From d9ee77d1b4d8371357a59471708af1cb57704d2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20B=C3=ADr=C3=B3?= <60390128+Tamas-Biro1@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:48:53 +0100 Subject: [PATCH] Calico apiserver improvements (#3481) Use RollingUpdate strategy for APIserver except when hostNetworked use Recreate. Add priorityClassName configuration field to the APIServer deployment configuration in the APIServer CRD for setting the priority class. * Calico APIServer configuration * Calico APIServer configuration refactor --- api/v1/apiserver_types.go | 6 +++- .../operator.tigera.io_apiservers.yaml | 4 +++ pkg/render/apiserver.go | 6 ++-- pkg/render/apiserver_test.go | 32 ++++++++++++++++--- 4 files changed, 40 insertions(+), 8 deletions(-) diff --git a/api/v1/apiserver_types.go b/api/v1/apiserver_types.go index 9a82d76305..f75250bb36 100644 --- a/api/v1/apiserver_types.go +++ b/api/v1/apiserver_types.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2020-2025 Tigera, Inc. All rights reserved. /* @@ -150,6 +150,10 @@ type APIServerDeploymentPodSpec struct { // WARNING: Please note that this field will override the default API server Deployment tolerations. // +optional Tolerations []v1.Toleration `json:"tolerations,omitempty"` + + // PriorityClassName allows to specify a PriorityClass resource to be used. + // +optional + PriorityClassName string `json:"priorityClassName,omitempty"` } // APIServerDeploymentPodTemplateSpec is the API server Deployment's PodTemplateSpec diff --git a/pkg/crds/operator/operator.tigera.io_apiservers.yaml b/pkg/crds/operator/operator.tigera.io_apiservers.yaml index e3730a8d49..01f4882d86 100644 --- a/pkg/crds/operator/operator.tigera.io_apiservers.yaml +++ b/pkg/crds/operator/operator.tigera.io_apiservers.yaml @@ -1235,6 +1235,10 @@ spec: If omitted, the API server Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default API server Deployment nodeSelector. type: object + priorityClassName: + description: PriorityClassName allows to specify a + PriorityClass resource to be used. + type: string tolerations: description: |- Tolerations is the API server pod's tolerations. diff --git a/pkg/render/apiserver.go b/pkg/render/apiserver.go index b1e78a7f34..91d9bc91b2 100644 --- a/pkg/render/apiserver.go +++ b/pkg/render/apiserver.go @@ -1,4 +1,4 @@ -// Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2019-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -1013,9 +1013,11 @@ func (c *apiServerComponent) apiServerDeployment() *appsv1.Deployment { name, _ := c.resourceNameBasedOnVariant("tigera-apiserver", "calico-apiserver") hostNetwork := c.hostNetwork() dnsPolicy := corev1.DNSClusterFirst + deploymentStrategyType := appsv1.RollingUpdateDeploymentStrategyType if hostNetwork { // Adjust DNS policy so we can access in-cluster services. dnsPolicy = corev1.DNSClusterFirstWithHostNet + deploymentStrategyType = appsv1.RecreateDeploymentStrategyType } var initContainers []corev1.Container @@ -1050,7 +1052,7 @@ func (c *apiServerComponent) apiServerDeployment() *appsv1.Deployment { Spec: appsv1.DeploymentSpec{ Replicas: c.cfg.Installation.ControlPlaneReplicas, Strategy: appsv1.DeploymentStrategy{ - Type: appsv1.RecreateDeploymentStrategyType, + Type: deploymentStrategyType, }, Selector: c.deploymentSelector(), Template: corev1.PodTemplateSpec{ diff --git a/pkg/render/apiserver_test.go b/pkg/render/apiserver_test.go index 095bba537b..1352f21a04 100644 --- a/pkg/render/apiserver_test.go +++ b/pkg/render/apiserver_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2019-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2019-2025 Tigera, Inc. All rights reserved. // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -194,7 +194,7 @@ var _ = Describe("API server rendering tests (Calico Enterprise)", func() { Expect(d.Labels).To(HaveKeyWithValue("apiserver", "true")) Expect(*d.Spec.Replicas).To(BeEquivalentTo(2)) - Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RecreateDeploymentStrategyType)) + Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RollingUpdateDeploymentStrategyType)) Expect(len(d.Spec.Selector.MatchLabels)).To(Equal(1)) Expect(d.Spec.Selector.MatchLabels).To(HaveKeyWithValue("apiserver", "true")) @@ -646,6 +646,15 @@ var _ = Describe("API server rendering tests (Calico Enterprise)", func() { rtest.ExpectK8sServiceEpEnvVars(deployment.Spec.Template.Spec, "k8shost", "1234") }) + It("should set RecreateDeploymentStrategyType if host networked", func() { + cfg.ForceHostNetwork = true + component, err := render.APIServer(cfg) + Expect(err).To(BeNil(), "Expected APIServer to create successfully %s", err) + resources, _ := component.Objects() + d := rtest.GetResource(resources, "tigera-apiserver", "tigera-system", "apps", "v1", "Deployment").(*appsv1.Deployment) + Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RecreateDeploymentStrategyType)) + }) + It("should add egress policy with Enterprise variant and K8SServiceEndpoint defined", func() { cfg.K8SServiceEndpoint.Host = "k8shost" cfg.K8SServiceEndpoint.Port = "1234" @@ -1656,7 +1665,7 @@ var _ = Describe("API server rendering tests (Calico)", func() { Expect(d.Labels).To(HaveKeyWithValue("apiserver", "true")) Expect(*d.Spec.Replicas).To(BeEquivalentTo(2)) - Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RecreateDeploymentStrategyType)) + Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RollingUpdateDeploymentStrategyType)) Expect(len(d.Spec.Selector.MatchLabels)).To(Equal(1)) Expect(d.Spec.Selector.MatchLabels).To(HaveKeyWithValue("apiserver", "true")) @@ -1826,6 +1835,15 @@ var _ = Describe("API server rendering tests (Calico)", func() { rtest.ExpectK8sServiceEpEnvVars(deployment.Spec.Template.Spec, "k8shost", "1234") }) + It("should set RecreateDeploymentStrategyType if host networked", func() { + cfg.ForceHostNetwork = true + component, err := render.APIServer(cfg) + Expect(err).To(BeNil(), "Expected APIServer to create successfully %s", err) + resources, _ := component.Objects() + d := rtest.GetResource(resources, "calico-apiserver", "calico-apiserver", "apps", "v1", "Deployment").(*appsv1.Deployment) + Expect(d.Spec.Strategy.Type).To(Equal(appsv1.RecreateDeploymentStrategyType)) + }) + It("should not set KUBERNETES_SERVICE_... variables if Docker EE using proxy.local", func() { cfg.K8SServiceEndpoint.Host = "proxy.local" cfg.K8SServiceEndpoint.Port = "1234" @@ -1957,6 +1975,8 @@ var _ = Describe("API server rendering tests (Calico)", func() { Value: "bar", } + priorityclassname := "priority" + cfg.APIServer.APIServerDeployment = &operatorv1.APIServerDeployment{ Metadata: &operatorv1.Metadata{ Labels: map[string]string{"top-level": "label1"}, @@ -1985,8 +2005,9 @@ var _ = Describe("API server rendering tests (Calico)", func() { NodeSelector: map[string]string{ "custom-node-selector": "value", }, - Affinity: affinity, - Tolerations: []corev1.Toleration{toleration}, + Affinity: affinity, + Tolerations: []corev1.Toleration{toleration}, + PriorityClassName: priorityclassname, }, }, }, @@ -2046,6 +2067,7 @@ var _ = Describe("API server rendering tests (Calico)", func() { Expect(d.Spec.Template.Spec.Tolerations).To(HaveLen(1)) Expect(d.Spec.Template.Spec.Tolerations[0]).To(Equal(toleration)) + Expect(d.Spec.Template.Spec.PriorityClassName).To(Equal(priorityclassname)) }) It("should override a ControlPlaneNodeSelector when specified", func() {