From 09e2e251a83794eb47ec018c87b2cf949386fe11 Mon Sep 17 00:00:00 2001
From: Zihong Zheng <zihongz@google.com>
Date: Mon, 21 Aug 2017 18:10:15 -0700
Subject: [PATCH 1/2] Set up ENABLE_POD_PRIORITY env for GCE and common.sh

---
 cluster/common.sh             | 1 +
 cluster/gce/config-default.sh | 6 ++++++
 cluster/gce/config-test.sh    | 6 ++++++
 cluster/gce/configure-vm.sh   | 1 +
 4 files changed, 14 insertions(+)

diff --git a/cluster/common.sh b/cluster/common.sh
index 669e520483..0a65141a92 100755
--- a/cluster/common.sh
+++ b/cluster/common.sh
@@ -672,6 +672,7 @@ GCE_API_ENDPOINT: $(yaml-quote ${GCE_API_ENDPOINT:-})
 PROMETHEUS_TO_SD_ENDPOINT: $(yaml-quote ${PROMETHEUS_TO_SD_ENDPOINT:-})
 PROMETHEUS_TO_SD_PREFIX: $(yaml-quote ${PROMETHEUS_TO_SD_PREFIX:-})
 ENABLE_PROMETHEUS_TO_SD: $(yaml-quote ${ENABLE_PROMETHEUS_TO_SD:-false})
+ENABLE_POD_PRIORITY: $(yaml-quote ${ENABLE_POD_PRIORITY:-})
 EOF
   if [ -n "${KUBELET_PORT:-}" ]; then
     cat >>$file <<EOF
diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh
index f36066d076..47b6082449 100755
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@@ -301,3 +301,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-false}"
 # TODO(#51292): Make kube-proxy Daemonset default and remove the configuration here.
 # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
 KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
+
+# Optional: enable pod priority
+ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
+if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
+    FEATURE_GATES="${FEATURE_GATES},PodPriority=true"
+fi
diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh
index c8ef2496fb..902c54f006 100755
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -360,3 +360,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-true}"
 # TODO(#51292): Make kube-proxy Daemonset default and remove the configuration here.
 # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
 KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
+
+# Optional: enable pod priority
+ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
+if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
+    FEATURE_GATES="${FEATURE_GATES},PodPriority=true"
+fi
diff --git a/cluster/gce/configure-vm.sh b/cluster/gce/configure-vm.sh
index 0999eb11aa..7349a50405 100755
--- a/cluster/gce/configure-vm.sh
+++ b/cluster/gce/configure-vm.sh
@@ -447,6 +447,7 @@ initial_etcd_cluster: '$(echo "${INITIAL_ETCD_CLUSTER:-}" | sed -e "s/'/''/g")'
 initial_etcd_cluster_state: '$(echo "${INITIAL_ETCD_CLUSTER_STATE:-}" | sed -e "s/'/''/g")'
 ca_cert_bundle_path: '$(echo "${CA_CERT_BUNDLE_PATH:-}" | sed -e "s/'/''/g")'
 hostname: $(hostname -s)
+enable_pod_priority: '$(echo "$ENABLE_POD_PRIORITY" | sed -e "s/'/''/g")'
 enable_default_storage_class: '$(echo "$ENABLE_DEFAULT_STORAGE_CLASS" | sed -e "s/'/''/g")'
 kube_proxy_daemonset: '$(echo "$KUBE_PROXY_DAEMONSET" | sed -e "s/'/''/g")'
 EOF

From f2def6575cc1bcc091bb8b8e5493f37dab0ad99d Mon Sep 17 00:00:00 2001
From: Zihong Zheng <zihongz@google.com>
Date: Mon, 21 Aug 2017 18:11:15 -0700
Subject: [PATCH 2/2] Configure pod priority for kube-proxy when enabled

---
 cluster/addons/kube-proxy/kube-proxy-ds.yaml         | 1 +
 cluster/gce/container-linux/configure-helper.sh      | 5 +++++
 cluster/gce/gci/configure-helper.sh                  | 5 +++++
 cluster/saltbase/salt/kube-proxy/kube-proxy.manifest | 6 ++++++
 4 files changed, 17 insertions(+)

diff --git a/cluster/addons/kube-proxy/kube-proxy-ds.yaml b/cluster/addons/kube-proxy/kube-proxy-ds.yaml
index 34a1e42bf6..31bc0ace67 100644
--- a/cluster/addons/kube-proxy/kube-proxy-ds.yaml
+++ b/cluster/addons/kube-proxy/kube-proxy-ds.yaml
@@ -24,6 +24,7 @@ spec:
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      {{pod_priority}}
       hostNetwork: true
       nodeSelector:
         beta.kubernetes.io/kube-proxy-ds-ready: "true"
diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh
index f4779165f1..140dee4ae6 100755
--- a/cluster/gce/container-linux/configure-helper.sh
+++ b/cluster/gce/container-linux/configure-helper.sh
@@ -735,6 +735,10 @@ function prepare-kube-proxy-manifest-variables {
     kube_cache_mutation_detector_env_name="- name: KUBE_CACHE_MUTATION_DETECTOR"
     kube_cache_mutation_detector_env_value="value: \"${ENABLE_CACHE_MUTATION_DETECTOR}\""
   fi
+  local pod_priority=""
+  if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
+    pod_priority="priorityClassName: system-node-critical"
+  fi
   sed -i -e "s@{{kubeconfig}}@${kubeconfig}@g" ${src_file}
   sed -i -e "s@{{pillar\['kube_docker_registry'\]}}@${kube_docker_registry}@g" ${src_file}
   sed -i -e "s@{{pillar\['kube-proxy_docker_tag'\]}}@${kube_proxy_docker_tag}@g" ${src_file}
@@ -742,6 +746,7 @@ function prepare-kube-proxy-manifest-variables {
   sed -i -e "s@{{container_env}}@${container_env}@g" ${src_file}
   sed -i -e "s@{{kube_cache_mutation_detector_env_name}}@${kube_cache_mutation_detector_env_name}@g" ${src_file}
   sed -i -e "s@{{kube_cache_mutation_detector_env_value}}@${kube_cache_mutation_detector_env_value}@g" ${src_file}
+  sed -i -e "s@{{pod_priority}}@${pod_priority}@g" ${src_file}
   sed -i -e "s@{{ cpurequest }}@100m@g" ${src_file}
   sed -i -e "s@{{api_servers_with_port}}@${api_servers}@g" ${src_file}
   if [[ -n "${CLUSTER_IP_RANGE:-}" ]]; then
diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 83d4ca5432..740a02566d 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1071,6 +1071,10 @@ function prepare-kube-proxy-manifest-variables {
     kube_cache_mutation_detector_env_name="- name: KUBE_CACHE_MUTATION_DETECTOR"
     kube_cache_mutation_detector_env_value="value: \"${ENABLE_CACHE_MUTATION_DETECTOR}\""
   fi
+  local pod_priority=""
+  if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
+    pod_priority="priorityClassName: system-node-critical"
+  fi
   sed -i -e "s@{{kubeconfig}}@${kubeconfig}@g" ${src_file}
   sed -i -e "s@{{pillar\['kube_docker_registry'\]}}@${kube_docker_registry}@g" ${src_file}
   sed -i -e "s@{{pillar\['kube-proxy_docker_tag'\]}}@${kube_proxy_docker_tag}@g" ${src_file}
@@ -1078,6 +1082,7 @@ function prepare-kube-proxy-manifest-variables {
   sed -i -e "s@{{container_env}}@${container_env}@g" ${src_file}
   sed -i -e "s@{{kube_cache_mutation_detector_env_name}}@${kube_cache_mutation_detector_env_name}@g" ${src_file}
   sed -i -e "s@{{kube_cache_mutation_detector_env_value}}@${kube_cache_mutation_detector_env_value}@g" ${src_file}
+  sed -i -e "s@{{pod_priority}}@${pod_priority}@g" ${src_file}
   sed -i -e "s@{{ cpurequest }}@100m@g" ${src_file}
   sed -i -e "s@{{api_servers_with_port}}@${api_servers}@g" ${src_file}
   if [[ -n "${CLUSTER_IP_RANGE:-}" ]]; then
diff --git a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
index 37d96c9b6a..ad47f6a811 100644
--- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
+++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
@@ -34,6 +34,11 @@
 
 {% set throttles = "--iptables-sync-period=1m --iptables-min-sync-period=10s" -%}
 
+{% set pod_priority = "" -%}
+{% if pillar.get('enable_pod_priority', '').lower() == 'true' -%}
+  {% set pod_priority = "priorityClassName: system-node-critical" -%}
+{% endif -%}
+
 # test_args should always go last to overwrite prior configuration
 {% set params = log_level + " " + throttles + " " + feature_gates + " " + test_args -%}
 
@@ -58,6 +63,7 @@ metadata:
     tier: node
     component: kube-proxy
 spec:
+  {{pod_priority}}
   hostNetwork: true
   initContainers:
   - name: touch-lock