diff --git a/_sys/descheduler-cronjob.yaml b/_sys/descheduler-cronjob.yaml new file mode 100644 index 0000000..214014f --- /dev/null +++ b/_sys/descheduler-cronjob.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: descheduler-cronjob + namespace: kube-system +spec: + schedule: "*/2 * * * *" + concurrencyPolicy: "Forbid" + jobTemplate: + spec: + template: + metadata: + name: descheduler-pod + spec: + priorityClassName: system-cluster-critical + containers: + - name: descheduler + image: k8s.gcr.io/descheduler/descheduler:v0.20.0 + volumeMounts: + - mountPath: /policy-dir + name: policy-volume + command: + - "/bin/descheduler" + args: + - "--policy-config-file" + - "/policy-dir/policy.yaml" + - "--v" + - "3" + resources: + requests: + cpu: "500m" + memory: "256Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + restartPolicy: "Never" + serviceAccountName: descheduler-sa + volumes: + - name: policy-volume + configMap: + name: descheduler-policy-configmap diff --git a/_sys/descheduler-policy-configmap.yaml b/_sys/descheduler-policy-configmap.yaml new file mode 100644 index 0000000..8d7b307 --- /dev/null +++ b/_sys/descheduler-policy-configmap.yaml @@ -0,0 +1,27 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: descheduler-policy-configmap + namespace: kube-system +data: + policy.yaml: | + apiVersion: "descheduler/v1alpha1" + kind: "DeschedulerPolicy" + strategies: + "RemoveDuplicates": + enabled: true + "RemovePodsViolatingInterPodAntiAffinity": + enabled: false + "LowNodeUtilization": + enabled: true + params: + nodeResourceUtilizationThresholds: + thresholds: + "cpu": 30 + "memory": 30 + "pods": 10 + targetThresholds: + "cpu": 70 + "memory": 70 + "pods": 15 +