Skip to content

Feat/descheduler #962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Feat/descheduler #962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions images/descheduler/werf.inc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{{- $version := "1.31" }}
---
image: {{ $.ImageName }}-builder
final: false
fromImage: BASE_GOLANG_23_BOOKWORM
mount:
- fromPath: ~/go-pkg-cache
to: /go/pkg
shell:
install:
- apt-get -qq update
- apt-get -qq install -y --no-install-recommends git
- apt-get clean
- rm --recursive --force /var/lib/apt/lists/* /var/cache/apt/*
- git clone --depth 1 --branch release-{{ $version }} https://github.com/kubernetes-sigs/descheduler.git /src
- cd /src
- git checkout release-{{ $version }}
- rm -rf .git
setup:
- cd /src
- |
export GO111MODULE=on
export GOOS=linux
export CGO_ENABLED=0
export GOARCH=amd64
- go mod download -x
- go mod vendor
- go build -ldflags "-s -w -X sigs.k8s.io/descheduler/pkg/version.version={{ $version }}" -o /descheduler sigs.k8s.io/descheduler/cmd/descheduler
- chown 64535:64535 /descheduler
- chmod 0700 /descheduler
---
image: {{ $.ImageName }}
fromImage: distroless
import:
- image: {{ $.ImageName }}-builder
add: /descheduler
to: /descheduler
before: setup
imageSpec:
config:
user: 64535
entrypoint: ["/descheduler"]
---
10 changes: 10 additions & 0 deletions openapi/config-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,3 +248,13 @@ properties:
enum:
- "text"
- "json"
descheduler:
type: object
description: |
Configuration for the descheduler. Enables eviction of virtual machines.
properties:
enabled:
type: boolean
description: |
Enable or disable the descheduler. Set to true to activate VM eviction.
x-examples: [true, false]
9 changes: 9 additions & 0 deletions openapi/doc-ru-config-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,3 +149,12 @@ properties:

Работает для следующих компонентов:
- `virtualization-controller`
descheduler:
type: object
description: |
Конфигурация для descheduler. Включает выселение виртуальных машин.
properties:
enabled:
type: boolean
description: |
Включение или отключение descheduler. Установите значение true для активации выселения виртуальных машин.
44 changes: 44 additions & 0 deletions templates/descheduler/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{{- if .Values.virtualization.descheduler.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: descheduler-policy
namespace: d8-{{ .Chart.Name }}
{{- include "helm_lib_module_labels" (list $) | nindent 2 }}
data:
policy.yaml: |
apiVersion: "descheduler/v1alpha2"
kind: "DeschedulerPolicy"
profiles:
- name: virtualization
pluginConfig:
- name: "DefaultEvictor"
args:
evictLocalStoragePods: true
evictSystemCriticalPods: false
ignorePvcPods: false
evictFailedBarePods: true
nodeFit: true
labelSelector:
matchExpressions:
- key: "vm.kubevirt.internal.virtualization.deckhouse.io/name"
operator: Exists
- name: "RemovePodsViolatingNodeAffinity"
args:
nodeAffinityType:
- requiredDuringSchedulingIgnoredDuringExecution
- name: "RemovePodsViolatingInterPodAntiAffinity"
plugins:
filter:
enabled:
- "DefaultEvictor"
preEvictionFilter:
enabled:
- "DefaultEvictor"
deschedule:
enabled:
- "RemovePodsViolatingNodeAffinity"
- "RemovePodsViolatingInterPodAntiAffinity"

{{- end }}
106 changes: 106 additions & 0 deletions templates/descheduler/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
{{- define "descheduler_resources" }}
cpu: 25m
memory: 50Mi
{{- end }}

{{- if .Values.virtualization.descheduler.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: descheduler
namespace: d8-{{ .Chart.Name }}
{{- include "helm_lib_module_labels" (list $ (dict "app" "descheduler")) | nindent 2 }}
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: descheduler
template:
metadata:
labels:
app: descheduler
spec:
serviceAccountName: descheduler
imagePullSecrets:
- name: deckhouse-registry
{{- include "helm_lib_node_selector" (tuple $ "system") | nindent 6 }}
{{- include "helm_lib_tolerations" (tuple $ "system") | nindent 6 }}
{{- include "helm_lib_priority_class" (tuple $ "cluster-low") | nindent 6 }}
{{ include "helm_lib_module_pod_security_context_run_as_user_deckhouse" . | nindent 6 }}
containers:
- name: descheduler
{{- include "helm_lib_module_container_security_context_read_only_root_filesystem" $ | nindent 8 }}
image: {{ include "helm_lib_module_image" (list $ "descheduler") }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10258
scheme: HTTPS
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- mountPath: /policy
name: policy-volume
args:
- "--bind-address"
- "127.0.0.1"
- "--policy-config-file"
- "/policy/policy.yaml"
- "--logging-format"
- "json"
- "--v"
- "6"
- "--descheduling-interval"
- "15m"
resources:
requests:
{{- include "helm_lib_module_ephemeral_storage_only_logs" $ | nindent 12 }}
{{- if not ($.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
{{- include "descheduler_resources" $ | nindent 12 }}
{{- end }}
- name: kube-rbac-proxy
{{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 8 }}
image: {{ include "helm_lib_module_common_image" (list . "kubeRbacProxy") }}
args:
- "--secure-listen-address=$(KUBE_RBAC_PROXY_LISTEN_ADDRESS):10258"
- "--v=2"
- "--logtostderr=true"
- "--stale-cache-interval=1h30m"
env:
- name: KUBE_RBAC_PROXY_LISTEN_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KUBE_RBAC_PROXY_CONFIG
value: |
excludePaths:
- /healthz
upstreams:
- upstream: https://127.0.0.1:10258/
upstreamInsecureSkipVerify: true
path: /
authorization:
resourceAttributes:
namespace: d8-{{ .Chart.Name }}
apiGroup: apps
apiVersion: v1
resource: deployments
subresource: prometheus-metrics
name: descheduler
ports:
- containerPort: 10258
name: https-metrics
resources:
requests:
{{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
{{- include "helm_lib_container_kube_rbac_proxy_resources" . | nindent 12 }}
{{- end }}
volumes:
- name: policy-volume
configMap:
name: descheduler-policy
{{- end }}
72 changes: 72 additions & 0 deletions templates/descheduler/rbac-for-us.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
{{- if .Values.virtualization.descheduler.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: descheduler
namespace: d8-{{ .Chart.Name }}
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: d8:virtualization:descheduler:descheduler
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
rules:
- apiGroups: ["events.k8s.io"]
resources: ["events"]
verbs: ["create", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list", "delete"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
resourceNames: ["descheduler"]
verbs: ["get", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: d8:virtualization:descheduler:descheduler
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: d8:virtualization:descheduler:descheduler
subjects:
- name: descheduler
kind: ServiceAccount
namespace: d8-{{ .Chart.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: d8:virtualization:descheduler:descheduler:rbac-proxy
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: d8:rbac-proxy
subjects:
- kind: ServiceAccount
name: descheduler
namespace: d8-{{ .Chart.Name }}
{{- end }}
34 changes: 34 additions & 0 deletions templates/descheduler/rbac-to-us.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{{- if .Values.virtualization.descheduler.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: access-to-descheduler
namespace: d8-{{ $.Chart.Name }}
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
rules:
- apiGroups: ["apps"]
resources: ["deployments/prometheus-metrics"]
resourceNames: ["descheduler"]
verbs: ["get"]
{{- if (.Values.global.enabledModules | has "prometheus") }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: access-to-descheduler
namespace: d8-{{ $.Chart.Name }}
{{- include "helm_lib_module_labels" (list . (dict "app" "descheduler")) | nindent 2 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: access-to-descheduler
subjects:
- kind: User
name: d8-monitoring:scraper
- kind: ServiceAccount
name: prometheus
namespace: d8-monitoring
{{- end }}

{{- end }}
3 changes: 3 additions & 0 deletions tools/kubeconform/fixtures/module-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ global:
virtualizationApi: sha256:0000000000000000000000000000000000000000000000000000000000000000
virtualizationController: sha256:0000000000000000000000000000000000000000000000000000000000000000
vmRouteForge: sha256:0000000000000000000000000000000000000000000000000000000000000000
descheduler: sha256:0000000000000000000000000000000000000000000000000000000000000000
registry:
CA: ""
address: some-registry.io
Expand All @@ -335,6 +336,8 @@ global:
scheme: https
tags: {}
virtualization:
descheduler:
enabled: true
dvcr:
storage:
persistentVolumeClaim:
Expand Down
Loading