From 6bb3463e7c743b901ab4bd44643137a85e1e5014 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Thu, 24 Aug 2017 10:04:25 +0100
Subject: [PATCH] Enable scheduling of critical pods and network plugins on
master
Added toleration to DNS, netchecker, fluentd, canal, and
calico policy.
Also small fixes to make yamllint pass.
---
.../dnsmasq/templates/dnsmasq-autoscaler.yml | 35 ++++++++++---------
roles/dnsmasq/templates/dnsmasq-deploy.yml | 3 ++
.../templates/kubedns-autoscaler.yml.j2 | 6 +++-
.../ansible/templates/kubedns-deploy.yml.j2 | 2 ++
.../templates/netchecker-agent-ds.yml.j2 | 3 ++
.../netchecker-agent-hostnet-ds.yml.j2 | 3 ++
.../efk/fluentd/templates/fluentd-ds.yml.j2 | 3 ++
.../templates/calico-policy-controller.yml.j2 | 3 ++
.../canal/templates/canal-node.yml.j2 | 3 ++
.../flannel/templates/flannel-pod.yml | 3 ++
.../weave/templates/weave-net.yml.j2 | 2 +-
11 files changed, 48 insertions(+), 18 deletions(-)
diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
index aff99f08d..85b357950 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
@@ -31,20 +31,23 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- - name: autoscaler
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
- resources:
- requests:
- cpu: "20m"
- memory: "10Mi"
- command:
- - /cluster-proportional-autoscaler
- - --namespace=kube-system
- - --configmap=dnsmasq-autoscaler
- - --target=Deployment/dnsmasq
- # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
- # If using small nodes, "nodesPerReplica" should dominate.
- - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
- - --logtostderr=true
- - --v={{ kube_log_level }}
+ - name: autoscaler
+ image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
+ resources:
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
+ command:
+ - /cluster-proportional-autoscaler
+ - --namespace=kube-system
+ - --configmap=dnsmasq-autoscaler
+ - --target=Deployment/dnsmasq
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+ # If using small nodes, "nodesPerReplica" should dominate.
+ - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
+ - --logtostderr=true
+ - --v={{ kube_log_level }}
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml
index 6f11363b3..94b15206b 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@@ -21,6 +21,9 @@ spec:
kubernetes.io/cluster-service: "true"
kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
spec:
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- name: dnsmasq
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index 04f93fd84..fb87d5a50 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -29,11 +29,15 @@ spec:
k8s-app: kubedns-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
- scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
containers:
- name: autoscaler
image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
+ - effect: CriticalAddonsOnly
+ operator: exists
resources:
requests:
cpu: "20m"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 149a16ebd..682bdf491 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -30,6 +30,8 @@ spec:
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
+ - effect: NoSchedule
+ operator: Exists
volumes:
- name: kube-dns-config
configMap:
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
index df0b8ba90..8b16e0c30 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml.j2
@@ -12,6 +12,9 @@ spec:
labels:
app: netchecker-agent
spec:
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- name: netchecker-agent
image: "{{ agent_img }}"
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
index 10a74da84..6064d8e68 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml.j2
@@ -16,6 +16,9 @@ spec:
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- name: netchecker-agent
image: "{{ agent_img }}"
diff --git a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
index 77ed3c4ff..838ebf1e6 100644
--- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
+++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
@@ -17,6 +17,9 @@ spec:
kubernetes.io/cluster-service: "true"
version: "v{{ fluentd_version }}"
spec:
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- name: fluentd-es
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
index 322d3a37b..4722cbc53 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
@@ -21,6 +21,9 @@ spec:
k8s-app: calico-policy
spec:
hostNetwork: true
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
containers:
- name: calico-policy-controller
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2
index 37baf06e0..b749d4d32 100644
--- a/roles/network_plugin/canal/templates/canal-node.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yml.j2
@@ -18,6 +18,9 @@ spec:
k8s-app: canal-node
spec:
hostNetwork: true
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
volumes:
# Used by calico/node.
- name: lib-modules
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 5ca78ae1d..a6e075b8c 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -8,6 +8,9 @@ metadata:
app: "flannel"
version: "v0.1"
spec:
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
volumes:
- name: "subnetenv"
hostPath:
diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2
index ba1f07929..691b4cf02 100644
--- a/roles/network_plugin/weave/templates/weave-net.yml.j2
+++ b/roles/network_plugin/weave/templates/weave-net.yml.j2
@@ -153,4 +153,4 @@ items:
path: /var/lib/dbus
- name: lib-modules
hostPath:
- path: /lib/modules
\ No newline at end of file
+ path: /lib/modules
--
GitLab