Sok3t/descheduler
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/descheduler.git synced 2026-01-26 05:14:13 +01:00
Code Packages Releases Activity

Streamline Deployment Docs For End Users

Browse Source 
The k8s YAML manifests for deploying the descheduler as a k8s job were
duplicated across the "examples" and "kubernetes" directories and also
in README.md. This change consolidates the YAML manifests into the
"kubernetes" directory and simplifies the installation instructions for end
users in README.md.

Additionally a k8s CronJob has been added.
This commit is contained in:
Sean Malloy
2019-12-13 00:35:05 -06:00
parent e2a23f2848
commit 55cf45a6ba
6 changed files with 55 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
README.md
View File

@@ -47,120 +47,40 @@ For more information about available options run:
$ ./_output/bin/descheduler --help
```
## Running Descheduler as a Job Inside of a Pod
## Running Descheduler as a Job or CronJob
Descheduler can be run as a job inside of a pod. It has the advantage of
The descheduler can be run as a job or cronjob inside of a pod. It has the advantage of
being able to be run multiple times without needing user intervention.
Descheduler pod is run as a critical pod to avoid being evicted by itself,
or by kubelet due to an eviction event. Since critical pods are created in
`kube-system` namespace, descheduler job and its pod will also be created
The descheduler pod is run as a critical pod to avoid being evicted by itself,
or by the kubelet due to an eviction event. Since critical pods are created in the
`kube-system` namespace, the descheduler job and its pod will also be created
in `kube-system` namespace.
### Create a container image
### Setup RBAC
First we create a simple Docker image utilizing the Dockerfile found in the root directory:
To give necessary permissions for the descheduler to work in a pod.
```
$ make dev-image
$ kubectl create -f kubernetes/rbac.yaml
```
This creates an image based off the binary we've built before. To build both the
binary and image in one step you can run the following command:
```
$ make image
```
This eliminates the need to have Go installed locally and builds the binary
within it's own container.
### Create a cluster role
To give necessary permissions for the descheduler to work in a pod, create a cluster role:
```
$ cat << EOF| kubectl create -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: descheduler-cluster-role
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list", "delete"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
EOF
```
### Create the service account which will be used to run the job:
```
$ kubectl create sa descheduler-sa -n kube-system
```
### Bind the cluster role to the service account:
```
$ kubectl create clusterrolebinding descheduler-cluster-role-binding \
--clusterrole=descheduler-cluster-role \
--serviceaccount=kube-system:descheduler-sa
```
### Create a configmap to store descheduler policy
Descheduler policy is created as a ConfigMap in `kube-system` namespace
so that it can be mounted as a volume inside pod.
```
$ kubectl create configmap descheduler-policy-configmap \
-n kube-system --from-file=<path-to-policy-dir/policy.yaml>
```
### Create the job specification (descheduler-job.yaml)
```
apiVersion: batch/v1
kind: Job
metadata:
name: descheduler-job
namespace: kube-system
spec:
parallelism: 1
completions: 1
template:
metadata:
name: descheduler-pod
spec:
priorityClassName: system-cluster-critical
containers:
- name: descheduler
image: descheduler
volumeMounts:
- mountPath: /policy-dir
name: policy-volume
command: ["/bin/descheduler", "--policy-config-file", "/policy-dir/policy.yaml", "-v", "1"]
restartPolicy: "Never"
serviceAccountName: descheduler-sa
volumes:
- name: policy-volume
configMap:
name: descheduler-policy-configmap
$ kubectl create -f kubernetes/configmap.yaml
```
Please note that the pod template is configured with critical pod annotation, and
the policy `policy-file` is mounted as a volume from the config map.
### Create a Job or CronJob
### Run the descheduler as a job in a pod:
As a Job.
```
$ kubectl create -f descheduler-job.yaml
$ kubectl create -f kubernetes/job.yaml
```
### Examples
See [descheduler.yaml](examples/descheduler.yaml) and [descheduler-job.yaml](examples/descheduler-job.yaml) for a combined yaml file of the above steps.
Or as a CronJob.
```
$ kubectl create -f kubernetes/cronjob.yaml
```
## Policy and Strategies

27
examples/descheduler-job.yaml
View File

@@ -1,27 +0,0 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: descheduler-job
namespace: kube-system
spec:
parallelism: 1
completions: 1
template:
metadata:
name: descheduler-pod
spec:
priorityClassName: system-cluster-critical
containers:
- name: descheduler
image: docker.io/aveshagarwal/descheduler:0.9.0
volumeMounts:
- mountPath: /policy-dir
name: policy-volume
command: ["/bin/descheduler", "--policy-config-file", "/policy-dir/policy.yaml", "-v", "1"]
restartPolicy: "Never"
serviceAccountName: descheduler-sa
volumes:
- name: policy-volume
configMap:
name: descheduler-policy-configmap

61
examples/descheduler.yaml
View File

@@ -1,61 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: descheduler-cluster-role
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list", "delete"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: descheduler-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: descheduler-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: descheduler-cluster-role
subjects:
- kind: ServiceAccount
name: descheduler-sa
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: descheduler-policy-configmap
namespace: kube-system
data:
policy.yaml: |
apiVersion: "descheduler/v1alpha1"
kind: "DeschedulerPolicy"
strategies:
"RemoveDuplicates":
enabled: true
"RemovePodsViolatingInterPodAntiAffinity":
enabled: true
"LowNodeUtilization":
enabled: true
params:
nodeResourceUtilizationThresholds:
thresholds:
"cpu" : 20
"memory": 20
"pods": 20
targetThresholds:
"cpu" : 50
"memory": 50
"pods": 50

1
kubernetes/configmap.yaml
View File

@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: ConfigMap
metadata:

35
kubernetes/cronjob.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: descheduler-cronjob
namespace: kube-system
spec:
schedule: "*/2 * * * *"
concurrencyPolicy: "Forbid"
jobTemplate:
spec:
template:
metadata:
name: descheduler-pod
spec:
priorityClassName: system-cluster-critical
containers:
- name: descheduler
image: docker.io/aveshagarwal/descheduler:0.9.0 # TODO: change to official gcr.io registry when ready
volumeMounts:
- mountPath: /policy-dir
name: policy-volume
command:
- "/bin/descheduler"
args:
- "--policy-config-file"
- "/policy-dir/policy.yaml"
- "--v"
- "3"
restartPolicy: "Never"
serviceAccountName: descheduler-sa
volumes:
- name: policy-volume
configMap:
name: descheduler-policy-configmap

6
kubernetes/job.yaml
View File

@@ -1,3 +1,4 @@
---
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,12 +10,11 @@ spec:
template:
metadata:
name: descheduler-pod
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
priorityClassName: system-cluster-critical
containers:
- name: descheduler
image: descheduler:latest
image: docker.io/aveshagarwal/descheduler:0.9.0 # TODO: change to official gcr.io registry when ready
volumeMounts:
- mountPath: /policy-dir
name: policy-volume