viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upgrade descheduler and update configs [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-01-05 23:23:55 +00:00
parent f291d8545b
commit f214aaa66e
1 changed files with 69 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

107
modules/kubernetes/descheduler/main.tf
View file

@ -21,7 +21,7 @@ resource "kubernetes_cluster_role" "descheduler" {
rule { rule {
api_groups = [""] api_groups = [""]
resources = ["namespaces"] resources = ["namespaces"]
verbs = ["get", "list"] verbs = ["get", "list", "watch"]
} }
rule { rule {
api_groups = [""] api_groups = [""]
@ -38,6 +38,16 @@ resource "kubernetes_cluster_role" "descheduler" {
resources = ["scheduling.k8s.io"] resources = ["scheduling.k8s.io"]
verbs = ["get", "watch", "list"] verbs = ["get", "watch", "list"]
} }
rule {
api_groups = ["scheduling.k8s.io"]
resources = ["priorityclasses"]
verbs = ["get", "list", "watch"]
}
rule {
api_groups = ["policy"]
resources = ["poddisruptionbudgets"]
verbs = ["get", "list", "watch"]
}
} }
resource "kubernetes_service_account" "descheduler" { resource "kubernetes_service_account" "descheduler" {
@ -70,47 +80,68 @@ resource "kubernetes_config_map" "policy" {
name = "policy-configmap" name = "policy-configmap"
} }
data = { data = {
# "policy.yaml" = <<-EOF
# apiVersion: "descheduler/v1alpha1"
# maxNoOfPodsToEvictPerNode: 20
# kind: "DeschedulerPolicy"
# strategies:
# "RemoveDuplicates":
# enabled: true
# "RemovePodsViolatingInterPodAntiAffinity":
# enabled: true
# "LowNodeUtilization":
# enabled: true
# params:
# nodeResourceUtilizationThresholds:
# thresholds:
# "cpu" : 50
# "memory": 30
# "pods": 20
# targetThresholds:
# "cpu" : 70
# "memory": 30
# "pods": 50
# "HighNodeUtilization":
# enabled: true
# params:
# nodeResourceUtilizationThresholds:
# thresholds:
# "cpu" : 20
# "memory": 80
# "pods": 20
# "PodLifeTime":
# enabled: true
# params:
# podLifeTime:
# maxPodLifeTimeSeconds: 604800
# namespaces:
# exclude:
# - "monitoring"
# - "kube-system"
# EOF
"policy.yaml" = <<-EOF "policy.yaml" = <<-EOF
apiVersion: "descheduler/v1alpha1" capiVersion: "descheduler/v1alpha2"
maxNoOfPodsToEvictPerNode: 20
kind: "DeschedulerPolicy" kind: "DeschedulerPolicy"
strategies: profiles:
"RemoveDuplicates": - name: ProfileName
enabled: true pluginConfig:
"RemovePodsViolatingInterPodAntiAffinity": - name: "LowNodeUtilization"
enabled: true args:
"LowNodeUtilization":
enabled: true
params:
nodeResourceUtilizationThresholds:
thresholds:
"cpu" : 50
"memory": 30
"pods": 20
targetThresholds:
"cpu" : 70
"memory": 30
"pods": 50
"HighNodeUtilization":
enabled: true
params:
nodeResourceUtilizationThresholds:
thresholds: thresholds:
"cpu" : 20 "cpu" : 20
"memory": 80 "memory": 20
"pods": 20 "pods": 20
"PodLifeTime": targetThresholds:
enabled: true "cpu" : 20
params: "memory": 20
podLifeTime: "pods": 20
maxPodLifeTimeSeconds: 604800 metricsUtilization:
namespaces: metricsServer: true
exclude: plugins:
- "bind" balance:
- "monitoring" enabled:
- "kube-system" - "LowNodeUtilization"
- "wireguard" EOF
EOF
} }
} }
@ -135,7 +166,7 @@ resource "kubernetes_cron_job_v1" "descheduler" {
priority_class_name = "system-cluster-critical" priority_class_name = "system-cluster-critical"
container { container {
name = "descheduler" name = "descheduler"
image = "k8s.gcr.io/descheduler/descheduler:v0.20.0" image = "k8s.gcr.io/descheduler/descheduler:v0.28.0"
volume_mount { volume_mount {
mount_path = "/policy-dir" mount_path = "/policy-dir"
name = "policy-volume" name = "policy-volume"