Critical pods shouldn't be restricted to kube-system

pkg/kubelet/types/pod_update.go

@@ -144,7 +144,7 @@ func (sp SyncPodType) String() string {
 // or equal to SystemCriticalPriority. Both the rescheduler(deprecated in 1.10) and the kubelet use this function
 // to make admission and scheduling decisions.
 func IsCriticalPod(pod *v1.Pod) bool {
-	return IsCritical(pod.Namespace, pod.Annotations) || (pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(pod.Namespace, *pod.Spec.Priority))
+	return IsCritical(pod.Namespace, pod.Annotations) || (pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(*pod.Spec.Priority))
 }
 
 // IsCritical returns true if parameters bear the critical pod annotation
@@ -163,11 +163,7 @@ func IsCritical(ns string, annotations map[string]string) bool {
 }
 
 // IsCriticalPodBasedOnPriority checks if the given pod is a critical pod based on priority resolved from pod Spec.
-func IsCriticalPodBasedOnPriority(ns string, priority int32) bool {
-	// Critical pods are restricted to "kube-system" namespace as of now.
-	if ns != kubeapi.NamespaceSystem {
-		return false
-	}
+func IsCriticalPodBasedOnPriority(priority int32) bool {
 	if priority >= scheduling.SystemCriticalPriority {
 		return true
 	}

pkg/kubelet/types/pod_update_test.go

@@ -176,3 +176,28 @@ func TestIsCriticalPod(t *testing.T) {
 		}
 	}
 }
+
+func TestIsCriticalPodBasedOnPriority(t *testing.T) {
+	tests := []struct {
+		priority    int32
+		description string
+		expected    bool
+	}{
+		{
+			priority:    int32(2000000001),
+			description: "A system critical pod",
+			expected:    true,
+		},
+		{
+			priority:    int32(1000000000),
+			description: "A non system critical pod",
+			expected:    false,
+		},
+	}
+	for _, test := range tests {
+		actual := IsCriticalPodBasedOnPriority(test.priority)
+		if actual != test.expected {
+			t.Errorf("IsCriticalPodBased on priority should have returned %v for test %v but got %v", test.expected, test.description, actual)
+		}
+	}
+}