diff --git a/images/virt-artifact/patches/015-rename-core-resources.patch b/images/virt-artifact/patches/015-rename-core-resources.patch index 40bdfb370..6322cdbf6 100644 --- a/images/virt-artifact/patches/015-rename-core-resources.patch +++ b/images/virt-artifact/patches/015-rename-core-resources.patch @@ -1,40 +1,3 @@ -diff --git a/manifests/generated/kubevirt-priority-class.yaml b/manifests/generated/kubevirt-priority-class.yaml -index e8dfe36c2..0f57dd6a8 100644 ---- a/manifests/generated/kubevirt-priority-class.yaml -+++ b/manifests/generated/kubevirt-priority-class.yaml -@@ -3,5 +3,5 @@ apiVersion: scheduling.k8s.io/v1 - description: This priority class should be used for KubeVirt core components only. - kind: PriorityClass - metadata: -- name: kubevirt-cluster-critical -+ name: kubevirt-internal-virtualization-cluster-critical - value: 1000000000 -diff --git a/manifests/generated/operator-csv.yaml.in b/manifests/generated/operator-csv.yaml.in -index b0a4b48e9..245e32dfb 100644 ---- a/manifests/generated/operator-csv.yaml.in -+++ b/manifests/generated/operator-csv.yaml.in -@@ -1356,7 +1356,7 @@ spec: - name: profile-data - nodeSelector: - kubernetes.io/os: linux -- priorityClassName: kubevirt-cluster-critical -+ priorityClassName: kubevirt-internal-virtualization-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: -diff --git a/manifests/release/kubevirt-operator.yaml.in b/manifests/release/kubevirt-operator.yaml.in -index 6ac36d99b..d7bfbd010 100644 ---- a/manifests/release/kubevirt-operator.yaml.in -+++ b/manifests/release/kubevirt-operator.yaml.in -@@ -11,7 +11,7 @@ metadata: - apiVersion: scheduling.k8s.io/v1 - kind: PriorityClass - metadata: -- name: kubevirt-cluster-critical -+ name: kubevirt-internal-virtualization-cluster-critical - value: 1000000000 - globalDefault: false - description: "This priority class should be used for core kubevirt components only." diff --git a/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go b/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go index 228518871..55ce72b6c 100644 --- a/pkg/virt-controller/watch/drain/disruptionbudget/disruptionbudget.go @@ -51,48 +14,13 @@ index 228518871..55ce72b6c 100644 }, Spec: policyv1.PodDisruptionBudgetSpec{ MinAvailable: &minAvailable, -diff --git a/pkg/virt-operator/resource/generate/components/crds.go b/pkg/virt-operator/resource/generate/components/crds.go -index 822f3d82b..36126ef43 100644 ---- a/pkg/virt-operator/resource/generate/components/crds.go -+++ b/pkg/virt-operator/resource/generate/components/crds.go -@@ -862,7 +862,7 @@ func NewKubeVirtPriorityClassCR() *schedulingv1.PriorityClass { - Kind: "PriorityClass", - }, - ObjectMeta: metav1.ObjectMeta{ -- Name: "kubevirt-cluster-critical", -+ Name: "kubevirt-internal-virtualization-cluster-critical", - }, - // 1 billion is the highest value we can set - // https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -diff --git a/pkg/virt-operator/resource/generate/components/deployments.go b/pkg/virt-operator/resource/generate/components/deployments.go -index 4d00a423a..ced56e776 100644 ---- a/pkg/virt-operator/resource/generate/components/deployments.go -+++ b/pkg/virt-operator/resource/generate/components/deployments.go -@@ -166,7 +166,7 @@ func newPodTemplateSpec(podName, imageName, repository, version, productName, pr - Name: podName, - }, - Spec: corev1.PodSpec{ -- PriorityClassName: "kubevirt-cluster-critical", -+ PriorityClassName: "kubevirt-internal-virtualization-cluster-critical", - Affinity: podAffinity, - Tolerations: criticalAddonsToleration(), - Containers: []corev1.Container{ -@@ -529,7 +529,7 @@ func NewOperatorDeployment(namespace, repository, imagePrefix, version, verbosit - Name: VirtOperatorName, - }, - Spec: corev1.PodSpec{ -- PriorityClassName: "kubevirt-cluster-critical", -+ PriorityClassName: "kubevirt-internal-virtualization-cluster-critical", - Tolerations: criticalAddonsToleration(), - Affinity: podAntiAffinity, - ServiceAccountName: "kubevirt-operator", diff --git a/pkg/virt-operator/resource/generate/components/serviceaccountnames.go b/pkg/virt-operator/resource/generate/components/serviceaccountnames.go index 0948629bb..9aca3b3bd 100644 --- a/pkg/virt-operator/resource/generate/components/serviceaccountnames.go +++ b/pkg/virt-operator/resource/generate/components/serviceaccountnames.go @@ -1,9 +1,9 @@ package components - + const ( - ApiServiceAccountName = "kubevirt-apiserver" - ControllerServiceAccountName = "kubevirt-controller" @@ -105,28 +33,28 @@ index 0948629bb..9aca3b3bd 100644 OperatorServiceAccountName = "kubevirt-operator" ) diff --git a/pkg/virt-operator/resource/generate/components/webhooks.go b/pkg/virt-operator/resource/generate/components/webhooks.go -index 2600f8f39..22381d9e9 100644 +index 2600f8f39..620449fa1 100644 --- a/pkg/virt-operator/resource/generate/components/webhooks.go +++ b/pkg/virt-operator/resource/generate/components/webhooks.go @@ -833,15 +833,15 @@ const VirtHandlerServiceName = "virt-handler" - + const VirtExportProxyServiceName = "virt-exportproxy" - + -const VirtAPIValidatingWebhookName = "virt-api-validator" +const VirtAPIValidatingWebhookName = "virt-internal-virtualization-api-validator" - + const VirtOperatorServiceName = "kubevirt-operator-webhook" - + -const VirtAPIMutatingWebhookName = "virt-api-mutator" +const VirtAPIMutatingWebhookName = "virt-internal-virtualization-api-mutator" - + const KubevirtOperatorWebhookServiceName = "kubevirt-operator-webhook" - + -const KubeVirtOperatorValidatingWebhookName = "virt-operator-validator" +const KubeVirtOperatorValidatingWebhookName = "virt-internal-virtualization-operator-validator" - + const VMSnapshotValidatePath = "/virtualmachinesnapshots-validate" - + diff --git a/pkg/virt-operator/resource/generate/rbac/apiserver.go b/pkg/virt-operator/resource/generate/rbac/apiserver.go index 932f7391e..76c79d452 100644 --- a/pkg/virt-operator/resource/generate/rbac/apiserver.go @@ -189,13 +117,13 @@ index 071ed91f9..ebc9f2adb 100644 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "kubevirt.io/kubevirt/pkg/virt-operator/resource/generate/components" - + virtv1 "kubevirt.io/api/core/v1" ) - + -const ExportProxyServiceAccountName = "kubevirt-exportproxy" +const ExportProxyServiceAccountName = components.ExportProxyServiceAccountName - + func GetAllExportProxy(namespace string) []runtime.Object { return []runtime.Object{ diff --git a/pkg/virt-operator/resource/generate/rbac/operator.go b/pkg/virt-operator/resource/generate/rbac/operator.go diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index f2dc14b3d..41e651c7b 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -1,3 +1,7 @@ +{{- define "priorityClassName" -}} +system-cluster-critical +{{- end }} + {{- define "strategic_affinity_patch" -}} {{- $key := index . 0 -}} {{- $labelValue := index . 1 -}} diff --git a/templates/cdi/cdi-operator/deployment.yaml b/templates/cdi/cdi-operator/deployment.yaml index 393bc9cfd..eddbf340e 100644 --- a/templates/cdi/cdi-operator/deployment.yaml +++ b/templates/cdi/cdi-operator/deployment.yaml @@ -1,3 +1,5 @@ +{{- $priorityClassName := include "priorityClassName" . }} + {{- define "cdi_images" -}} - name: CONTROLLER_IMAGE value: {{ include "helm_lib_module_image" (list . "cdiController") }} @@ -124,7 +126,7 @@ spec: volumeMounts: - name: kube-api-proxy-kubeconfig mountPath: /kubeconfig.local - {{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }} {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }} diff --git a/templates/cdi/cdi.yaml b/templates/cdi/cdi.yaml index 32bf9e749..d3ff12587 100644 --- a/templates/cdi/cdi.yaml +++ b/templates/cdi/cdi.yaml @@ -5,6 +5,7 @@ {{- $proxyImage := include "helm_lib_module_image" (list . "kubeApiProxy") | toJson }} {{- $kubeAPIProxyRewriter := true }} {{- $webhookProxyPort := 24192 }} +{{- $priorityClassName := include "priorityClassName" . }} --- apiVersion: cdi.internal.virtualization.deckhouse.io/v1beta1 kind: InternalVirtualizationCDI @@ -17,6 +18,9 @@ spec: infra: {{- include "helm_lib_node_selector" (tuple . "system") | nindent 4 }} {{- include "helm_lib_tolerations" (tuple . "system") | nindent 4 }} + {{- if (.Values.global.enabledModules | has "priority-class") }} + priorityClass: {{ $priorityClassName }} + {{- end }} config: podResourceRequirements: limits: diff --git a/templates/dvcr/deployment.yaml b/templates/dvcr/deployment.yaml index 08c09054c..1ba7f1165 100644 --- a/templates/dvcr/deployment.yaml +++ b/templates/dvcr/deployment.yaml @@ -1,3 +1,4 @@ +{{- $priorityClassName := include "priorityClassName" . }} {{- define "dvcr_resources" }} cpu: 50m memory: 150Mi @@ -94,7 +95,7 @@ spec: env: {{ include "dvcr.envs" . | nindent 12 }} volumeMounts: {{ include "dvcr.volumeMounts" . | nindent 12 }} volumes: {{ include "dvcr.volumes" . | nindent 8 }} - {{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }} - serviceAccountName: dvcr \ No newline at end of file + serviceAccountName: dvcr diff --git a/templates/kubevirt/kubevirt.yaml b/templates/kubevirt/kubevirt.yaml index 6162f616f..5edbe3c27 100644 --- a/templates/kubevirt/kubevirt.yaml +++ b/templates/kubevirt/kubevirt.yaml @@ -4,7 +4,11 @@ {{- $tolerationsAnyNode := index (include "helm_lib_tolerations" (tuple . "any-node") | fromYaml) "tolerations" | default (list) | toJson }} {{- $proxyImage := include "helm_lib_module_image" (list . "kubeApiProxy") | toJson }} {{- $kubeAPIProxyRewriter := true }} -{{- $webhookProxyPort := 24192 }} +{{- $webhookProxyPort := 24192 }} +{{- $priorityClassName := "" | quote }} +{{- if (.Values.global.enabledModules | has "priority-class") }} +{{- $priorityClassName = include "priorityClassName" . | quote }} +{{- end }} --- apiVersion: internal.virtualization.deckhouse.io/v1 kind: InternalVirtualizationKubeVirt @@ -283,6 +287,58 @@ spec: } } type: strategic + - resourceType: Deployment + resourceName: virt-api + patch: | + { + "spec": { + "template": { + "spec": { + "priorityClassName": {{ $priorityClassName }} + } + } + } + } + type: strategic + - resourceType: Deployment + resourceName: virt-controller + patch: | + { + "spec": { + "template": { + "spec": { + "priorityClassName": {{ $priorityClassName }} + } + } + } + } + type: strategic + - resourceType: Deployment + resourceName: virt-exportproxy + patch: | + { + "spec": { + "template": { + "spec": { + "priorityClassName": {{ $priorityClassName }} + } + } + } + } + type: strategic + - resourceType: DaemonSet + resourceName: virt-handler + patch: | + { + "spec": { + "template": { + "spec": { + "priorityClassName": {{ $priorityClassName }} + } + } + } + } + type: strategic imagePullPolicy: IfNotPresent imagePullSecrets: diff --git a/templates/kubevirt/priorityclass.yaml b/templates/kubevirt/priorityclass.yaml deleted file mode 100644 index 14178ca5a..000000000 --- a/templates/kubevirt/priorityclass.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: kubevirt-internal-virtualization-cluster-critical - {{- include "helm_lib_module_labels" (list .) | nindent 2 }} -value: 1000000000 -globalDefault: false -description: "This priority class should be used for core kubevirt components only." diff --git a/templates/kubevirt/virt-operator/deployment.yaml b/templates/kubevirt/virt-operator/deployment.yaml index d3e62e0b9..6ce03ce01 100644 --- a/templates/kubevirt/virt-operator/deployment.yaml +++ b/templates/kubevirt/virt-operator/deployment.yaml @@ -1,3 +1,4 @@ +{{- $priorityClassName := include "priorityClassName" . }} {{- define "kubevirt_images" -}} - name: VIRT_OPERATOR_IMAGE value: {{ include "helm_lib_module_image" (list . "virtOperator") }} @@ -171,7 +172,7 @@ spec: name: profile-data - mountPath: /kubeconfig.local name: kube-api-proxy-kubeconfig - {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }} {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }} diff --git a/templates/kubevirt/vm-route-forge/daemonset.yaml b/templates/kubevirt/vm-route-forge/daemonset.yaml index 22c1773a1..af803663c 100644 --- a/templates/kubevirt/vm-route-forge/daemonset.yaml +++ b/templates/kubevirt/vm-route-forge/daemonset.yaml @@ -1,3 +1,4 @@ +{{- $priorityClassName := include "priorityClassName" . }} {{- define "vm-route-forge_resources" }} cpu: 10m memory: 25Mi @@ -43,7 +44,7 @@ spec: labels: app: vm-route-forge spec: - {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }} {{- include "helm_lib_module_pod_security_context_run_as_user_root" . | nindent 6 }} imagePullSecrets: diff --git a/templates/virtualization-api/deployment.yaml b/templates/virtualization-api/deployment.yaml index 4c00d497a..3a395860d 100644 --- a/templates/virtualization-api/deployment.yaml +++ b/templates/virtualization-api/deployment.yaml @@ -1,3 +1,5 @@ +{{- $priorityClassName := include "priorityClassName" . }} + {{- define "virtualization_api_resources" }} cpu: 10m memory: 150Mi @@ -101,7 +103,7 @@ spec: {{- end }} dnsPolicy: ClusterFirst serviceAccountName: virtualization-api - {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }} volumes: @@ -122,4 +124,4 @@ spec: secret: defaultMode: 420 optional: true - secretName: virtualization-api-proxy-tls \ No newline at end of file + secretName: virtualization-api-proxy-tls diff --git a/templates/virtualization-controller/deployment.yaml b/templates/virtualization-controller/deployment.yaml index 70e6a08b3..8725e8ddd 100644 --- a/templates/virtualization-controller/deployment.yaml +++ b/templates/virtualization-controller/deployment.yaml @@ -1,3 +1,5 @@ +{{- $priorityClassName := include "priorityClassName" . }} + {{- define "virtualization_controller_resources" }} cpu: 10m memory: 150Mi @@ -109,7 +111,7 @@ spec: dnsPolicy: ClusterFirst serviceAccountName: virtualization-controller - {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }} + {{- include "helm_lib_priority_class" (tuple . $priorityClassName) | nindent 6 }} {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }} {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }} volumes: