Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

chore: add priorityClassName: system-node-critical to kube-system,… #555

Merged
merged 7 commits into from Feb 27, 2019
Merged

chore: add priorityClassName: system-node-critical to kube-system,… #555

merged 7 commits into from Feb 27, 2019

Conversation

jackfrancis
Copy link
Member

@jackfrancis jackfrancis commented Feb 21, 2019
edited

… master-schedulable components

Reason for Change:

For kube-system components that are declared to tolerate master node taints, we want to add priorityClassName: system-node-critical as well to doubly ensure that they are schedulable, even if the master node taints are customized. Otherwise, master node taint customization is liable to make system-critical components unschedulable.

Included all components that fit the above description for k8s 1.9 and above.

Reference: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/

Issue Fixed:

Fixes #573

Requirements:

Notes:

@acs-bot acs-bot added the size/L label Feb 21, 2019
@acs-bot
Copy link

acs-bot commented Feb 21, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackfrancis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov
Copy link

codecov bot commented Feb 21, 2019
edited

Codecov Report

Merging #555 into master will increase coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #555      +/-   ##
==========================================
+ Coverage   54.75%   54.79%   +0.03%     
==========================================
  Files          97       97              
  Lines       14708    14716       +8     
==========================================
+ Hits         8054     8064      +10     
+ Misses       5980     5979       -1     
+ Partials      674      673       -1

@mboersma mboersma added this to Done in backlog Feb 21, 2019
@mboersma mboersma moved this from Done to In progress in backlog Feb 21, 2019
@mboersma
Copy link
Member

lgtm

@jackfrancis
Copy link
Member Author

omsagent cluster scenario manually tested

@jackfrancis
Copy link
Member Author

flannel scenario manually tested

palma21
palma21 suggested changes Feb 21, 2019
View reviewed changes
Copy link
Member

@palma21 palma21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see you used system-cluster-critical and not system-node-critical any reason for that?

Also to fix the full problem scope I believe we still need a wildcard toleration for kube-proxy at least.
- operator: "Exists"
effect: "NoExecute"
- operator: "Exists"
effect: "NoSchedule"

@palma21
Copy link
Member

palma21 commented Feb 21, 2019
edited

Add-on for the reasons:

Adding priorityClass to ensure that kube-system components are schedulable when node taints are customized and added to any node.

Fixes #573

@jackfrancis
Copy link
Member Author

@palma21 does the most recent commit address the desired add'l kube-proxy tolerations?

@jackfrancis jackfrancis changed the title chore: add priorityClassName: system-cluster-critical to kube-system,… chore: add priorityClassName: system-node-critical to kube-system,… Feb 22, 2019
palma21
palma21 reviewed Feb 25, 2019
View reviewed changes
Copy link
Member

@palma21 palma21 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe there's a bug here with the indentation that is making the tests fail

@palma21 palma21 added the lgtm label Feb 25, 2019
serbrech
serbrech reviewed Feb 26, 2019
View reviewed changes
parts/k8s/addons/kubernetesmasteraddons-kube-proxy-daemonset.yaml
- operator: "Exists"
effect: NoExecute
- operator: "Exists"
effect: NoSchedule
containers:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to ensure that we never schedule kube-proxy on master, correct?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the opposite: it ensures that kube-proxy will always be able to be scheduled on any node, regardless of taint.

CecileRobertMichon
CecileRobertMichon approved these changes Feb 27, 2019
View reviewed changes
Copy link
Contributor

@CecileRobertMichon CecileRobertMichon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jackfrancis jackfrancis merged commit e80408c into Azure:master Feb 27, 2019
backlog automation moved this from In progress to Done Feb 27, 2019
@jackfrancis jackfrancis deleted the priorityClassName-system-cluster-critical branch February 27, 2019 21:16
juhacket pushed a commit to juhacket/aks-engine that referenced this pull request Mar 14, 2019
@jackfrancis
chore: add priorityClassName: system-node-critical to kube-system,… (A…
c5a5de7 
…zure#555)
@mboersma mboersma mentioned this pull request May 21, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@serbrech serbrech serbrech left review comments

@palma21 palma21 palma21 approved these changes

@CecileRobertMichon CecileRobertMichon CecileRobertMichon approved these changes

Assignees
No one assigned
Labels
approved lgtm size/L
Projects
No open projects
backlog
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Guaranteed Scheduling For Critical Pods
6 participants
@jackfrancis @acs-bot @mboersma @palma21 @serbrech @CecileRobertMichon