Set "system-node-critical" priority on calico-node-windows pods (#3558)

Fixes #1852
tigera · Oct 23, 2024 · 7e84780 · 7e84780
1 parent 80c1381
commit 7e84780
Show file tree

Hide file tree

Showing 3 changed files with 135 additions and 0 deletions.
diff --git a/pkg/render/node_test.go b/pkg/render/node_test.go
@@ -236,8 +236,15 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true")
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				// Node image override results in correct image.
 				Expect(ds.Spec.Template.Spec.Containers).To(HaveLen(1))
 				Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(fmt.Sprintf("docker.io/%s:%s", components.ComponentCalicoNode.Image, components.ComponentCalicoNode.Version)))
@@ -504,6 +511,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true")
 
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
@@ -777,6 +787,10 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct configuration.
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version))
 				rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/etc/cni/net.d")
 
@@ -870,6 +884,10 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct security context.
 				ds := dsResource.(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				nodeContainer := rtest.GetContainer(ds.Spec.Template.Spec.Containers, "calico-node")
 				Expect(nodeContainer).ToNot(BeNil())
 				Expect(nodeContainer.SecurityContext).ToNot(BeNil())
@@ -1064,6 +1082,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true")
 
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
@@ -1228,6 +1249,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				// CNI install container should not be present.
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
 				Expect(cniContainer).To(BeNil())
@@ -1361,6 +1385,9 @@ var _ = Describe("Node rendering tests", func() {
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
 
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					// CNI install container should not be present.
 					cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
 					Expect(cniContainer).To(BeNil())
@@ -1477,6 +1504,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true")
 
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
@@ -1638,6 +1668,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				// CNI install container should not be present.
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
 				Expect(cniContainer).To(BeNil())
@@ -1790,6 +1823,9 @@ var _ = Describe("Node rendering tests", func() {
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
 				Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(fmt.Sprintf("docker.io/%s:%s", components.ComponentCalicoNode.Image, components.ComponentCalicoNode.Version)))
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/var/run/multus/cni/net.d")
 
 				// Verify volumes. In particular, we want to make sure the flexvol-driver-host volume uses the right
@@ -1915,6 +1951,9 @@ var _ = Describe("Node rendering tests", func() {
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
 				Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version))
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/var/run/multus/cni/net.d")
 
 				// Verify the Flex volume container image.
@@ -2010,6 +2049,9 @@ var _ = Describe("Node rendering tests", func() {
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
 				Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(components.TigeraRegistry + "tigera/cnx-node:" + components.ComponentTigeraNode.Version))
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").Env, "CNI_NET_DIR", "/etc/cni/net.d")
 
 				expectedNodeEnv := []corev1.EnvVar{
@@ -2105,6 +2147,10 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct configuration.
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				volumes := ds.Spec.Template.Spec.Volumes
 				// Expect(ds.Spec.Template.Spec.Volumes).To(Equal())
 				Expect(volumes).To(ContainElement(
@@ -2139,6 +2185,10 @@ var _ = Describe("Node rendering tests", func() {
 
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
+
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement(
 						corev1.NodeSelectorTerm{
 							MatchExpressions: []corev1.NodeSelectorRequirement{{
@@ -2161,6 +2211,10 @@ var _ = Describe("Node rendering tests", func() {
 
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
+
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					Expect(ds.Spec.Template.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms).To(ContainElement(
 						corev1.NodeSelectorTerm{
 							MatchExpressions: []corev1.NodeSelectorRequirement{{
@@ -2202,6 +2256,10 @@ var _ = Describe("Node rendering tests", func() {
 
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
+
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "interface=eth*")
 				})
 
@@ -2218,6 +2276,10 @@ var _ = Describe("Node rendering tests", func() {
 
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
+
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "skip-interface=eth*")
 				})
 
@@ -2234,6 +2296,10 @@ var _ = Describe("Node rendering tests", func() {
 
 					// The DaemonSet should have the correct configuration.
 					ds := dsResource.(*appsv1.DaemonSet)
+
+					// The pod template should have node critical priority
+					Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 					rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "IP_AUTODETECTION_METHOD", "cidr=10.0.1.0/24,10.0.2.0/24")
 				})
 			})
@@ -2269,6 +2335,10 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				ns := ds.Spec.Template.Spec.NodeSelector
 				Expect(ns).To(HaveKey("projectcalico.org/operator-node-migration"))
 				Expect(ns["projectcalico.org/operator-node-migration"]).To(Equal("migrated"))
@@ -2451,6 +2521,9 @@ var _ = Describe("Node rendering tests", func() {
 				// The DaemonSet should have the correct configuration.
 				ds := rtest.GetResource(resources, "calico-node", "calico-system", "apps", "v1", "DaemonSet").(*appsv1.DaemonSet)
 
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")
 				rtest.ExpectEnv(cniContainer.Env, "CNI_NET_DIR", "/etc/cni/net.d")
 
@@ -3042,6 +3115,10 @@ var _ = Describe("Node rendering tests", func() {
 
 				// The DaemonSet should have the correct configuration.
 				ds := dsResource.(*appsv1.DaemonSet)
+
+				// The pod template should have node critical priority
+				Expect(ds.Spec.Template.Spec.PriorityClassName).To(Equal(render.NodePriorityClassName))
+
 				rtest.ExpectEnv(ds.Spec.Template.Spec.Containers[0].Env, "NO_DEFAULT_POOLS", "true")
 
 				cniContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni")

diff --git a/pkg/render/windows.go b/pkg/render/windows.go
@@ -881,9 +881,12 @@ func (c *windowsComponent) windowsDaemonset(cniCfgMap *corev1.ConfigMap) *appsv1
 		ds.Spec.Template.Spec.InitContainers = append(ds.Spec.Template.Spec.InitContainers, c.cniContainer())
 	}
 
+	setNodeCriticalPod(&(ds.Spec.Template))
+
 	if overrides := c.cfg.Installation.CalicoNodeWindowsDaemonSet; overrides != nil {
 		rcomp.ApplyDaemonSetOverrides(&ds, overrides)
 	}
+
 	return &ds
 }