helm: flip podPriorityClassNodeCritical to true.

Set `podPriorityClassNodeCritical` to true by default, adding plugins to the `system-node-critical` priority class. This should mitigate the potential risk of a plugin getting evicted under heavy system load. It should also ensure that during autoscaling enough new nodes are brought up to leave room for plugins on each new node. Signed-off-by: Krisztian Litkey <[email protected]>
containers · Apr 9, 2024 · 85d2c7a · 85d2c7a
1 parent d810e82
commit 85d2c7a
Show file tree

Hide file tree

Showing 12 changed files with 42 additions and 24 deletions.
diff --git a/deployment/helm/balloons/README.md b/deployment/helm/balloons/README.md
@@ -107,4 +107,4 @@ customize with their own values, along with the default values.
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
 | `affinity`               | []                                                                                                                            | specify node affinity                                |
 | `nodeSelector`           | []                                                                                                                            | specify node selector labels                         |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/balloons/values.yaml b/deployment/helm/balloons/values.yaml
@@ -88,6 +88,9 @@ nodeSelector: []
 #  kubernetes.io/disk: "ssd"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true
diff --git a/deployment/helm/memory-qos/README.md b/deployment/helm/memory-qos/README.md
@@ -103,4 +103,4 @@ customize with their own values, along with the default values.
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
 | `affinity`               | []                                                                                                                            | specify node affinity                                |
 | `nodeSelector`           | []                                                                                                                            | specify node selector labels                         |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/memory-qos/values.yaml b/deployment/helm/memory-qos/values.yaml
@@ -53,6 +53,9 @@ nodeSelector: []
 #  kubernetes.io/disk: "ssd"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true
diff --git a/deployment/helm/memtierd/README.md b/deployment/helm/memtierd/README.md
@@ -103,4 +103,4 @@ customize with their own values, along with the default values.
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
 | `affinity`               | []                                                                                                                            | specify node affinity                                |
 | `nodeSelector`           | []                                                                                                                            | specify node selector labels                         |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/memtierd/values.yaml b/deployment/helm/memtierd/values.yaml
@@ -55,6 +55,9 @@ nodeSelector: []
 #  kubernetes.io/disk: "ssd"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true
diff --git a/deployment/helm/sgx-epc/README.md b/deployment/helm/sgx-epc/README.md
@@ -103,4 +103,4 @@ customize with their own values, along with the default values.
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
 | `affinity`               | []                                                                                                                            | specify node affinity                                |
 | `nodeSelector`           | []                                                                                                                            | specify node selector labels                         |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/sgx-epc/values.yaml b/deployment/helm/sgx-epc/values.yaml
@@ -53,6 +53,9 @@ nodeSelector: []
 #  kubernetes.io/disk: "ssd"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true
diff --git a/deployment/helm/template/README.md b/deployment/helm/template/README.md
@@ -105,4 +105,4 @@ customize with their own values, along with the default values.
 | `initImage.tag`          | unstable                                                                                                                      | init container image tag                             |
 | `initImage.pullPolicy`   | Always                                                                                                                        | init container image pull policy                     |
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/template/values.yaml b/deployment/helm/template/values.yaml
@@ -55,6 +55,9 @@ tolerations: []
 #   effect: "NoSchedule"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true
diff --git a/deployment/helm/topology-aware/README.md b/deployment/helm/topology-aware/README.md
@@ -108,4 +108,4 @@ customize with their own values, along with the default values.
 | `tolerations`            | []                                                                                                                            | specify taint toleration key, operator and effect    |
 | `affinity`               | []                                                                                                                            | specify node affinity                                |
 | `nodeSelector`           | []                                                                                                                            | specify node selector labels                         |
-| `podPriorityClassNodeCritical` | false                                                                                                                         | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
+| `podPriorityClassNodeCritical` | true                                                                                                                          | enable [marking Pod as node critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)                       |
diff --git a/deployment/helm/topology-aware/values.yaml b/deployment/helm/topology-aware/values.yaml
@@ -76,6 +76,9 @@ nodeSelector: []
 #  kubernetes.io/disk: "ssd"
 
 # NRI plugins should be considered as part of the container runtime.
-# Therefore, adding the system-node-critical priority class to the DaemonSet,
-# could mitigate potential risk in a running system under load.
-podPriorityClassNodeCritical: false
+# By default we make them part of the system-node-critical priority
+# class. This should mitigate the potential risk of a plugin getting
+# evicted under heavy system load. It should also ensure that during
+# autoscaling enough new nodes are brought up to leave room for the
+# plugin on each new node.
+podPriorityClassNodeCritical: true