install/kubernetes: add priorityClasses#16933
Conversation
Since not all Cilium components are required to run on a cluster, this commit adds priorityClasses into them. With system-[node|cluster]-critical priority class set, it prevents pods from being deleted by kubelet, which they are critical for the node and / or cluster. Signed-off-by: André Martins <andre@cilium.io>
rolinh
left a comment
There was a problem hiding this comment.
As I point out below, I don't think that Hubble UI should be marked as system critical. I'm also tempted to say that Hubble Relay should not be marked as cluster critical as losing Hubble Relay is not critical to the good operation of the cluster. This is subject to debate though as loosing Relay also means loosing cluster-wide visibility which might come in handy in situations where the cluster is under pressure.
| {{- end }} | ||
| restartPolicy: Always | ||
| {{- if and (or (and (eq .Release.Namespace "kube-system") (gt $k8sMinor "10")) (ge $k8sMinor "17") (gt $k8sMajor "1")) .Values.enableCriticalPriorityClass }} | ||
| priorityClassName: system-cluster-critical |
There was a problem hiding this comment.
I don't think that Hubble UI should be marked as system-cluster-critical. If the cluster is under pressure, I think evicting Hubble UI should be OK as global visibility should still be provided by Hubble Relay that can be queried using the Hubble CLI.
|
I just noticed that this overlaps with #16896 |
|
closing in favor of #16896 |
Since not all Cilium components are required to run on a cluster, this
commit adds priorityClasses into them. With
system-[node|cluster]-critical priority class set, it prevents pods
from being deleted by kubelet, which they are critical for the node
and / or cluster.