45d5e92488
This refactors the existing Kubernetes patch kubeadm-create-platform-pods-with-zero-CPU-resources.patch. This now modifies kube-apiserver pod to be burstable, and to have relaxed Readiness probe settings. This specifies CPU limit of 1 for kube-apiserver pod so that it is treated as a burstable QoS. This gives a boost of cgroup CPUShares since the burstable cgroup parent has significantly more CPUShares than best-effort on typical systems. This improves kube-apiserver API responsiveness. This increases kube-apiserver Readiness probe periodSeconds to 10 based on WRS/SS joint recommendation for minimum probe settings. This reduces likelihood of kube-apiserver probe failure and subsequent pod-restart under servere load. This also reduces CPU demand. Partial-Bug: 2084714 TEST PLAN: - PASS: AIO-SX: Fresh install with each k8s version v1.24.4, 1.25.3, 1.26.1, 1.27.5, 1.28.4, 1.29.2, verify kube-apiserver pod is burstable QoS and has Readiness probe periodSeconds 10 e.g., kubectl get pod -n kube-system kube-apisever-controller-0 -oyaml sudo kube-cpusets - PASS: AIO-SX: orchestrated K8S upgrade from 1.24.4 to 1.29.2 Change-Id: Ic327b6c176c3a98c16afd14e6bc001315d7cbdc0 Signed-off-by: Jim Gauld <James.Gauld@windriver.com>
170 lines
8.5 KiB
Diff
170 lines
8.5 KiB
Diff
From 9f3efbfff49e3df7cb95fd58df7f649c2e580e35 Mon Sep 17 00:00:00 2001
|
|
From: Chris Friesen <chris.friesen@windriver.com>
|
|
Date: Fri, 3 Sep 2021 18:05:15 -0400
|
|
Subject: [PATCH] kubeadm: create platform pods with zero CPU resources
|
|
|
|
This specifies zero CPU resources when creating the manifests
|
|
for the static platform pods, as a workaround for the lack of
|
|
separate resource tracking for platform resources.
|
|
|
|
This specifies zero CPU and Memory resources for the coredns
|
|
deployment. manifests.go is the main source file for this,
|
|
not sure if the coredns.yaml are used but they are updated to
|
|
be consistent.
|
|
|
|
This specifies CPU limit of 1 for kube-apiserver pod so that it is
|
|
treated as a burstable QoS. This gives a boost of cgroup CPUShares
|
|
since the burstable cgroup parent has significantly more CPUShares
|
|
than best-effort on typical systems. This improves kube-apiserver
|
|
API responsiveness.
|
|
|
|
This increases kube-apiserver Readiness probe periodSeconds to 10
|
|
based on WRS/SS joint recommendation for minimum probe settings.
|
|
This reduces likelihood of kube-apiserver probe failure and
|
|
subsequent pod-restart under servere load. This also reduces CPU
|
|
demand.
|
|
|
|
Signed-off-by: Daniel Safta <daniel.safta@windriver.com>
|
|
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
|
|
Signed-off-by: Jim Gauld <James.Gauld@windriver.com>
|
|
---
|
|
cluster/addons/dns/coredns/coredns.yaml.base | 4 ++--
|
|
cluster/addons/dns/coredns/coredns.yaml.in | 4 ++--
|
|
cluster/addons/dns/coredns/coredns.yaml.sed | 4 ++--
|
|
cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++--
|
|
.../app/phases/controlplane/manifests.go | 8 +++++---
|
|
cmd/kubeadm/app/util/staticpod/utils.go | 17 ++++++++++++++++-
|
|
6 files changed, 29 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base
|
|
index e03559423e6..49e88afc976 100644
|
|
--- a/cluster/addons/dns/coredns/coredns.yaml.base
|
|
+++ b/cluster/addons/dns/coredns/coredns.yaml.base
|
|
@@ -145,8 +145,8 @@ spec:
|
|
limits:
|
|
memory: __DNS__MEMORY__LIMIT__
|
|
requests:
|
|
- cpu: 100m
|
|
- memory: 70Mi
|
|
+ cpu: 0
|
|
+ memory: 0
|
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in
|
|
index 9b241370bea..78a23317b56 100644
|
|
--- a/cluster/addons/dns/coredns/coredns.yaml.in
|
|
+++ b/cluster/addons/dns/coredns/coredns.yaml.in
|
|
@@ -145,8 +145,8 @@ spec:
|
|
limits:
|
|
memory: 'dns_memory_limit'
|
|
requests:
|
|
- cpu: 100m
|
|
- memory: 70Mi
|
|
+ cpu: 0
|
|
+ memory: 0
|
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed
|
|
index 561fdf9aea8..536513d1e9d 100644
|
|
--- a/cluster/addons/dns/coredns/coredns.yaml.sed
|
|
+++ b/cluster/addons/dns/coredns/coredns.yaml.sed
|
|
@@ -145,8 +145,8 @@ spec:
|
|
limits:
|
|
memory: $DNS_MEMORY_LIMIT
|
|
requests:
|
|
- cpu: 100m
|
|
- memory: 70Mi
|
|
+ cpu: 0
|
|
+ memory: 0
|
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go
|
|
index 0e3c6c98c29..0aa23679caa 100644
|
|
--- a/cmd/kubeadm/app/phases/addons/dns/manifests.go
|
|
+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go
|
|
@@ -104,8 +104,8 @@ spec:
|
|
limits:
|
|
memory: 170Mi
|
|
requests:
|
|
- cpu: 100m
|
|
- memory: 70Mi
|
|
+ cpu: 0
|
|
+ memory: 0
|
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go
|
|
index 73f4fa56270..343a9011498 100644
|
|
--- a/cmd/kubeadm/app/phases/controlplane/manifests.go
|
|
+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go
|
|
@@ -63,7 +63,9 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
|
|
LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS),
|
|
ReadinessProbe: staticpodutil.ReadinessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/readyz", int(endpoint.BindPort), v1.URISchemeHTTPS),
|
|
StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane),
|
|
- Resources: staticpodutil.ComponentResources("250m"),
|
|
+ // WRS: Increase kube-apiserver cgroup CPUShares to improve API responsiveness;
|
|
+ // achieved by setting CPU Limits to make it burstable QoS.
|
|
+ Resources: staticpodutil.ComponentLimitResources("0", "1"),
|
|
Env: kubeadmutil.GetProxyEnvVars(),
|
|
}, mounts.GetVolumes(kubeadmconstants.KubeAPIServer),
|
|
map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}),
|
|
@@ -75,7 +77,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
|
|
VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeControllerManager)),
|
|
LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS),
|
|
StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane),
|
|
- Resources: staticpodutil.ComponentResources("200m"),
|
|
+ Resources: staticpodutil.ComponentResources("0"),
|
|
Env: kubeadmutil.GetProxyEnvVars(),
|
|
}, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil),
|
|
kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{
|
|
@@ -86,7 +88,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
|
|
VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeScheduler)),
|
|
LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS),
|
|
StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane),
|
|
- Resources: staticpodutil.ComponentResources("100m"),
|
|
+ Resources: staticpodutil.ComponentResources("0"),
|
|
Env: kubeadmutil.GetProxyEnvVars(),
|
|
}, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil),
|
|
}
|
|
diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go
|
|
index 56a3f25b72a..4ea5e4635df 100644
|
|
--- a/cmd/kubeadm/app/util/staticpod/utils.go
|
|
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
|
|
@@ -92,6 +92,18 @@ func ComponentResources(cpu string) v1.ResourceRequirements {
|
|
}
|
|
}
|
|
|
|
+// ComponentLimitResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU with Limits
|
|
+func ComponentLimitResources(cpu string, lcpu string) v1.ResourceRequirements {
|
|
+ return v1.ResourceRequirements{
|
|
+ Requests: v1.ResourceList{
|
|
+ v1.ResourceCPU: resource.MustParse(cpu),
|
|
+ },
|
|
+ Limits: v1.ResourceList{
|
|
+ v1.ResourceCPU: resource.MustParse(lcpu),
|
|
+ },
|
|
+ }
|
|
+}
|
|
+
|
|
// NewVolume creates a v1.Volume with a hostPath mount to the specified location
|
|
func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume {
|
|
return v1.Volume{
|
|
@@ -245,7 +257,10 @@ func LivenessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe {
|
|
func ReadinessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe {
|
|
// sets initialDelaySeconds as '0' because we don't want to delay user infrastructure checks
|
|
// looking for "ready" status on kubeadm static Pods
|
|
- return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 1)
|
|
+ // WRS/SS joint recommendation: All pods probes should have following minimum probe
|
|
+ // settings unless required by the service (initialDelaySecond 0, periodSeconds 10,
|
|
+ // timeoutSeconds 5, successThreshold 1, failureThreshold 3)
|
|
+ return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 10)
|
|
}
|
|
|
|
// StartupProbe creates a Probe object with a HTTPGet handler
|
|
--
|
|
2.25.1
|
|
|