From dca10e9464ba71f3cc80a6d0441b38c4949f37c8 Mon Sep 17 00:00:00 2001
From: Bryan Zubrod <bzub@users.noreply.github.com>
Date: Thu, 13 Jul 2017 00:32:36 -0500
Subject: [PATCH] daemonset: Critical pod, toleration, and standardization
 improvements (#56)

* Standardize k8s-app=kube-router label
* Add tolerations to run on master/critical-only nodes
* Add critical pod annotation
---
 ...r-all-service-daemonset-advertise-routes.yaml | 16 ++++++++++++----
 daemonset/kube-router-all-service-daemonset.yaml | 14 +++++++++++---
 daemonset/kube-router-firewall-daemonset.yaml    | 14 +++++++++++---
 ...set.yaml => kube-router-proxy-daemonset.yaml} | 14 +++++++++++---
 4 files changed, 45 insertions(+), 13 deletions(-)
 rename daemonset/{kube-router-proxy--daemonset.yaml => kube-router-proxy-daemonset.yaml} (79%)

diff --git a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
index 9a71f16b..30d35cbd 100644
--- a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
+++ b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
@@ -4,18 +4,19 @@ metadata:
   name: kube-router
   namespace: kube-system
   labels:
-    app: kube-router
+    k8s-app: kube-router
 spec:
   template:
     metadata:
       labels:
-        name: kube-router
+        k8s-app: kube-router
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
-      hostNetwork: true
       containers:
       - name: kube-router
         image: cloudnativelabs/kube-router
-        args: 
+        args:
           - "--run-router=true"
           - "--run-firewall=true"
           - "--run-service-proxy=true"
@@ -39,6 +40,13 @@ spec:
             name: cni-conf-dir
           - mountPath: /var/lib/kube-router/kubeconfig
             name: kubeconfig
+      hostNetwork: true
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
       volumes:
         - name: lib-modules
           hostPath:
diff --git a/daemonset/kube-router-all-service-daemonset.yaml b/daemonset/kube-router-all-service-daemonset.yaml
index ad728f11..f7eb47ac 100644
--- a/daemonset/kube-router-all-service-daemonset.yaml
+++ b/daemonset/kube-router-all-service-daemonset.yaml
@@ -4,14 +4,15 @@ metadata:
   name: kube-router
   namespace: kube-system
   labels:
-    app: kube-router
+    k8s-app: kube-router
 spec:
   template:
     metadata:
       labels:
-        name: kube-router
+        k8s-app: kube-router
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
-      hostNetwork: true
       containers:
       - name: kube-router
         image: cloudnativelabs/kube-router
@@ -32,6 +33,13 @@ spec:
             name: cni-conf-dir
           - mountPath: /var/lib/kube-router/kubeconfig
             name: kubeconfig
+      hostNetwork: true
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
       volumes:
         - name: lib-modules
           hostPath:
diff --git a/daemonset/kube-router-firewall-daemonset.yaml b/daemonset/kube-router-firewall-daemonset.yaml
index 8ccc1072..bb3c11bf 100644
--- a/daemonset/kube-router-firewall-daemonset.yaml
+++ b/daemonset/kube-router-firewall-daemonset.yaml
@@ -4,14 +4,15 @@ metadata:
   name: kube-router
   namespace: kube-system
   labels:
-    app: kube-router
+    k8s-app: kube-router
 spec:
   template:
     metadata:
       labels:
-        name: kube-router
+        k8s-app: kube-router
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
-      hostNetwork: true
       containers:
       - name: kube-router
         image: cloudnativelabs/kube-router
@@ -32,6 +33,13 @@ spec:
             name: cni-conf-dir
           - mountPath: /var/lib/kube-router/kubeconfig
             name: kubeconfig
+      hostNetwork: true
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
       volumes:
         - name: lib-modules
           hostPath:
diff --git a/daemonset/kube-router-proxy--daemonset.yaml b/daemonset/kube-router-proxy-daemonset.yaml
similarity index 79%
rename from daemonset/kube-router-proxy--daemonset.yaml
rename to daemonset/kube-router-proxy-daemonset.yaml
index 19bb2519..7dd8a3cb 100644
--- a/daemonset/kube-router-proxy--daemonset.yaml
+++ b/daemonset/kube-router-proxy-daemonset.yaml
@@ -4,14 +4,15 @@ metadata:
   name: kube-router
   namespace: kube-system
   labels:
-    app: kube-router
+    k8s-app: kube-router
 spec:
   template:
     metadata:
       labels:
-        name: kube-router
+        k8s-app: kube-router
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
-      hostNetwork: true
       containers:
       - name: kube-router
         image: cloudnativelabs/kube-router
@@ -32,6 +33,13 @@ spec:
             name: cni-conf-dir
           - mountPath: /var/lib/kube-router/kubeconfig
             name: kubeconfig
+      hostNetwork: true
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
       volumes:
         - name: lib-modules
           hostPath: