Protect Rok External Services Pods

This guide describes the necessary steps to patch an existing Rok cluster on Kubernetes, in order to protect Pods of External Services used by Rok from being terminated in case of a memory pressure scenario. To make this possible you are going to assign one of the pre-defined Kubernetes Priority Classes (system-node-critical, system-cluster-critical) to all the relevant resources .

Procedure

Patch the external StatefulSets that Rok uses:

root@rok-tools:~# kubectl -n rok patch sts rok-etcd \
> --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}'
statefulset.apps/rok-etcd patched
root@rok-tools:~# kubectl -n rok patch sts rok-postgresql \
> --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}'
statefulset.apps/rok-postgresql patched
root@rok-tools:~# kubectl -n rok patch sts rok-redis \
> --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}'
statefulset.apps/rok-redis patched

Verify

  1. Ensure that the rok-etcd, rok-postgresql and rok-redis StatefulSets have restarted and are all in a Ready state:

    root@rok-tools:~# kubectl get sts -n rok
    NAME                 READY   AGE
    rok-csi-controller   1/1     2h
    rok-etcd             1/1     2h
    rok-postgresql       1/1     2h
    rok-redis            1/1     2h
    
  2. Ensure that rok-etcd, rok-postgresql and rok-redis now have the system-cluster-critical Priority Class.

    root@rok-tools:~# kubectl -n rok get sts rok-etcd --no-headers \
    > -o custom-columns=:.spec.template.spec.priorityClassName
    system-cluster-critical
    
    root@rok-tools:~# kubectl -n rok get sts rok-postgresql --no-headers \
    > -o custom-columns=:.spec.template.spec.priorityClassName
    system-cluster-critical
    
    root@rok-tools:~# kubectl -n rok patch sts rok-redis --no-headers \
    > -o custom-columns=:.spec.template.spec.priorityClassName
    system-cluster-critical
    

Summary

You have successfully patched all External Services Pods used by Rok with the highest pre-defined Kubernetes Priority Class and have protected them against evictions and terminations under memory pressure scenarios.

What's Next

The next step is to protect the Arrikto EKF Pods.