Merge pull request #40448 from windsonsea/tweaky

k8s-ci-robot · web-flow · commit f98ccc6a5f24 · 2023-04-02T19:21:51.000-07:00
tweak line wrappings in blog: protect-pods-priorityclass
diff --git a/content/en/blog/_posts/2023-01-12-protect-mission-critical-pods-priorityclass/index.md b/content/en/blog/_posts/2023-01-12-protect-mission-critical-pods-priorityclass/index.md
@@ -6,56 +6,92 @@ slug: protect-mission-critical-pods-priorityclass
 description: "Pod priority and preemption help to make sure that mission-critical pods are up in the event of a resource crunch by deciding order of scheduling and eviction."
 ---
 
-
 **Author:** Sunny Bhambhani (InfraCloud Technologies)
 
-Kubernetes has been widely adopted, and many organizations use it as their de-facto orchestration engine for running workloads that need to be created and deleted frequently.
+Kubernetes has been widely adopted, and many organizations use it as their de-facto
+orchestration engine for running workloads that need to be created and deleted frequently.
 
-Therefore, proper scheduling of the pods is key to ensuring that application pods are up and running within the Kubernetes cluster without any issues. This article delves into the use cases around resource management by leveraging the [PriorityClass](/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) object to protect mission-critical or high-priority pods from getting evicted and making sure that the application pods are up, running, and serving traffic.
+Therefore, proper scheduling of the pods is key to ensuring that application pods
+are up and running within the Kubernetes cluster without any issues. This article
+delves into the use cases around resource management by leveraging the
+[PriorityClass](/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass)
+object to protect mission-critical or high-priority pods from getting evicted and
+making sure that the application pods are up, running, and serving traffic.
 
-## Resource management in Kubernetes 
+## Resource management in Kubernetes
 
-The control plane consists of multiple components, out of which the scheduler (usually the built-in [kube-scheduler](/docs/concepts/scheduling-eviction/kube-scheduler/)) is one of the components which is responsible for assigning a node to a pod.
+The control plane consists of multiple components, out of which the scheduler
+(usually the built-in [kube-scheduler](/docs/concepts/scheduling-eviction/kube-scheduler/))
+is one of the components which is responsible for assigning a node to a pod.
 
-Whenever a pod is created, it enters a "pending" state, after which the scheduler determines which node is best suited for the placement of the new pod.
+Whenever a pod is created, it enters a "pending" state, after which the scheduler
+determines which node is best suited for the placement of the new pod.
 
-In the background, the scheduler runs as an infinite loop looking for pods without a `nodeName` set that are [ready for scheduling](/docs/concepts/scheduling-eviction/pod-scheduling-readiness/). For each Pod that needs scheduling, the scheduler tries to decide which node should run that Pod.
+In the background, the scheduler runs as an infinite loop looking for pods without
+a `nodeName` set that are [ready for scheduling](/docs/concepts/scheduling-eviction/pod-scheduling-readiness/).
+For each Pod that needs scheduling, the scheduler tries to decide which node should run that Pod.
 
 If the scheduler cannot find any node, the pod remains in the pending state, which is not ideal.
 
 {{< note >}}
-To name a few, `nodeSelector` , `taints and tolerations` , `nodeAffinity` , the rank of nodes based on available resources (for example, CPU and memory), and several other criteria are used to determine the pod's placement.
+To name a few, `nodeSelector`, `taints and tolerations`, `nodeAffinity`, the rank
+of nodes based on available resources (for example, CPU and memory), and several
+other criteria are used to determine the pod's placement.
 {{< /note >}}
 
-The below diagram, from point number 1 through 4, explains the request flow: 
+The below diagram, from point number 1 through 4, explains the request flow:
 
 {{< figure src=kube-scheduler.svg alt="A diagram showing the scheduling of three Pods that a client has directly created." title="Scheduling in Kubernetes">}}
 
 ## Typical use cases
 
 Below are some real-life scenarios where control over the scheduling and eviction of pods may be required.
 
-1. Let's say the pod you plan to deploy is critical, and you have some resource constraints. An example would be the DaemonSet of an infrastructure component like Grafana Loki. The Loki pods must run before other pods can on every node. In such cases, you could ensure resource availability by manually identifying and deleting the pods that are not required or by adding a new node to the cluster. Both these approaches are unsuitable since the former would be tedious to execute, and the latter could involve an expenditure of time and money.
-
+1. Let's say the pod you plan to deploy is critical, and you have some resource
+   constraints. An example would be the DaemonSet of an infrastructure component
+   like Grafana Loki. The Loki pods must run before other pods can on every node.
+   In such cases, you could ensure resource availability by manually identifying
+   and deleting the pods that are not required or by adding a new node to the cluster.
+   Both these approaches are unsuitable since the former would be tedious to execute,
+   and the latter could involve an expenditure of time and money.
 
-2. Another use case could be a single cluster that holds the pods for the below environments with associated priorities:
+2. Another use case could be a single cluster that holds the pods for the below
+   environments with associated priorities:
    - Production (`prod`):  top priority
    - Preproduction (`preprod`): intermediate priority
    - Development (`dev`): least priority
 
- In the event of high resource consumption in the cluster, there is competition for CPU and memory resources on the nodes. While cluster-level autoscaling _may_ add more nodes, it takes time. In the interim, if there are no further nodes to scale the cluster, some Pods could remain in a Pending state, or the service could be degraded as they compete for resources. If the kubelet does evict a Pod from the node, that eviction would be random because the kubelet doesn’t have any special information about which Pods to evict and which to keep.
+   In the event of high resource consumption in the cluster, there is competition
+   for CPU and memory resources on the nodes. While cluster-level autoscaling _may_
+   add more nodes, it takes time. In the interim, if there are no further nodes to
+   scale the cluster, some Pods could remain in a Pending state, or the service could
+   be degraded as they compete for resources. If the kubelet does evict a Pod from the
+   node, that eviction would be random because the kubelet doesn’t have any special
+   information about which Pods to evict and which to keep.
 
-3. A third example could be a microservice backed by a queuing application or a database running into a resource crunch and the queue or database getting evicted. In such a case, all the other services would be rendered useless until the database can serve traffic again.
+3. A third example could be a microservice backed by a queuing application or a
+   database running into a resource crunch and the queue or database getting evicted.
+   In such a case, all the other services would be rendered useless until the database
+   can serve traffic again.
 
-There can also be other scenarios where you want to control the order of scheduling or order of eviction of pods.
+There can also be other scenarios where you want to control the order of
+scheduling or order of eviction of pods.
 
 ## PriorityClasses in Kubernetes
 
-PriorityClass is a cluster-wide API object in Kubernetes and part of the `scheduling.k8s.io/v1` API group. It contains a mapping of the PriorityClass name (defined in `.metadata.name`) and an integer value (defined in `.value`). This represents the value that the scheduler uses to determine Pod's relative priority.
+PriorityClass is a cluster-wide API object in Kubernetes and part of the
+`scheduling.k8s.io/v1` API group. It contains a mapping of the PriorityClass
+name (defined in `.metadata.name`) and an integer value (defined in `.value`).
+This represents the value that the scheduler uses to determine Pod's relative priority.
 
-Additionally, when you create a cluster using kubeadm or a managed Kubernetes service (for example, Azure Kubernetes Service), Kubernetes uses PriorityClasses to safeguard the pods that are hosted on the control plane nodes. This ensures that critical cluster components such as CoreDNS and kube-proxy can run even if resources are constrained.
+Additionally, when you create a cluster using kubeadm or a managed Kubernetes
+service (for example, Azure Kubernetes Service), Kubernetes uses PriorityClasses
+to safeguard the pods that are hosted on the control plane nodes. This ensures
+that critical cluster components such as CoreDNS and kube-proxy can run even if
+resources are constrained.
 
-This availability of pods is achieved through the use of a special PriorityClass that ensures the pods are up and running and that the overall cluster is not affected.
+This availability of pods is achieved through the use of a special PriorityClass
+that ensures the pods are up and running and that the overall cluster is not affected.
 
 ```console
 $ kubectl get priorityclass
@@ -64,28 +100,41 @@ system-cluster-critical   2000000000   false            82m
 system-node-critical      2000001000   false            82m
 ```
 
-The diagram below shows exactly how it works with the help of an example, which will be detailed in the upcoming section.
+The diagram below shows exactly how it works with the help of an example,
+which will be detailed in the upcoming section.
 
 {{< figure src="decision-tree.svg" alt="A flow chart that illustrates how the kube-scheduler prioritizes new Pods and potentially preempts existing Pods" title="Pod scheduling and preemption">}}
 
 ### Pod priority and preemption
 
-[Pod preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption) is a Kubernetes feature that allows the cluster to preempt pods (removing an existing Pod in favor of a new Pod) on the basis of priority. [Pod priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) indicates the importance of a pod relative to other pods while scheduling. If there aren't enough resources to run all the current pods, the scheduler tries to evict lower-priority pods over high-priority ones.
+[Pod preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption)
+is a Kubernetes feature that allows the cluster to preempt pods
+(removing an existing Pod in favor of a new Pod) on the basis of priority.
+[Pod priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
+indicates the importance of a pod relative to other pods while scheduling.
+If there aren't enough resources to run all the current pods, the scheduler tries
+to evict lower-priority pods over high-priority ones.
 
-Also, when a healthy cluster experiences a node failure, typically, lower-priority pods get preempted to create room for higher-priority pods on the available node. This happens even if the cluster can bring up a new node automatically since pod creation is usually much faster than bringing up a new node.
+Also, when a healthy cluster experiences a node failure, typically, lower-priority
+pods get preempted to create room for higher-priority pods on the available node.
+This happens even if the cluster can bring up a new node automatically since pod
+creation is usually much faster than bringing up a new node.
 
 ### PriorityClass requirements
 
 Before you set up PriorityClasses, there are a few things to consider.
 
-1. Decide which PriorityClasses are needed. For instance, based on environment, type of pods, type of applications, etc.
-2. The default PriorityClass resource for your cluster. The pods without a `priorityClassName` will be treated as priority 0.
+1. Decide which PriorityClasses are needed. For instance, based on environment,
+   type of pods, type of applications, etc.
+2. The default PriorityClass resource for your cluster. The pods without a
+   `priorityClassName` will be treated as priority 0.
 3. Use a consistent naming convention for all PriorityClasses.
 4. Make sure that the pods for your workloads are running with the right PriorityClass.
 
 ## PriorityClass hands-on example
 
-Let’s say there are 3 application pods: one for prod, one for preprod, and one for development. Below are three sample YAML manifest files for each of those.
+Let’s say there are 3 application pods: one for prod, one for preprod, and one
+for development. Below are three sample YAML manifest files for each of those.
 
 ```yaml
 ---
@@ -167,6 +216,7 @@ prod-nginx      0/1     Pending   0          55s   env=prod
 Bad news. The pod for the Production environment is still Pending and isn't serving any traffic.
 
 Let's see why this is happening:
+
 ```console
 $ kubectl get events
 ...
@@ -176,11 +226,13 @@ $ kubectl get events
 
 In this example, there is only one worker node, and that node has a resource crunch.
 
-Now, let's look at how PriorityClass can help in this situation since prod should be given higher priority than the other environments.
+Now, let's look at how PriorityClass can help in this situation since prod should be
+given higher priority than the other environments.
 
 ## PriorityClass API
 
-Before creating PriorityClasses based on these requirements, let's see what a basic manifest for a PriorityClass looks like and outline some prerequisites:
+Before creating PriorityClasses based on these requirements, let's see what a basic
+manifest for a PriorityClass looks like and outline some prerequisites:
 
 ```yaml
 apiVersion: scheduling.k8s.io/v1
@@ -208,11 +260,14 @@ Below are some prerequisites for PriorityClasses:
 - There are two optional fields:
   - `globalDefault`: When true, this PriorityClass is used for pods where a `priorityClassName` is not specified.
     Only one PriorityClass with `globalDefault` set to true can exist in a cluster.  
-  If there is no PriorityClass defined with globalDefault set to true, all the pods with no priorityClassName defined will be treated with 0 priority (i.e. the least priority).
+    If there is no PriorityClass defined with globalDefault set to true, all the pods
+    with no priorityClassName defined will be treated with 0 priority (i.e. the least priority).
   - `description`: A string with a meaningful value so that people know when to use this PriorityClass.
 
 {{< note >}}
-Adding a PriorityClass with `globalDefault` set to `true` does not mean it will apply the same to the existing pods that are already running. This will be applicable only to the pods that came into existence after the PriorityClass was created.
+Adding a PriorityClass with `globalDefault` set to `true` does not mean it will
+apply the same to the existing pods that are already running. This will be
+applicable only to the pods that came into existence after the PriorityClass was created.
 {{< /note >}}
 
 ### PriorityClass in action
@@ -264,9 +319,13 @@ system-cluster-critical   2000000000   false            82m
 system-node-critical      2000001000   false            82m
 ```
 
-The new PriorityClasses are in place now. A small change is needed in the pod manifest or pod template (in a ReplicaSet or Deployment). In other words, you need to specify the priority class name at `.spec.priorityClassName` (which is a string value).
+The new PriorityClasses are in place now. A small change is needed in the pod
+manifest or pod template (in a ReplicaSet or Deployment). In other words, you
+need to specify the priority class name at `.spec.priorityClassName` (which is a string value).
 
-First update the previous production pod manifest file to have a PriorityClass assigned, then delete the Production pod and recreate it. You can't edit the priority class for a Pod that already exists.
+First update the previous production pod manifest file to have a PriorityClass
+assigned, then delete the Production pod and recreate it. You can't edit the
+priority class for a Pod that already exists.
 
 In my cluster, when I tried this, here's what happened.
 First, that change seems successful; the status of pods has been updated:
@@ -279,7 +338,8 @@ preprod-nginx   1/1     Running   	0          55s   env=preprod
 prod-nginx      0/1     Pending   	0          55s   env=prod
 ```
 
-The dev-nginx pod is getting terminated. Once that is successfully terminated and there are enough resources for the prod pod, the control plane can schedule the prod pod:
+The dev-nginx pod is getting terminated. Once that is successfully terminated and
+there are enough resources for the prod pod, the control plane can schedule the prod pod:
 
 ```console
 Warning   FailedScheduling   pod/prod-nginx    0/2 nodes are available: 1 Insufficient cpu, 2 Insufficient memory.
@@ -300,7 +360,9 @@ set any PriorityClass at all.
 However, you can use other Kubernetes features to make sure that the priorities you wanted
 are actually applied.
 
-As an alpha feature, you can define a [ValidatingAdmissionPolicy](/blog/2022/12/20/validating-admission-policies-alpha/) and a ValidatingAdmissionPolicyBinding so that, for example,
+As an alpha feature, you can define a
+[ValidatingAdmissionPolicy](/blog/2022/12/20/validating-admission-policies-alpha/)
+and a ValidatingAdmissionPolicyBinding so that, for example,
 Pods that go into the `prod` namespace must use the `prod-pc` PriorityClass.
 With another ValidatingAdmissionPolicyBinding you ensure that the `preprod` namespace
 uses the `preprod-pc` PriorityClass, and so on.
@@ -315,15 +377,18 @@ users when they pick an unsuitable option.
 
 ## Summary
 
-The above example and its events show you what this feature of Kubernetes brings to the table, along with several scenarios where you can use this feature. To reiterate, this helps ensure that mission-critical pods are up and available to serve the traffic and, in the case of a resource crunch, determines cluster behavior.
+The above example and its events show you what this feature of Kubernetes brings
+to the table, along with several scenarios where you can use this feature. To
+reiterate, this helps ensure that mission-critical pods are up and available to
+serve the traffic and, in the case of a resource crunch, determines cluster behavior.
 
-It gives you some power to decide the order of scheduling and order of [preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption) for Pods. Therefore, you need to define the PriorityClasses sensibly.
+It gives you some power to decide the order of scheduling and order of
+[preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption)
+for Pods. Therefore, you need to define the PriorityClasses sensibly.
 For example, if you have a cluster autoscaler to add nodes on demand,
 make sure to run it with the `system-cluster-critical` PriorityClass. You don't want to
 get in a situation where the autoscaler has been preempted and there are no new nodes
 coming online.
 
-If you have any queries or feedback, feel free to reach out to me on [LinkedIn](http://www.linkedin.com/in/sunnybhambhani).
-
-
-
+If you have any queries or feedback, feel free to reach out to me on
+[LinkedIn](http://www.linkedin.com/in/sunnybhambhani).
