kubeadm: set priority class name to `system-cluster-critical` for all master components

Remove the deprecated `scheduler.alpha.kubernetes.io/critical-pod` pod annotation and use the `priorityClassName` first class attribute instead, setting all master components to `system-cluster-critical`.
2019-02-08 18:27:11 +01:00 · 2019-02-08 18:27:11 +01:00 · 30dc43ff86
parent 64ce2e598f
commit 30dc43ff86
9 changed files with 86 additions and 17 deletions
--- a/cmd/kubeadm/app/phases/addons/dns/BUILD
+++ b/cmd/kubeadm/app/phases/addons/dns/BUILD
@ -14,11 +14,13 @@ go_test(
        "//cmd/kubeadm/app/constants:go_default_library",
        "//cmd/kubeadm/app/util:go_default_library",
        "//pkg/apis/core:go_default_library",
        "//staging/src/k8s.io/api/apps/v1:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
        "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
        "//staging/src/k8s.io/client-go/testing:go_default_library",
    ],
 )
--- a/cmd/kubeadm/app/phases/addons/dns/dns_test.go
+++ b/cmd/kubeadm/app/phases/addons/dns/dns_test.go
@ -20,11 +20,14 @@ import (
 	"strings"
 	"testing"
 	apps "k8s.io/api/apps/v1"
 	"k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	kuberuntime "k8s.io/apimachinery/pkg/runtime"
 	clientsetfake "k8s.io/client-go/kubernetes/fake"
 	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 	core "k8s.io/client-go/testing"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
@ -425,3 +428,42 @@ func TestTranslateFederationKubeDNSToCoreDNS(t *testing.T) {
 		}
 	}
 }
 func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
 	testCases := []struct {
 		manifest string
 		data     interface{}
 	}{
 		{
 			manifest: KubeDNSDeployment,
 			data: struct{ DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, MasterTaintKey string }{
 				DeploymentName: "foo",
 				KubeDNSImage:   "foo",
 				DNSMasqImage:   "foo",
 				SidecarImage:   "foo",
 				DNSBindAddr:    "foo",
 				DNSProbeAddr:   "foo",
 				DNSDomain:      "foo",
 				MasterTaintKey: "foo",
 			},
 		},
 		{
 			manifest: CoreDNSDeployment,
 			data: struct{ DeploymentName, Image, MasterTaintKey string }{
 				DeploymentName: "foo",
 				Image:          "foo",
 				MasterTaintKey: "foo",
 			},
 		},
 	}
 	for _, testCase := range testCases {
 		deploymentBytes, _ := kubeadmutil.ParseTemplate(testCase.manifest, testCase.data)
 		deployment := &apps.Deployment{}
 		if err := kuberuntime.DecodeInto(clientsetscheme.Codecs.UniversalDecoder(), deploymentBytes, deployment); err != nil {
 			t.Errorf("unexpected error: %v", err)
 		}
 		if deployment.Spec.Template.Spec.PriorityClassName != "system-cluster-critical" {
 			t.Errorf("expected to see system-cluster-critical priority class name. Got %q instead", deployment.Spec.Template.Spec.PriorityClassName)
 		}
 	}
 }
--- a/cmd/kubeadm/app/phases/addons/proxy/BUILD
+++ b/cmd/kubeadm/app/phases/addons/proxy/BUILD
@ -17,10 +17,12 @@ go_test(
        "//cmd/kubeadm/app/util/config:go_default_library",
        "//pkg/apis/core:go_default_library",
        "//pkg/proxy/apis/config:go_default_library",
        "//staging/src/k8s.io/api/apps/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
        "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
        "//staging/src/k8s.io/client-go/testing:go_default_library",
        "//vendor/k8s.io/utils/pointer:go_default_library",
    ],
--- a/cmd/kubeadm/app/phases/addons/proxy/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/proxy/manifests.go
@ -69,8 +69,6 @@ spec:
    metadata:
      labels:
        k8s-app: kube-proxy
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
    spec:
      priorityClassName: system-node-critical
      containers:
--- a/cmd/kubeadm/app/phases/addons/proxy/proxy_test.go
+++ b/cmd/kubeadm/app/phases/addons/proxy/proxy_test.go
@ -21,10 +21,13 @@ import (
 	"testing"
 	"time"
 	apps "k8s.io/api/apps/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	kuberuntime "k8s.io/apimachinery/pkg/runtime"
 	clientsetfake "k8s.io/client-go/kubernetes/fake"
 	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 	core "k8s.io/client-go/testing"
 	kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
@ -255,3 +258,29 @@ func TestEnsureProxyAddon(t *testing.T) {
 		}
 	}
 }
 func TestDaemonSetsHaveSystemNodeCriticalPriorityClassName(t *testing.T) {
 	testCases := []struct {
 		manifest string
 		data     interface{}
 	}{
 		{
 			manifest: KubeProxyDaemonSet19,
 			data: struct{ Image, ProxyConfigMap, ProxyConfigMapKey string }{
 				Image:             "foo",
 				ProxyConfigMap:    "foo",
 				ProxyConfigMapKey: "foo",
 			},
 		},
 	}
 	for _, testCase := range testCases {
 		daemonSetBytes, _ := kubeadmutil.ParseTemplate(testCase.manifest, testCase.data)
 		daemonSet := &apps.DaemonSet{}
 		if err := kuberuntime.DecodeInto(clientsetscheme.Codecs.UniversalDecoder(), daemonSetBytes, daemonSet); err != nil {
 			t.Errorf("unexpected error: %v", err)
 		}
 		if daemonSet.Spec.Template.Spec.PriorityClassName != "system-node-critical" {
 			t.Errorf("expected to see system-node-critical priority class name. Got %q instead", daemonSet.Spec.Template.Spec.PriorityClassName)
 		}
 	}
 }
--- a/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go
+++ b/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go
@ -34,8 +34,6 @@ const (
 apiVersion: v1
 kind: Pod
 metadata:
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  name: kube-apiserver
  namespace: kube-system
@ -90,6 +88,7 @@ spec:
      name: ca-certs-etc-pki
      readOnly: true
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/pki
@ -179,6 +178,7 @@ spec:
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/master: ""
      priorityClassName: system-cluster-critical
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
@ -205,8 +205,6 @@ status:
 apiVersion: v1
 kind: Pod
 metadata:
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  name: kube-controller-manager
  namespace: kube-system
@ -252,6 +250,7 @@ spec:
      name: ca-certs-etc-pki
      readOnly: true
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/pki
@ -331,6 +330,7 @@ spec:
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/master: ""
      priorityClassName: system-cluster-critical
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
@ -361,8 +361,6 @@ status:
 apiVersion: v1
 kind: Pod
 metadata:
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  name: kube-scheduler
  namespace: kube-system
@ -392,6 +390,7 @@ spec:
      name: kubeconfig
      readOnly: true
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/scheduler.conf
@ -446,6 +445,7 @@ spec:
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/master: ""
      priorityClassName: system-cluster-critical
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
--- a/cmd/kubeadm/app/util/staticpod/BUILD
+++ b/cmd/kubeadm/app/util/staticpod/BUILD
@ -26,7 +26,6 @@ go_library(
        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
        "//cmd/kubeadm/app/constants:go_default_library",
        "//cmd/kubeadm/app/util:go_default_library",
        "//pkg/kubelet/types:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@ -34,7 +34,6 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util"
 	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
 )
 const (
@ -56,9 +55,8 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume) v1.Pod {
 			Kind:       "Pod",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        container.Name,
+			Name:      container.Name,
-			Namespace:   metav1.NamespaceSystem,
+			Namespace: metav1.NamespaceSystem,
 			Annotations: map[string]string{kubetypes.CriticalPodAnnotationKey: ""},
 			// The component and tier labels are useful for quickly identifying the control plane Pods when doing a .List()
 			// against Pods in the kube-system namespace. Can for example be used together with the WaitForPodsWithLabel function
 			Labels: map[string]string{"component": container.Name, "tier": "control-plane"},
--- a/cmd/kubeadm/app/util/staticpod/utils_test.go
+++ b/cmd/kubeadm/app/util/staticpod/utils_test.go
@ -254,10 +254,9 @@ func TestComponentPod(t *testing.T) {
 					Kind:       "Pod",
 				},
 				ObjectMeta: metav1.ObjectMeta{
-					Name:        "foo",
+					Name:      "foo",
-					Namespace:   "kube-system",
+					Namespace: "kube-system",
-					Annotations: map[string]string{"scheduler.alpha.kubernetes.io/critical-pod": ""},
+					Labels:    map[string]string{"component": "foo", "tier": "control-plane"},
 					Labels:      map[string]string{"component": "foo", "tier": "control-plane"},
 				},
 				Spec: v1.PodSpec{
 					Containers: []v1.Container{