diff --git a/cluster/addons/calico-policy-controller/README.md b/cluster/addons/calico-policy-controller/README.md index 920cb84d2cf..279f9fa7a9e 100644 --- a/cluster/addons/calico-policy-controller/README.md +++ b/cluster/addons/calico-policy-controller/README.md @@ -6,6 +6,7 @@ Calico is an implementation of the Kubernetes network policy API. The provided - A DaemonSet which runs Calico on each node in the cluster. - A Deployment which installs the Calico Typha agent. - A Service for the Calico Typha agent. +- A HorizontalPodAutoscaler to dynamically adjust the Typha Deployment. ### Learn More diff --git a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml index 1f93c8ee9c2..8ec591bb598 100644 --- a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml +++ b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml @@ -11,6 +11,8 @@ spec: selector: matchLabels: k8s-app: calico-node + updateStrategy: + type: RollingUpdate template: metadata: labels: @@ -58,7 +60,7 @@ spec: privileged: true resources: requests: - cpu: 250m + cpu: __CALICO_NODE_CPU__ volumeMounts: - mountPath: /lib/modules name: lib-modules diff --git a/cluster/addons/calico-policy-controller/typha-autoscaler.yaml b/cluster/addons/calico-policy-controller/typha-autoscaler.yaml new file mode 100644 index 00000000000..3b41c3ac0b4 --- /dev/null +++ b/cluster/addons/calico-policy-controller/typha-autoscaler.yaml @@ -0,0 +1,17 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: calico-typha + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile + k8s-app: calico-typha +spec: + scaleTargetRef: + apiVersion: extensions/v1beta1 + kind: Deployment + name: calico-typha + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 diff --git a/cluster/addons/calico-policy-controller/typha-deployment.yaml b/cluster/addons/calico-policy-controller/typha-deployment.yaml index fb16b29c1ae..6c804e04753 100644 --- a/cluster/addons/calico-policy-controller/typha-deployment.yaml +++ b/cluster/addons/calico-policy-controller/typha-deployment.yaml @@ -45,4 +45,4 @@ spec: value: "kubernetes" resources: requests: - cpu: 1000m + cpu: 200m diff --git a/cluster/addons/calico-policy-controller/typha-service.yaml b/cluster/addons/calico-policy-controller/typha-service.yaml index a1281db2158..c9c2b382afb 100644 --- a/cluster/addons/calico-policy-controller/typha-service.yaml +++ b/cluster/addons/calico-policy-controller/typha-service.yaml @@ -15,4 +15,3 @@ spec: name: calico-typha selector: k8s-app: calico-typha - diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index d602dcc19ab..ec70614dddb 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -34,6 +34,22 @@ function create-dirs { fi } +# Vars assumed: +# NUM_NODES +function get-calico-cpu { + local suggested_calico_cpus=100m + if [[ "${NUM_NODES}" -gt "10" ]]; then + suggested_calico_cpus=250m + fi + if [[ "${NUM_NODES}" -gt "100" ]]; then + suggested_calico_cpus=500m + fi + if [[ "${NUM_NODES}" -gt "500" ]]; then + suggested_calico_cpus=1000m + fi + echo "${suggested_calico_cpus}" +} + # Create directories referenced in the kube-controller-manager manifest for # bindmounts. This is used under the rkt runtime to work around # https://github.com/kubernetes/kubernetes/issues/26816 @@ -1212,6 +1228,10 @@ function start-kube-addons { fi if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then setup-addon-manifests "addons" "calico-policy-controller" + + # Configure Calico resource requests based on cluster size. + local -r calico_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml" + sed -i -e "s@__CALICO_NODE_CPU__@$(get-calico-cpu)@g" "${calico_file}" fi if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then setup-addon-manifests "addons" "storage-class/gce" diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 428ef14eb4c..c96ff6d782b 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -32,6 +32,22 @@ function setup-os-params { echo "core.%e.%p.%t" > /proc/sys/kernel/core_pattern } +# Vars assumed: +# NUM_NODES +function get-calico-cpu { + local suggested_calico_cpus=100m + if [[ "${NUM_NODES}" -gt "10" ]]; then + suggested_calico_cpus=250m + fi + if [[ "${NUM_NODES}" -gt "100" ]]; then + suggested_calico_cpus=500m + fi + if [[ "${NUM_NODES}" -gt "500" ]]; then + suggested_calico_cpus=1000m + fi + echo "${suggested_calico_cpus}" +} + function config-ip-firewall { echo "Configuring IP firewall rules" # The GCI image has host firewall which drop most inbound/forwarded packets. @@ -1610,6 +1626,10 @@ function start-kube-addons { fi if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then setup-addon-manifests "addons" "calico-policy-controller" + + # Configure Calico resource requests based on cluster size. + local -r calico_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml" + sed -i -e "s@__CALICO_NODE_CPU__@$(get-calico-cpu)@g" "${calico_file}" fi if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then setup-addon-manifests "addons" "storage-class/gce"