From 61d17c798a1837ae166f0d1361d499dffbb46d4d Mon Sep 17 00:00:00 2001 From: Philip Potter Date: Wed, 9 Oct 2019 17:09:56 +0100 Subject: [PATCH] Create gsp-critical PriorityClass And get cluster-autoscaler to use it. I've tested this by snowflaking in sandbox. I think there may be a race condition here when spinning up a new cluster: I don't know how to ensure the PriorityClass gets created before the things that use it. This is a proof of concept; we should have a conversation about which things should run with this priority class (gatekeeper, the istio sidecar injector, ...?). --- .../02-gsp-system/gsp-priorityclass.yaml | 15 +++++++++++++++ charts/gsp-cluster/values.yaml | 3 +-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 charts/gsp-cluster/templates/02-gsp-system/gsp-priorityclass.yaml diff --git a/charts/gsp-cluster/templates/02-gsp-system/gsp-priorityclass.yaml b/charts/gsp-cluster/templates/02-gsp-system/gsp-priorityclass.yaml new file mode 100644 index 000000000..a2ba4f9eb --- /dev/null +++ b/charts/gsp-cluster/templates/02-gsp-system/gsp-priorityclass.yaml @@ -0,0 +1,15 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: gsp-critical +# This PriorityClass exists because the admission controller won't let +# you use `system-cluster-critical` in non-`kube-system` namespaces, +# but we still have pods we want to run in gsp-system at high priority +# level. We create a priority class with the highest-allowed +# userspace priority value (which is still lower than +# system-cluster-critical) as a workaround. +# See also https://github.com/kubernetes/kubernetes/issues/60596 +description: | + Used for GSP critical pods that must run in the cluster. +value: 1000000000 + diff --git a/charts/gsp-cluster/values.yaml b/charts/gsp-cluster/values.yaml index 091260afd..1ed3f97a8 100644 --- a/charts/gsp-cluster/values.yaml +++ b/charts/gsp-cluster/values.yaml @@ -67,8 +67,7 @@ cluster-autoscaler: tag: v1.14.5 # upgrade this when upgrading kubernetes rbac: create: true - # we can only set this if cluster-autoscaler is in the kube-system namespace D: - # priorityClassName: system-cluster-critical + priorityClassName: gsp-critical serviceMonitor: enabled: true namespace: gsp-system