From cb66d2cea39e8b773b4c28e89b58158c72286fc0 Mon Sep 17 00:00:00 2001 From: Pedro Coutinho Date: Tue, 22 Oct 2024 11:54:20 -0700 Subject: [PATCH] Set "system-node-critical" priority on calico-node-windows pods Fixes https://github.com/tigera/operator/issues/1852 --- pkg/render/node_test.go | 77 ++++++++++++++++++++++++++++++++++++++ pkg/render/windows.go | 3 ++ pkg/render/windows_test.go | 55 +++++++++++++++++++++++++++ 3 files changed, 135 insertions(+) diff --git a/pkg/render/node_test.go b/pkg/render/node_test.go index 007004ec87..52af636f34 100644 --- a/pkg/render/node_test.go +++ b/pkg/render/node_test.go @@ -250,8 +250,15 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true") + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // Node image override results in correct image. Expect(ds.Spec.Template.Spec.Containers).To(HaveLen(1)) Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(fmt.Sprintf("docker.io/%s:%s", components.ComponentCalicoNode.Image, components.ComponentCalicoNode.Version))) @@ -519,6 +526,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true") cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") @@ -793,6 +803,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version)) rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/etc/cni/net.d") @@ -887,6 +901,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct security context. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "calico-node") Expect(nodeContainer).ToNot(BeNil()) Expect(nodeContainer.SecurityContext).ToNot(BeNil()) @@ -1082,6 +1100,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true") cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") @@ -1246,6 +1267,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // CNI install container should not be present. cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") Expect(cniContainer).To(BeNil()) @@ -1379,6 +1403,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // CNI install container should not be present. cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") Expect(cniContainer).To(BeNil()) @@ -1496,6 +1523,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true") cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") @@ -1657,6 +1687,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // CNI install container should not be present. cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") Expect(cniContainer).To(BeNil()) @@ -1810,6 +1843,9 @@ var _ = Describe("Node rendering tests", func() { ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(fmt.Sprintf("docker.io/%s:%s", components.ComponentCalicoNode.Image, components.ComponentCalicoNode.Version))) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/var/run/multus/cni/net.d") // Verify volumes. In particular, we want to make sure the flexvol-driver-host volume uses the right @@ -1936,6 +1972,9 @@ var _ = Describe("Node rendering tests", func() { ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version)) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/var/run/multus/cni/net.d") // Verify the Flex volume container image. @@ -2032,6 +2071,9 @@ var _ = Describe("Node rendering tests", func() { ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version)) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/etc/cni/net.d") expectedNodeEnv := []corev1.EnvVar{ @@ -2128,6 +2170,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + volumes := ds.Spec.Template.Spec.Volumes // Expect(ds.Spec.Template.Spec.Volumes).To(Equal()) Expect(volumes).To(ContainElement( @@ -2162,6 +2208,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement( corev1.NodeSelectorTerm{ MatchExpressions: []corev1.NodeSelectorRequirement{{ @@ -2184,6 +2234,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement( corev1.NodeSelectorTerm{ MatchExpressions: []corev1.NodeSelectorRequirement{{ @@ -2225,6 +2279,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "interface=eth*") }) @@ -2241,6 +2299,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "skip-interface=eth*") }) @@ -2257,6 +2319,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "cidr=10.0.1.0/24,10.0.2.0/24") }) }) @@ -2292,6 +2358,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + ns := ds.Spec.Template.Spec.NodeSelector Expect(ns).To(HaveKey("projectcalico.org/operator-node-migration")) Expect(ns["projectcalico.org/operator-node-migration"]).To(Equal("migrated")) @@ -2475,6 +2545,9 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") rtest.ExpectEnv(cniContainer.Env, "CNI_NET_DIR", "/etc/cni/net.d") @@ -3067,6 +3140,10 @@ var _ = Describe("Node rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true") cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") diff --git a/pkg/render/windows.go b/pkg/render/windows.go index ddf9fd12aa..675dce0e94 100644 --- a/pkg/render/windows.go +++ b/pkg/render/windows.go @@ -881,9 +881,12 @@ func (c *windowsComponent) windowsDaemonset(cniCfgMap *corev1.ConfigMap) *appsv1 ds.Spec.Template.Spec.InitContainers = append(ds.Spec.Template.Spec.InitContainers, c.cniContainer()) } + setNodeCriticalPod(&(ds.Spec.Template)) + if overrides := c.cfg.Installation.CalicoNodeWindowsDaemonSet; overrides != nil { rcomp.ApplyDaemonSetOverrides(&ds, overrides) } + return &ds } diff --git a/pkg/render/windows_test.go b/pkg/render/windows_test.go index 0e858b0ed8..b2a48a9a32 100644 --- a/pkg/render/windows_test.go +++ b/pkg/render/windows_test.go @@ -248,6 +248,9 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // The calico-node-windows daemonset has 3 containers (felix, node and confd). // confd is only instantiated if using BGP. numContainers := 3 @@ -711,6 +714,9 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node-windows", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // The calico-node-windows daemonset has 3 containers (felix, node and confd). // confd is only instantiated if using BGP. numContainers := 3 @@ -1145,6 +1151,9 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // The calico-node-windows daemonset has 2 containers (felix, node) when using VXLAN Expect(ds.Spec.Template.Spec.Containers).To(HaveLen(2)) @@ -1352,6 +1361,9 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // CNI install container should not be present. cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") Expect(cniContainer).To(BeNil()) @@ -1492,6 +1504,9 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + // CNI install container should not be present. cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni") Expect(cniContainer).To(BeNil()) @@ -1543,6 +1558,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node-windows", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") Expect(felixContainer.Image).To(Equal(fmt.Sprintf("docker.io/%s:%s", components.ComponentCalicoNodeWindows.Image, components.ComponentCalicoNodeWindows.Version))) nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "node") @@ -1680,6 +1699,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node-windows", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") Expect(felixContainer.Image).To(Equal(fmt.Sprintf("%s%s:%s", components.TigeraRegistry, components.ComponentTigeraNodeWindows.Image, components.ComponentTigeraNodeWindows.Version))) nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "node") @@ -1832,6 +1855,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := rtest.GetResource(resources, "calico-node-windows", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") Expect(felixContainer.Image).To(Equal(fmt.Sprintf("%s%s:%s", components.TigeraRegistry, components.ComponentTigeraNodeWindows.Image, components.ComponentTigeraNodeWindows.Version))) nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "node") @@ -1967,6 +1994,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement( corev1.NodeSelectorTerm{ MatchExpressions: []corev1.NodeSelectorRequirement{{ @@ -1990,6 +2021,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement( corev1.NodeSelectorTerm{ MatchExpressions: []corev1.NodeSelectorRequirement{{ @@ -2016,6 +2051,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") rtest.ExpectEnv(felixContainer.Env, "IP_AUTODETECTION_METHOD", "can-reach=1.1.1.1") }) @@ -2033,6 +2072,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") rtest.ExpectEnv(felixContainer.Env, "IP_AUTODETECTION_METHOD", "interface=eth*") }) @@ -2050,6 +2093,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") rtest.ExpectEnv(felixContainer.Env, "IP_AUTODETECTION_METHOD", "skip-interface=eth*") }) @@ -2067,6 +2114,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "felix") rtest.ExpectEnv(felixContainer.Env, "IP_AUTODETECTION_METHOD", "cidr=10.0.1.0/24,10.0.2.0/24") }) @@ -2368,6 +2419,10 @@ var _ = Describe("Windows rendering tests", func() { // The DaemonSet should have the correct configuration. ds := dsResource.(*appsv1.DaemonSet) + + // The pod template should have node critical priority + Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName)) + nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "node") felixContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "node")