chore(api): set priority class for pods

- Set priority class system-cluster-critical - Delete priority class kubevirt-internal-virtualization-cluster-critical Signed-off-by: Isteb4k <dmitry.rakitin@flant.com>
deckhouse · Sep 4, 2024 · 6fb5106 · 6fb5106
1 parent b173b08
commit 6fb5106
Show file tree

Hide file tree

Showing 11 changed files with 95 additions and 103 deletions.
diff --git a/images/virt-artifact/patches/015-rename-core-resources.patch b/images/virt-artifact/patches/015-rename-core-resources.patch
@@ -1,40 +1,3 @@
-diff --git a/manifests/generated/kubevirt-priority-class.yaml b/manifests/generated/kubevirt-priority-class.yaml
-index e8dfe36c2..0f57dd6a8 100644
---- a/manifests/generated/kubevirt-priority-class.yaml
-+++ b/manifests/generated/kubevirt-priority-class.yaml
-@@ -3,5 +3,5 @@ apiVersion: scheduling.k8s.io/v1
- description: This priority class should be used for KubeVirt core components only.
- kind: PriorityClass
- metadata:
--  name: kubevirt-cluster-critical
-+  name: kubevirt-internal-virtualization-cluster-critical
- value: 1000000000
-diff --git a/manifests/generated/operator-csv.yaml.in b/manifests/generated/operator-csv.yaml.in
-index b0a4b48e9..245e32dfb 100644
---- a/manifests/generated/operator-csv.yaml.in
-+++ b/manifests/generated/operator-csv.yaml.in
-@@ -1356,7 +1356,7 @@ spec:
-                   name: profile-data
-               nodeSelector:
-                 kubernetes.io/os: linux
--              priorityClassName: kubevirt-cluster-critical
-+              priorityClassName: kubevirt-internal-virtualization-cluster-critical
-               securityContext:
-                 runAsNonRoot: true
-                 seccompProfile:
-diff --git a/manifests/release/kubevirt-operator.yaml.in b/manifests/release/kubevirt-operator.yaml.in
-index 6ac36d99b..d7bfbd010 100644
---- a/manifests/release/kubevirt-operator.yaml.in
-+++ b/manifests/release/kubevirt-operator.yaml.in
-@@ -11,7 +11,7 @@ metadata:
- apiVersion: scheduling.k8s.io/v1
- kind: PriorityClass
- metadata:
--  name: kubevirt-cluster-critical
-+  name: kubevirt-internal-virtualization-cluster-critical
- value: 1000000000
- globalDefault: false
- description: "This priority class should be used for core kubevirt components only."
 diff --git a/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go b/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go
 index 228518871..55ce72b6c 100644
 --- a/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go
@@ -51,48 +14,13 @@ index 228518871..55ce72b6c 100644
  		},
  		Spec: policyv1.PodDisruptionBudgetSpec{
  			MinAvailable: &minAvailable,
-diff --git a/pkg/virt-operator/resource/generate/components/crds.go b/pkg/virt-operator/resource/generate/components/crds.go
-index 822f3d82b..36126ef43 100644
---- a/pkg/virt-operator/resource/generate/components/crds.go
-+++ b/pkg/virt-operator/resource/generate/components/crds.go
-@@ -862,7 +862,7 @@ func NewKubeVirtPriorityClassCR() *schedulingv1.PriorityClass {
- 			Kind:       "PriorityClass",
- 		},
- 		ObjectMeta: metav1.ObjectMeta{
--			Name: "kubevirt-cluster-critical",
-+			Name: "kubevirt-internal-virtualization-cluster-critical",
- 		},
- 		// 1 billion is the highest value we can set
- 		// https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
-diff --git a/pkg/virt-operator/resource/generate/components/deployments.go b/pkg/virt-operator/resource/generate/components/deployments.go
-index 4d00a423a..ced56e776 100644
---- a/pkg/virt-operator/resource/generate/components/deployments.go
-+++ b/pkg/virt-operator/resource/generate/components/deployments.go
-@@ -166,7 +166,7 @@ func newPodTemplateSpec(podName, imageName, repository, version, productName, pr
- 			Name: podName,
- 		},
- 		Spec: corev1.PodSpec{
--			PriorityClassName: "kubevirt-cluster-critical",
-+			PriorityClassName: "kubevirt-internal-virtualization-cluster-critical",
- 			Affinity:          podAffinity,
- 			Tolerations:       criticalAddonsToleration(),
- 			Containers: []corev1.Container{
-@@ -529,7 +529,7 @@ func NewOperatorDeployment(namespace, repository, imagePrefix, version, verbosit
- 					Name: VirtOperatorName,
- 				},
- 				Spec: corev1.PodSpec{
--					PriorityClassName:  "kubevirt-cluster-critical",
-+					PriorityClassName:  "kubevirt-internal-virtualization-cluster-critical",
- 					Tolerations:        criticalAddonsToleration(),
- 					Affinity:           podAntiAffinity,
- 					ServiceAccountName: "kubevirt-operator",
 diff --git a/pkg/virt-operator/resource/generate/components/serviceaccountnames.go b/pkg/virt-operator/resource/generate/components/serviceaccountnames.go
 index 0948629bb..9aca3b3bd 100644
 --- a/pkg/virt-operator/resource/generate/components/serviceaccountnames.go
 +++ b/pkg/virt-operator/resource/generate/components/serviceaccountnames.go
 @@ -1,9 +1,9 @@
  package components
-
+ 
  const (
 -	ApiServiceAccountName         = "kubevirt-apiserver"
 -	ControllerServiceAccountName  = "kubevirt-controller"
@@ -105,28 +33,28 @@ index 0948629bb..9aca3b3bd 100644
  	OperatorServiceAccountName    = "kubevirt-operator"
  )
 diff --git a/pkg/virt-operator/resource/generate/components/webhooks.go b/pkg/virt-operator/resource/generate/components/webhooks.go
-index 2600f8f39..22381d9e9 100644
+index 2600f8f39..620449fa1 100644
 --- a/pkg/virt-operator/resource/generate/components/webhooks.go
 +++ b/pkg/virt-operator/resource/generate/components/webhooks.go
 @@ -833,15 +833,15 @@ const VirtHandlerServiceName = "virt-handler"
-
+ 
  const VirtExportProxyServiceName = "virt-exportproxy"
-
+ 
 -const VirtAPIValidatingWebhookName = "virt-api-validator"
 +const VirtAPIValidatingWebhookName = "virt-internal-virtualization-api-validator"
-
+ 
  const VirtOperatorServiceName = "kubevirt-operator-webhook"
-
+ 
 -const VirtAPIMutatingWebhookName = "virt-api-mutator"
 +const VirtAPIMutatingWebhookName = "virt-internal-virtualization-api-mutator"
-
+ 
  const KubevirtOperatorWebhookServiceName = "kubevirt-operator-webhook"
-
+ 
 -const KubeVirtOperatorValidatingWebhookName = "virt-operator-validator"
 +const KubeVirtOperatorValidatingWebhookName = "virt-internal-virtualization-operator-validator"
-
+ 
  const VMSnapshotValidatePath = "/virtualmachinesnapshots-validate"
-
+ 
 diff --git a/pkg/virt-operator/resource/generate/rbac/apiserver.go b/pkg/virt-operator/resource/generate/rbac/apiserver.go
 index 932f7391e..76c79d452 100644
 --- a/pkg/virt-operator/resource/generate/rbac/apiserver.go
@@ -189,13 +117,13 @@ index 071ed91f9..ebc9f2adb 100644
  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  	"k8s.io/apimachinery/pkg/runtime"
 +	"kubevirt.io/kubevirt/pkg/virt-operator/resource/generate/components"
-
+ 
  	virtv1 "kubevirt.io/api/core/v1"
  )
-
+ 
 -const ExportProxyServiceAccountName = "kubevirt-exportproxy"
 +const ExportProxyServiceAccountName = components.ExportProxyServiceAccountName
-
+ 
  func GetAllExportProxy(namespace string) []runtime.Object {
  	return []runtime.Object{
 diff --git a/pkg/virt-operator/resource/generate/rbac/operator.go b/pkg/virt-operator/resource/generate/rbac/operator.go

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -1,3 +1,7 @@
+{{- define "priorityClassName" -}}
+system-cluster-critical
+{{- end }}
+
 {{- define "strategic_affinity_patch" -}}
   {{- $key := index . 0 -}}
   {{- $labelValue := index . 1 -}}

diff --git a/templates/cdi/cdi-operator/deployment.yaml b/templates/cdi/cdi-operator/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $priorityClassName := include "priorityClassName" . }}
+
 {{- define "cdi_images" -}}
 - name: CONTROLLER_IMAGE
   value: {{ include "helm_lib_module_image" (list . "cdiController") }}
@@ -124,7 +126,7 @@ spec:
         volumeMounts:
           - name: kube-api-proxy-kubeconfig
             mountPath: /kubeconfig.local
-      {{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
       {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}

diff --git a/templates/cdi/cdi.yaml b/templates/cdi/cdi.yaml
@@ -5,6 +5,7 @@
 {{- $proxyImage := include "helm_lib_module_image" (list . "kubeApiProxy") | toJson }}
 {{- $kubeAPIProxyRewriter := true }}
 {{- $webhookProxyPort :=  24192 }}
+{{- $priorityClassName := include "priorityClassName" . }}
 ---
 apiVersion: cdi.internal.virtualization.deckhouse.io/v1beta1
 kind: InternalVirtualizationCDI
@@ -17,6 +18,9 @@ spec:
   infra:
     {{- include "helm_lib_node_selector" (tuple . "system") | nindent 4 }}
     {{- include "helm_lib_tolerations" (tuple . "system") | nindent 4 }}
+  {{- if (.Values.global.enabledModules | has "priority-class") }}
+  priorityClass: {{ $priorityClassName }}
+  {{- end }}
   config:
     podResourceRequirements:
       limits:

diff --git a/templates/dvcr/deployment.yaml b/templates/dvcr/deployment.yaml
@@ -1,3 +1,4 @@
+{{- $priorityClassName := include "priorityClassName" . }}
 {{- define "dvcr_resources" }}
 cpu: 50m
 memory: 150Mi
@@ -94,7 +95,7 @@ spec:
           env: {{ include "dvcr.envs" . | nindent 12 }}
           volumeMounts: {{ include "dvcr.volumeMounts" . | nindent 12 }}
       volumes: {{ include "dvcr.volumes" . | nindent 8 }}
-      {{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
-      serviceAccountName: dvcr
+      serviceAccountName: dvcr
diff --git a/templates/kubevirt/kubevirt.yaml b/templates/kubevirt/kubevirt.yaml
@@ -4,7 +4,11 @@
 {{- $tolerationsAnyNode := index (include "helm_lib_tolerations" (tuple . "any-node") | fromYaml) "tolerations" | default (list) | toJson }}
 {{- $proxyImage := include "helm_lib_module_image" (list . "kubeApiProxy") | toJson }}
 {{- $kubeAPIProxyRewriter := true }}
-{{- $webhookProxyPort :=  24192 }}
+{{- $webhookProxyPort := 24192 }}
+{{- $priorityClassName := "" | quote }}
+{{- if (.Values.global.enabledModules | has "priority-class") }}
+{{- $priorityClassName = include "priorityClassName" . | quote }}
+{{- end }}
 ---
 apiVersion: internal.virtualization.deckhouse.io/v1
 kind: InternalVirtualizationKubeVirt
@@ -283,6 +287,58 @@ spec:
           }
         }
       type: strategic
+    - resourceType: Deployment
+      resourceName: virt-api
+      patch: |
+        {
+          "spec": {
+            "template": {
+              "spec": {
+                "priorityClassName": {{ $priorityClassName }}
+              }
+            }
+          }
+        }
+      type: strategic
+    - resourceType: Deployment
+      resourceName: virt-controller
+      patch: |
+        {
+          "spec": {
+            "template": {
+              "spec": {
+                "priorityClassName": {{ $priorityClassName }}
+              }
+            }
+          }
+        }
+      type: strategic
+    - resourceType: Deployment
+      resourceName: virt-exportproxy
+      patch: |
+        {
+          "spec": {
+            "template": {
+              "spec": {
+                "priorityClassName": {{ $priorityClassName }}
+              }
+            }
+          }
+        }
+      type: strategic
+    - resourceType: DaemonSet
+      resourceName: virt-handler
+      patch: |
+        {
+          "spec": {
+            "template": {
+              "spec": {
+                "priorityClassName": {{ $priorityClassName }}
+              }
+            }
+          }
+        }
+      type: strategic
 
   imagePullPolicy: IfNotPresent
   imagePullSecrets:

diff --git a/templates/kubevirt/priorityclass.yaml b/templates/kubevirt/priorityclass.yaml
diff --git a/templates/kubevirt/virt-operator/deployment.yaml b/templates/kubevirt/virt-operator/deployment.yaml
@@ -1,3 +1,4 @@
+{{- $priorityClassName := include "priorityClassName" . }}
 {{- define "kubevirt_images" -}}
 - name: VIRT_OPERATOR_IMAGE
   value: {{ include "helm_lib_module_image" (list . "virtOperator") }}
@@ -171,7 +172,7 @@ spec:
           name: profile-data
         - mountPath: /kubeconfig.local
           name: kube-api-proxy-kubeconfig
-      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
       {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}

diff --git a/templates/kubevirt/vm-route-forge/daemonset.yaml b/templates/kubevirt/vm-route-forge/daemonset.yaml
@@ -1,3 +1,4 @@
+{{- $priorityClassName := include "priorityClassName" . }}
 {{- define "vm-route-forge_resources" }}
 cpu: 10m
 memory: 25Mi
@@ -43,7 +44,7 @@ spec:
       labels:
         app: vm-route-forge
     spec:
-      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
       {{- include "helm_lib_module_pod_security_context_run_as_user_root" . | nindent 6 }}
       imagePullSecrets:

diff --git a/templates/virtualization-api/deployment.yaml b/templates/virtualization-api/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $priorityClassName := include "priorityClassName" . }}
+
 {{- define "virtualization_api_resources" }}
 cpu: 10m
 memory: 150Mi
@@ -101,7 +103,7 @@ spec:
               {{- end }}
       dnsPolicy: ClusterFirst
       serviceAccountName: virtualization-api
-      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
       volumes:
@@ -122,4 +124,4 @@ spec:
           secret:
             defaultMode: 420
             optional: true
-            secretName: virtualization-api-proxy-tls
+            secretName: virtualization-api-proxy-tls
diff --git a/templates/virtualization-controller/deployment.yaml b/templates/virtualization-controller/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $priorityClassName := include "priorityClassName" . }}
+
 {{- define "virtualization_controller_resources" }}
 cpu: 10m
 memory: 150Mi
@@ -109,7 +111,7 @@ spec:
 
       dnsPolicy: ClusterFirst
       serviceAccountName: virtualization-controller
-      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
+      {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }}
       {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
       {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
       volumes: