..0fe493a81 100644
--- a/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2
@@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
version: v{{ registry_proxy_image_tag }}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: registry-proxy
containers:
- name: registry-proxy
diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
index 57e8db668..83a1b058c 100644
--- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
@@ -22,6 +22,9 @@ spec:
version: v{{ registry_image_tag }}
kubernetes.io/cluster-service: "true"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+{% endif %}
serviceAccountName: registry
containers:
- name: registry
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index dbf9f082c..250ca1257 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -13,6 +13,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-apiserver
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index a14d689d0..23a690ce4 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -12,6 +12,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-controller-manager
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index 813731fa2..b42ad7cfb 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -11,6 +11,9 @@ spec:
hostNetwork: true
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
+{% endif %}
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
{% endif %}
containers:
- name: kube-scheduler
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index ece9be10c..8ffcfa524 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -15,6 +15,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 756eba7ee..ccd2e4786 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -10,6 +10,9 @@ spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 90dea5eb0..2f22545c9 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -140,7 +140,7 @@ kube_apiserver_insecure_port: 8080
dynamic_kubelet_configuration: false
# define kubelet config dir for dynamic kubelet
-#kubelet_config_dir:
+# kubelet_config_dir:
default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}"
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 830c668bf..539ced8a6 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -21,6 +21,9 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
serviceAccountName: calico-node
tolerations:
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index e1fec660b..ea34dfa89 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -18,6 +18,9 @@ spec:
labels:
k8s-app: canal-node
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
serviceAccountName: canal
tolerations:
diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
index 5fa75f98f..4eff22269 100755
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -34,6 +34,9 @@ spec:
prometheus.io/port: "9090"
{% endif %}
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
serviceAccountName: cilium
initContainers:
- name: clean-cilium-state
diff --git a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
index 16b8a9713..f37e83847 100644
--- a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
@@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
# The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
diff --git a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
index 99cbecb7d..8555c133d 100644
--- a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
@@ -15,6 +15,9 @@ spec:
labels:
k8s-app: contiv-cleanup
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
index a4adedd46..7e826a3bf 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
@@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
index 9d7502857..ba17452fa 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
@@ -17,6 +17,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
nodeSelector:
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
index be0f23360..5731d7c5c 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
@@ -18,6 +18,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
index 755e9b204..e47f711bf 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
@@ -22,6 +22,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
index 825ab3042..27090c62f 100644
--- a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
@@ -19,6 +19,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
hostNetwork: true
hostPID: true
tolerations:
diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
index de9be8d9e..c872d9893 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -52,6 +52,9 @@ spec:
tier: node
k8s-app: flannel
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2
index 60e7b6325..59740e67e 100644
--- a/roles/network_plugin/weave/templates/weave-net.yml.j2
+++ b/roles/network_plugin/weave/templates/weave-net.yml.j2
@@ -115,6 +115,9 @@ items:
labels:
name: weave-net
spec:
+{% if kube_version|version_compare('v1.11.1', '>=') %}
+ priorityClassName: system-node-critical
+{% endif %}
containers:
- name: weave
command:
--
GitLab