github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

feat: cleanup pod critical pod annotations feature

Browse Source
This commit is contained in:
draveness 2019-06-29 09:58:39 +08:00
parent 7b9afe00f1
commit b6d41ee5cc
56 changed files with 161 additions and 366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
View File

@ -17,8 +17,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: calico-node k8s-app: calico-node
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
nodeSelector: nodeSelector:

2
cluster/addons/calico-policy-controller/calico-node-vertical-autoscaler-deployment.yaml
View File

@ -16,8 +16,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: calico-node-autoscaler k8s-app: calico-node-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:

2
cluster/addons/calico-policy-controller/typha-deployment.yaml
View File

@ -16,8 +16,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: calico-typha k8s-app: calico-typha
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
tolerations: tolerations:

2
cluster/addons/calico-policy-controller/typha-horizontal-autoscaler-deployment.yaml
View File

@ -16,8 +16,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: calico-typha-autoscaler k8s-app: calico-typha-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext: securityContext:

2
cluster/addons/calico-policy-controller/typha-vertical-autoscaler-deployment.yaml
View File

@ -16,8 +16,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: calico-typha-autoscaler k8s-app: calico-typha-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:

1
cluster/addons/cluster-monitoring/google/heapster-controller.yaml
View File

@ -51,7 +51,6 @@ spec:
k8s-app: heapster k8s-app: heapster
version: v1.6.0-beta.1 version: v1.6.0-beta.1
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml
View File

@ -51,7 +51,6 @@ spec:
k8s-app: heapster k8s-app: heapster
version: v1.6.0-beta.1 version: v1.6.0-beta.1
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml
View File

@ -51,7 +51,6 @@ spec:
k8s-app: heapster k8s-app: heapster
version: v1.6.0-beta.1 version: v1.6.0-beta.1
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml
View File

@ -19,7 +19,6 @@ spec:
k8s-app: influxGrafana k8s-app: influxGrafana
version: v4 version: v4
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml
View File

@ -39,7 +39,6 @@ spec:
k8s-app: heapster k8s-app: heapster
version: v1.6.0-beta.1 version: v1.6.0-beta.1
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml
View File

@ -39,7 +39,6 @@ spec:
k8s-app: heapster k8s-app: heapster
version: v1.6.0-beta.1 version: v1.6.0-beta.1
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/dashboard/dashboard-controller.yaml
View File

@ -24,7 +24,6 @@ spec:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

2
cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml
View File

@ -14,8 +14,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: nvidia-gpu-device-plugin k8s-app: nvidia-gpu-device-plugin
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
affinity: affinity:

1
cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
View File

@ -76,7 +76,6 @@ spec:
labels: labels:
k8s-app: kube-dns-autoscaler k8s-app: kube-dns-autoscaler
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

1
cluster/addons/dns/kube-dns/kube-dns.yaml.base
View File

@ -82,7 +82,6 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"

1
cluster/addons/dns/kube-dns/kube-dns.yaml.in
View File

@ -82,7 +82,6 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"

1
cluster/addons/dns/kube-dns/kube-dns.yaml.sed
View File

@ -82,7 +82,6 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"

1
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@ -65,7 +65,6 @@ spec:
# supports critical pod annotation based priority scheme. # supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573). # Note that this does not guarantee admission on the nodes (#40573).
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical

5
cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml
View File

@ -21,11 +21,6 @@ spec:
k8s-app: fluentd-gcp k8s-app: fluentd-gcp
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
version: {{ fluentd_gcp_yaml_version }} version: {{ fluentd_gcp_yaml_version }}
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: fluentd-gcp serviceAccountName: fluentd-gcp

2
cluster/addons/ip-masq-agent/ip-masq-agent.yaml
View File

@ -24,8 +24,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: ip-masq-agent k8s-app: ip-masq-agent
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: ip-masq-agent serviceAccountName: ip-masq-agent

2
cluster/addons/kube-proxy/kube-proxy-ds.yaml
View File

@ -21,8 +21,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: kube-proxy k8s-app: kube-proxy
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
hostNetwork: true hostNetwork: true

5
cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
View File

@ -31,11 +31,6 @@ spec:
k8s-app: metadata-proxy k8s-app: metadata-proxy
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
version: v0.1 version: v0.1
# This annotation ensures that the proxy does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: metadata-proxy serviceAccountName: metadata-proxy

1
cluster/addons/metrics-server/metrics-server-deployment.yaml
View File

@ -42,7 +42,6 @@ spec:
k8s-app: metrics-server k8s-app: metrics-server
version: v0.3.3 version: v0.3.3
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical

2
cluster/addons/prometheus/alertmanager-deployment.yaml
View File

@ -19,8 +19,6 @@ spec:
labels: labels:
k8s-app: alertmanager k8s-app: alertmanager
version: v0.14.0 version: v0.14.0
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:

2
cluster/addons/prometheus/kube-state-metrics-deployment.yaml
View File

@ -19,8 +19,6 @@ spec:
labels: labels:
k8s-app: kube-state-metrics k8s-app: kube-state-metrics
version: v1.3.0 version: v1.3.0
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
serviceAccountName: kube-state-metrics serviceAccountName: kube-state-metrics

2
cluster/addons/prometheus/node-exporter-ds.yml
View File

@ -20,8 +20,6 @@ spec:
labels: labels:
k8s-app: node-exporter k8s-app: node-exporter
version: v0.15.2 version: v0.15.2
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
containers: containers:

2
cluster/addons/prometheus/prometheus-statefulset.yaml
View File

@ -21,8 +21,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: prometheus k8s-app: prometheus
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
serviceAccountName: prometheus serviceAccountName: prometheus

2
cluster/gce/addons/node-termination-handler/daemonset.yaml
View File

@ -17,8 +17,6 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: node-termination-handler k8s-app: node-termination-handler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
# Necessary to reboot node # Necessary to reboot node

8
cluster/gce/config-default.sh
View File

@ -250,10 +250,14 @@ if [[ "${KUBE_FEATURE_GATES:-}" == "AllAlpha=true" ]]; then
fi fi
# Optional: set feature gates # Optional: set feature gates
FEATURE_GATES="${KUBE_FEATURE_GATES:-ExperimentalCriticalPodAnnotation=true}" FEATURE_GATES="${KUBE_FEATURE_GATES:-}"
if [[ ! -z "${NODE_ACCELERATORS}" ]]; then if [[ ! -z "${NODE_ACCELERATORS}" ]]; then
FEATURE_GATES="${FEATURE_GATES},DevicePlugins=true" if [[ -z "${FEATURE_GATES:-}" ]]; then
FEATURE_GATES="DevicePlugins=true"
else
FEATURE_GATES="${FEATURE_GATES},DevicePlugins=true"
fi
if [[ "${NODE_ACCELERATORS}" =~ .*type=([a-zA-Z0-9-]+).* ]]; then if [[ "${NODE_ACCELERATORS}" =~ .*type=([a-zA-Z0-9-]+).* ]]; then
NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS},cloud.google.com/gke-accelerator=${BASH_REMATCH[1]}" NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS},cloud.google.com/gke-accelerator=${BASH_REMATCH[1]}"
fi fi

8
cluster/gce/config-test.sh
View File

@ -139,7 +139,7 @@ if [[ "${KUBE_FEATURE_GATES:-}" == "AllAlpha=true" ]]; then
fi fi
# Optional: set feature gates # Optional: set feature gates
FEATURE_GATES="${KUBE_FEATURE_GATES:-ExperimentalCriticalPodAnnotation=true}" FEATURE_GATES="${KUBE_FEATURE_GATES:-}"
TERMINATED_POD_GC_THRESHOLD=${TERMINATED_POD_GC_THRESHOLD:-100} TERMINATED_POD_GC_THRESHOLD=${TERMINATED_POD_GC_THRESHOLD:-100}
@ -283,7 +283,11 @@ if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then
fi fi
if [[ ! -z "${NODE_ACCELERATORS}" ]]; then if [[ ! -z "${NODE_ACCELERATORS}" ]]; then
FEATURE_GATES="${FEATURE_GATES},DevicePlugins=true" if [[ -z "${FEATURE_GATES:-}" ]]; then
FEATURE_GATES="DevicePlugins=true"
else
FEATURE_GATES="${FEATURE_GATES},DevicePlugins=true"
fi
if [[ "${NODE_ACCELERATORS}" =~ .*type=([a-zA-Z0-9-]+).* ]]; then if [[ "${NODE_ACCELERATORS}" =~ .*type=([a-zA-Z0-9-]+).* ]]; then
NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS},cloud.google.com/gke-accelerator=${BASH_REMATCH[1]}" NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS},cloud.google.com/gke-accelerator=${BASH_REMATCH[1]}"
fi fi

1
cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
View File

@ -4,7 +4,6 @@ metadata:
name: etcd-empty-dir-cleanup name: etcd-empty-dir-cleanup
namespace: kube-system namespace: kube-system
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
labels: labels:
k8s-app: etcd-empty-dir-cleanup k8s-app: etcd-empty-dir-cleanup

2
cluster/gce/manifests/etcd.manifest
View File

@ -5,11 +5,11 @@
"name":"etcd-server{{ suffix }}", "name":"etcd-server{{ suffix }}",
"namespace": "kube-system", "namespace": "kube-system",
"annotations": { "annotations": {
"scheduler.alpha.kubernetes.io/critical-pod": "",
"seccomp.security.alpha.kubernetes.io/pod": "docker/default" "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
} }
}, },
"spec":{ "spec":{
"priorityClass": "system-node-critical",
"hostNetwork": true, "hostNetwork": true,
"containers":[ "containers":[
{ {

2
cluster/gce/manifests/glbc.manifest
View File

@ -4,13 +4,13 @@ metadata:
name: l7-lb-controller-v1.2.3 name: l7-lb-controller-v1.2.3
namespace: kube-system namespace: kube-system
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
labels: labels:
k8s-app: gcp-lb-controller k8s-app: gcp-lb-controller
version: v1.2.3 version: v1.2.3
kubernetes.io/name: "GLBC" kubernetes.io/name: "GLBC"
spec: spec:
priorityClassName: system-node-critical
terminationGracePeriodSeconds: 600 terminationGracePeriodSeconds: 600
hostNetwork: true hostNetwork: true
containers: containers:

2
cluster/gce/manifests/kube-addon-manager.yaml
View File

@ -4,11 +4,11 @@ metadata:
name: kube-addon-manager name: kube-addon-manager
namespace: kube-system namespace: kube-system
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
labels: labels:
component: kube-addon-manager component: kube-addon-manager
spec: spec:
priorityClassName: system-node-critical
hostNetwork: true hostNetwork: true
containers: containers:
- name: kube-addon-manager - name: kube-addon-manager

2
cluster/gce/manifests/kube-apiserver.manifest
View File

@ -5,7 +5,6 @@
"name":"kube-apiserver", "name":"kube-apiserver",
"namespace": "kube-system", "namespace": "kube-system",
"annotations": { "annotations": {
"scheduler.alpha.kubernetes.io/critical-pod": "",
"seccomp.security.alpha.kubernetes.io/pod": "docker/default" "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
}, },
"labels": { "labels": {
@ -14,6 +13,7 @@
} }
}, },
"spec":{ "spec":{
"priorityClass": "system-node-critical",
"hostNetwork": true, "hostNetwork": true,
"containers":[ "containers":[
{ {

2
cluster/gce/manifests/kube-controller-manager.manifest
View File

@ -5,7 +5,6 @@
"name":"kube-controller-manager", "name":"kube-controller-manager",
"namespace": "kube-system", "namespace": "kube-system",
"annotations": { "annotations": {
"scheduler.alpha.kubernetes.io/critical-pod": "",
"seccomp.security.alpha.kubernetes.io/pod": "docker/default" "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
}, },
"labels": { "labels": {
@ -14,6 +13,7 @@
} }
}, },
"spec":{ "spec":{
"priorityClass": "system-node-critical",
"hostNetwork": true, "hostNetwork": true,
"containers":[ "containers":[
{ {

6
cluster/gce/manifests/kube-proxy.manifest
View File

@ -3,12 +3,6 @@ kind: Pod
metadata: metadata:
name: kube-proxy name: kube-proxy
namespace: kube-system namespace: kube-system
# This annotation ensures that kube-proxy does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that kube-proxy runs as a static pod so this annotation does NOT have
# any effect on default scheduler which scheduling kube-proxy.
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
labels: labels:
tier: node tier: node
component: kube-proxy component: kube-proxy

2
cluster/gce/manifests/kube-scheduler.manifest
View File

@ -5,7 +5,6 @@
"name":"kube-scheduler", "name":"kube-scheduler",
"namespace": "kube-system", "namespace": "kube-system",
"annotations": { "annotations": {
"scheduler.alpha.kubernetes.io/critical-pod": "",
"seccomp.security.alpha.kubernetes.io/pod": "docker/default" "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
}, },
"labels": { "labels": {
@ -14,6 +13,7 @@
} }
}, },
"spec":{ "spec":{
"priorityClass": "system-node-critical",
"hostNetwork": true, "hostNetwork": true,
"containers":[ "containers":[
{ {

1
cluster/gce/windows/k8s-node-setup.psm1
View File

@ -973,7 +973,6 @@ function Start-WorkerServices {
# kube-proxy --master=https://35.239.84.171 # kube-proxy --master=https://35.239.84.171
# --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.64.0.0/14 # --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.64.0.0/14
# --oom-score-adj=-998 --v=2 # --oom-score-adj=-998 --v=2
# --feature-gates=ExperimentalCriticalPodAnnotation=true
# --iptables-sync-period=1m --iptables-min-sync-period=10s # --iptables-sync-period=1m --iptables-min-sync-period=10s
# --ipvs-sync-period=1m --ipvs-min-sync-period=10s # --ipvs-sync-period=1m --ipvs-min-sync-period=10s
# And also with various volumeMounts and "securityContext: privileged: true". # And also with various volumeMounts and "securityContext: privileged: true".

2
pkg/controller/daemon/BUILD
View File

@ -66,9 +66,9 @@ go_test(
"//pkg/api/legacyscheme:go_default_library", "//pkg/api/legacyscheme:go_default_library",
"//pkg/api/v1/pod:go_default_library", "//pkg/api/v1/pod:go_default_library",
"//pkg/apis/core:go_default_library", "//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library",
"//pkg/controller:go_default_library", "//pkg/controller:go_default_library",
"//pkg/features:go_default_library", "//pkg/features:go_default_library",
"//pkg/kubelet/types:go_default_library",
"//pkg/scheduler/api:go_default_library", "//pkg/scheduler/api:go_default_library",
"//pkg/securitycontext:go_default_library", "//pkg/securitycontext:go_default_library",
"//pkg/util/labels:go_default_library", "//pkg/util/labels:go_default_library",

50
pkg/controller/daemon/daemon_controller_test.go
View File

@ -46,9 +46,9 @@ import (
"k8s.io/kubernetes/pkg/api/legacyscheme" "k8s.io/kubernetes/pkg/api/legacyscheme"
podutil "k8s.io/kubernetes/pkg/api/v1/pod" podutil "k8s.io/kubernetes/pkg/api/v1/pod"
api "k8s.io/kubernetes/pkg/apis/core" api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/scheduling"
"k8s.io/kubernetes/pkg/controller" "k8s.io/kubernetes/pkg/controller"
"k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/features"
kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
schedulerapi "k8s.io/kubernetes/pkg/scheduler/api" schedulerapi "k8s.io/kubernetes/pkg/scheduler/api"
"k8s.io/kubernetes/pkg/securitycontext" "k8s.io/kubernetes/pkg/securitycontext"
labelsutil "k8s.io/kubernetes/pkg/util/labels" labelsutil "k8s.io/kubernetes/pkg/util/labels"
@ -1815,6 +1815,34 @@ func TestTaintPressureNodeDaemonLaunchesPod(t *testing.T) {
// When ScheduleDaemonSetPods is disabled, DaemonSet should launch a critical pod even when the node has insufficient free resource. // When ScheduleDaemonSetPods is disabled, DaemonSet should launch a critical pod even when the node has insufficient free resource.
func TestInsufficientCapacityNodeDaemonLaunchesCriticalPod(t *testing.T) { func TestInsufficientCapacityNodeDaemonLaunchesCriticalPod(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ScheduleDaemonSetPods, false)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ScheduleDaemonSetPods, false)()
for _, strategy := range updateStrategies() {
podSpec := resourcePodSpec("too-much-mem", "75M", "75m")
ds := newDaemonSet("critical")
ds.Spec.UpdateStrategy = *strategy
ds.Spec.Template.Spec = podSpec
manager, podControl, _, err := newTestController(ds)
if err != nil {
t.Fatalf("error creating DaemonSets controller: %v", err)
}
node := newNode("too-much-mem", nil)
node.Status.Allocatable = allocatableResources("100M", "200m")
manager.nodeStore.Add(node)
manager.podStore.Add(&v1.Pod{
Spec: podSpec,
})
manager.dsStore.Add(ds)
switch strategy.Type {
case apps.OnDeleteDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 0, 0, 2)
case apps.RollingUpdateDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 0, 0, 3)
default:
t.Fatalf("unexpected UpdateStrategy %+v", strategy)
}
}
for _, strategy := range updateStrategies() { for _, strategy := range updateStrategies() {
podSpec := resourcePodSpec("too-much-mem", "75M", "75m") podSpec := resourcePodSpec("too-much-mem", "75M", "75m")
ds := newDaemonSet("critical") ds := newDaemonSet("critical")
@ -1833,25 +1861,13 @@ func TestInsufficientCapacityNodeDaemonLaunchesCriticalPod(t *testing.T) {
Spec: podSpec, Spec: podSpec,
}) })
// Without enabling critical pod annotation feature gate, we shouldn't create critical pod
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, false)()
manager.dsStore.Add(ds) manager.dsStore.Add(ds)
switch strategy.Type {
case apps.OnDeleteDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 0, 0, 2)
case apps.RollingUpdateDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 0, 0, 3)
default:
t.Fatalf("unexpected UpdateStrategy %+v", strategy)
}
// Enabling critical pod annotation feature gate should create critical pod
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
switch strategy.Type { switch strategy.Type {
case apps.OnDeleteDaemonSetStrategyType: case apps.OnDeleteDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 1, 0, 2) syncAndValidateDaemonSets(t, manager, ds, podControl, 1, 0, 0)
case apps.RollingUpdateDaemonSetStrategyType: case apps.RollingUpdateDaemonSetStrategyType:
syncAndValidateDaemonSets(t, manager, ds, podControl, 1, 0, 3) syncAndValidateDaemonSets(t, manager, ds, podControl, 1, 0, 0)
default: default:
t.Fatalf("unexpected UpdateStrategy %+v", strategy) t.Fatalf("unexpected UpdateStrategy %+v", strategy)
} }
@ -1880,7 +1896,6 @@ func TestPortConflictNodeDaemonDoesNotLaunchCriticalPod(t *testing.T) {
Spec: podSpec, Spec: podSpec,
}) })
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
ds := newDaemonSet("critical") ds := newDaemonSet("critical")
ds.Spec.UpdateStrategy = *strategy ds.Spec.UpdateStrategy = *strategy
ds.Spec.Template.Spec = podSpec ds.Spec.Template.Spec = podSpec
@ -1895,7 +1910,8 @@ func setDaemonSetCritical(ds *apps.DaemonSet) {
if ds.Spec.Template.ObjectMeta.Annotations == nil { if ds.Spec.Template.ObjectMeta.Annotations == nil {
ds.Spec.Template.ObjectMeta.Annotations = make(map[string]string) ds.Spec.Template.ObjectMeta.Annotations = make(map[string]string)
} }
ds.Spec.Template.ObjectMeta.Annotations[kubelettypes.CriticalPodAnnotationKey] = "" podPriority := scheduling.SystemCriticalPriority
ds.Spec.Template.Spec.Priority = &podPriority
} }
func TestNodeShouldRunDaemonPod(t *testing.T) { func TestNodeShouldRunDaemonPod(t *testing.T) {

126
pkg/features/kube_features.go
View File

@ -48,15 +48,6 @@ const (
// SYS_TIME). This should only be enabled if user namespace remapping is enabled in the docker daemon. // SYS_TIME). This should only be enabled if user namespace remapping is enabled in the docker daemon.
ExperimentalHostUserNamespaceDefaultingGate featuregate.Feature = "ExperimentalHostUserNamespaceDefaulting" ExperimentalHostUserNamespaceDefaultingGate featuregate.Feature = "ExperimentalHostUserNamespaceDefaulting"
// owner: @vishh
// alpha: v1.5
//
// DEPRECATED - This feature is deprecated by Pod Priority and Preemption as of Kubernetes 1.13.
// Ensures guaranteed scheduling of pods marked with a special pod annotation `scheduler.alpha.kubernetes.io/critical-pod`
// and also prevents them from being evicted from a node.
// Note: This feature is not supported for `BestEffort` pods.
ExperimentalCriticalPodAnnotation featuregate.Feature = "ExperimentalCriticalPodAnnotation"
// owner: @jiayingz // owner: @jiayingz
// beta: v1.10 // beta: v1.10
// //
@ -472,65 +463,64 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
AppArmor: {Default: true, PreRelease: featuregate.Beta}, AppArmor: {Default: true, PreRelease: featuregate.Beta},
DynamicKubeletConfig: {Default: true, PreRelease: featuregate.Beta}, DynamicKubeletConfig: {Default: true, PreRelease: featuregate.Beta},
ExperimentalHostUserNamespaceDefaultingGate: {Default: false, PreRelease: featuregate.Beta}, ExperimentalHostUserNamespaceDefaultingGate: {Default: false, PreRelease: featuregate.Beta},
ExperimentalCriticalPodAnnotation: {Default: false, PreRelease: featuregate.Alpha}, DevicePlugins: {Default: true, PreRelease: featuregate.Beta},
DevicePlugins: {Default: true, PreRelease: featuregate.Beta}, TaintBasedEvictions: {Default: true, PreRelease: featuregate.Beta},
TaintBasedEvictions: {Default: true, PreRelease: featuregate.Beta}, RotateKubeletServerCertificate: {Default: true, PreRelease: featuregate.Beta},
RotateKubeletServerCertificate: {Default: true, PreRelease: featuregate.Beta}, RotateKubeletClientCertificate: {Default: true, PreRelease: featuregate.Beta},
RotateKubeletClientCertificate: {Default: true, PreRelease: featuregate.Beta}, PersistentLocalVolumes: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.17
PersistentLocalVolumes: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.17 LocalStorageCapacityIsolation: {Default: true, PreRelease: featuregate.Beta},
LocalStorageCapacityIsolation: {Default: true, PreRelease: featuregate.Beta}, Sysctls: {Default: true, PreRelease: featuregate.Beta},
Sysctls: {Default: true, PreRelease: featuregate.Beta}, DebugContainers: {Default: false, PreRelease: featuregate.Alpha},
DebugContainers: {Default: false, PreRelease: featuregate.Alpha}, PodShareProcessNamespace: {Default: true, PreRelease: featuregate.Beta},
PodShareProcessNamespace: {Default: true, PreRelease: featuregate.Beta}, PodPriority: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.18
PodPriority: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.18 TaintNodesByCondition: {Default: true, PreRelease: featuregate.Beta},
TaintNodesByCondition: {Default: true, PreRelease: featuregate.Beta}, QOSReserved: {Default: false, PreRelease: featuregate.Alpha},
QOSReserved: {Default: false, PreRelease: featuregate.Alpha}, ExpandPersistentVolumes: {Default: true, PreRelease: featuregate.Beta},
ExpandPersistentVolumes: {Default: true, PreRelease: featuregate.Beta}, ExpandInUsePersistentVolumes: {Default: true, PreRelease: featuregate.Beta},
ExpandInUsePersistentVolumes: {Default: true, PreRelease: featuregate.Beta}, ExpandCSIVolumes: {Default: false, PreRelease: featuregate.Alpha},
ExpandCSIVolumes: {Default: false, PreRelease: featuregate.Alpha}, AttachVolumeLimit: {Default: true, PreRelease: featuregate.Beta},
AttachVolumeLimit: {Default: true, PreRelease: featuregate.Beta}, CPUManager: {Default: true, PreRelease: featuregate.Beta},
CPUManager: {Default: true, PreRelease: featuregate.Beta}, CPUCFSQuotaPeriod: {Default: false, PreRelease: featuregate.Alpha},
CPUCFSQuotaPeriod: {Default: false, PreRelease: featuregate.Alpha}, TopologyManager: {Default: false, PreRelease: featuregate.Alpha},
TopologyManager: {Default: false, PreRelease: featuregate.Alpha}, ServiceNodeExclusion: {Default: false, PreRelease: featuregate.Alpha},
ServiceNodeExclusion: {Default: false, PreRelease: featuregate.Alpha}, MountContainers: {Default: false, PreRelease: featuregate.Alpha},
MountContainers: {Default: false, PreRelease: featuregate.Alpha}, CSIDriverRegistry: {Default: true, PreRelease: featuregate.Beta},
CSIDriverRegistry: {Default: true, PreRelease: featuregate.Beta}, CSINodeInfo: {Default: true, PreRelease: featuregate.Beta},
CSINodeInfo: {Default: true, PreRelease: featuregate.Beta}, BlockVolume: {Default: true, PreRelease: featuregate.Beta},
BlockVolume: {Default: true, PreRelease: featuregate.Beta}, StorageObjectInUseProtection: {Default: true, PreRelease: featuregate.GA},
StorageObjectInUseProtection: {Default: true, PreRelease: featuregate.GA}, ResourceLimitsPriorityFunction: {Default: false, PreRelease: featuregate.Alpha},
ResourceLimitsPriorityFunction: {Default: false, PreRelease: featuregate.Alpha}, SupportIPVSProxyMode: {Default: true, PreRelease: featuregate.GA},
SupportIPVSProxyMode: {Default: true, PreRelease: featuregate.GA}, SupportPodPidsLimit: {Default: true, PreRelease: featuregate.Beta},
SupportPodPidsLimit: {Default: true, PreRelease: featuregate.Beta}, SupportNodePidsLimit: {Default: true, PreRelease: featuregate.Beta},
SupportNodePidsLimit: {Default: true, PreRelease: featuregate.Beta}, HyperVContainer: {Default: false, PreRelease: featuregate.Alpha},
HyperVContainer: {Default: false, PreRelease: featuregate.Alpha}, ScheduleDaemonSetPods: {Default: true, PreRelease: featuregate.Beta},
ScheduleDaemonSetPods: {Default: true, PreRelease: featuregate.Beta}, TokenRequest: {Default: true, PreRelease: featuregate.Beta},
TokenRequest: {Default: true, PreRelease: featuregate.Beta}, TokenRequestProjection: {Default: true, PreRelease: featuregate.Beta},
TokenRequestProjection: {Default: true, PreRelease: featuregate.Beta}, BoundServiceAccountTokenVolume: {Default: false, PreRelease: featuregate.Alpha},
BoundServiceAccountTokenVolume: {Default: false, PreRelease: featuregate.Alpha}, CRIContainerLogRotation: {Default: true, PreRelease: featuregate.Beta},
CRIContainerLogRotation: {Default: true, PreRelease: featuregate.Beta}, deprecatedGCERegionalPersistentDisk: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.17
deprecatedGCERegionalPersistentDisk: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.17 CSIMigration: {Default: false, PreRelease: featuregate.Alpha},
CSIMigration: {Default: false, PreRelease: featuregate.Alpha}, CSIMigrationGCE: {Default: false, PreRelease: featuregate.Alpha},
CSIMigrationGCE: {Default: false, PreRelease: featuregate.Alpha}, CSIMigrationAWS: {Default: false, PreRelease: featuregate.Alpha},
CSIMigrationAWS: {Default: false, PreRelease: featuregate.Alpha}, CSIMigrationAzureDisk: {Default: false, PreRelease: featuregate.Alpha},
CSIMigrationAzureDisk: {Default: false, PreRelease: featuregate.Alpha}, CSIMigrationAzureFile: {Default: false, PreRelease: featuregate.Alpha},
CSIMigrationAzureFile: {Default: false, PreRelease: featuregate.Alpha}, RunAsGroup: {Default: true, PreRelease: featuregate.Beta},
RunAsGroup: {Default: true, PreRelease: featuregate.Beta}, CSIMigrationOpenStack: {Default: false, PreRelease: featuregate.Alpha},
CSIMigrationOpenStack: {Default: false, PreRelease: featuregate.Alpha}, VolumeSubpath: {Default: true, PreRelease: featuregate.GA},
VolumeSubpath: {Default: true, PreRelease: featuregate.GA}, BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha},
BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha}, VolumeSubpathEnvExpansion: {Default: true, PreRelease: featuregate.Beta},
VolumeSubpathEnvExpansion: {Default: true, PreRelease: featuregate.Beta}, ResourceQuotaScopeSelectors: {Default: true, PreRelease: featuregate.Beta},
ResourceQuotaScopeSelectors: {Default: true, PreRelease: featuregate.Beta}, CSIBlockVolume: {Default: true, PreRelease: featuregate.Beta},
CSIBlockVolume: {Default: true, PreRelease: featuregate.Beta}, CSIInlineVolume: {Default: false, PreRelease: featuregate.Alpha},
CSIInlineVolume: {Default: false, PreRelease: featuregate.Alpha}, RuntimeClass: {Default: true, PreRelease: featuregate.Beta},
RuntimeClass: {Default: true, PreRelease: featuregate.Beta}, NodeLease: {Default: true, PreRelease: featuregate.Beta},
NodeLease: {Default: true, PreRelease: featuregate.Beta}, SCTPSupport: {Default: false, PreRelease: featuregate.Alpha},
SCTPSupport: {Default: false, PreRelease: featuregate.Alpha}, VolumeSnapshotDataSource: {Default: false, PreRelease: featuregate.Alpha},
VolumeSnapshotDataSource: {Default: false, PreRelease: featuregate.Alpha}, ProcMountType: {Default: false, PreRelease: featuregate.Alpha},
ProcMountType: {Default: false, PreRelease: featuregate.Alpha}, TTLAfterFinished: {Default: false, PreRelease: featuregate.Alpha},
TTLAfterFinished: {Default: false, PreRelease: featuregate.Alpha}, KubeletPodResources: {Default: true, PreRelease: featuregate.Beta},
KubeletPodResources: {Default: true, PreRelease: featuregate.Beta}, WindowsGMSA: {Default: false, PreRelease: featuregate.Alpha},
WindowsGMSA: {Default: false, PreRelease: featuregate.Alpha}, ServiceLoadBalancerFinalizer: {Default: false, PreRelease: featuregate.Alpha},
ServiceLoadBalancerFinalizer: {Default: false, PreRelease: featuregate.Alpha},
LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha}, LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha},
NonPreemptingPriority: {Default: false, PreRelease: featuregate.Alpha}, NonPreemptingPriority: {Default: false, PreRelease: featuregate.Alpha},
VolumePVCDataSource: {Default: false, PreRelease: featuregate.Alpha}, VolumePVCDataSource: {Default: false, PreRelease: featuregate.Alpha},

1
pkg/kubelet/eviction/BUILD
View File

@ -17,6 +17,7 @@ go_test(
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//pkg/apis/core:go_default_library", "//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library",
"//pkg/features:go_default_library", "//pkg/features:go_default_library",
"//pkg/kubelet/apis/stats/v1alpha1:go_default_library", "//pkg/kubelet/apis/stats/v1alpha1:go_default_library",
"//pkg/kubelet/eviction/api:go_default_library", "//pkg/kubelet/eviction/api:go_default_library",

22
pkg/kubelet/eviction/eviction_manager_test.go
View File

@ -29,6 +29,7 @@ import (
"k8s.io/client-go/tools/record" "k8s.io/client-go/tools/record"
featuregatetesting "k8s.io/component-base/featuregate/testing" featuregatetesting "k8s.io/component-base/featuregate/testing"
kubeapi "k8s.io/kubernetes/pkg/apis/core" kubeapi "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/scheduling"
"k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/features"
statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1" statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api" evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api"
@ -1132,12 +1133,12 @@ func TestInodePressureNodeFsInodes(t *testing.T) {
} }
} }
// TestCriticalPodsAreNotEvicted // TestStaticCriticalPodsAreNotEvicted
func TestCriticalPodsAreNotEvicted(t *testing.T) { func TestStaticCriticalPodsAreNotEvicted(t *testing.T) {
podMaker := makePodWithMemoryStats podMaker := makePodWithMemoryStats
summaryStatsMaker := makeMemoryStats summaryStatsMaker := makeMemoryStats
podsToMake := []podToMake{ podsToMake := []podToMake{
{name: "critical", priority: defaultPriority, requests: newResourceList("100m", "1Gi", ""), limits: newResourceList("100m", "1Gi", ""), memoryWorkingSet: "800Mi"}, {name: "critical", priority: scheduling.SystemCriticalPriority, requests: newResourceList("100m", "1Gi", ""), limits: newResourceList("100m", "1Gi", ""), memoryWorkingSet: "800Mi"},
} }
pods := []*v1.Pod{} pods := []*v1.Pod{}
podStats := map[*v1.Pod]statsapi.PodStats{} podStats := map[*v1.Pod]statsapi.PodStats{}
@ -1147,11 +1148,12 @@ func TestCriticalPodsAreNotEvicted(t *testing.T) {
podStats[pod] = podStat podStats[pod] = podStat
} }
// Mark the pod as critical
pods[0].Annotations = map[string]string{ pods[0].Annotations = map[string]string{
kubelettypes.CriticalPodAnnotationKey: "",
kubelettypes.ConfigSourceAnnotationKey: kubelettypes.FileSource, kubelettypes.ConfigSourceAnnotationKey: kubelettypes.FileSource,
} }
// Mark the pod as critical
podPriority := scheduling.SystemCriticalPriority
pods[0].Spec.Priority = &podPriority
pods[0].Namespace = kubeapi.NamespaceSystem pods[0].Namespace = kubeapi.NamespaceSystem
podToEvict := pods[0] podToEvict := pods[0]
@ -1208,9 +1210,6 @@ func TestCriticalPodsAreNotEvicted(t *testing.T) {
thresholdsFirstObservedAt: thresholdsObservedAt{}, thresholdsFirstObservedAt: thresholdsObservedAt{},
} }
// Enable critical pod annotation feature gate
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
// induce soft threshold
fakeClock.Step(1 * time.Minute) fakeClock.Step(1 * time.Minute)
summaryProvider.result = summaryStatsMaker("1500Mi", podStats) summaryProvider.result = summaryStatsMaker("1500Mi", podStats)
manager.synchronize(diskInfoProvider, activePodsFunc) manager.synchronize(diskInfoProvider, activePodsFunc)
@ -1253,8 +1252,11 @@ func TestCriticalPodsAreNotEvicted(t *testing.T) {
t.Errorf("Manager should not report memory pressure") t.Errorf("Manager should not report memory pressure")
} }
// Disable critical pod annotation feature gate pods[0].Annotations = map[string]string{
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, false)() kubelettypes.ConfigSourceAnnotationKey: kubelettypes.FileSource,
}
pods[0].Spec.Priority = nil
pods[0].Namespace = kubeapi.NamespaceSystem
// induce memory pressure! // induce memory pressure!
fakeClock.Step(1 * time.Minute) fakeClock.Step(1 * time.Minute)

4
pkg/kubelet/preemption/BUILD
View File

@ -45,13 +45,9 @@ go_test(
deps = [ deps = [
"//pkg/apis/core:go_default_library", "//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library", "//pkg/apis/scheduling:go_default_library",
"//pkg/features:go_default_library",
"//pkg/kubelet/types:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library", "//staging/src/k8s.io/client-go/tools/record:go_default_library",
"//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
], ],
) )

47
pkg/kubelet/preemption/preemption_test.go
View File

@ -23,17 +23,12 @@ import (
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/client-go/tools/record" "k8s.io/client-go/tools/record"
featuregatetesting "k8s.io/component-base/featuregate/testing"
kubeapi "k8s.io/kubernetes/pkg/apis/core" kubeapi "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/scheduling" "k8s.io/kubernetes/pkg/apis/scheduling"
"k8s.io/kubernetes/pkg/features"
kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
) )
const ( const (
critical = "critical"
clusterCritical = "cluster-critical" clusterCritical = "cluster-critical"
nodeCritical = "node-critical" nodeCritical = "node-critical"
bestEffort = "bestEffort" bestEffort = "bestEffort"
@ -96,7 +91,6 @@ func getTestCriticalPodAdmissionHandler(podProvider *fakePodProvider, podKiller
} }
func TestEvictPodsToFreeRequestsWithError(t *testing.T) { func TestEvictPodsToFreeRequestsWithError(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
type testRun struct { type testRun struct {
testName string testName string
inputPods []*v1.Pod inputPods []*v1.Pod
@ -112,7 +106,7 @@ func TestEvictPodsToFreeRequestsWithError(t *testing.T) {
{ {
testName: "multiple pods eviction error", testName: "multiple pods eviction error",
inputPods: []*v1.Pod{ inputPods: []*v1.Pod{
allPods[critical], allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[clusterCritical], allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable],
allPods[guaranteed], allPods[highRequestGuaranteed]}, allPods[guaranteed], allPods[highRequestGuaranteed]},
insufficientResources: getAdmissionRequirementList(0, 550, 0), insufficientResources: getAdmissionRequirementList(0, 550, 0),
expectErr: false, expectErr: false,
@ -121,7 +115,7 @@ func TestEvictPodsToFreeRequestsWithError(t *testing.T) {
} }
for _, r := range runs { for _, r := range runs {
podProvider.setPods(r.inputPods) podProvider.setPods(r.inputPods)
outErr := criticalPodAdmissionHandler.evictPodsToFreeRequests(allPods[critical], r.insufficientResources) outErr := criticalPodAdmissionHandler.evictPodsToFreeRequests(allPods[clusterCritical], r.insufficientResources)
outputPods := podKiller.getKilledPods() outputPods := podKiller.getKilledPods()
if !r.expectErr && outErr != nil { if !r.expectErr && outErr != nil {
t.Errorf("evictPodsToFreeRequests returned an unexpected error during the %s test. Err: %v", r.testName, outErr) t.Errorf("evictPodsToFreeRequests returned an unexpected error during the %s test. Err: %v", r.testName, outErr)
@ -135,7 +129,6 @@ func TestEvictPodsToFreeRequestsWithError(t *testing.T) {
} }
func TestEvictPodsToFreeRequests(t *testing.T) { func TestEvictPodsToFreeRequests(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
type testRun struct { type testRun struct {
testName string testName string
inputPods []*v1.Pod inputPods []*v1.Pod
@ -150,7 +143,7 @@ func TestEvictPodsToFreeRequests(t *testing.T) {
runs := []testRun{ runs := []testRun{
{ {
testName: "critical pods cannot be preempted", testName: "critical pods cannot be preempted",
inputPods: []*v1.Pod{allPods[critical]}, inputPods: []*v1.Pod{allPods[clusterCritical]},
insufficientResources: getAdmissionRequirementList(0, 0, 1), insufficientResources: getAdmissionRequirementList(0, 0, 1),
expectErr: true, expectErr: true,
expectedOutput: nil, expectedOutput: nil,
@ -165,7 +158,7 @@ func TestEvictPodsToFreeRequests(t *testing.T) {
{ {
testName: "multiple pods evicted", testName: "multiple pods evicted",
inputPods: []*v1.Pod{ inputPods: []*v1.Pod{
allPods[critical], allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[clusterCritical], allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable],
allPods[guaranteed], allPods[highRequestGuaranteed]}, allPods[guaranteed], allPods[highRequestGuaranteed]},
insufficientResources: getAdmissionRequirementList(0, 550, 0), insufficientResources: getAdmissionRequirementList(0, 550, 0),
expectErr: false, expectErr: false,
@ -174,7 +167,7 @@ func TestEvictPodsToFreeRequests(t *testing.T) {
} }
for _, r := range runs { for _, r := range runs {
podProvider.setPods(r.inputPods) podProvider.setPods(r.inputPods)
outErr := criticalPodAdmissionHandler.evictPodsToFreeRequests(allPods[critical], r.insufficientResources) outErr := criticalPodAdmissionHandler.evictPodsToFreeRequests(allPods[clusterCritical], r.insufficientResources)
outputPods := podKiller.getKilledPods() outputPods := podKiller.getKilledPods()
if !r.expectErr && outErr != nil { if !r.expectErr && outErr != nil {
t.Errorf("evictPodsToFreeRequests returned an unexpected error during the %s test. Err: %v", r.testName, outErr) t.Errorf("evictPodsToFreeRequests returned an unexpected error during the %s test. Err: %v", r.testName, outErr)
@ -203,7 +196,6 @@ func BenchmarkGetPodsToPreempt(t *testing.B) {
} }
func TestGetPodsToPreempt(t *testing.T) { func TestGetPodsToPreempt(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
type testRun struct { type testRun struct {
testName string testName string
preemptor *v1.Pod preemptor *v1.Pod
@ -216,7 +208,7 @@ func TestGetPodsToPreempt(t *testing.T) {
runs := []testRun{ runs := []testRun{
{ {
testName: "no requirements", testName: "no requirements",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{}, inputPods: []*v1.Pod{},
insufficientResources: getAdmissionRequirementList(0, 0, 0), insufficientResources: getAdmissionRequirementList(0, 0, 0),
expectErr: false, expectErr: false,
@ -224,7 +216,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "no pods", testName: "no pods",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{}, inputPods: []*v1.Pod{},
insufficientResources: getAdmissionRequirementList(0, 0, 1), insufficientResources: getAdmissionRequirementList(0, 0, 1),
expectErr: true, expectErr: true,
@ -232,7 +224,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "equal pods and resources requirements", testName: "equal pods and resources requirements",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[burstable]}, inputPods: []*v1.Pod{allPods[burstable]},
insufficientResources: getAdmissionRequirementList(100, 100, 1), insufficientResources: getAdmissionRequirementList(100, 100, 1),
expectErr: false, expectErr: false,
@ -240,7 +232,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "higher requirements than pod requests", testName: "higher requirements than pod requests",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[burstable]}, inputPods: []*v1.Pod{allPods[burstable]},
insufficientResources: getAdmissionRequirementList(200, 200, 2), insufficientResources: getAdmissionRequirementList(200, 200, 2),
expectErr: true, expectErr: true,
@ -248,7 +240,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "choose between bestEffort and burstable", testName: "choose between bestEffort and burstable",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[burstable], allPods[bestEffort]}, inputPods: []*v1.Pod{allPods[burstable], allPods[bestEffort]},
insufficientResources: getAdmissionRequirementList(0, 0, 1), insufficientResources: getAdmissionRequirementList(0, 0, 1),
expectErr: false, expectErr: false,
@ -256,7 +248,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "choose between burstable and guaranteed", testName: "choose between burstable and guaranteed",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[burstable], allPods[guaranteed]}, inputPods: []*v1.Pod{allPods[burstable], allPods[guaranteed]},
insufficientResources: getAdmissionRequirementList(0, 0, 1), insufficientResources: getAdmissionRequirementList(0, 0, 1),
expectErr: false, expectErr: false,
@ -264,7 +256,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "choose lower request burstable if it meets requirements", testName: "choose lower request burstable if it meets requirements",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[bestEffort], allPods[highRequestBurstable], allPods[burstable]}, inputPods: []*v1.Pod{allPods[bestEffort], allPods[highRequestBurstable], allPods[burstable]},
insufficientResources: getAdmissionRequirementList(100, 100, 0), insufficientResources: getAdmissionRequirementList(100, 100, 0),
expectErr: false, expectErr: false,
@ -272,7 +264,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "choose higher request burstable if lower does not meet requirements", testName: "choose higher request burstable if lower does not meet requirements",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable]}, inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable]},
insufficientResources: getAdmissionRequirementList(150, 150, 0), insufficientResources: getAdmissionRequirementList(150, 150, 0),
expectErr: false, expectErr: false,
@ -280,7 +272,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "multiple pods required", testName: "multiple pods required",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[guaranteed], allPods[highRequestGuaranteed]}, inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[guaranteed], allPods[highRequestGuaranteed]},
insufficientResources: getAdmissionRequirementList(350, 350, 0), insufficientResources: getAdmissionRequirementList(350, 350, 0),
expectErr: false, expectErr: false,
@ -288,7 +280,7 @@ func TestGetPodsToPreempt(t *testing.T) {
}, },
{ {
testName: "evict guaranteed when we have to, and dont evict the extra burstable", testName: "evict guaranteed when we have to, and dont evict the extra burstable",
preemptor: allPods[critical], preemptor: allPods[clusterCritical],
inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[guaranteed], allPods[highRequestGuaranteed]}, inputPods: []*v1.Pod{allPods[bestEffort], allPods[burstable], allPods[highRequestBurstable], allPods[guaranteed], allPods[highRequestGuaranteed]},
insufficientResources: getAdmissionRequirementList(0, 550, 0), insufficientResources: getAdmissionRequirementList(0, 550, 0),
expectErr: false, expectErr: false,
@ -423,12 +415,6 @@ func getTestPods() map[string]*v1.Pod {
}, },
}), }),
bestEffort: getPodWithResources(bestEffort, v1.ResourceRequirements{}), bestEffort: getPodWithResources(bestEffort, v1.ResourceRequirements{}),
critical: getPodWithResources(critical, v1.ResourceRequirements{
Requests: v1.ResourceList{
v1.ResourceCPU: resource.MustParse("100m"),
v1.ResourceMemory: resource.MustParse("100Mi"),
},
}),
clusterCritical: getPodWithResources(clusterCritical, v1.ResourceRequirements{ clusterCritical: getPodWithResources(clusterCritical, v1.ResourceRequirements{
Requests: v1.ResourceList{ Requests: v1.ResourceList{
v1.ResourceCPU: resource.MustParse("100m"), v1.ResourceCPU: resource.MustParse("100m"),
@ -474,9 +460,6 @@ func getTestPods() map[string]*v1.Pod {
}, },
}), }),
} }
allPods[critical].Namespace = kubeapi.NamespaceSystem
allPods[critical].Annotations[kubetypes.CriticalPodAnnotationKey] = ""
allPods[clusterCritical].Namespace = kubeapi.NamespaceSystem allPods[clusterCritical].Namespace = kubeapi.NamespaceSystem
allPods[clusterCritical].Spec.PriorityClassName = scheduling.SystemClusterCritical allPods[clusterCritical].Spec.PriorityClassName = scheduling.SystemClusterCritical
clusterPriority := scheduling.SystemCriticalPriority clusterPriority := scheduling.SystemCriticalPriority

6
pkg/kubelet/types/BUILD
View File

@ -18,13 +18,10 @@ go_library(
], ],
importpath = "k8s.io/kubernetes/pkg/kubelet/types", importpath = "k8s.io/kubernetes/pkg/kubelet/types",
deps = [ deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library", "//pkg/apis/scheduling:go_default_library",
"//pkg/features:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
], ],
) )
@ -38,11 +35,8 @@ go_test(
], ],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//pkg/features:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library",
"//vendor/github.com/stretchr/testify/require:go_default_library", "//vendor/github.com/stretchr/testify/require:go_default_library",
], ],

30
pkg/kubelet/types/pod_update.go
View File

@ -19,12 +19,9 @@ package types
import ( import (
"fmt" "fmt"
"k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilfeature "k8s.io/apiserver/pkg/util/feature"
kubeapi "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/scheduling" "k8s.io/kubernetes/pkg/apis/scheduling"
"k8s.io/kubernetes/pkg/features"
) )
const ( const (
@ -32,7 +29,6 @@ const (
ConfigMirrorAnnotationKey = v1.MirrorPodAnnotationKey ConfigMirrorAnnotationKey = v1.MirrorPodAnnotationKey
ConfigFirstSeenAnnotationKey = "kubernetes.io/config.seen" ConfigFirstSeenAnnotationKey = "kubernetes.io/config.seen"
ConfigHashAnnotationKey = "kubernetes.io/config.hash" ConfigHashAnnotationKey = "kubernetes.io/config.hash"
CriticalPodAnnotationKey = "scheduler.alpha.kubernetes.io/critical-pod"
) )
// PodOperation defines what changes will be made on a pod configuration. // PodOperation defines what changes will be made on a pod configuration.
@ -142,18 +138,11 @@ func (sp SyncPodType) String() string {
} }
} }
// IsCriticalPod returns true if the pod bears the critical pod annotation key or if pod's priority is greater than // IsCriticalPod returns true if pod's priority is greater than or equal to SystemCriticalPriority.
// or equal to SystemCriticalPriority. Both the default scheduler and the kubelet use this function
// to make admission and scheduling decisions.
func IsCriticalPod(pod *v1.Pod) bool { func IsCriticalPod(pod *v1.Pod) bool {
if pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(*pod.Spec.Priority) { if pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(*pod.Spec.Priority) {
return true return true
} }
if utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalCriticalPodAnnotation) {
if IsCritical(pod.Namespace, pod.Annotations) {
return true
}
}
return false return false
} }
@ -171,21 +160,6 @@ func Preemptable(preemptor, preemptee *v1.Pod) bool {
return false return false
} }
// IsCritical returns true if parameters bear the critical pod annotation
// key. The DaemonSetController use this key directly to make scheduling decisions.
// TODO: @ravig - Deprecated. Remove this when we move to resolving critical pods based on priorityClassName.
func IsCritical(ns string, annotations map[string]string) bool {
// Critical pods are restricted to "kube-system" namespace as of now.
if ns != kubeapi.NamespaceSystem {
return false
}
val, ok := annotations[CriticalPodAnnotationKey]
if ok && val == "" {
return true
}
return false
}
// IsCriticalPodBasedOnPriority checks if the given pod is a critical pod based on priority resolved from pod Spec. // IsCriticalPodBasedOnPriority checks if the given pod is a critical pod based on priority resolved from pod Spec.
func IsCriticalPodBasedOnPriority(priority int32) bool { func IsCriticalPodBasedOnPriority(priority int32) bool {
if priority >= scheduling.SystemCriticalPriority { if priority >= scheduling.SystemCriticalPriority {

67
pkg/kubelet/types/pod_update_test.go
View File

@ -23,9 +23,6 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kubernetes/pkg/features"
) )
func TestGetValidatedSources(t *testing.T) { func TestGetValidatedSources(t *testing.T) {
@ -117,70 +114,6 @@ func TestString(t *testing.T) {
} }
} }
func TestIsCriticalPod(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
cases := []struct {
pod v1.Pod
expected bool
}{
{
pod: v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "pod1",
Namespace: "ns",
Annotations: map[string]string{
"scheduler.alpha.kubernetes.io/critical-pod": "",
},
},
},
expected: false,
},
{
pod: v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "pod2",
Namespace: "ns",
Annotations: map[string]string{
"scheduler.alpha.kubernetes.io/critical-pod": "abc",
},
},
},
expected: false,
},
{
pod: v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "pod3",
Namespace: "kube-system",
Annotations: map[string]string{
"scheduler.alpha.kubernetes.io/critical-pod": "abc",
},
},
},
expected: false,
},
{
pod: v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "pod4",
Namespace: "kube-system",
Annotations: map[string]string{
"scheduler.alpha.kubernetes.io/critical-pod": "",
},
},
},
expected: true,
},
}
for i, data := range cases {
actual := IsCriticalPod(&data.pod)
if actual != data.expected {
t.Errorf("IsCriticalPod result wrong:\nexpected: %v\nactual: %v for test[%d] with Annotations: %v",
data.expected, actual, i, data.pod.Annotations)
}
}
}
func TestIsCriticalPodBasedOnPriority(t *testing.T) { func TestIsCriticalPodBasedOnPriority(t *testing.T) {
tests := []struct { tests := []struct {
priority int32 priority int32

1
plugin/pkg/admission/priority/BUILD
View File

@ -36,7 +36,6 @@ go_library(
"//pkg/apis/core:go_default_library", "//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library", "//pkg/apis/scheduling:go_default_library",
"//pkg/features:go_default_library", "//pkg/features:go_default_library",
"//pkg/kubelet/types:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/api/scheduling/v1:go_default_library", "//staging/src/k8s.io/api/scheduling/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",

8
plugin/pkg/admission/priority/admission.go
View File

@ -35,7 +35,6 @@ import (
api "k8s.io/kubernetes/pkg/apis/core" api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/scheduling" "k8s.io/kubernetes/pkg/apis/scheduling"
"k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/features"
kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
) )
const ( const (
@ -178,13 +177,6 @@ func (p *priorityPlugin) admitPod(a admission.Attributes) error {
if operation == admission.Create { if operation == admission.Create {
var priority int32 var priority int32
var preemptionPolicy *apiv1.PreemptionPolicy var preemptionPolicy *apiv1.PreemptionPolicy
// TODO: @ravig - This is for backwards compatibility to ensure that critical pods with annotations just work fine.
// Remove when no longer needed.
if len(pod.Spec.PriorityClassName) == 0 &&
utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalCriticalPodAnnotation) &&
kubelettypes.IsCritical(a.GetNamespace(), pod.Annotations) {
pod.Spec.PriorityClassName = scheduling.SystemClusterCritical
}
if len(pod.Spec.PriorityClassName) == 0 { if len(pod.Spec.PriorityClassName) == 0 {
var err error var err error
var pcName string var pcName string

54
plugin/pkg/admission/priority/admission_test.go
View File

@ -422,23 +422,7 @@ func TestPodAdmission(t *testing.T) {
Priority: &intPriority, Priority: &intPriority,
}, },
}, },
// pod[7]: Pod with a critical priority annotation. This needs to be automatically assigned // pod[7]: Pod with a system priority class name in non-system namespace
// system-cluster-critical
{
ObjectMeta: metav1.ObjectMeta{
Name: "pod-w-system-priority",
Namespace: "kube-system",
Annotations: map[string]string{"scheduler.alpha.kubernetes.io/critical-pod": ""},
},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: containerName,
},
},
},
},
// pod[8]: Pod with a system priority class name in non-system namespace
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-w-system-priority-in-nonsystem-namespace", Name: "pod-w-system-priority-in-nonsystem-namespace",
@ -453,7 +437,7 @@ func TestPodAdmission(t *testing.T) {
PriorityClassName: scheduling.SystemClusterCritical, PriorityClassName: scheduling.SystemClusterCritical,
}, },
}, },
// pod[9]: Pod with a priority value that matches the resolved priority // pod[8]: Pod with a priority value that matches the resolved priority
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-w-zero-priority-in-nonsystem-namespace", Name: "pod-w-zero-priority-in-nonsystem-namespace",
@ -468,7 +452,7 @@ func TestPodAdmission(t *testing.T) {
Priority: &zeroPriority, Priority: &zeroPriority,
}, },
}, },
// pod[10]: Pod with a priority value that matches the resolved default priority // pod[9]: Pod with a priority value that matches the resolved default priority
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-w-priority-matching-default-priority", Name: "pod-w-priority-matching-default-priority",
@ -483,7 +467,7 @@ func TestPodAdmission(t *testing.T) {
Priority: &defaultClass2.Value, Priority: &defaultClass2.Value,
}, },
}, },
// pod[11]: Pod with a priority value that matches the resolved priority // pod[10]: Pod with a priority value that matches the resolved priority
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-w-priority-matching-resolved-default-priority", Name: "pod-w-priority-matching-resolved-default-priority",
@ -499,7 +483,7 @@ func TestPodAdmission(t *testing.T) {
Priority: &systemClusterCritical.Value, Priority: &systemClusterCritical.Value,
}, },
}, },
// pod[12]: Pod without a preemption policy that matches the resolved preemption policy // pod[11]: Pod without a preemption policy that matches the resolved preemption policy
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-never-preemption-policy-matching-resolved-preemption-policy", Name: "pod-never-preemption-policy-matching-resolved-preemption-policy",
@ -516,7 +500,7 @@ func TestPodAdmission(t *testing.T) {
PreemptionPolicy: nil, PreemptionPolicy: nil,
}, },
}, },
// pod[13]: Pod with a preemption policy that matches the resolved preemption policy // pod[12]: Pod with a preemption policy that matches the resolved preemption policy
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-preemption-policy-matching-resolved-preemption-policy", Name: "pod-preemption-policy-matching-resolved-preemption-policy",
@ -533,7 +517,7 @@ func TestPodAdmission(t *testing.T) {
PreemptionPolicy: &preemptLowerPriority, PreemptionPolicy: &preemptLowerPriority,
}, },
}, },
// pod[14]: Pod with a preemption policy that does't match the resolved preemption policy // pod[13]: Pod with a preemption policy that does't match the resolved preemption policy
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "pod-preemption-policy-not-matching-resolved-preemption-policy", Name: "pod-preemption-policy-not-matching-resolved-preemption-policy",
@ -551,8 +535,6 @@ func TestPodAdmission(t *testing.T) {
}, },
}, },
} }
// Enable ExperimentalCriticalPodAnnotation feature gate.
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExperimentalCriticalPodAnnotation, true)()
// Enable NonPreemptingPriority feature gate. // Enable NonPreemptingPriority feature gate.
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.NonPreemptingPriority, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.NonPreemptingPriority, true)()
tests := []struct { tests := []struct {
@ -638,18 +620,10 @@ func TestPodAdmission(t *testing.T) {
true, true,
nil, nil,
}, },
{
"pod with critical pod annotation",
[]*scheduling.PriorityClass{systemClusterCritical},
*pods[7],
scheduling.SystemCriticalPriority,
false,
nil,
},
{ {
"pod with system critical priority in non-system namespace", "pod with system critical priority in non-system namespace",
[]*scheduling.PriorityClass{systemClusterCritical}, []*scheduling.PriorityClass{systemClusterCritical},
*pods[8], *pods[7],
scheduling.SystemCriticalPriority, scheduling.SystemCriticalPriority,
true, true,
nil, nil,
@ -657,7 +631,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with priority that matches computed priority", "pod with priority that matches computed priority",
[]*scheduling.PriorityClass{nondefaultClass1}, []*scheduling.PriorityClass{nondefaultClass1},
*pods[9], *pods[8],
0, 0,
false, false,
nil, nil,
@ -665,7 +639,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with priority that matches default priority", "pod with priority that matches default priority",
[]*scheduling.PriorityClass{defaultClass2}, []*scheduling.PriorityClass{defaultClass2},
*pods[10], *pods[9],
defaultClass2.Value, defaultClass2.Value,
false, false,
nil, nil,
@ -673,7 +647,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with priority that matches resolved priority", "pod with priority that matches resolved priority",
[]*scheduling.PriorityClass{systemClusterCritical}, []*scheduling.PriorityClass{systemClusterCritical},
*pods[11], *pods[10],
systemClusterCritical.Value, systemClusterCritical.Value,
false, false,
nil, nil,
@ -681,7 +655,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with nil preemtpion policy", "pod with nil preemtpion policy",
[]*scheduling.PriorityClass{preemptionPolicyClass}, []*scheduling.PriorityClass{preemptionPolicyClass},
*pods[12], *pods[11],
preemptionPolicyClass.Value, preemptionPolicyClass.Value,
false, false,
nil, nil,
@ -689,7 +663,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with preemtpion policy that matches resolved preemtpion policy", "pod with preemtpion policy that matches resolved preemtpion policy",
[]*scheduling.PriorityClass{preemptionPolicyClass}, []*scheduling.PriorityClass{preemptionPolicyClass},
*pods[13], *pods[12],
preemptionPolicyClass.Value, preemptionPolicyClass.Value,
false, false,
&preemptLowerPriority, &preemptLowerPriority,
@ -697,7 +671,7 @@ func TestPodAdmission(t *testing.T) {
{ {
"pod with preemtpion policy that does't matches resolved preemtpion policy", "pod with preemtpion policy that does't matches resolved preemtpion policy",
[]*scheduling.PriorityClass{preemptionPolicyClass}, []*scheduling.PriorityClass{preemptionPolicyClass},
*pods[14], *pods[13],
preemptionPolicyClass.Value, preemptionPolicyClass.Value,
true, true,
&preemptLowerPriority, &preemptLowerPriority,

1
test/e2e/testing-manifests/sample-device-plugin.yaml
View File

@ -14,7 +14,6 @@ spec:
labels: labels:
k8s-app: sample-device-plugin k8s-app: sample-device-plugin
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
tolerations: tolerations:

1
test/e2e_node/BUILD
View File

@ -126,6 +126,7 @@ go_test(
tags = ["e2e"], tags = ["e2e"],
deps = [ deps = [
"//pkg/apis/core:go_default_library", "//pkg/apis/core:go_default_library",
"//pkg/apis/scheduling:go_default_library",
"//pkg/features:go_default_library", "//pkg/features:go_default_library",
"//pkg/kubelet:go_default_library", "//pkg/kubelet:go_default_library",
"//pkg/kubelet/apis/config:go_default_library", "//pkg/kubelet/apis/config:go_default_library",

19
test/e2e_node/critical_pod_test.go
View File

@ -23,8 +23,7 @@ import (
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeapi "k8s.io/kubernetes/pkg/apis/core" kubeapi "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/apis/scheduling"
kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
kubelettypes "k8s.io/kubernetes/pkg/kubelet/types" kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
@ -44,13 +43,6 @@ var _ = framework.KubeDescribe("CriticalPod [Serial] [Disruptive] [NodeFeature:C
f := framework.NewDefaultFramework("critical-pod-test") f := framework.NewDefaultFramework("critical-pod-test")
Context("when we need to admit a critical pod", func() { Context("when we need to admit a critical pod", func() {
tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) {
if initialConfig.FeatureGates == nil {
initialConfig.FeatureGates = make(map[string]bool)
}
initialConfig.FeatureGates[string(features.ExperimentalCriticalPodAnnotation)] = true
})
It("should be able to create and delete a critical pod", func() { It("should be able to create and delete a critical pod", func() {
configEnabled, err := isKubeletConfigEnabled(f) configEnabled, err := isKubeletConfigEnabled(f)
framework.ExpectNoError(err) framework.ExpectNoError(err)
@ -142,12 +134,11 @@ func getTestPod(critical bool, name string, resources v1.ResourceRequirements) *
} }
if critical { if critical {
pod.ObjectMeta.Namespace = kubeapi.NamespaceSystem pod.ObjectMeta.Namespace = kubeapi.NamespaceSystem
pod.ObjectMeta.Annotations = map[string]string{ pod.ObjectMeta.Annotations = map[string]string{}
kubelettypes.CriticalPodAnnotationKey: "", pod.Spec.PriorityClassName = scheduling.SystemClusterCritical
} Expect(kubelettypes.IsCriticalPod(pod)).To(BeTrue(), "pod should be a critical pod")
Expect(kubelettypes.IsCritical(pod.Namespace, pod.Annotations)).To(BeTrue(), "pod should be a critical pod")
} else { } else {
Expect(kubelettypes.IsCritical(pod.Namespace, pod.Annotations)).To(BeFalse(), "pod should not be a critical pod") Expect(kubelettypes.IsCriticalPod(pod)).To(BeFalse(), "pod should not be a critical pod")
} }
return pod return pod
} }

3
test/kubemark/resources/kube_dns_template.yaml
View File

@ -57,9 +57,8 @@ spec:
metadata: metadata:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
priorityClassName: system-node-critical
tolerations: tolerations:
- key: "CriticalAddonsOnly" - key: "CriticalAddonsOnly"
operator: "Exists" operator: "Exists"