From 65e7093ee79be30951814ef1802018a4126cf481 Mon Sep 17 00:00:00 2001 From: Jelmer Snoeck Date: Thu, 15 Feb 2018 16:49:34 +0100 Subject: [PATCH 1/3] Use scratch image for container. By disabling CGO, we can use the `scratch` image instead of the `fedora` image, allowing a lighter weight image. --- Dockerfile | 5 ++--- Makefile | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9772958d4..74a620037 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,10 +11,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -FROM fedora +FROM scratch MAINTAINER Avesh Agarwal COPY _output/bin/descheduler /bin/descheduler -CMD ["/bin/descheduler --help"] +CMD ["/bin/descheduler", "--help"] diff --git a/Makefile b/Makefile index b00e53c72..32c558c80 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ IMAGE:=descheduler:$(VERSION) all: build build: - go build ${LDFLAGS} -o _output/bin/descheduler github.com/kubernetes-incubator/descheduler/cmd/descheduler + CGO_ENABLED=0 go build ${LDFLAGS} -o _output/bin/descheduler github.com/kubernetes-incubator/descheduler/cmd/descheduler image: build docker build -t $(IMAGE) . From 471aeb5ea4b35840291aa3b36f43fd25027bbf7b Mon Sep 17 00:00:00 2001 From: Jelmer Snoeck Date: Thu, 15 Feb 2018 16:52:11 +0100 Subject: [PATCH 2/3] Set up multistage Docker build. By setting up a multistage Docker build, we can create the container image in a single command. This eliminates external setup and allows us to build this automatically on registries. --- Dockerfile | 9 ++++++++- Dockerfile.dev | 20 ++++++++++++++++++++ Makefile | 5 ++++- 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 Dockerfile.dev diff --git a/Dockerfile b/Dockerfile index 74a620037..1716570a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,9 +11,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +FROM golang:1.9.2 + +WORKDIR /go/src/github.com/kubernetes-incubator/descheduler +COPY . . +RUN make + FROM scratch MAINTAINER Avesh Agarwal -COPY _output/bin/descheduler /bin/descheduler +COPY --from=0 /go/src/github.com/kubernetes-incubator/descheduler/_output/bin/descheduler /bin/descheduler + CMD ["/bin/descheduler", "--help"] diff --git a/Dockerfile.dev b/Dockerfile.dev new file mode 100644 index 000000000..e661ba223 --- /dev/null +++ b/Dockerfile.dev @@ -0,0 +1,20 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FROM scratch + +MAINTAINER Avesh Agarwal + +COPY _output/bin/descheduler /bin/descheduler + +CMD ["/bin/descheduler", "--help"] diff --git a/Makefile b/Makefile index 32c558c80..147ed8f82 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,10 @@ all: build build: CGO_ENABLED=0 go build ${LDFLAGS} -o _output/bin/descheduler github.com/kubernetes-incubator/descheduler/cmd/descheduler -image: build +dev-image: build + docker build -f Dockerfile.dev -t $(IMAGE) . + +image: docker build -t $(IMAGE) . clean: From 3dd7de8132c208f1dda2f9d75e00c9e00c4967fd Mon Sep 17 00:00:00 2001 From: Jelmer Snoeck Date: Fri, 16 Feb 2018 08:55:55 +0100 Subject: [PATCH 3/3] Use `docker` target in README. --- README.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 88fec866d..a73e68875 100644 --- a/README.md +++ b/README.md @@ -56,10 +56,20 @@ in `kube-system` namespace. First we create a simple Docker image utilizing the Dockerfile found in the root directory: +``` +$ make dev-image +``` + +This creates an image based off the binary we've built before. To build both the +binary and image in one step you can run the following command: + ``` $ make image ``` +This eliminates the need to have Go installed locally and builds the binary +within it's own container. + ### Create a cluster role To give necessary permissions for the descheduler to work in a pod, create a cluster role: @@ -150,7 +160,7 @@ $ kubectl create -f descheduler-job.yaml ``` ## Policy and Strategies - + Descheduler's policy is configurable and includes strategies to be enabled or disabled. Three strategies, `RemoveDuplicates`, `LowNodeUtilization`, `RemovePodsViolatingInterPodAntiAffinity` are currently implemented. As part of the policy, the parameters associated with the strategies can be configured too. @@ -232,12 +242,12 @@ strategies: When the descheduler decides to evict pods from a node, it employs following general mechanism: -* Critical pods (with annotations scheduler.alpha.kubernetes.io/critical-pod) are never evicted. +* Critical pods (with annotations scheduler.alpha.kubernetes.io/critical-pod) are never evicted. * Pods (static or mirrored pods or stand alone pods) not part of an RC, RS, Deployment or Jobs are never evicted because these pods won't be recreated. * Pods associated with DaemonSets are never evicted. * Pods with local storage are never evicted. -* Best efforts pods are evicted before Burstable and Guaranteed pods. +* Best efforts pods are evicted before Burstable and Guaranteed pods. ### Pod disruption Budget (PDB) Pods subject to Pod Disruption Budget (PDB) are not evicted if descheduling violates its pod @@ -248,7 +258,7 @@ disruption budget (PDB). The pods are evicted by using eviction subresource to h This roadmap is not in any particular order. * Strategy to consider taints and tolerations -* Consideration of pod affinity +* Consideration of pod affinity * Strategy to consider pod life time * Strategy to consider number of pending pods * Integration with cluster autoscaler