From e67824599b24ca9847eb2c2889dfbf8df2e42ea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20F=C3=BCrstenberg?= Date: Sat, 6 Jan 2024 11:41:11 +0100 Subject: [PATCH 1/2] feat(helm-charts): Introduced priorityClassName system-node-critical as an optional boolean value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Florian Fürstenberg --- deployment/helm/balloons/README.md | 1 + deployment/helm/balloons/templates/daemonset.yaml | 3 +++ deployment/helm/balloons/values.yaml | 4 ++++ deployment/helm/memory-qos/README.md | 3 ++- deployment/helm/memory-qos/templates/daemonset.yaml | 3 +++ deployment/helm/memory-qos/values.yaml | 4 ++++ deployment/helm/memtierd/README.md | 3 ++- deployment/helm/memtierd/templates/daemonset.yaml | 3 +++ deployment/helm/memtierd/values.yaml | 4 ++++ deployment/helm/sgx-epc/README.md | 6 ++++-- deployment/helm/sgx-epc/templates/daemonset.yaml | 3 +++ deployment/helm/sgx-epc/values.yaml | 4 ++++ deployment/helm/template/README.md | 1 + deployment/helm/template/templates/daemonset.yaml | 3 +++ deployment/helm/template/values.yaml | 4 ++++ deployment/helm/topology-aware/README.md | 1 + deployment/helm/topology-aware/templates/daemonset.yaml | 3 +++ deployment/helm/topology-aware/values.yaml | 5 ++++- 18 files changed, 53 insertions(+), 5 deletions(-) diff --git a/deployment/helm/balloons/README.md b/deployment/helm/balloons/README.md index 8d74bc252..c3b6dbce0 100644 --- a/deployment/helm/balloons/README.md +++ b/deployment/helm/balloons/README.md @@ -98,6 +98,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/balloons/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/balloons/templates/daemonset.yaml b/deployment/helm/balloons/templates/daemonset.yaml index d496b2b47..21b83d8d2 100644 --- a/deployment/helm/balloons/templates/daemonset.yaml +++ b/deployment/helm/balloons/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/balloons/values.yaml b/deployment/helm/balloons/values.yaml index 7d37c4c6e..207c7a1f0 100644 --- a/deployment/helm/balloons/values.yaml +++ b/deployment/helm/balloons/values.yaml @@ -42,6 +42,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/memory-qos/README.md b/deployment/helm/memory-qos/README.md index 580cfbe92..a885b729b 100644 --- a/deployment/helm/memory-qos/README.md +++ b/deployment/helm/memory-qos/README.md @@ -94,8 +94,9 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 10m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/memory-qos/templates/daemonset.yaml b/deployment/helm/memory-qos/templates/daemonset.yaml index 11e772e39..c62c1b28a 100644 --- a/deployment/helm/memory-qos/templates/daemonset.yaml +++ b/deployment/helm/memory-qos/templates/daemonset.yaml @@ -62,6 +62,9 @@ spec: mountPath: /etc/nri/memory-qos - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memory-qos-config-vol configMap: diff --git a/deployment/helm/memory-qos/values.yaml b/deployment/helm/memory-qos/values.yaml index 5d33068bb..87249ba39 100644 --- a/deployment/helm/memory-qos/values.yaml +++ b/deployment/helm/memory-qos/values.yaml @@ -14,6 +14,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/memtierd/README.md b/deployment/helm/memtierd/README.md index e46ae3076..af82a1476 100644 --- a/deployment/helm/memtierd/README.md +++ b/deployment/helm/memtierd/README.md @@ -93,9 +93,10 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 250m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `outputDir` | empty string | host directory for memtierd.output files | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/memtierd/templates/daemonset.yaml b/deployment/helm/memtierd/templates/daemonset.yaml index d8b527fa9..232598f39 100644 --- a/deployment/helm/memtierd/templates/daemonset.yaml +++ b/deployment/helm/memtierd/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: - name: run-dir-vol mountPath: /run-dir {{- end }} + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: memtierd-config-vol configMap: diff --git a/deployment/helm/memtierd/values.yaml b/deployment/helm/memtierd/values.yaml index f161096d1..c0dd9017f 100644 --- a/deployment/helm/memtierd/values.yaml +++ b/deployment/helm/memtierd/values.yaml @@ -16,6 +16,10 @@ outputDir: "" nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/sgx-epc/README.md b/deployment/helm/sgx-epc/README.md index ab3759506..576d4b575 100644 --- a/deployment/helm/sgx-epc/README.md +++ b/deployment/helm/sgx-epc/README.md @@ -94,9 +94,11 @@ customize with their own values, along with the default values. | `image.tag` | unstable | container image tag | | `image.pullPolicy` | Always | image pull policy | | `resources.cpu` | 25m | cpu resources for the Pod | -| `resources.memory` | 100Mi | memory qouta for the | +| `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | +| `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | +| init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | diff --git a/deployment/helm/sgx-epc/templates/daemonset.yaml b/deployment/helm/sgx-epc/templates/daemonset.yaml index 4373dccfa..25a5c6d8b 100644 --- a/deployment/helm/sgx-epc/templates/daemonset.yaml +++ b/deployment/helm/sgx-epc/templates/daemonset.yaml @@ -58,6 +58,9 @@ spec: volumeMounts: - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: nrisockets hostPath: diff --git a/deployment/helm/sgx-epc/values.yaml b/deployment/helm/sgx-epc/values.yaml index e593c951b..5520bcd63 100644 --- a/deployment/helm/sgx-epc/values.yaml +++ b/deployment/helm/sgx-epc/values.yaml @@ -14,6 +14,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/template/README.md b/deployment/helm/template/README.md index e53517a99..86ff57019 100644 --- a/deployment/helm/template/README.md +++ b/deployment/helm/template/README.md @@ -98,6 +98,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/template/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/template/templates/daemonset.yaml b/deployment/helm/template/templates/daemonset.yaml index d8d1a6732..25de1d499 100644 --- a/deployment/helm/template/templates/daemonset.yaml +++ b/deployment/helm/template/templates/daemonset.yaml @@ -80,6 +80,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/template/values.yaml b/deployment/helm/template/values.yaml index 04feb68aa..d3930810e 100644 --- a/deployment/helm/template/values.yaml +++ b/deployment/helm/template/values.yaml @@ -30,6 +30,10 @@ resources: nri: patchRuntimeConfig: false + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager diff --git a/deployment/helm/topology-aware/README.md b/deployment/helm/topology-aware/README.md index ac54a97b6..1e3cbe7a9 100644 --- a/deployment/helm/topology-aware/README.md +++ b/deployment/helm/topology-aware/README.md @@ -99,6 +99,7 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/topology-aware/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | +| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | diff --git a/deployment/helm/topology-aware/templates/daemonset.yaml b/deployment/helm/topology-aware/templates/daemonset.yaml index aa4aefdbc..13508853a 100644 --- a/deployment/helm/topology-aware/templates/daemonset.yaml +++ b/deployment/helm/topology-aware/templates/daemonset.yaml @@ -87,6 +87,9 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri + {{- if .Values.nri.setPodPriorityClassNodeCritical }} + priorityClassName: system-node-critical + {{- end }} volumes: - name: resource-policydata hostPath: diff --git a/deployment/helm/topology-aware/values.yaml b/deployment/helm/topology-aware/values.yaml index 774830940..0f3350096 100644 --- a/deployment/helm/topology-aware/values.yaml +++ b/deployment/helm/topology-aware/values.yaml @@ -30,7 +30,10 @@ resources: nri: patchRuntimeConfig: false - + # NRI plugins should be considered as part of the container runtime. + # Therefore, adding the system-node-critical priority class to the DaemonSet, + # could mitigate potential risk in a running system under load. + setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager From 2483fe9d9f967385bbbca0fb6be51151a31684af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20F=C3=BCrstenberg?= Date: Mon, 8 Jan 2024 21:10:37 +0100 Subject: [PATCH 2/2] fix(helm-charts): streamline new value for activating the priority class for node-critical pods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Florian Fürstenberg --- deployment/helm/balloons/README.md | 2 +- deployment/helm/balloons/templates/daemonset.yaml | 2 +- deployment/helm/balloons/values.yaml | 9 +++++---- deployment/helm/memory-qos/README.md | 2 +- deployment/helm/memory-qos/templates/daemonset.yaml | 2 +- deployment/helm/memory-qos/values.yaml | 9 +++++---- deployment/helm/memtierd/README.md | 2 +- deployment/helm/memtierd/templates/daemonset.yaml | 2 +- deployment/helm/memtierd/values.yaml | 9 +++++---- deployment/helm/sgx-epc/README.md | 2 +- deployment/helm/sgx-epc/templates/daemonset.yaml | 2 +- deployment/helm/sgx-epc/values.yaml | 9 +++++---- deployment/helm/template/README.md | 2 +- deployment/helm/template/templates/daemonset.yaml | 2 +- deployment/helm/template/values.yaml | 9 +++++---- deployment/helm/topology-aware/README.md | 2 +- deployment/helm/topology-aware/templates/daemonset.yaml | 2 +- deployment/helm/topology-aware/values.yaml | 9 +++++---- 18 files changed, 42 insertions(+), 36 deletions(-) diff --git a/deployment/helm/balloons/README.md b/deployment/helm/balloons/README.md index c3b6dbce0..1de2f92a1 100644 --- a/deployment/helm/balloons/README.md +++ b/deployment/helm/balloons/README.md @@ -98,10 +98,10 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/balloons/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/balloons/templates/daemonset.yaml b/deployment/helm/balloons/templates/daemonset.yaml index 21b83d8d2..121d0e1f1 100644 --- a/deployment/helm/balloons/templates/daemonset.yaml +++ b/deployment/helm/balloons/templates/daemonset.yaml @@ -87,7 +87,7 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/balloons/values.yaml b/deployment/helm/balloons/values.yaml index 207c7a1f0..7a04a614f 100644 --- a/deployment/helm/balloons/values.yaml +++ b/deployment/helm/balloons/values.yaml @@ -42,10 +42,6 @@ resources: nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -82,3 +78,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/memory-qos/README.md b/deployment/helm/memory-qos/README.md index a885b729b..b44b657e2 100644 --- a/deployment/helm/memory-qos/README.md +++ b/deployment/helm/memory-qos/README.md @@ -96,10 +96,10 @@ customize with their own values, along with the default values. | `resources.cpu` | 10m | cpu resources for the Pod | | `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/memory-qos/templates/daemonset.yaml b/deployment/helm/memory-qos/templates/daemonset.yaml index c62c1b28a..689d0e20c 100644 --- a/deployment/helm/memory-qos/templates/daemonset.yaml +++ b/deployment/helm/memory-qos/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: mountPath: /etc/nri/memory-qos - name: nrisockets mountPath: /var/run/nri - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/memory-qos/values.yaml b/deployment/helm/memory-qos/values.yaml index 87249ba39..2f4356cd6 100644 --- a/deployment/helm/memory-qos/values.yaml +++ b/deployment/helm/memory-qos/values.yaml @@ -14,10 +14,6 @@ resources: nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -54,3 +50,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/memtierd/README.md b/deployment/helm/memtierd/README.md index af82a1476..ac33b68a6 100644 --- a/deployment/helm/memtierd/README.md +++ b/deployment/helm/memtierd/README.md @@ -96,10 +96,10 @@ customize with their own values, along with the default values. | `resources.memory` | 100Mi | memory qouta for the Pod | | `outputDir` | empty string | host directory for memtierd.output files | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/memtierd/templates/daemonset.yaml b/deployment/helm/memtierd/templates/daemonset.yaml index 232598f39..e01760a08 100644 --- a/deployment/helm/memtierd/templates/daemonset.yaml +++ b/deployment/helm/memtierd/templates/daemonset.yaml @@ -80,7 +80,7 @@ spec: - name: run-dir-vol mountPath: /run-dir {{- end }} - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/memtierd/values.yaml b/deployment/helm/memtierd/values.yaml index c0dd9017f..9ea235770 100644 --- a/deployment/helm/memtierd/values.yaml +++ b/deployment/helm/memtierd/values.yaml @@ -16,10 +16,6 @@ outputDir: "" nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -56,3 +52,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/sgx-epc/README.md b/deployment/helm/sgx-epc/README.md index 576d4b575..339000c9d 100644 --- a/deployment/helm/sgx-epc/README.md +++ b/deployment/helm/sgx-epc/README.md @@ -96,7 +96,6 @@ customize with their own values, along with the default values. | `resources.cpu` | 25m | cpu resources for the Pod | | `resources.memory` | 100Mi | memory qouta for the Pod | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | | init container image name | | `initImage.tag` | unstable | init container image tag | @@ -104,3 +103,4 @@ customize with their own values, along with the default values. | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/sgx-epc/templates/daemonset.yaml b/deployment/helm/sgx-epc/templates/daemonset.yaml index 25a5c6d8b..75b75e29b 100644 --- a/deployment/helm/sgx-epc/templates/daemonset.yaml +++ b/deployment/helm/sgx-epc/templates/daemonset.yaml @@ -58,7 +58,7 @@ spec: volumeMounts: - name: nrisockets mountPath: /var/run/nri - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/sgx-epc/values.yaml b/deployment/helm/sgx-epc/values.yaml index 5520bcd63..b9d2f5665 100644 --- a/deployment/helm/sgx-epc/values.yaml +++ b/deployment/helm/sgx-epc/values.yaml @@ -14,10 +14,6 @@ resources: nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -54,3 +50,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/template/README.md b/deployment/helm/template/README.md index 86ff57019..2a56a6aa9 100644 --- a/deployment/helm/template/README.md +++ b/deployment/helm/template/README.md @@ -98,8 +98,8 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/template/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/template/templates/daemonset.yaml b/deployment/helm/template/templates/daemonset.yaml index 25de1d499..d52b99e12 100644 --- a/deployment/helm/template/templates/daemonset.yaml +++ b/deployment/helm/template/templates/daemonset.yaml @@ -80,7 +80,7 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/template/values.yaml b/deployment/helm/template/values.yaml index d3930810e..92027757f 100644 --- a/deployment/helm/template/values.yaml +++ b/deployment/helm/template/values.yaml @@ -30,10 +30,6 @@ resources: nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -49,3 +45,8 @@ tolerations: [] # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false diff --git a/deployment/helm/topology-aware/README.md b/deployment/helm/topology-aware/README.md index 1e3cbe7a9..e2fef4e70 100644 --- a/deployment/helm/topology-aware/README.md +++ b/deployment/helm/topology-aware/README.md @@ -99,10 +99,10 @@ customize with their own values, along with the default values. | `hostPort` | 8891 | metrics port to expose on the host | | `config` | see [helm chart values](tree:/deployment/helm/topology-aware/values.yaml) for the default configuration | plugin configuration data | | `nri.patchRuntimeConfig` | false | enable NRI in containerd or CRI-O | -| `nri.setPodPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | | `initImage.name` | [ghcr.io/containers/nri-plugins/config-manager](https://ghcr.io/containers/nri-plugins/config-manager) | init container image name | | `initImage.tag` | unstable | init container image tag | | `initImage.pullPolicy` | Always | init container image pull policy | | `tolerations` | [] | specify taint toleration key, operator and effect | | `affinity` | [] | specify node affinity | | `nodeSelector` | [] | specify node selector labels | +| `podPriorityClassNodeCritical` | false | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical) | diff --git a/deployment/helm/topology-aware/templates/daemonset.yaml b/deployment/helm/topology-aware/templates/daemonset.yaml index 13508853a..4f70ff2a3 100644 --- a/deployment/helm/topology-aware/templates/daemonset.yaml +++ b/deployment/helm/topology-aware/templates/daemonset.yaml @@ -87,7 +87,7 @@ spec: mountPath: /var/run/nri-resource-policy - name: nrisockets mountPath: /var/run/nri - {{- if .Values.nri.setPodPriorityClassNodeCritical }} + {{- if .Values.podPriorityClassNodeCritical }} priorityClassName: system-node-critical {{- end }} volumes: diff --git a/deployment/helm/topology-aware/values.yaml b/deployment/helm/topology-aware/values.yaml index 0f3350096..192ddd30b 100644 --- a/deployment/helm/topology-aware/values.yaml +++ b/deployment/helm/topology-aware/values.yaml @@ -30,10 +30,6 @@ resources: nri: patchRuntimeConfig: false - # NRI plugins should be considered as part of the container runtime. - # Therefore, adding the system-node-critical priority class to the DaemonSet, - # could mitigate potential risk in a running system under load. - setPodPriorityClassNodeCritical: false initContainerImage: name: ghcr.io/containers/nri-plugins/nri-config-manager @@ -70,3 +66,8 @@ nodeSelector: [] # # nodeSelector: # kubernetes.io/disk: "ssd" + +# NRI plugins should be considered as part of the container runtime. +# Therefore, adding the system-node-critical priority class to the DaemonSet, +# could mitigate potential risk in a running system under load. +podPriorityClassNodeCritical: false