diff --git a/calico/Chart.yaml b/calico/Chart.yaml index e99defcc4..04f949ea8 100644 --- a/calico/Chart.yaml +++ b/calico/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v3.25.1 description: OpenStack-Helm Calico name: calico -version: 0.1.7 +version: 0.1.8 home: https://github.com/projectcalico/calico icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67 sources: diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index 556775d32..bbd879887 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -44,13 +44,10 @@ spec: annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler - # reserves resources for critical add-on pods so that they can be rescheduled after - # a failure. This annotation works in tandem with the toleration below. - scheduler.alpha.kubernetes.io/critical-pod: '' spec: {{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} + priorityClassName: system-cluster-critical tolerations: # This taint is set by all kubelets running `--cloud-provider=external` # so we should tolerate it to schedule the Calico pods diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index a2a866e87..0fee65e8f 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -106,11 +106,6 @@ spec: configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bird-hash: {{ tuple "configmap-bird.yaml" . | include "helm-toolkit.utils.hash" }} - # This, along with the CriticalAddonsOnly toleration below, - # marks the pod as a critical add-on, ensuring it gets - # priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' {{ dict "envAll" $envAll "podName" "calico-node" "containerNames" (list "calico-node") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} {{- if .Values.monitoring.prometheus.enabled }} {{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }} @@ -121,6 +116,7 @@ spec: nodeSelector: beta.kubernetes.io/os: linux hostNetwork: true + priorityClassName: system-cluster-critical tolerations: # Make sure calico-node gets scheduled on all nodes. - effect: NoSchedule diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index 912aadb42..133135220 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -68,9 +68,9 @@ metadata: k8s-app: calico-kube-controllers {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} spec: + priorityClassName: system-cluster-critical # The controllers can only have a single active instance. replicas: 1 selector: diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index 7c0508d42..907504144 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -32,15 +32,12 @@ spec: annotations: configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler - # reserves resources for critical add-on pods so that they can be rescheduled after - # a failure. This annotation works in tandem with the toleration below. - scheduler.alpha.kubernetes.io/critical-pod: '' labels: {{ tuple $envAll "calico" "calico_settings" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "calico_settings" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} hostNetwork: true + priorityClassName: system-cluster-critical tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule diff --git a/releasenotes/notes/calico.yaml b/releasenotes/notes/calico.yaml index 1dbf95697..f83036e40 100644 --- a/releasenotes/notes/calico.yaml +++ b/releasenotes/notes/calico.yaml @@ -8,4 +8,5 @@ calico: - 0.1.5 Added OCI registry authentication - 0.1.6 Replace node-role.kubernetes.io/master with control-plane - 0.1.7 Update calico to v3.25.1 + - 0.1.8 replace scheduler.alpha.kubernetes.io/critical-pod with priorityClassName ...