From e1d4c89fc63b4fb8b511ceb53ec699d48fb28ad4 Mon Sep 17 00:00:00 2001 From: nomadics9 Date: Wed, 5 Feb 2025 22:12:27 +0300 Subject: [PATCH] desheduler --- descheduler/job.yaml | 30 ++++++++++++++++++++++ descheduler/policy.yaml | 27 ++++++++++++++++++++ descheduler/rbac.yaml | 56 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 descheduler/job.yaml create mode 100644 descheduler/policy.yaml create mode 100644 descheduler/rbac.yaml diff --git a/descheduler/job.yaml b/descheduler/job.yaml new file mode 100644 index 0000000..311d5ec --- /dev/null +++ b/descheduler/job.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: descheduler + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: descheduler + template: + metadata: + labels: + app: descheduler + spec: + serviceAccountName: descheduler-sa + containers: + - name: descheduler + image: k8s.gcr.io/descheduler/descheduler:v0.32.1 + command: + - /bin/descheduler + - --policy-config-file=/policy-dir/policy.yaml + volumeMounts: + - name: policy-volume + mountPath: /policy-dir + volumes: + - name: policy-volume + configMap: + name: descheduler-policy + diff --git a/descheduler/policy.yaml b/descheduler/policy.yaml new file mode 100644 index 0000000..2b3c818 --- /dev/null +++ b/descheduler/policy.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: descheduler-policy + namespace: kube-system +data: + policy.yaml: | + apiVersion: "descheduler/v1alpha2" + kind: "DeschedulerPolicy" + profiles: + - name: ProfileName + pluginConfig: + - name: "LowNodeUtilization" + args: + thresholds: + "cpu": 20 + "memory": 20 + "pods": 20 + targetThresholds: + "cpu": 50 + "memory": 50 + "pods": 50 + plugins: + balance: + enabled: + - "LowNodeUtilization" + diff --git a/descheduler/rbac.yaml b/descheduler/rbac.yaml new file mode 100644 index 0000000..ab628cb --- /dev/null +++ b/descheduler/rbac.yaml @@ -0,0 +1,56 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: descheduler-cluster-role +rules: +- apiGroups: ["events.k8s.io"] + resources: ["events"] + verbs: ["create", "update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "delete"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["get", "watch", "list"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["get", "watch", "list"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "update"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["descheduler"] + verbs: ["get", "patch", "delete"] +- apiGroups: ["metrics.k8s.io"] + resources: ["nodes", "pods"] + verbs: ["get", "list"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: descheduler-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: descheduler-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: descheduler-cluster-role +subjects: + - name: descheduler-sa + kind: ServiceAccount + namespace: kube-system