Make the controller a high-priority

As part of Protect controller from becoming unschedulable, this approach
means to give controller a high priority so that controller may be scheduled
sooner than Pods with lower priority if its scheduling requirements are met.

models/src/constants.rs

@@ -47,3 +47,6 @@ pub const CONTROLLER_DEPLOYMENT_NAME: &str = "brupop-controller-deployment";
 pub const CONTROLLER_SERVICE_NAME: &str = "brupop-controller-server"; // The name for the `svc` fronting the controller.
 pub const CONTROLLER_INTERNAL_PORT: i32 = 8080; // The internal port on which the the controller service is hosted.
 pub const CONTROLLER_SERVICE_PORT: i32 = 80; // The k8s service port hosting the controller service.
+pub const BRUPOP_CONTROLLER_PRIORITY_CLASS: &str = "brupop-controller-high-priority";
+pub const BRUPOP_CONTROLLER_PREEMPTION_POLICY: &str = "never";
+pub const BRUPOP_CONTROLLER_PRIORITY_VALUE: i32 = 1000000;

models/src/controller.rs

@@ -1,15 +1,18 @@
 use crate::constants::{
-    APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_DOMAIN_LIKE_NAME, CONTROLLER,
-    CONTROLLER_DEPLOYMENT_NAME, CONTROLLER_INTERNAL_PORT, CONTROLLER_SERVICE_NAME,
+    APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_CONTROLLER_PREEMPTION_POLICY,
+    BRUPOP_CONTROLLER_PRIORITY_CLASS, BRUPOP_CONTROLLER_PRIORITY_VALUE, BRUPOP_DOMAIN_LIKE_NAME,
+    CONTROLLER, CONTROLLER_DEPLOYMENT_NAME, CONTROLLER_INTERNAL_PORT, CONTROLLER_SERVICE_NAME,
     CONTROLLER_SERVICE_PORT, LABEL_COMPONENT, NAMESPACE,
 };
 use crate::node::{K8S_NODE_PLURAL, K8S_NODE_STATUS};
 use k8s_openapi::api::apps::v1::{Deployment, DeploymentSpec, DeploymentStrategy};
 use k8s_openapi::api::core::v1::{
-    Affinity, Container, LocalObjectReference, NodeAffinity, NodeSelector, NodeSelectorRequirement,
-    NodeSelectorTerm, PodSpec, PodTemplateSpec, Service, ServiceAccount, ServicePort, ServiceSpec,
+    Affinity, Container, EnvVar, EnvVarSource, LocalObjectReference, NodeAffinity, NodeSelector,
+    NodeSelectorRequirement, NodeSelectorTerm, ObjectFieldSelector, PodSpec, PodTemplateSpec,
+    Service, ServiceAccount, ServicePort, ServiceSpec,
 };
 use k8s_openapi::api::rbac::v1::{ClusterRole, ClusterRoleBinding, PolicyRule, RoleRef, Subject};
+use k8s_openapi::api::scheduling::v1::PriorityClass;
 use k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector;
 use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString;
 use kube::api::ObjectMeta;
@@ -189,10 +192,22 @@ pub fn controller_deployment(
                         image_pull_policy: None,
                         name: BRUPOP.to_string(),
                         command: Some(vec!["./controller".to_string()]),
+                        env: Some(vec![EnvVar {
+                            name: "MY_NODE_NAME".to_string(),
+                            value_from: Some(EnvVarSource {
+                                field_ref: Some(ObjectFieldSelector {
+                                    field_path: "spec.nodeName".to_string(),
+                                    ..Default::default()
+                                }),
+                                ..Default::default()
+                            }),
+                            ..Default::default()
+                        }]),
                         ..Default::default()
                     }],
                     image_pull_secrets,
                     service_account_name: Some(BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string()),
+                    priority_class_name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()),
                     ..Default::default()
                 }),
             },
@@ -233,3 +248,17 @@ pub fn controller_service() -> Service {
         ..Default::default()
     }
 }
+
+/// Defines the brupop-controller priority class
+pub fn controller_priority_class() -> PriorityClass {
+    PriorityClass {
+        metadata: ObjectMeta {
+            name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()),
+            namespace: Some(NAMESPACE.to_string()),
+            ..Default::default()
+        },
+        preemption_policy: Some(BRUPOP_CONTROLLER_PREEMPTION_POLICY.to_string()),
+        value: BRUPOP_CONTROLLER_PRIORITY_VALUE,
+        ..Default::default()
+    }
+}

yamlgen/build.rs

@@ -16,7 +16,7 @@ use models::{
     },
     controller::{
         controller_cluster_role, controller_cluster_role_binding, controller_deployment,
-        controller_service, controller_service_account,
+        controller_priority_class, controller_service, controller_service_account,
     },
     namespace::brupop_namespace,
     node::combined_crds,
@@ -81,6 +81,7 @@ fn main() {
     serde_yaml::to_writer(&brupop_resources, &controller_service_account()).unwrap();
     serde_yaml::to_writer(&brupop_resources, &controller_cluster_role()).unwrap();
     serde_yaml::to_writer(&brupop_resources, &controller_cluster_role_binding()).unwrap();
+    serde_yaml::to_writer(&brupop_resources, &controller_priority_class()).unwrap();
     serde_yaml::to_writer(
         &brupop_resources,
         &controller_deployment(brupop_image.clone(), brupop_image_pull_secrets.clone()),

yamlgen/deploy/bottlerocket-update-operator.yaml

@@ -533,6 +533,14 @@ subjects:
     name: brupop-controller-service-account
     namespace: brupop-bottlerocket-aws
 ---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: brupop-controller-high-priority
+  namespace: brupop-bottlerocket-aws
+preemptionPolicy: never
+value: 1000000
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -573,8 +581,14 @@ spec:
       containers:
         - command:
             - "./controller"
+          env:
+            - name: MY_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
           image: "public.ecr.aws/bottlerocket/bottlerocket-update-operator:v0.2.1"
           name: brupop
+      priorityClassName: brupop-controller-high-priority
       serviceAccountName: brupop-controller-service-account
 ---
 apiVersion: v1