kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3844 from justinsb/fix_cpu_cni 

Automatic merge from submit-queue.

Fix CNI CPU allocations

* Limit each CNI provider to 100m

* Remove CPU limits - they cause serious problems
(https://github.com/kubernetes/kubernetes/issues/51135), but this also
makes the CPU allocation less problematic.

* Bump versions and start introducing the `-kops.1` suffix preemptively.

* Upgrade flannel to 0.9.0 as it fixes a lot.

Builds on #3843
This commit is contained in:
Kubernetes Submit Queue 2017-11-13 13:09:52 -08:00 committed by GitHub
parent e934a84d21 148a65e1ad
commit 98b2437bc0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 48 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/development/instancesizes.md
View File

@ -20,3 +20,7 @@ Note these are only _requests_, not limits.
less if we start reserving capacity on the master. less if we start reserving capacity on the master.
* kube-dns is relatively CPU hungry, and runs on the nodes. * kube-dns is relatively CPU hungry, and runs on the nodes.
* We restrict CNI controllers to 100m. If a controller needs more, it can support a user-settable option.
* Setting a resource limit is a bad idea: https://github.com/kubernetes/kubernetes/issues/51135

35
upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template
View File

@ -97,9 +97,23 @@ spec:
serviceAccountName: flannel serviceAccountName: flannel
tolerations: tolerations:
- operator: Exists - operator: Exists
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.9.0-amd64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conf
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers: containers:
- name: kube-flannel - name: kube-flannel
image: quay.io/coreos/flannel:v0.7.1 image: quay.io/coreos/flannel:v0.9.0-amd64
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
securityContext: securityContext:
privileged: true privileged: true
@ -114,31 +128,14 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
resources: resources:
limits: limits:
cpu: 100m
memory: 100Mi memory: 100Mi
requests: requests:
cpu: 100m cpu: 100Mi
memory: 100Mi
volumeMounts: volumeMounts:
- name: run - name: run
mountPath: /run mountPath: /run
- name: flannel-cfg - name: flannel-cfg
mountPath: /etc/kube-flannel/ mountPath: /etc/kube-flannel/
- name: install-cni
image: quay.io/coreos/flannel:v0.7.1
command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ]
resources:
limits:
cpu: 10m
memory: 25Mi
requests:
cpu: 10m
memory: 25Mi
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes: volumes:
- name: run - name: run
hostPath: hostPath:

1
upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template
View File

@ -72,7 +72,6 @@ spec:
cpu: 100m cpu: 100m
memory: 100Mi memory: 100Mi
requests: requests:
cpu: 100m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: run - name: run

2
upup/models/cloudup/resources/addons/networking.kope.io/k8s-1.6.yaml
View File

@ -22,7 +22,7 @@ spec:
containers: containers:
- resources: - resources:
requests: requests:
cpu: 20m cpu: 50m
memory: 100Mi memory: 100Mi
limits: limits:
memory: 100Mi memory: 100Mi

2
upup/models/cloudup/resources/addons/networking.kope.io/pre-k8s-1.6.yaml
View File

@ -22,7 +22,7 @@ spec:
containers: containers:
- resources: - resources:
requests: requests:
cpu: 20m cpu: 50m
memory: 100Mi memory: 100Mi
limits: limits:
memory: 100Mi memory: 100Mi

2
upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.6.yaml.template
View File

@ -51,7 +51,7 @@ spec:
fieldPath: spec.nodeName fieldPath: spec.nodeName
resources: resources:
requests: requests:
cpu: 250m cpu: 100m
memory: 250Mi memory: 250Mi
securityContext: securityContext:
privileged: true privileged: true

2
upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.6.yaml.template
View File

@ -139,7 +139,7 @@ spec:
privileged: true privileged: true
resources: resources:
requests: requests:
cpu: 250m cpu: 100m
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules

7
upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.8.yaml.template
View File

@ -149,10 +149,8 @@ spec:
securityContext: securityContext:
privileged: true privileged: true
resources: resources:
limits:
cpu: 250m
requests: requests:
cpu: 250m cpu: 50m
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /liveness path: /liveness
@ -221,10 +219,9 @@ spec:
key: masquerade key: masquerade
resources: resources:
limits: limits:
cpu: 100m
memory: 100Mi memory: 100Mi
requests: requests:
cpu: 100m cpu: 50m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: run - name: run

2
upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/pre-k8s-1.6.yaml.template
View File

@ -131,7 +131,7 @@ spec:
privileged: true privileged: true
resources: resources:
requests: requests:
cpu: 250m cpu: 100m
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules

7
upup/models/cloudup/resources/addons/networking.romana/k8s-1.6.yaml.template
View File

@ -144,7 +144,6 @@ spec:
cpu: 10m cpu: 10m
memory: 64Mi memory: 64Mi
limits: limits:
cpu: 10m
memory: 64Mi memory: 64Mi
args: args:
- --cloud=aws - --cloud=aws
@ -178,7 +177,6 @@ spec:
cpu: 10m cpu: 10m
memory: 64Mi memory: 64Mi
limits: limits:
cpu: 10m
memory: 64Mi memory: 64Mi
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
@ -209,7 +207,6 @@ spec:
cpu: 25m cpu: 25m
memory: 128Mi memory: 128Mi
limits: limits:
cpu: 25m
memory: 128Mi memory: 128Mi
env: env:
- name: NODENAME - name: NODENAME
@ -309,7 +306,6 @@ spec:
cpu: 10m cpu: 10m
memory: 64Mi memory: 64Mi
limits: limits:
cpu: 10m
memory: 64Mi memory: 64Mi
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
@ -336,10 +332,9 @@ spec:
imagePullPolicy: Always imagePullPolicy: Always
resources: resources:
requests: requests:
cpu: 50m cpu: 45m
memory: 128Mi memory: 128Mi
limits: limits:
cpu: 50m
memory: 128Mi memory: 128Mi
args: args:
- --etcd_use_v2 - --etcd_use_v2

6
upup/models/cloudup/resources/addons/networking.weave/k8s-1.6.yaml.template
View File

@ -92,10 +92,9 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true
@ -122,10 +121,9 @@ spec:
image: 'weaveworks/weave-npc:2.0.5' image: 'weaveworks/weave-npc:2.0.5'
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true

6
upup/models/cloudup/resources/addons/networking.weave/k8s-1.7.yaml.template
View File

@ -92,10 +92,9 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true
@ -124,10 +123,9 @@ spec:
image: 'weaveworks/weave-npc:2.0.5' image: 'weaveworks/weave-npc:2.0.5'
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true

6
upup/models/cloudup/resources/addons/networking.weave/pre-k8s-1.6.yaml.template
View File

@ -51,10 +51,9 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true
@ -81,10 +80,9 @@ spec:
image: 'weaveworks/weave-npc:2.0.5' image: 'weaveworks/weave-npc:2.0.5'
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 200Mi memory: 200Mi
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
securityContext: securityContext:
privileged: true privileged: true

23
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View File

@ -341,6 +341,8 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
// TODO: Create configuration object for cni providers (maybe create it but orphan it)? // TODO: Create configuration object for cni providers (maybe create it but orphan it)?
// NOTE: we try to suffix with -kops.1, so that we can increment versions even if the upstream version
// hasn't changed. The problem with semver is that there is nothing > 1.0.0 other than 1.0.1-pre.1
networkingSelector := map[string]string{"role.kubernetes.io/networking": "1"} networkingSelector := map[string]string{"role.kubernetes.io/networking": "1"}
if b.cluster.Spec.Networking.Kopeio != nil { if b.cluster.Spec.Networking.Kopeio != nil {
@ -380,8 +382,8 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
if b.cluster.Spec.Networking.Weave != nil { if b.cluster.Spec.Networking.Weave != nil {
key := "networking.weave" key := "networking.weave"
// 2.0.6-kops.1 = 2.0.5 with kops manifest tweaks. This should go away with the next version bump.
version := "2.0.5" version := "2.0.6-kops.1"
{ {
location := key + "/pre-k8s-1.6.yaml" location := key + "/pre-k8s-1.6.yaml"
@ -431,9 +433,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
if b.cluster.Spec.Networking.Flannel != nil { if b.cluster.Spec.Networking.Flannel != nil {
key := "networking.flannel" key := "networking.flannel"
version := "0.9.0-kops.1"
// 0.7.2-kops.1 = 0.7.1 + hairpinMode fix
version := "0.7.2-kops.1"
{ {
location := key + "/pre-k8s-1.6.yaml" location := key + "/pre-k8s-1.6.yaml"
@ -503,10 +503,11 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
if b.cluster.Spec.Networking.Canal != nil { if b.cluster.Spec.Networking.Canal != nil {
key := "networking.projectcalico.org.canal" key := "networking.projectcalico.org.canal"
// 2.6.3-kops.1 = 2.6.2 with kops manifest tweaks. This should go away with the next version bump.
versions := map[string]string{ versions := map[string]string{
"pre-k8s-1.6": "2.4.1", "pre-k8s-1.6": "2.4.2-kops.1",
"k8s-1.6": "2.4.1", "k8s-1.6": "2.4.2-kops.1",
"k8s-1.8": "2.6.2", "k8s-1.8": "2.6.3-kops.1",
} }
{ {
@ -557,8 +558,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
if b.cluster.Spec.Networking.Kuberouter != nil { if b.cluster.Spec.Networking.Kuberouter != nil {
key := "networking.kuberouter" key := "networking.kuberouter"
version := "0.1.1-kops.1"
version := "0.1.0"
{ {
location := key + "/k8s-1.6.yaml" location := key + "/k8s-1.6.yaml"
@ -578,8 +578,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
if b.cluster.Spec.Networking.Romana != nil { if b.cluster.Spec.Networking.Romana != nil {
key := "networking.romana" key := "networking.romana"
version := "v2.0-preview.3"
version := "v2.0-preview.2"
{ {
location := key + "/k8s-1.6.yaml" location := key + "/k8s-1.6.yaml"

6
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
View File

@ -69,18 +69,18 @@ spec:
name: networking.weave name: networking.weave
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"
version: 2.0.5 version: 2.0.6-kops.1
- id: k8s-1.6 - id: k8s-1.6
kubernetesVersion: '>=1.6.0 <1.7.0' kubernetesVersion: '>=1.6.0 <1.7.0'
manifest: networking.weave/k8s-1.6.yaml manifest: networking.weave/k8s-1.6.yaml
name: networking.weave name: networking.weave
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"
version: 2.0.5 version: 2.0.6-kops.1
- id: k8s-1.7 - id: k8s-1.7
kubernetesVersion: '>=1.7.0' kubernetesVersion: '>=1.7.0'
manifest: networking.weave/k8s-1.7.yaml manifest: networking.weave/k8s-1.7.yaml
name: networking.weave name: networking.weave
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"
version: 2.0.5 version: 2.0.6-kops.1