Protect Rok External Services Pods¶
This guide describes the necessary steps to patch an existing Rok cluster on
Kubernetes, in order to protect Pods of External Services used by Rok from being
terminated in case of a memory pressure scenario. To make this possible you are
going to assign one of the pre-defined Kubernetes Priority Classes
(system-node-critical
, system-cluster-critical
) to all the relevant
resources .
Overview
What You’ll Need¶
- A configured management environment.
- An existing Kubernetes cluster.
- A working Rok deployment.
Procedure¶
Patch the external StatefulSets that Rok uses:
root@rok-tools:~# kubectl -n rok patch sts rok-etcd \ > --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}' statefulset.apps/rok-etcd patchedroot@rok-tools:~# kubectl -n rok patch sts rok-postgresql \ > --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}' statefulset.apps/rok-postgresql patchedroot@rok-tools:~# kubectl -n rok patch sts rok-redis \ > --patch '{"spec": {"template": {"spec": {"priorityClassName": "system-cluster-critical"}}}}' statefulset.apps/rok-redis patched
Verify¶
Ensure that the
rok-etcd
,rok-postgresql
androk-redis
StatefulSets have restarted and are all in a Ready state:root@rok-tools:~# kubectl get sts -n rok NAME READY AGE rok-csi-controller 1/1 2h rok-etcd 1/1 2h rok-postgresql 1/1 2h rok-redis 1/1 2hEnsure that
rok-etcd
,rok-postgresql
androk-redis
now have thesystem-cluster-critical
Priority Class.root@rok-tools:~# kubectl -n rok get sts rok-etcd --no-headers \ > -o custom-columns=:.spec.template.spec.priorityClassName system-cluster-criticalroot@rok-tools:~# kubectl -n rok get sts rok-postgresql --no-headers \ > -o custom-columns=:.spec.template.spec.priorityClassName system-cluster-criticalroot@rok-tools:~# kubectl -n rok patch sts rok-redis --no-headers \ > -o custom-columns=:.spec.template.spec.priorityClassName system-cluster-critical