kubernetes-sigs · bradbeam · Jan 24, 2018 · Jan 12, 2018 · Jan 12, 2018 · Jan 18, 2018
diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
@@ -179,3 +179,8 @@ local_volumes_enabled: false
 ## Supplementary addresses that can be added in kubernetes ssl keys.
 ## That can be usefull for example to setup a keepalived virtual IP
 # supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3]
+
+## Running on top of openstack vms with cinder enabled may lead to unschedulable pods due to NoVolumeZoneConflict restriction in kube-scheduler.
+## See https://github.com/kubernetes-incubator/kubespray/issues/2141
+## Set this variable to true to get rid of this issue
+volume_cross_zone_attachment: false
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
@@ -80,3 +80,6 @@ scheduler_custom_flags: []
 # kubeadm settings
 # Value of 0 means it never expires
 kubeadm_token_ttl: 0
+
+## Variable for influencing kube-scheduler behaviour
+volume_cross_zone_attachment: false
diff --git a/roles/kubernetes/master/tasks/static-pod-setup.yml b/roles/kubernetes/master/tasks/static-pod-setup.yml
@@ -9,6 +9,13 @@
 
 - meta: flush_handlers
 
+- name: Write kube-scheduler policy file
+  template:
+    src: kube-scheduler-policy.yaml.j2
+    dest: "{{ kube_config_dir }}/kube-scheduler-policy.yaml"
+  tags:
+    - kube-scheduler
+
 - name: Write kube-scheduler kubeconfig
   template:
     src: kube-scheduler-kubeconfig.yaml.j2
@@ -39,4 +46,4 @@
   tags:
     - kube-controller-manager
 
-- meta: flush_handlers
+- meta: flush_handlers
diff --git a/roles/kubernetes/master/templates/kube-scheduler-policy.yaml.j2 b/roles/kubernetes/master/templates/kube-scheduler-policy.yaml.j2
@@ -0,0 +1,18 @@
+{
+"kind" : "Policy",
+"apiVersion" : "v1",
+"predicates" : [
+    {"name" : "PodFitsHostPorts"},
+    {"name" : "PodFitsResources"},
+    {"name" : "NoDiskConflict"},
+    {"name" : "MatchNodeSelector"},
+    {"name" : "HostName"}
+    ],
+"priorities" : [
+    {"name" : "LeastRequestedPriority", "weight" : 1},
+    {"name" : "BalancedResourceAllocation", "weight" : 1},
+    {"name" : "ServiceSpreadingPriority", "weight" : 1},
+    {"name" : "EqualPriority", "weight" : 1}
+    ],
+"hardPodAffinitySymmetricWeight" : 10
+}
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -28,6 +28,9 @@ spec:
     - scheduler
     - --leader-elect=true
     - --kubeconfig={{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml
+{% if volume_cross_zone_attachment %}
+    - --policy-config-file={{ kube_config_dir }}/kube-scheduler-policy.yaml
+{% endif %}
     - --profiling=false
     - --v={{ kube_log_level }}
 {% if kube_feature_gates %}
@@ -62,6 +65,11 @@ spec:
     - mountPath: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
       name: kubeconfig
       readOnly: true
+{% if volume_cross_zone_attachment %}
+    - mountPath: "{{ kube_config_dir }}/kube-scheduler-policy.yaml"
+      name: kube-scheduler-policy
+      readOnly: true
+{% endif %}
   volumes:
   - name: ssl-certs-host
     hostPath:
@@ -77,3 +85,8 @@ spec:
   - name: kubeconfig
     hostPath:
       path: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
+{% if volume_cross_zone_attachment %}
+  - name: kube-scheduler-policy
+    hostPath:
+      path: "{{ kube_config_dir }}/kube-scheduler-policy.yaml"
+{% endif %}