Update tolerations and priority classes
* Give kube-proxy a blanket toleration * Replace scheduler.alpha.kubernetes.io/critical-pod annotation with priorityClassName: system-node-critical Change-Id: I810333913c09531eefa1ded014fe090d4cca7f7d
This commit is contained in:
parent
e43b6f0128
commit
08906262fd
|
@ -42,7 +42,6 @@ spec:
|
||||||
{{ $labels | indent 8 }}
|
{{ $labels | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{ dict "envAll" $envAll "podName" "kubernetes_apiserver_anchor" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "kubernetes_apiserver_anchor" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
|
@ -52,6 +51,7 @@ spec:
|
||||||
{{ .Values.labels.kubernetes_apiserver.node_selector_key }}: {{ .Values.labels.kubernetes_apiserver.node_selector_value }}
|
{{ .Values.labels.kubernetes_apiserver.node_selector_key }}: {{ .Values.labels.kubernetes_apiserver.node_selector_value }}
|
||||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
|
@ -39,7 +39,6 @@ spec:
|
||||||
{{ $labels | indent 8 }}
|
{{ $labels | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{ dict "envAll" $envAll "podName" "kubernetes-controller-manager-anchor" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "kubernetes-controller-manager-anchor" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
|
@ -49,6 +48,7 @@ spec:
|
||||||
{{ .Values.labels.controller_manager.node_selector_key }}: {{ .Values.labels.controller_manager.node_selector_value }}
|
{{ .Values.labels.controller_manager.node_selector_key }}: {{ .Values.labels.controller_manager.node_selector_value }}
|
||||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
|
@ -41,7 +41,6 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
{{ dict "envAll" $envAll "podName" "etcd-anchor" "containerNames" (list "etcdctl") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "etcd-anchor" "containerNames" (list "etcdctl") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
{{- if .Values.manifests.configmap_bin }}
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -59,6 +58,7 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
|
{{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
|
@ -25,7 +25,6 @@ metadata:
|
||||||
name: "{{ .Release.Name }}-etcd-test"
|
name: "{{ .Release.Name }}-etcd-test"
|
||||||
annotations:
|
annotations:
|
||||||
"helm.sh/hook": "test"
|
"helm.sh/hook": "test"
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
{{ dict "envAll" $envAll "podName" "etcd-test" "containerNames" (list "etcd-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
{{ dict "envAll" $envAll "podName" "etcd-test" "containerNames" (list "etcd-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||||
labels:
|
labels:
|
||||||
|
|
|
@ -36,10 +36,10 @@ spec:
|
||||||
{{ $labels | indent 8 }}
|
{{ $labels | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
{{ dict "envAll" $envAll "podName" "haproxy-anchor" "containerNames" (list "haproxy-perms" "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "haproxy-anchor" "containerNames" (list "haproxy-perms" "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "haproxy_anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "haproxy_anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
|
@ -45,7 +45,6 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
{{ dict "envAll" $envAll "podName" "kubernetes-proxy" "containerNames" (list "proxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "kubernetes-proxy" "containerNames" (list "proxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
{{- if .Values.manifests.configmap_proxy }}
|
{{- if .Values.manifests.configmap_proxy }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -54,14 +53,9 @@ spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
shareProcessNamespace: true
|
shareProcessNamespace: true
|
||||||
dnsPolicy: Default
|
dnsPolicy: Default
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- operator: Exists
|
||||||
effect: NoSchedule
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
|
||||||
effect: NoSchedule
|
|
||||||
containers:
|
containers:
|
||||||
- name: proxy
|
- name: proxy
|
||||||
image: {{ .Values.images.tags.proxy }}
|
image: {{ .Values.images.tags.proxy }}
|
||||||
|
|
|
@ -34,7 +34,6 @@ spec:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
|
@ -46,6 +45,7 @@ spec:
|
||||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }}
|
{{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }}
|
||||||
|
priorityClassName: system-node-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
|
@ -4,10 +4,9 @@ kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
annotations:
|
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
containers:
|
containers:
|
||||||
- name: haproxy
|
- name: haproxy
|
||||||
image: {{ config['HostSystem:images.haproxy'] }}
|
image: {{ config['HostSystem:images.haproxy'] }}
|
||||||
|
|
|
@ -8,10 +8,9 @@ metadata:
|
||||||
application: kubernetes
|
application: kubernetes
|
||||||
component: apiserver
|
component: apiserver
|
||||||
kubernetes-apiserver-service: enabled
|
kubernetes-apiserver-service: enabled
|
||||||
annotations:
|
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
containers:
|
containers:
|
||||||
- name: kube-apiserver
|
- name: kube-apiserver
|
||||||
image: {{ config['Genesis:images.kubernetes.apiserver'] }}
|
image: {{ config['Genesis:images.kubernetes.apiserver'] }}
|
||||||
|
|
|
@ -8,10 +8,9 @@ metadata:
|
||||||
tier: control-plane
|
tier: control-plane
|
||||||
application: kubernetes
|
application: kubernetes
|
||||||
component: kube-controller-manager
|
component: kube-controller-manager
|
||||||
annotations:
|
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
containers:
|
containers:
|
||||||
- name: kube-controller-manager
|
- name: kube-controller-manager
|
||||||
image: {{ config['Genesis:images.kubernetes.controller-manager'] }}
|
image: {{ config['Genesis:images.kubernetes.controller-manager'] }}
|
||||||
|
|
|
@ -8,10 +8,9 @@ metadata:
|
||||||
tier: control-plane
|
tier: control-plane
|
||||||
application: kubernetes
|
application: kubernetes
|
||||||
component: kube-scheduler
|
component: kube-scheduler
|
||||||
annotations:
|
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
priorityClassName: system-node-critical
|
||||||
containers:
|
containers:
|
||||||
- name: kube-scheduler
|
- name: kube-scheduler
|
||||||
image: {{ config['Genesis:images.kubernetes.scheduler'] }}
|
image: {{ config['Genesis:images.kubernetes.scheduler'] }}
|
||||||
|
|
Loading…
Reference in New Issue