Add support for kubernetes 1.13
- Remove deleted flag etcd-quorum-read
- Add support for priorityClass objects
- Replace deprecated annotation with priorityClass
Related story: PROD-26498 (PROD:26498)
Change-Id: Ia8b53e8006cb0979c9e91663cf3ad52a7f6c7533
diff --git a/kubernetes/control/init.sls b/kubernetes/control/init.sls
index be31c21..b8ea755 100644
--- a/kubernetes/control/init.sls
+++ b/kubernetes/control/init.sls
@@ -12,6 +12,9 @@
{%- if control.role is defined %}
- kubernetes.control.role
{%- endif %}
+ {%- if control.priorityclass is defined %}
+ - kubernetes.control.priorityclass
+ {%- endif %}
/srv/kubernetes:
file.directory:
diff --git a/kubernetes/control/priorityclass.sls b/kubernetes/control/priorityclass.sls
new file mode 100644
index 0000000..247cc4e
--- /dev/null
+++ b/kubernetes/control/priorityclass.sls
@@ -0,0 +1,35 @@
+{% from "kubernetes/map.jinja" import control with context %}
+include:
+ - kubernetes.control
+
+{%- for priorityclass_name, priorityclass in control.priorityclass.iteritems() %}
+ {%- set priorityclass_name = priorityclass.name|default(priorityclass_name) %}
+ {%- set priorityclass_value = priorityclass.priority_value %}
+ {%- set is_default_priorityclass = priorityclass.is_default|default(False) %}
+ {%- set priorityclass_description = priorityclass.description|default(priorityclass_name) %}
+
+/srv/kubernetes/priorityclasses/{{ priorityclass_name }}.yml:
+ file.managed:
+ - source: salt://kubernetes/files/priorityclass.yml
+ - template: jinja
+ - makedirs: true
+ - require:
+ - file: /srv/kubernetes
+ - defaults:
+ priorityclass: {{ priorityclass|yaml }}
+ priorityclass_name: {{ priorityclass_name }}
+ priorityclass_value: {{ priorityclass_value }}
+ is_default_priorityclass: {{ is_default_priorityclass }}
+ priorityclass_description: {{ priorityclass_description }}
+
+kubernetes_priorityclass_create_{{ priorityclass_name }}:
+ cmd.run:
+ - name: kubectl apply -f /srv/kubernetes/priorityclasses/{{ priorityclass_name }}.yml
+ - unless: kubectl get priorityclass -o=custom-columns=NAME:.metadata.name | grep -xq {{ priorityclass_name }}
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - file: /srv/kubernetes/priorityclasses/{{ priorityclass_name }}.yml
+
+{%- endfor %}
diff --git a/kubernetes/files/kube-addons/alertmanager/alertmanager-deploy.yml b/kubernetes/files/kube-addons/alertmanager/alertmanager-deploy.yml
index eeb192d..7732239 100644
--- a/kubernetes/files/kube-addons/alertmanager/alertmanager-deploy.yml
+++ b/kubernetes/files/kube-addons/alertmanager/alertmanager-deploy.yml
@@ -19,10 +19,10 @@
labels:
k8s-app: alertmanager
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
serviceAccountName: alertmanager
+ priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
index dcc2eb9..718f7c5 100644
--- a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
+++ b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
@@ -42,7 +42,6 @@
labels:
k8s-app: kube-dns
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
{%- if common.addons.dns.cni is defined %}
cni: {{ common.addons.dns.cni }}
@@ -51,6 +50,7 @@
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
+ priorityClassName: system-cluster-critical
containers:
- name: kubedns
image: {{ common.addons.dns.get('kubedns_image', 'gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5') }}
diff --git a/kubernetes/files/kube-addons/fluentd/fluentd-aggregator-deploy.yaml b/kubernetes/files/kube-addons/fluentd/fluentd-aggregator-deploy.yaml
index cae9584..5cdeb08 100644
--- a/kubernetes/files/kube-addons/fluentd/fluentd-aggregator-deploy.yaml
+++ b/kubernetes/files/kube-addons/fluentd/fluentd-aggregator-deploy.yaml
@@ -22,7 +22,6 @@
k8s-app: fluentd-aggregator
version: v1
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
serviceAccountName: fluentd
@@ -30,6 +29,7 @@
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
operator: "Exists"
+ priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/kubernetes/files/kube-addons/prometheus/prometheus-server-deploy.yaml b/kubernetes/files/kube-addons/prometheus/prometheus-server-deploy.yaml
index 4d232c7..79d8f25 100644
--- a/kubernetes/files/kube-addons/prometheus/prometheus-server-deploy.yaml
+++ b/kubernetes/files/kube-addons/prometheus/prometheus-server-deploy.yaml
@@ -22,10 +22,10 @@
k8s-app: prometheus-server
version: v1
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
serviceAccountName: prometheus-server
+ priorityClassName: system-cluster-critical
tolerations:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
diff --git a/kubernetes/files/kube-addons/telegraf/telegraf-ds.yaml b/kubernetes/files/kube-addons/telegraf/telegraf-ds.yaml
index 425e536..d0c33ea 100644
--- a/kubernetes/files/kube-addons/telegraf/telegraf-ds.yaml
+++ b/kubernetes/files/kube-addons/telegraf/telegraf-ds.yaml
@@ -16,7 +16,6 @@
k8s-app: telegraf
version: v1
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-node-critical
diff --git a/kubernetes/files/manifest/kube-addon-manager.yml b/kubernetes/files/manifest/kube-addon-manager.yml
index 93211b1..b4acb46 100644
--- a/kubernetes/files/manifest/kube-addon-manager.yml
+++ b/kubernetes/files/manifest/kube-addon-manager.yml
@@ -6,12 +6,12 @@
name: kube-addon-manager
namespace: kube-system
annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
labels:
component: kube-addon-manager
spec:
hostNetwork: true
+ priorityClassName: system-cluster-critical
containers:
- name: kube-addon-manager
image: {{ common.get('addonmanager', {}).get('image', 'k8s.gcr.io/kube-addon-manager:v8.9') }}
diff --git a/kubernetes/files/manifest/kube-apiserver.manifest b/kubernetes/files/manifest/kube-apiserver.manifest
index afa0c4c..f948fce 100644
--- a/kubernetes/files/manifest/kube-apiserver.manifest
+++ b/kubernetes/files/manifest/kube-apiserver.manifest
@@ -42,7 +42,6 @@
{%- if master.auth.get('token', {}).enabled|default(True) %}
--token-auth-file={{ master.auth.token.file|default("/srv/kubernetes/known_tokens.csv") }}
{%- endif %}
- --etcd-quorum-read=true
--v={{ master.get('verbosity', 2) }}
--allow-privileged=True
{%- if common.addons.get('virtlet', {}).get('enabled') %}
diff --git a/kubernetes/files/priorityclass.yml b/kubernetes/files/priorityclass.yml
new file mode 100644
index 0000000..a017972
--- /dev/null
+++ b/kubernetes/files/priorityclass.yml
@@ -0,0 +1,11 @@
+kind: PriorityClass
+apiVersion: scheduling.k8s.io/v1beta1
+metadata:
+ name: {{ priorityclass_name }}
+value: {{ priorityclass_value }}
+globalDefault: {{ is_default_priorityclass }}
+description: "{{ priorityclass_description }}"
+
+{#-
+vim: syntax=jinja
+-#}
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 9d92467..a458868 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -163,7 +163,6 @@
--proxy-client-key-file={{ master.auth.proxy.client_key|default("/etc/kubernetes/ssl/kube-aggregator-proxy-client.key") }}
{%- endif %}
--anonymous-auth={{ master.auth.get('anonymous', {}).enabled|default(False) }}
- --etcd-quorum-read=true
--insecure-bind-address={{ master.apiserver.insecure_address }}
--insecure-port={{ master.apiserver.insecure_port }}
--secure-port={{ master.apiserver.secure_port }}
diff --git a/metadata/service/control/priorityclasses/critical-priority.yml b/metadata/service/control/priorityclasses/critical-priority.yml
new file mode 100644
index 0000000..b24d213
--- /dev/null
+++ b/metadata/service/control/priorityclasses/critical-priority.yml
@@ -0,0 +1,6 @@
+parameters:
+ kubernetes:
+ control:
+ priorityclass:
+ critical-priority:
+ priority_value: 1000000000