replace scheduler.alpha.kubernetes.io/critical-pod with priorityClassName

this feature was deprecated in 1.13. Now it`s not work.[1] "scheduler.alpha.kubernetes.io/critical-pod annotation is removed. Pod priority (spec.priorityClassName) should be used instead to mark pods as critical. Action required!"[2] [1]https://github.com/kubernetes/kubernetes/issues/79548 [2]https://github.com/kubernetes/kubernetes/pull/79554 Change-Id: I5913030634fe3f53b11ddb9bbe40d665f45a1254
2023-06-06 10:53:59 +08:00 · 2023-06-06 10:53:59 +08:00 · 0053fc5737
parent bf95238dc1
commit 0053fc5737
6 changed files with 6 additions and 15 deletions
--- a/calico/Chart.yaml
+++ b/calico/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v3.25.1
 description: OpenStack-Helm Calico
 name: calico
-version: 0.1.7
+version: 0.1.8
 home: https://github.com/projectcalico/calico
 icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67
 sources:
--- a/calico/templates/daemonset-calico-etcd.yaml
+++ b/calico/templates/daemonset-calico-etcd.yaml
@ -44,13 +44,10 @@ spec:
      annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
-        # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
-        # reserves resources for critical add-on pods so that they can be rescheduled after
-        # a failure.  This annotation works in tandem with the toleration below.
-        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
 {{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
+      priorityClassName: system-cluster-critical
      tolerations:
        # This taint is set by all kubelets running `--cloud-provider=external`
        # so we should tolerate it to schedule the Calico pods
--- a/calico/templates/daemonset-calico-node.yaml
+++ b/calico/templates/daemonset-calico-node.yaml
@ -106,11 +106,6 @@ spec:
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-bird-hash: {{ tuple "configmap-bird.yaml" . | include "helm-toolkit.utils.hash" }}
-        # This, along with the CriticalAddonsOnly toleration below,
-        # marks the pod as a critical add-on, ensuring it gets
-        # priority scheduling and that its resources are reserved
-        # if it ever gets evicted.
-        scheduler.alpha.kubernetes.io/critical-pod: ''
 {{ dict "envAll" $envAll "podName" "calico-node" "containerNames" (list "calico-node") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
 {{- if .Values.monitoring.prometheus.enabled }}
 {{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }}
@ -121,6 +116,7 @@ spec:
      nodeSelector:
        beta.kubernetes.io/os: linux
      hostNetwork: true
+      priorityClassName: system-cluster-critical
      tolerations:
        # Make sure calico-node gets scheduled on all nodes.
        - effect: NoSchedule
--- a/calico/templates/deployment-calico-kube-controllers.yaml
+++ b/calico/templates/deployment-calico-kube-controllers.yaml
@ -68,9 +68,9 @@ metadata:
    k8s-app: calico-kube-controllers
 {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ''
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  priorityClassName: system-cluster-critical
  # The controllers can only have a single active instance.
  replicas: 1
  selector:
--- a/calico/templates/job-calico-settings.yaml
+++ b/calico/templates/job-calico-settings.yaml
@ -32,15 +32,12 @@ spec:
      annotations:
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
-        # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
-        # reserves resources for critical add-on pods so that they can be rescheduled after
-        # a failure.  This annotation works in tandem with the toleration below.
-        scheduler.alpha.kubernetes.io/critical-pod: ''
      labels:
 {{ tuple $envAll "calico" "calico_settings" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "calico_settings" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      hostNetwork: true
+      priorityClassName: system-cluster-critical
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          effect: NoSchedule
--- a/releasenotes/notes/calico.yaml
+++ b/releasenotes/notes/calico.yaml
@ -8,4 +8,5 @@ calico:
  - 0.1.5 Added OCI registry authentication
  - 0.1.6 Replace node-role.kubernetes.io/master with control-plane
  - 0.1.7 Update calico to v3.25.1
+  - 0.1.8 replace scheduler.alpha.kubernetes.io/critical-pod with priorityClassName
 ...