make the controller a high-priority

As part of Protect controller from becoming unschedulable, this approach means to give controller a high priority so that controller may be scheduled sooner than Pods with lower priority if its scheduling requirements are met.
bottlerocket-os · Jul 13, 2022 · cb71fd3 · cb71fd3
1 parent 1fdba8a
commit cb71fd3
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 3 deletions.
diff --git a/models/src/constants.rs b/models/src/constants.rs
@@ -70,3 +70,9 @@ pub const CONTROLLER_DEPLOYMENT_NAME: &str = "brupop-controller-deployment";
 pub const CONTROLLER_SERVICE_NAME: &str = "brupop-controller-server"; // The name for the `svc` fronting the controller.
 pub const CONTROLLER_INTERNAL_PORT: i32 = 8080; // The internal port on which the the controller service is hosted.
 pub const CONTROLLER_SERVICE_PORT: i32 = 80; // The k8s service port hosting the controller service.
+pub const BRUPOP_CONTROLLER_PRIORITY_CLASS: &str = "brupop-controller-high-priority";
+pub const BRUPOP_CONTROLLER_PREEMPTION_POLICY: &str = "Never";
+// We strategically determine the controller priority class value to be one million,
+// since one million presents a high priority value which can enable controller to be scheduled preferentially,
+// but not a critical value which takes precedence over customers' critical k8s resources.
+pub const BRUPOP_CONTROLLER_PRIORITY_VALUE: i32 = 1000000;
diff --git a/models/src/controller.rs b/models/src/controller.rs
@@ -1,7 +1,8 @@
 use crate::brupop_labels;
 use crate::constants::{
-    APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_DOMAIN_LIKE_NAME, CONTROLLER,
-    CONTROLLER_DEPLOYMENT_NAME, CONTROLLER_INTERNAL_PORT, CONTROLLER_SERVICE_NAME,
+    APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_CONTROLLER_PREEMPTION_POLICY,
+    BRUPOP_CONTROLLER_PRIORITY_CLASS, BRUPOP_CONTROLLER_PRIORITY_VALUE, BRUPOP_DOMAIN_LIKE_NAME,
+    CONTROLLER, CONTROLLER_DEPLOYMENT_NAME, CONTROLLER_INTERNAL_PORT, CONTROLLER_SERVICE_NAME,
     CONTROLLER_SERVICE_PORT, LABEL_COMPONENT, NAMESPACE,
 };
 use crate::node::{K8S_NODE_PLURAL, K8S_NODE_STATUS};
@@ -12,6 +13,7 @@ use k8s_openapi::api::core::v1::{
     Service, ServiceAccount, ServicePort, ServiceSpec,
 };
 use k8s_openapi::api::rbac::v1::{ClusterRole, ClusterRoleBinding, PolicyRule, RoleRef, Subject};
+use k8s_openapi::api::scheduling::v1::PriorityClass;
 use k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector;
 use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString;
 use kube::api::ObjectMeta;
@@ -199,6 +201,7 @@ pub fn controller_deployment(
                     }],
                     image_pull_secrets,
                     service_account_name: Some(BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string()),
+                    priority_class_name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()),
                     ..Default::default()
                 }),
             },
@@ -229,3 +232,17 @@ pub fn controller_service() -> Service {
         ..Default::default()
     }
 }
+
+/// Defines the brupop-controller priority class
+pub fn controller_priority_class() -> PriorityClass {
+    PriorityClass {
+        metadata: ObjectMeta {
+            name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()),
+            namespace: Some(NAMESPACE.to_string()),
+            ..Default::default()
+        },
+        preemption_policy: Some(BRUPOP_CONTROLLER_PREEMPTION_POLICY.to_string()),
+        value: BRUPOP_CONTROLLER_PRIORITY_VALUE,
+        ..Default::default()
+    }
+}
diff --git a/yamlgen/build.rs b/yamlgen/build.rs
@@ -16,7 +16,7 @@ use models::{
     },
     controller::{
         controller_cluster_role, controller_cluster_role_binding, controller_deployment,
-        controller_service, controller_service_account,
+        controller_priority_class, controller_service, controller_service_account,
     },
     namespace::brupop_namespace,
     node::combined_crds,
@@ -88,6 +88,7 @@ fn main() {
     serde_yaml::to_writer(&brupop_resources, &controller_service_account()).unwrap();
     serde_yaml::to_writer(&brupop_resources, &controller_cluster_role()).unwrap();
     serde_yaml::to_writer(&brupop_resources, &controller_cluster_role_binding()).unwrap();
+    serde_yaml::to_writer(&brupop_resources, &controller_priority_class()).unwrap();
     serde_yaml::to_writer(
         &brupop_resources,
         &controller_deployment(brupop_image.clone(), brupop_image_pull_secrets.clone()),

diff --git a/yamlgen/deploy/bottlerocket-update-operator.yaml b/yamlgen/deploy/bottlerocket-update-operator.yaml
@@ -634,6 +634,14 @@ subjects:
     name: brupop-controller-service-account
     namespace: brupop-bottlerocket-aws
 ---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: brupop-controller-high-priority
+  namespace: brupop-bottlerocket-aws
+preemptionPolicy: Never
+value: 1000000
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -681,6 +689,7 @@ spec:
                   fieldPath: spec.nodeName
           image: "public.ecr.aws/bottlerocket/bottlerocket-update-operator:v0.2.1"
           name: brupop
+      priorityClassName: brupop-controller-high-priority
       serviceAccountName: brupop-controller-service-account
 ---
 apiVersion: v1