From 8d6e76f2766e51177ee50a1fba09bc5b04d6ce53 Mon Sep 17 00:00:00 2001
From: Maciej Borsz <maciejborsz@google.com>
Date: Thu, 15 Apr 2021 16:24:02 +0200
Subject: [PATCH] Add "node-high" priority-level

---
 .../pkg/apis/flowcontrol/bootstrap/default.go | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/staging/src/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go b/staging/src/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go
index a3a1dddc6ff..64600beca31 100644
--- a/staging/src/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go
+++ b/staging/src/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go
@@ -48,6 +48,11 @@ var (
 		// cluster and the availability of those running pods in the cluster, including kubelet and
 		// kube-proxy.
 		SuggestedPriorityLevelConfigurationSystem,
+		// "node-high" priority-level is for the node health reporting. It is separated from "system"
+		// to make sure that nodes are able to report their health even if kube-apiserver is not capable of
+		// handling load caused by pod startup (fetching secrets, events etc).
+		// NOTE: In large clusters 50% - 90% of all API calls use this priority-level.
+		SuggestedPriorityLevelConfigurationNodeHigh,
 		// "leader-election" is dedicated for controllers' leader-election, which majorly affects the
 		// availability of any controller runs in the cluster.
 		SuggestedPriorityLevelConfigurationLeaderElection,
@@ -64,6 +69,7 @@ var (
 	}
 	SuggestedFlowSchemas = []*flowcontrol.FlowSchema{
 		SuggestedFlowSchemaSystemNodes,               // references "system" priority-level
+		SuggestedFlowSchemaSystemNodeHigh,            // references "node-high" priority-level
 		SuggestedFlowSchemaProbes,                    // references "exempt" priority-level
 		SuggestedFlowSchemaSystemLeaderElection,      // references "leader-election" priority-level
 		SuggestedFlowSchemaWorkloadLeaderElection,    // references "leader-election" priority-level
@@ -171,6 +177,22 @@ var (
 				},
 			},
 		})
+	SuggestedPriorityLevelConfigurationNodeHigh = newPriorityLevelConfiguration(
+		"node-high",
+		flowcontrol.PriorityLevelConfigurationSpec{
+			Type: flowcontrol.PriorityLevelEnablementLimited,
+			Limited: &flowcontrol.LimitedPriorityLevelConfiguration{
+				AssuredConcurrencyShares: 40,
+				LimitResponse: flowcontrol.LimitResponse{
+					Type: flowcontrol.LimitResponseTypeQueue,
+					Queuing: &flowcontrol.QueuingConfiguration{
+						Queues:           64,
+						HandSize:         6,
+						QueueLengthLimit: 50,
+					},
+				},
+			},
+		})
 	// leader-election priority-level
 	SuggestedPriorityLevelConfigurationLeaderElection = newPriorityLevelConfiguration(
 		"leader-election",
@@ -261,6 +283,27 @@ var (
 			},
 		},
 	)
+	SuggestedFlowSchemaSystemNodeHigh = newFlowSchema(
+		"system-node-high", "node-high", 400,
+		flowcontrol.FlowDistinguisherMethodByUserType,
+		flowcontrol.PolicyRulesWithSubjects{
+			Subjects: groups(user.NodesGroup), // the nodes group
+			ResourceRules: []flowcontrol.ResourcePolicyRule{
+				resourceRule(
+					[]string{flowcontrol.VerbAll},
+					[]string{corev1.GroupName},
+					[]string{"nodes", "nodes/status"},
+					[]string{flowcontrol.NamespaceEvery},
+					true),
+				resourceRule(
+					[]string{flowcontrol.VerbAll},
+					[]string{coordinationv1.GroupName},
+					[]string{"leases"},
+					[]string{flowcontrol.NamespaceEvery},
+					false),
+			},
+		},
+	)
 	SuggestedFlowSchemaSystemLeaderElection = newFlowSchema(
 		"system-leader-election", "leader-election", 100,
 		flowcontrol.FlowDistinguisherMethodByUserType,