diff --git a/deployment/helm/balloons/README.md b/deployment/helm/balloons/README.md index 8d74bc252..1de2f92a1 100644 --- a/deployment/helm/balloons/README.md +++ b/deployment/helm/balloons/README.md @@ -104,3 +104,4 @@ customize with their own values, along with the default values. | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/balloons/templates/daemonset.yaml b/deployment/helm/balloons/templates/daemonset.yaml index d496b2b47..121d0e1f1 100644 --- a/deployment/helm/balloons/templates/daemonset.yaml +++ b/deployment/helm/balloons/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/balloons/values.yaml b/deployment/helm/balloons/values.yaml index 7d37c4c6e..7a04a614f 100644 --- a/deployment/helm/balloons/values.yaml +++ b/deployment/helm/balloons/values.yaml @@ -78,3 +78,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/memory-qos/README.md b/deployment/helm/memory-qos/README.md index 580cfbe92..b44b657e2 100644 --- a/deployment/helm/memory-qos/README.md +++ b/deployment/helm/memory-qos/README.md @@ -94,7 +94,7 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 10m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | @@ -102,3 +102,4 @@ customize with their own values, along with the default values. | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/memory-qos/templates/daemonset.yaml b/deployment/helm/memory-qos/templates/daemonset.yaml index 11e772e39..689d0e20c 100644 --- a/deployment/helm/memory-qos/templates/daemonset.yaml +++ b/deployment/helm/memory-qos/templates/daemonset.yaml @@ -62,6 +62,9 @@ spec: mountPath: /etc/nri/memory-qos - name: nrisockets mountPath: /var/run/nri + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memory-qos-config-vol configMap: diff --git a/deployment/helm/memory-qos/values.yaml b/deployment/helm/memory-qos/values.yaml index 5d33068bb..2f4356cd6 100644 --- a/deployment/helm/memory-qos/values.yaml +++ b/deployment/helm/memory-qos/values.yaml @@ -50,3 +50,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/memtierd/README.md b/deployment/helm/memtierd/README.md index e46ae3076..ac33b68a6 100644 --- a/deployment/helm/memtierd/README.md +++ b/deployment/helm/memtierd/README.md @@ -93,7 +93,7 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 250m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `outputDir` | empty string | host directory for memtierd.output files | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | @@ -102,3 +102,4 @@ customize with their own values, along with the default values. | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/memtierd/templates/daemonset.yaml b/deployment/helm/memtierd/templates/daemonset.yaml index d8b527fa9..e01760a08 100644 --- a/deployment/helm/memtierd/templates/daemonset.yaml +++ b/deployment/helm/memtierd/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: - name: run-dir-vol mountPath: /run-dir {{- end }} + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memtierd-config-vol configMap: diff --git a/deployment/helm/memtierd/values.yaml b/deployment/helm/memtierd/values.yaml index f161096d1..9ea235770 100644 --- a/deployment/helm/memtierd/values.yaml +++ b/deployment/helm/memtierd/values.yaml @@ -52,3 +52,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/sgx-epc/README.md b/deployment/helm/sgx-epc/README.md index ab3759506..339000c9d 100644 --- a/deployment/helm/sgx-epc/README.md +++ b/deployment/helm/sgx-epc/README.md @@ -94,11 +94,13 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 25m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | +| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | +| init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/sgx-epc/templates/daemonset.yaml b/deployment/helm/sgx-epc/templates/daemonset.yaml index 4373dccfa..75b75e29b 100644 --- a/deployment/helm/sgx-epc/templates/daemonset.yaml +++ b/deployment/helm/sgx-epc/templates/daemonset.yaml @@ -58,6 +58,9 @@ spec: volumeMounts: - name: nrisockets mountPath: /var/run/nri + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: nrisockets hostPath: diff --git a/deployment/helm/sgx-epc/values.yaml b/deployment/helm/sgx-epc/values.yaml index e593c951b..b9d2f5665 100644 --- a/deployment/helm/sgx-epc/values.yaml +++ b/deployment/helm/sgx-epc/values.yaml @@ -50,3 +50,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/template/README.md b/deployment/helm/template/README.md index e53517a99..2a56a6aa9 100644 --- a/deployment/helm/template/README.md +++ b/deployment/helm/template/README.md @@ -102,3 +102,4 @@ customize with their own values, along with the default values. | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/template/templates/daemonset.yaml b/deployment/helm/template/templates/daemonset.yaml index d8d1a6732..d52b99e12 100644 --- a/deployment/helm/template/templates/daemonset.yaml +++ b/deployment/helm/template/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/template/values.yaml b/deployment/helm/template/values.yaml index 04feb68aa..92027757f 100644 --- a/deployment/helm/template/values.yaml +++ b/deployment/helm/template/values.yaml @@ -45,3 +45,8 @@ tolerations: [] # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/topology-aware/README.md b/deployment/helm/topology-aware/README.md index ac54a97b6..e2fef4e70 100644 --- a/deployment/helm/topology-aware/README.md +++ b/deployment/helm/topology-aware/README.md @@ -105,3 +105,4 @@ customize with their own values, along with the default values. | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/topology-aware/templates/daemonset.yaml b/deployment/helm/topology-aware/templates/daemonset.yaml index aa4aefdbc..4f70ff2a3 100644 --- a/deployment/helm/topology-aware/templates/daemonset.yaml +++ b/deployment/helm/topology-aware/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.podPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/topology-aware/values.yaml b/deployment/helm/topology-aware/values.yaml index 774830940..192ddd30b 100644 --- a/deployment/helm/topology-aware/values.yaml +++ b/deployment/helm/topology-aware/values.yaml @@ -31,7 +31,6 @@ resources: nri: patchRuntimeConfig: false - initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager # If not defined Chart.AppVersion will be used @@ -67,3 +66,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false