Comments (9)
I'm sorry I just understood that there were 2 different system-*-critical
priority classes here. Even though in my first message I mentioned them both. I see what you were saying now. I think your suggestion sounds good
I think the perfect solution would be to default the Calico components to system-node-critical and system-cluster-critical if the Kubernetes version is v1.17 or greater.
from operator.
I would happily review a PR for this change. I added a backlog item for this but am not sure when it will get prioritized.
I did verify we do not need to maintain K8s v1.16 compatibility so it won't be necessary to maintain the previous calico priority class, we can remove that and just use the new system-*-critical
classes. I wanted to pass that information along if you were inclined to submit a PR.
from operator.
Thanks @tmjd that was literally my next question. I'll create a PR for this, hopefully this week but if not it'll be the week after next due to annual leave.
from operator.
FYI the comment about system-node-critical
only being usable in kube-system
is no longer correct as of Kubernetes v1.17.
from operator.
If you are saturating a node with pods all with system-cluster-critical, then won't the system still evict pods, but since everything is system-node-critical then the pods evicted will be randomly chosen? I think the only thing replacing the calico-priority with system-cluster-critical would do is ensure that calico-node isn't the 1st pods evicted when a node is under pressure.
I'm not saying we shouldn't do this but I don't know if it is solving this expected behavior.
The calico-node daemonset should always be scheduled onto a node.
from operator.
I'd be willing to review a PR with this change. I'm not sure if we can just make this switch directly or need to include checking the kubernetes version of the cluster to continue using calico-priority on K8s older than v1.17.
from operator.
@tmjd I think the specifics here are that calico-node should use system-node-critical
which has a higher priority than system-cluster-critical
(used for deployments and stateful sets). If a daemonset can't be scheduled due to a lower priority it stays in the pending state, if it's a deployment then it will cause a node scale out event (if CA or equivalent is supported). In our case we have a set of tainted nodes for our system components which either use no priority class, system-node-critical
or system-cluster-critical
; if calico-node doesn't use system-node-critical
it can't guarantee that it will be scheduled on these nodes.
I think the perfect solution would be to default the Calico components to system-node-critical
and system-cluster-critical
if the Kubernetes version is v1.17 or greater.
from operator.
@tmjd is this something you'd need a PR for or is it something that will be actively looked into?
from operator.
@tmjd I've opened #1473 to fix this.
from operator.
Related Issues (20)
- timescale for v3.10.0 update
- Installation CRD not getting status updated HOT 1
- document procedure to completely uninstall calico and operator from cluster HOT 1
- Feature request: ability to disable pod-security labels added by tigera/operator HOT 11
- Fargate anti-affinity doesn't get applied to DaemonSets HOT 1
- feature request: calico-apiserver PodDisruptionBudget HOT 2
- Operator deletes tigera-system namespace on ApiServer deployment HOT 7
- Incorrect PodCIDR in installations.operator.tigera.io ipPools prevented upgrade HOT 2
- AutoDiscoverProvider leads to wrong result
- Error running cluster on M1 / ARM Mac OS for local development HOT 13
- Calico Operator should support running different dataplanes on different nodes in the same Kubernetes cluster HOT 2
- v1.31.1 showing HIGH vulnerability CVE-2023-44487 HOT 1
- Tigera operator violates PodSecurity "baseline:latest" HOT 2
- Tigera Operator pod keeps restarting. HOT 1
- Pod fails to start when 'sysctl' tuning configured
- Typha autoscaler's autoscaling profile to be configurable
- Propose Windows operator updates HOT 7
- Calico v3.27.0 not working with Tigera v1.32.3 HOT 5
- Uninstallation Failure: Calico Module Leaves Remaining Jobs Blocking Deletion HOT 1
- Can't use calico on windows on EKS due to forced network mode HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from operator.