diff --git a/upup/models/cloudup/resources/addons/core.addons.k8s.io/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/core.addons.k8s.io/k8s-1.12.yaml.template index 412260aad91a0..7c3c3aaad4a4e 100644 --- a/upup/models/cloudup/resources/addons/core.addons.k8s.io/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/core.addons.k8s.io/k8s-1.12.yaml.template @@ -113,6 +113,7 @@ spec: spec: nodeSelector: node-role.kubernetes.io/master: "" + priorityClassName: system-node-critical serviceAccountName: cloud-controller-manager containers: - name: cloud-controller-manager diff --git a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template deleted file mode 100644 index 231a773072e0a..0000000000000 --- a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 2019 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kube-dns-autoscaler - namespace: kube-system - labels: - k8s-addon: kube-dns.addons.k8s.io - k8s-app: kube-dns-autoscaler - kubernetes.io/cluster-service: "true" -spec: - template: - metadata: - labels: - k8s-app: kube-dns-autoscaler - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' - spec: - containers: - - name: autoscaler - image: k8s.gcr.io/cluster-proportional-autoscaler-{{Arch}}:1.0.0 - resources: - requests: - cpu: "20m" - memory: "10Mi" - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=kube-dns-autoscaler - - --mode=linear - # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base - - --target=Deployment/kube-dns - # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate. - # If using small nodes, "nodesPerReplica" should dominate. - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"min":2}} - - --logtostderr=true - - --v=2 - ---- - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-addon: kube-dns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" -spec: - # replicas: not specified here: - # 1. In order to make Addon Manager do not reconcile this replicas parameter. - # 2. Default is 1. - # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 0 - selector: - matchLabels: - k8s-app: kube-dns - template: - metadata: - labels: - k8s-app: kube-dns - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' - spec: - containers: - - name: kubedns - image: k8s.gcr.io/kubedns-{{Arch}}:1.9 - resources: - # TODO: Set memory limits when we've profiled the container for large - # clusters, then set request = limit to keep this container in - # guaranteed class. Currently, this container falls into the - # "burstable" category so the kubelet doesn't backoff from restarting it. - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - livenessProbe: - httpGet: - path: /healthz-kubedns - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: 8081 - scheme: HTTP - # we poll on pod startup for the Kubernetes master service and - # only setup the /readiness HTTP server once that's available. - initialDelaySeconds: 3 - timeoutSeconds: 5 - args: - - --domain={{ KubeDNS.Domain }}. - - --dns-port=10053 - - --config-map=kube-dns - - --v=2 - env: - - name: PROMETHEUS_PORT - value: "10055" - ports: - - containerPort: 10053 - name: dns-local - protocol: UDP - - containerPort: 10053 - name: dns-tcp-local - protocol: TCP - - containerPort: 10055 - name: metrics - protocol: TCP - - name: dnsmasq - image: k8s.gcr.io/k8s-dns-dnsmasq-{{Arch}}:1.14.10 - livenessProbe: - httpGet: - path: /healthz-dnsmasq - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - --cache-size={{ KubeDNS.CacheMaxSize }} - - --dns-forward-max={{ KubeDNS.CacheMaxConcurrent }} - - --no-resolv - - --server=127.0.0.1#10053 - - --log-facility=- - - --min-port=1024 - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - # see: https://github.com/kubernetes/kubernetes/issues/29055 for details - resources: - requests: - cpu: 150m - memory: 10Mi - - name: dnsmasq-metrics - image: k8s.gcr.io/dnsmasq-metrics-{{Arch}}:1.0 - livenessProbe: - httpGet: - path: /metrics - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - --v=2 - - --logtostderr - ports: - - containerPort: 10054 - name: metrics - protocol: TCP - resources: - requests: - memory: 10Mi - - name: healthz - image: k8s.gcr.io/exechealthz-{{Arch}}:1.2 - resources: - limits: - memory: 50Mi - requests: - cpu: 10m - # Note that this container shouldn't really need 50Mi of memory. The - # limits are set higher than expected pending investigation on #29688. - # The extra memory was stolen from the kubedns container to keep the - # net memory requested by the pod constant. - memory: 50Mi - args: - - --cmd=nslookup kubernetes.default.svc.{{ KubeDNS.Domain }} 127.0.0.1 >/dev/null - - --url=/healthz-dnsmasq - - --cmd=nslookup kubernetes.default.svc.{{ KubeDNS.Domain }} 127.0.0.1:10053 >/dev/null - - --url=/healthz-kubedns - - --port=8080 - - --quiet - ports: - - containerPort: 8080 - protocol: TCP - dnsPolicy: Default # Don't use cluster DNS. - ---- - -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-addon: kube-dns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: "KubeDNS" -spec: - selector: - k8s-app: kube-dns - clusterIP: {{ KubeDNS.ServerIP }} - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template index 271ca3884bc75..0a309fb3438ea 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template @@ -533,7 +533,7 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - priorityClassName: system-cluster-critical + priorityClassName: system-node-critical restartPolicy: Always serviceAccount: cilium serviceAccountName: cilium @@ -748,6 +748,7 @@ spec: readOnly: true {{- end }} hostNetwork: true + priorityClassName: system-cluster-critical restartPolicy: Always serviceAccount: cilium-operator serviceAccountName: cilium-operator @@ -931,6 +932,7 @@ spec: name: cilium-etcd-operator dnsPolicy: ClusterFirst hostNetwork: true + priorityClassName: system-cluster-critical restartPolicy: Always serviceAccount: cilium-etcd-operator serviceAccountName: cilium-etcd-operator diff --git a/upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template index 34a3645ff1217..babab2bcc4f3e 100644 --- a/upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template @@ -137,6 +137,7 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" hostNetwork: true + priorityClassName: system-cluster-critical tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule @@ -172,6 +173,7 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" hostNetwork: true + priorityClassName: system-cluster-critical serviceAccountName: romana-listener tolerations: - key: node-role.kubernetes.io/master @@ -206,6 +208,7 @@ spec: romana-app: agent spec: hostNetwork: true + priorityClassName: system-node-critical securityContext: seLinuxOptions: type: spc_t @@ -319,6 +322,7 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" hostNetwork: true + priorityClassName: system-cluster-critical serviceAccountName: romana-aws tolerations: - key: node-role.kubernetes.io/master @@ -354,6 +358,7 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" hostNetwork: true + priorityClassName: system-cluster-critical tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 8823cd035a172..6098303ccc626 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -851,7 +851,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { if b.cluster.Spec.Networking.Romana != nil { key := "networking.romana" - version := "v2.0.2-kops.2" + version := "v2.0.2-kops.3" { location := key + "/k8s-1.7.yaml" @@ -1106,7 +1106,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { { key := "core.addons.k8s.io" - version := "1.12.0" + version := "1.12.1-kops.1" location := key + "/k8s-1.12.yaml" id := "k8s-1.12-ccm" diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 6b8899fe55b96..0a9f3cee9b4b6 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -97,7 +97,7 @@ spec: - id: k8s-1.12 kubernetesVersion: '>=1.12.0' manifest: networking.cilium.io/k8s-1.12.yaml - manifestHash: ecb28739c283287eacd9863f1d057e5b09fabb1a + manifestHash: e70d13053043ca311108cd90521f30d75c558cc7 name: networking.cilium.io selector: role.kubernetes.io/networking: "1"