allard
160 lines
4.0 KiB
YAML
160 lines
4.0 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: descheduler
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: descheduler
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
- nodes
|
|
- persistentvolumeclaims
|
|
verbs: ["get", "list", "watch", "delete"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["poddisruptionbudgets"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: descheduler
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: descheduler
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: descheduler
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
annotations:
|
|
meta.helm.sh/release-name: descheduler
|
|
meta.helm.sh/release-namespace: kube-system
|
|
labels:
|
|
app.kubernetes.io/instance: descheduler
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: descheduler
|
|
app.kubernetes.io/version: 0.34.0
|
|
helm.sh/chart: descheduler-0.34.0
|
|
name: descheduler
|
|
namespace: kube-system
|
|
data:
|
|
policy.yaml: |
|
|
apiVersion: "descheduler/v1alpha2"
|
|
kind: "DeschedulerPolicy"
|
|
profiles:
|
|
- name: default
|
|
pluginConfig:
|
|
- args:
|
|
podProtections:
|
|
defaultDisabled:
|
|
- PodsWithLocalStorage
|
|
extraEnabled:
|
|
- PodsWithPVC
|
|
name: DefaultEvictor
|
|
- name: RemoveDuplicates
|
|
- args:
|
|
includingInitContainers: true
|
|
podRestartThreshold: 100
|
|
name: RemovePodsHavingTooManyRestarts
|
|
- args:
|
|
nodeAffinityType:
|
|
- requiredDuringSchedulingIgnoredDuringExecution
|
|
name: RemovePodsViolatingNodeAffinity
|
|
- name: RemovePodsViolatingNodeTaints
|
|
- name: RemovePodsViolatingInterPodAntiAffinity
|
|
- name: RemovePodsViolatingTopologySpreadConstraint
|
|
- args:
|
|
targetThresholds:
|
|
cpu: 50
|
|
memory: 50
|
|
pods: 50
|
|
thresholds:
|
|
cpu: 20
|
|
memory: 20
|
|
pods: 20
|
|
name: LowNodeUtilization
|
|
plugins:
|
|
balance:
|
|
enabled:
|
|
- RemoveDuplicates
|
|
- RemovePodsViolatingTopologySpreadConstraint
|
|
- LowNodeUtilization
|
|
deschedule:
|
|
enabled:
|
|
- RemovePodsHavingTooManyRestarts
|
|
- RemovePodsViolatingNodeTaints
|
|
- RemovePodsViolatingNodeAffinity
|
|
- RemovePodsViolatingInterPodAntiAffinity
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: descheduler
|
|
namespace: kube-system
|
|
labels:
|
|
app: descheduler
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: descheduler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: descheduler
|
|
spec:
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: descheduler-sa
|
|
containers:
|
|
- name: descheduler
|
|
image: registry.k8s.io/descheduler/descheduler:v0.34.0
|
|
imagePullPolicy: Always
|
|
command:
|
|
- "/bin/descheduler"
|
|
args:
|
|
- "--policy-config-file"
|
|
- "/policy-dir/policy.yaml"
|
|
- "--descheduling-interval"
|
|
- "5m"
|
|
- "--v"
|
|
- "3"
|
|
ports:
|
|
- containerPort: 10258
|
|
protocol: TCP
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10258
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 10
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
volumeMounts:
|
|
- mountPath: /policy-dir
|
|
name: policy-volume
|
|
volumes:
|
|
- name: policy-volume
|
|
configMap:
|
|
name: descheduler-policy-configmap
|