From 11af335db7c6725d74ab1a04fbb1e11ee27b3e99 Mon Sep 17 00:00:00 2001
From: Justin Santa Barbara <justin@fathomdb.com>
Date: Wed, 1 Mar 2017 00:32:13 -0500
Subject: [PATCH] Set OOM for kube-proxy

The equivalent of https://github.com/kubernetes/kubernetes/pull/41700
---
 .../kubernetes/manifests/kube-proxy.manifest.template  | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/upup/models/nodeup/_kubernetes_pool/kube-proxy/files/etc/kubernetes/manifests/kube-proxy.manifest.template b/upup/models/nodeup/_kubernetes_pool/kube-proxy/files/etc/kubernetes/manifests/kube-proxy.manifest.template
index 112a0ada53..0b2140c013 100644
--- a/upup/models/nodeup/_kubernetes_pool/kube-proxy/files/etc/kubernetes/manifests/kube-proxy.manifest.template
+++ b/upup/models/nodeup/_kubernetes_pool/kube-proxy/files/etc/kubernetes/manifests/kube-proxy.manifest.template
@@ -4,7 +4,15 @@ kind: Pod
 metadata:
   name: kube-proxy
   namespace: kube-system
+  # This annotation ensures that kube-proxy does not get evicted if the node
+  # supports critical pod annotation based priority scheme.
+  # Note that kube-proxy runs as a static pod so this annotation does NOT have
+  # any effect on rescheduler (default scheduler and rescheduler are not
+  # involved in scheduling kube-proxy).
+  annotations:
+    scheduler.alpha.kubernetes.io/critical-pod: ''
   labels:
+    tier: node
     k8s-app: kube-proxy
 spec:
   hostNetwork: true
@@ -17,7 +25,7 @@ spec:
     command:
     - /bin/sh
     - -c
-    - kube-proxy --kubeconfig=/var/lib/kube-proxy/kubeconfig --resource-container="" {{ BuildFlags KubeProxy }} 1>>/var/log/kube-proxy.log 2>&1
+    - echo -998 > /proc/$$$/oom_score_adj && kube-proxy --kubeconfig=/var/lib/kube-proxy/kubeconfig --resource-container="" {{ BuildFlags KubeProxy }} 1>>/var/log/kube-proxy.log 2>&1
     securityContext:
       privileged: true
     volumeMounts: