From 1f9acb86a3ededc181b2bcaa471c6704c98a3aab Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:05:16 -0400 Subject: [PATCH 1/9] add priorityClass and bootstrap dep namespaces Signed-off-by: Alexandre Gaudreault --- argoproj/base/cluster-config.yaml | 20 ++++++++++++++++++ argoproj/kustomization.yaml | 1 + cluster-config/base/namespace.yaml | 12 +++++++++++ cluster-config/base/priority-class.yaml | 27 +++++++++++++++++++++++++ cluster-config/kustomization.yaml | 6 ++++++ infrastructure/terraform/gcp/README.md | 1 + 6 files changed, 67 insertions(+) create mode 100644 argoproj/base/cluster-config.yaml create mode 100644 cluster-config/base/namespace.yaml create mode 100644 cluster-config/base/priority-class.yaml create mode 100644 cluster-config/kustomization.yaml diff --git a/argoproj/base/cluster-config.yaml b/argoproj/base/cluster-config.yaml new file mode 100644 index 00000000..28f6d8fb --- /dev/null +++ b/argoproj/base/cluster-config.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cluster-config + namespace: argocd +spec: + project: default + source: + path: cluster-config + repoURL: https://github.com/argoproj/argoproj-deployments + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/argoproj/kustomization.yaml b/argoproj/kustomization.yaml index 8862c632..88ca09c5 100644 --- a/argoproj/kustomization.yaml +++ b/argoproj/kustomization.yaml @@ -7,6 +7,7 @@ resources: - base/argo-rollouts.yaml - base/argo-workflows.yaml - base/argocd-image-updater.yaml + - base/cluster-config.yaml - base/cert-manager.yaml - base/dex.yaml - base/external-dns.yaml diff --git a/cluster-config/base/namespace.yaml b/cluster-config/base/namespace.yaml new file mode 100644 index 00000000..3b47bbc7 --- /dev/null +++ b/cluster-config/base/namespace.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: argocd + annotations: + argocd.argoproj.io/sync-options: Prune=false, Delete=false +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager +--- diff --git a/cluster-config/base/priority-class.yaml b/cluster-config/base/priority-class.yaml new file mode 100644 index 00000000..67654518 --- /dev/null +++ b/cluster-config/base/priority-class.yaml @@ -0,0 +1,27 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: cluster-critical +value: 99999999 +description: >- + Custom priority class for critical cluster components +globalDefault: false +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: cluster-medium +value: 50000000 +description: >- + Custom priority class for important cluster components +globalDefault: false +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: cluster-low +value: 10000000 +description: >- + Custom priority class for cluster components +globalDefault: false +--- diff --git a/cluster-config/kustomization.yaml b/cluster-config/kustomization.yaml new file mode 100644 index 00000000..4c83d6b6 --- /dev/null +++ b/cluster-config/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - base/namespace.yaml + - base/priority-class.yaml diff --git a/infrastructure/terraform/gcp/README.md b/infrastructure/terraform/gcp/README.md index 260d0828..c68a2706 100644 --- a/infrastructure/terraform/gcp/README.md +++ b/infrastructure/terraform/gcp/README.md @@ -47,6 +47,7 @@ components. Some componenets that are dependencies for ArgoCD to work properly, need to be deployed manually first. ``` +kubectl apply -k cluster-config -n kube-system kubectl apply -k cert-manager -n cert-manager kubectl apply -k argocd -n argocd // If the apply for argocd fails, run it again. It might fail the first time due to missing CRDs From 80b405714ed4962dcb870c4e87a129048ad29ef9 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:05:35 -0400 Subject: [PATCH 2/9] argocd to critical Signed-off-by: Alexandre Gaudreault --- argocd/kustomization.yaml | 6 ++++++ argocd/overlays/production/patch-priority-class.yaml | 8 ++++++++ 2 files changed, 14 insertions(+) create mode 100644 argocd/overlays/production/patch-priority-class.yaml diff --git a/argocd/kustomization.yaml b/argocd/kustomization.yaml index 2230f7f0..cafa77c9 100644 --- a/argocd/kustomization.yaml +++ b/argocd/kustomization.yaml @@ -21,6 +21,12 @@ patches: - path: overlays/production/argocd-cmd-params-cm.yaml - path: overlays/production/argocd-rbac-cm.yaml - path: https://raw.githubusercontent.com/argoproj/argo-cd/master/notifications_catalog/install.yaml +- path: overlays/production/patch-priority-class.yaml + target: + kind: Deployment +- path: overlays/production/patch-priority-class.yaml + target: + kind: StatefulSet images: - name: quay.io/argoproj/argocd diff --git a/argocd/overlays/production/patch-priority-class.yaml b/argocd/overlays/production/patch-priority-class.yaml new file mode 100644 index 00000000..292b71a3 --- /dev/null +++ b/argocd/overlays/production/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-critical From 704613f9f9102efa6a48c53a5ce26a96160f75d7 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:07:20 -0400 Subject: [PATCH 3/9] cert-manager to critical Signed-off-by: Alexandre Gaudreault --- cert-manager/kustomization.yaml | 3 +++ cert-manager/overlays/patch-priority-class.yaml | 8 ++++++++ 2 files changed, 11 insertions(+) create mode 100644 cert-manager/overlays/patch-priority-class.yaml diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml index 74d5082a..3a8d0588 100644 --- a/cert-manager/kustomization.yaml +++ b/cert-manager/kustomization.yaml @@ -6,3 +6,6 @@ resources: patches: - path: overlays/cert-manager-namespace.yaml + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment diff --git a/cert-manager/overlays/patch-priority-class.yaml b/cert-manager/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..292b71a3 --- /dev/null +++ b/cert-manager/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-critical From fdeb076a267969b9d1443b67cad68750fa22c1ee Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:11:05 -0400 Subject: [PATCH 4/9] external-dns to critical Signed-off-by: Alexandre Gaudreault --- external-dns/values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/external-dns/values.yaml b/external-dns/values.yaml index d4b10a5e..04bdf4ea 100644 --- a/external-dns/values.yaml +++ b/external-dns/values.yaml @@ -10,10 +10,13 @@ external-dns: extraArgs: - --google-project=argo-demo-apps + priorityClassName: cluster-critical + logFormat: json logLevel: info serviceMonitor: - enabled: false + enabled: true + serviceAccount: annotations: iam.gke.io/gcp-service-account: external-dns@argo-demo-apps.iam.gserviceaccount.com From 7afb911a9896429a4346ca6a27ed0a60650e5591 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:16:13 -0400 Subject: [PATCH 5/9] argo projects as medium Signed-off-by: Alexandre Gaudreault --- argo-events/kustomization.yaml | 10 +++++++++- argo-events/overlays/patch-priority-class.yaml | 8 ++++++++ argo-rollouts/kustomization.yaml | 8 ++++++++ argo-rollouts/overlays/patch-priority-class.yaml | 8 ++++++++ argo-workflows/kustomization.yaml | 6 ++++++ argo-workflows/overlays/patch-priority-class.yaml | 8 ++++++++ 6 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 argo-events/overlays/patch-priority-class.yaml create mode 100644 argo-rollouts/overlays/patch-priority-class.yaml create mode 100644 argo-workflows/overlays/patch-priority-class.yaml diff --git a/argo-events/kustomization.yaml b/argo-events/kustomization.yaml index 365de853..eea8f437 100644 --- a/argo-events/kustomization.yaml +++ b/argo-events/kustomization.yaml @@ -1,6 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: workflow-playground + resources: - https://github.com/argoproj/argo-events/manifests/namespace-install - https://raw.githubusercontent.com/argoproj/argo-events/master/examples/eventbus/native.yaml @@ -10,4 +12,10 @@ resources: - base/workflow-sensor.yaml - base/log-sensor.yaml -namespace: workflow-playground +patches: + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment + - path: overlays/patch-priority-class.yaml + target: + kind: StatefulSet diff --git a/argo-events/overlays/patch-priority-class.yaml b/argo-events/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..94c55701 --- /dev/null +++ b/argo-events/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-medium diff --git a/argo-rollouts/kustomization.yaml b/argo-rollouts/kustomization.yaml index 2731f3bb..c550027c 100644 --- a/argo-rollouts/kustomization.yaml +++ b/argo-rollouts/kustomization.yaml @@ -3,3 +3,11 @@ kind: Kustomization resources: - https://github.com/argoproj/argo-rollouts/releases/download/v1.6.6/install.yaml + +patches: + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment + - path: overlays/patch-priority-class.yaml + target: + kind: StatefulSet diff --git a/argo-rollouts/overlays/patch-priority-class.yaml b/argo-rollouts/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..94c55701 --- /dev/null +++ b/argo-rollouts/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-medium diff --git a/argo-workflows/kustomization.yaml b/argo-workflows/kustomization.yaml index 7d58b743..3dd830cc 100644 --- a/argo-workflows/kustomization.yaml +++ b/argo-workflows/kustomization.yaml @@ -45,3 +45,9 @@ patches: group: rbac.authorization.k8s.io kind: RoleBinding name: argo-server-binding + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment + - path: overlays/patch-priority-class.yaml + target: + kind: StatefulSet diff --git a/argo-workflows/overlays/patch-priority-class.yaml b/argo-workflows/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..94c55701 --- /dev/null +++ b/argo-workflows/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-medium From ab0176ce50fa37bfdada0dbacca9f2f443cd0a44 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:28:36 -0400 Subject: [PATCH 6/9] argo dependency to medium Signed-off-by: Alexandre Gaudreault --- argocd-image-updater/kustomization.yaml | 10 +++++++++- .../overlays/patch-priority-class.yaml | 8 ++++++++ dex/values.yaml | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 argocd-image-updater/overlays/patch-priority-class.yaml diff --git a/argocd-image-updater/kustomization.yaml b/argocd-image-updater/kustomization.yaml index c42a46cc..ecb47e25 100644 --- a/argocd-image-updater/kustomization.yaml +++ b/argocd-image-updater/kustomization.yaml @@ -2,4 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/master/manifests/install.yaml + - https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/master/manifests/install.yaml + +patches: + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment + - path: overlays/patch-priority-class.yaml + target: + kind: StatefulSet diff --git a/argocd-image-updater/overlays/patch-priority-class.yaml b/argocd-image-updater/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..94c55701 --- /dev/null +++ b/argocd-image-updater/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-medium diff --git a/dex/values.yaml b/dex/values.yaml index 95654fd0..835bfc35 100644 --- a/dex/values.yaml +++ b/dex/values.yaml @@ -1,6 +1,8 @@ dex: replicaCount: 1 + priorityClassName: cluster-medium + configSecret: # TODO: need to manually create configs as a Secret create: false From 09e2a769b1e82096870a750de53de6d527364b86 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 17:28:52 -0400 Subject: [PATCH 7/9] cluster tooling to low Signed-off-by: Alexandre Gaudreault --- governor/kustomization.yaml | 10 ++++++---- governor/overlays/patch-priority-class.yaml | 10 ++++++++++ governor/{ => overlays}/pod-reaper-cr.yaml | 0 governor/{ => overlays}/pod-reaper-job-patch.yaml | 0 4 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 governor/overlays/patch-priority-class.yaml rename governor/{ => overlays}/pod-reaper-cr.yaml (100%) rename governor/{ => overlays}/pod-reaper-job-patch.yaml (100%) diff --git a/governor/kustomization.yaml b/governor/kustomization.yaml index 03f94946..238d714a 100644 --- a/governor/kustomization.yaml +++ b/governor/kustomization.yaml @@ -9,12 +9,14 @@ images: newName: keikoproj/governor newTag: v0.4.1 -patchesStrategicMerge: - - pod-reaper-cr.yaml - patches: - - path: pod-reaper-job-patch.yaml + - path: overlays/pod-reaper-cr.yaml + - path: overlays/pod-reaper-job-patch.yaml target: group: batch kind: CronJob name: pod-reaper + - path: overlays/patch-priority-class.yaml + target: + group: batch + kind: CronJob diff --git a/governor/overlays/patch-priority-class.yaml b/governor/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..5218efb7 --- /dev/null +++ b/governor/overlays/patch-priority-class.yaml @@ -0,0 +1,10 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: any +spec: + jobTemplate: + spec: + template: + spec: + priorityClassName: cluster-low diff --git a/governor/pod-reaper-cr.yaml b/governor/overlays/pod-reaper-cr.yaml similarity index 100% rename from governor/pod-reaper-cr.yaml rename to governor/overlays/pod-reaper-cr.yaml diff --git a/governor/pod-reaper-job-patch.yaml b/governor/overlays/pod-reaper-job-patch.yaml similarity index 100% rename from governor/pod-reaper-job-patch.yaml rename to governor/overlays/pod-reaper-job-patch.yaml From 1cd06f401a8d6d78b5eebd810129cd07c71f3ba4 Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 18:05:25 -0400 Subject: [PATCH 8/9] prometheus to low Signed-off-by: Alexandre Gaudreault --- prometheus-operator/kustomization.yaml | 20 +++++++++++-------- .../overlays/patch-priority-class.yaml | 8 ++++++++ prometheus-operator/resources/upstream.yaml | 2 ++ prometheus-operator/upstream.sh | 1 + prometheus-operator/upstream/values.yaml | 7 +++++++ 5 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 prometheus-operator/overlays/patch-priority-class.yaml create mode 100644 prometheus-operator/upstream/values.yaml diff --git a/prometheus-operator/kustomization.yaml b/prometheus-operator/kustomization.yaml index f271c71b..83f2bb02 100644 --- a/prometheus-operator/kustomization.yaml +++ b/prometheus-operator/kustomization.yaml @@ -18,19 +18,23 @@ configMapGenerator: files: - dashboard.json -patchesJson6902: - - target: +patches: + - path: overlays/prometheus-operator-grafana-cm.yaml + - path: overlays/prometheus-operator-grafana-secret.yaml + target: name: prometheus-operator-grafana namespace: prometheus-operator version: v1 kind: Secret - path: overlays/prometheus-operator-grafana-secret.yaml - - target: + - path: overlays/prometheus-crds-annotations.yaml + target: name: .* version: v1 group: apiextensions.k8s.io kind: CustomResourceDefinition - path: overlays/prometheus-crds-annotations.yaml - -patchesStrategicMerge: - - overlays/prometheus-operator-grafana-cm.yaml + - path: overlays/patch-priority-class.yaml + target: + kind: Deployment + - path: overlays/patch-priority-class.yaml + target: + kind: StatefulSet diff --git a/prometheus-operator/overlays/patch-priority-class.yaml b/prometheus-operator/overlays/patch-priority-class.yaml new file mode 100644 index 00000000..33eac7e4 --- /dev/null +++ b/prometheus-operator/overlays/patch-priority-class.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: any +metadata: + name: any +spec: + template: + spec: + priorityClassName: cluster-low diff --git a/prometheus-operator/resources/upstream.yaml b/prometheus-operator/resources/upstream.yaml index 36898ffa..249c4820 100644 --- a/prometheus-operator/resources/upstream.yaml +++ b/prometheus-operator/resources/upstream.yaml @@ -45238,6 +45238,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + priorityClassName: cluster-low portName: http-web --- # Source: prometheus-operator/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -45351,6 +45352,7 @@ spec: release: "prometheus-operator" scrapeConfigNamespaceSelector: {} + priorityClassName: cluster-low portName: http-web hostNetwork: false --- diff --git a/prometheus-operator/upstream.sh b/prometheus-operator/upstream.sh index fd74a73d..c08380ac 100755 --- a/prometheus-operator/upstream.sh +++ b/prometheus-operator/upstream.sh @@ -1,6 +1,7 @@ #!/bin/bash helm dependency update upstream helm template \ + -f ./upstream/values.yaml \ --include-crds \ --namespace prometheus-operator \ prometheus-operator \ diff --git a/prometheus-operator/upstream/values.yaml b/prometheus-operator/upstream/values.yaml new file mode 100644 index 00000000..f4d8d204 --- /dev/null +++ b/prometheus-operator/upstream/values.yaml @@ -0,0 +1,7 @@ +kube-prometheus-stack: + alertmanager: + alertmanagerSpec: + priorityClassName: cluster-low + prometheus: + prometheusSpec: + priorityClassName: cluster-low From 81a0c2e2332d894d4f650e7dfd4ba9a2295b1e9a Mon Sep 17 00:00:00 2001 From: Alexandre Gaudreault Date: Mon, 11 Mar 2024 19:01:46 -0400 Subject: [PATCH 9/9] ingress as critical Signed-off-by: Alexandre Gaudreault --- argoproj/base/ingress-nginx.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/argoproj/base/ingress-nginx.yaml b/argoproj/base/ingress-nginx.yaml index 8726b891..b24bd8e0 100644 --- a/argoproj/base/ingress-nginx.yaml +++ b/argoproj/base/ingress-nginx.yaml @@ -12,6 +12,10 @@ spec: repoURL: https://kubernetes.github.io/ingress-nginx chart: ingress-nginx targetRevision: 4.9.1 + helm: + valuesObject: + controller: + priorityClassName: cluster-critical syncPolicy: syncOptions: - CreateNamespace=true