kubeadm: set priority class name to `system-cluster-critical` for all master components

Remove the deprecated `scheduler.alpha.kubernetes.io/critical-pod` pod annotation and use
the `priorityClassName` first class attribute instead, setting all master components to
`system-cluster-critical`.

cmd/kubeadm/app/phases/addons/dns/BUILD

@@ -14,11 +14,13 @@ go_test(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/util:go_default_library",
         "//pkg/apis/core:go_default_library",
+        "//staging/src/k8s.io/api/apps/v1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
         "//staging/src/k8s.io/client-go/testing:go_default_library",
     ],
 )

cmd/kubeadm/app/phases/addons/dns/dns_test.go

@@ -20,11 +20,14 @@ import (
 	"strings"
 	"testing"
 
+	apps "k8s.io/api/apps/v1"
 	"k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	kuberuntime "k8s.io/apimachinery/pkg/runtime"
 	clientsetfake "k8s.io/client-go/kubernetes/fake"
+	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 	core "k8s.io/client-go/testing"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
@@ -425,3 +428,42 @@ func TestTranslateFederationKubeDNSToCoreDNS(t *testing.T) {
 		}
 	}
 }
+
+func TestDeploymentsHaveSystemClusterCriticalPriorityClassName(t *testing.T) {
+	testCases := []struct {
+		manifest string
+		data     interface{}
+	}{
+		{
+			manifest: KubeDNSDeployment,
+			data: struct{ DeploymentName, KubeDNSImage, DNSMasqImage, SidecarImage, DNSBindAddr, DNSProbeAddr, DNSDomain, MasterTaintKey string }{
+				DeploymentName: "foo",
+				KubeDNSImage:   "foo",
+				DNSMasqImage:   "foo",
+				SidecarImage:   "foo",
+				DNSBindAddr:    "foo",
+				DNSProbeAddr:   "foo",
+				DNSDomain:      "foo",
+				MasterTaintKey: "foo",
+			},
+		},
+		{
+			manifest: CoreDNSDeployment,
+			data: struct{ DeploymentName, Image, MasterTaintKey string }{
+				DeploymentName: "foo",
+				Image:          "foo",
+				MasterTaintKey: "foo",
+			},
+		},
+	}
+	for _, testCase := range testCases {
+		deploymentBytes, _ := kubeadmutil.ParseTemplate(testCase.manifest, testCase.data)
+		deployment := &apps.Deployment{}
+		if err := kuberuntime.DecodeInto(clientsetscheme.Codecs.UniversalDecoder(), deploymentBytes, deployment); err != nil {
+			t.Errorf("unexpected error: %v", err)
+		}
+		if deployment.Spec.Template.Spec.PriorityClassName != "system-cluster-critical" {
+			t.Errorf("expected to see system-cluster-critical priority class name. Got %q instead", deployment.Spec.Template.Spec.PriorityClassName)
+		}
+	}
+}

cmd/kubeadm/app/phases/addons/proxy/BUILD

@@ -17,10 +17,12 @@ go_test(
         "//cmd/kubeadm/app/util/config:go_default_library",
         "//pkg/apis/core:go_default_library",
         "//pkg/proxy/apis/config:go_default_library",
+        "//staging/src/k8s.io/api/apps/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
         "//staging/src/k8s.io/client-go/testing:go_default_library",
         "//vendor/k8s.io/utils/pointer:go_default_library",
     ],

cmd/kubeadm/app/phases/addons/proxy/manifests.go

@@ -69,8 +69,6 @@ spec:
     metadata:
       labels:
         k8s-app: kube-proxy
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ""
     spec:
       priorityClassName: system-node-critical
       containers:

cmd/kubeadm/app/phases/addons/proxy/proxy_test.go

@@ -21,10 +21,13 @@ import (
 	"testing"
 	"time"
 
+	apps "k8s.io/api/apps/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	kuberuntime "k8s.io/apimachinery/pkg/runtime"
 	clientsetfake "k8s.io/client-go/kubernetes/fake"
+	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 	core "k8s.io/client-go/testing"
 	kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
@@ -255,3 +258,29 @@ func TestEnsureProxyAddon(t *testing.T) {
 		}
 	}
 }
+
+func TestDaemonSetsHaveSystemNodeCriticalPriorityClassName(t *testing.T) {
+	testCases := []struct {
+		manifest string
+		data     interface{}
+	}{
+		{
+			manifest: KubeProxyDaemonSet19,
+			data: struct{ Image, ProxyConfigMap, ProxyConfigMapKey string }{
+				Image:             "foo",
+				ProxyConfigMap:    "foo",
+				ProxyConfigMapKey: "foo",
+			},
+		},
+	}
+	for _, testCase := range testCases {
+		daemonSetBytes, _ := kubeadmutil.ParseTemplate(testCase.manifest, testCase.data)
+		daemonSet := &apps.DaemonSet{}
+		if err := kuberuntime.DecodeInto(clientsetscheme.Codecs.UniversalDecoder(), daemonSetBytes, daemonSet); err != nil {
+			t.Errorf("unexpected error: %v", err)
+		}
+		if daemonSet.Spec.Template.Spec.PriorityClassName != "system-node-critical" {
+			t.Errorf("expected to see system-node-critical priority class name. Got %q instead", daemonSet.Spec.Template.Spec.PriorityClassName)
+		}
+	}
+}

cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go

@@ -34,8 +34,6 @@ const (
 apiVersion: v1
 kind: Pod
 metadata:
-  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ""
   creationTimestamp: null
   name: kube-apiserver
   namespace: kube-system
@@ -90,6 +88,7 @@ spec:
       name: ca-certs-etc-pki
       readOnly: true
   hostNetwork: true
+  priorityClassName: system-cluster-critical
   volumes:
   - hostPath:
       path: /etc/kubernetes/pki
@@ -179,6 +178,7 @@ spec:
       hostNetwork: true
       nodeSelector:
         node-role.kubernetes.io/master: ""
+      priorityClassName: system-cluster-critical
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
@@ -205,8 +205,6 @@ status:
 apiVersion: v1
 kind: Pod
 metadata:
-  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ""
   creationTimestamp: null
   name: kube-controller-manager
   namespace: kube-system
@@ -252,6 +250,7 @@ spec:
       name: ca-certs-etc-pki
       readOnly: true
   hostNetwork: true
+  priorityClassName: system-cluster-critical
   volumes:
   - hostPath:
       path: /etc/kubernetes/pki
@@ -331,6 +330,7 @@ spec:
       hostNetwork: true
       nodeSelector:
         node-role.kubernetes.io/master: ""
+      priorityClassName: system-cluster-critical
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
@@ -361,8 +361,6 @@ status:
 apiVersion: v1
 kind: Pod
 metadata:
-  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ""
   creationTimestamp: null
   name: kube-scheduler
   namespace: kube-system
@@ -392,6 +390,7 @@ spec:
       name: kubeconfig
       readOnly: true
   hostNetwork: true
+  priorityClassName: system-cluster-critical
   volumes:
   - hostPath:
       path: /etc/kubernetes/scheduler.conf
@@ -446,6 +445,7 @@ spec:
       hostNetwork: true
       nodeSelector:
         node-role.kubernetes.io/master: ""
+      priorityClassName: system-cluster-critical
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master

cmd/kubeadm/app/util/staticpod/BUILD

@@ -26,7 +26,6 @@ go_library(
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/util:go_default_library",
-        "//pkg/kubelet/types:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

cmd/kubeadm/app/util/staticpod/utils.go

@@ -34,7 +34,6 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util"
-	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
 )
 
 const (
@@ -58,7 +57,6 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume) v1.Pod {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      container.Name,
 			Namespace: metav1.NamespaceSystem,
-			Annotations: map[string]string{kubetypes.CriticalPodAnnotationKey: ""},
 			// The component and tier labels are useful for quickly identifying the control plane Pods when doing a .List()
 			// against Pods in the kube-system namespace. Can for example be used together with the WaitForPodsWithLabel function
 			Labels: map[string]string{"component": container.Name, "tier": "control-plane"},

cmd/kubeadm/app/util/staticpod/utils_test.go

@@ -256,7 +256,6 @@ func TestComponentPod(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "foo",
 					Namespace: "kube-system",
-					Annotations: map[string]string{"scheduler.alpha.kubernetes.io/critical-pod": ""},
 					Labels:    map[string]string{"component": "foo", "tier": "control-plane"},
 				},
 				Spec: v1.PodSpec{