allard
126 lines
3.0 KiB
Plaintext
126 lines
3.0 KiB
Plaintext
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: descheduler
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: descheduler
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
- nodes
|
|
- persistentvolumeclaims
|
|
verbs: ["get", "list", "watch", "delete"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["poddisruptionbudgets"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: descheduler
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: descheduler
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: descheduler
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: descheduler-policy
|
|
namespace: kube-system
|
|
data:
|
|
policy.yaml: |
|
|
apiVersion: descheduler/v1alpha2
|
|
kind: DeschedulerPolicy
|
|
profiles:
|
|
- name: default
|
|
pluginConfig:
|
|
- name: RemoveDuplicates
|
|
enabled: true
|
|
- name: LowNodeUtilization
|
|
enabled: true
|
|
weight: 1
|
|
params:
|
|
nodeResourceUtilizationThresholds:
|
|
thresholds:
|
|
cpu: 20
|
|
memory: 20
|
|
pods: 20
|
|
targetThresholds:
|
|
cpu: 50
|
|
memory: 50
|
|
pods: 50
|
|
thresholdPriority: ["cpu","memory","pods"]
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: descheduler
|
|
namespace: kube-system
|
|
labels:
|
|
app: descheduler
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: descheduler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: descheduler
|
|
spec:
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: descheduler-sa
|
|
containers:
|
|
- name: descheduler
|
|
image: registry.k8s.io/descheduler/descheduler:v0.34.0
|
|
imagePullPolicy: Always
|
|
command:
|
|
- "/bin/descheduler"
|
|
args:
|
|
- "--policy-config-file"
|
|
- "/policy-dir/policy.yaml"
|
|
- "--descheduling-interval"
|
|
- "5m"
|
|
- "--v"
|
|
- "3"
|
|
ports:
|
|
- containerPort: 10258
|
|
protocol: TCP
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10258
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 10
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
volumeMounts:
|
|
- mountPath: /policy-dir
|
|
name: policy-volume
|
|
volumes:
|
|
- name: policy-volume
|
|
configMap:
|
|
name: descheduler-policy-configmap
|