Add PriorityClass and docs update (#816)

Signed-off-by: Oleg Selin <oleg.selin@renhealth.com>

contrib/bootkube/kube-router.yaml

@@ -12,9 +12,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       containers:
       - name: kube-router
         image: cloudnativelabs/kube-router

daemonset/generic-kuberouter-all-features-advertise-routes.yaml

@@ -62,9 +62,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       containers:
       - name: kube-router

daemonset/generic-kuberouter-all-features.yaml

@@ -62,9 +62,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       containers:
       - name: kube-router

daemonset/generic-kuberouter-only-advertise-routes.yaml

@@ -17,9 +17,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       containers:
       - name: kube-router

daemonset/generic-kuberouter.yaml

@@ -43,9 +43,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       containers:
       - name: kube-router

daemonset/kube-router-all-service-daemonset-advertise-routes.yaml

@@ -39,9 +39,8 @@ spec:
     metadata:
       labels:
         k8s-app: kube-router
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       containers:
       - name: kube-router
         image: docker.io/cloudnativelabs/kube-router

daemonset/kube-router-all-service-daemonset.yaml

@@ -39,9 +39,8 @@ spec:
     metadata:
       labels:
         k8s-app: kube-router
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       containers:
       - name: kube-router
         image: docker.io/cloudnativelabs/kube-router

daemonset/kube-router-firewall-daemonset.yaml

@@ -39,9 +39,8 @@ spec:
     metadata:
       labels:
         k8s-app: kube-router
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       containers:
       - name: kube-router
         image: docker.io/cloudnativelabs/kube-router

daemonset/kube-router-proxy-daemonset.yaml

@@ -39,9 +39,8 @@ spec:
     metadata:
       labels:
         k8s-app: kube-router
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       containers:
       - name: kube-router
         image: docker.io/cloudnativelabs/kube-router

daemonset/kubeadm-kuberouter-all-features-dsr.yaml

@@ -42,9 +42,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       serviceAccount: kube-router
       containers:

daemonset/kubeadm-kuberouter-all-features-hostport.yaml

@@ -49,9 +49,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       serviceAccount: kube-router
       containers:

daemonset/kubeadm-kuberouter-all-features.yaml

@@ -42,9 +42,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       serviceAccount: kube-router
       containers:

daemonset/kubeadm-kuberouter.yaml

@@ -42,9 +42,8 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: kube-router
       serviceAccount: kube-router
       containers:

docs/generic.md

@@ -31,7 +31,7 @@ For example:
 
 ## Running kube-router with everything
 
-This runs kube-router with pod/service networking, the network policy firewall, and service proxy to replace kube-proxy. The example command uses `10.32.0.0/12` as the pod CIDR address range and `https://cluster01.int.domain.com:6443` as the [apiserver](https://kubernetes.io/docs/reference/generated/kube-apiserver/) address. Please change these to suit your cluster.
+This runs kube-router in Kubernetes v1.8+ with pod/service networking, the network policy firewall, and service proxy to replace kube-proxy. The example command uses `10.32.0.0/12` as the pod CIDR address range and `https://cluster01.int.domain.com:6443` as the [apiserver](https://kubernetes.io/docs/reference/generated/kube-apiserver/) address. Please change these to suit your cluster.
 
     CLUSTERCIDR=10.32.0.0/12 \
     APISERVER=https://cluster01.int.domain.com:6443 \
@@ -53,7 +53,7 @@ Any iptables rules kube-proxy left around will also need to be cleaned up. This
 
 ## Running kube-router without the service proxy
 
-This runs kube-router with pod/service networking and the network policy firewall. The Services proxy is disabled.
+This runs kube-router in Kubernetes v1.8+ with pod/service networking and the network policy firewall. The Services proxy is disabled.
 
     kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/generic-kuberouter.yaml
 

docs/kubeadm.md

@@ -8,7 +8,7 @@ Kube-router provides pod networking, network policy and high perfoming IPVS/LVS
 
 ## kube-router providing pod networking and network policy
 
-For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command:
+For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command (Kubernetes version should be at least 1.8):
 
 ```sh
 KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml
@@ -16,7 +16,7 @@ KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercon
 
 ## kube-router providing service proxy, firewall and pod networking.
 
-For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command:
+For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command (Kubernetes version should be at least 1.8):
 
 ```sh
 KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter-all-features.yaml

docs/user-guide.md

@@ -93,13 +93,13 @@ Usage of kube-router:
 
 - If you choose to use kube-router for pod-to-pod network connectivity then Kubernetes controller manager need to be configured to allocate pod CIDRs by passing `--allocate-node-cidrs=true` flag and providing a `cluster-cidr` (i.e. by passing --cluster-cidr=10.1.0.0/16 for e.g.)
 
-- If you choose to run kube-router as daemonset, then both kube-apiserver and kubelet must be run with `--allow-privileged=true` option
+- If you choose to run kube-router as daemonset in Kubernetes version below v1.15, both kube-apiserver and kubelet must be run with `--allow-privileged=true` option. In later Kubernetes versions, only kube-apiserver must be run with `--allow-privileged=true` option and if PodSecurityPolicy admission controller is enabled, you should create PodSecurityPolicy, allowing privileged kube-router pods.
 
 - If you choose to use kube-router for pod-to-pod network connecitvity then Kubernetes cluster must be configured to use CNI network plugins. On each node CNI conf file is expected to be present as /etc/cni/net.d/10-kuberouter.conf .`bridge` CNI plugin and `host-local` for IPAM should be used. A sample conf file that can be downloaded as `wget -O /etc/cni/net.d/10-kuberouter.conf https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/cni/10-kuberouter.conf`
 
 ## running as daemonset
 
-This is quickest way to deploy kube-router (**dont forget to ensure the requirements**). Just run
+This is quickest way to deploy kube-router in Kubernetes v1.8+ (**dont forget to ensure the requirements**). Just run
 
 ```
 kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kube-router-all-service-daemonset.yaml