| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-09-18 |
kubernetes, openshift |
openshift |
{{site.data.keyword.attribute-definition-list}}
{: #kubeapi-priority}
Your {{site.data.keyword.openshiftlong}} clusters have default settings in place to process simultaneous requests to the API server and prevent traffic overload. You can configure your own flow schema and priority levels for requests that are made to the API server of your clusters. For more information, see API priority and fairness{: external} in the Kubernetes documentation. {: shortdesc}
For example, you might have a user or namespace that runs your critical apps in prod. You can create a flow schema and priority so that your critical apps have a higher priority for the API server to fulfill their requests than other apps in the cluster.
{: #kubeapi-default-priority}
{{site.data.keyword.openshiftlong_notm}} sets certain default flow schema and priority levels in addition to the default settings from Kubernetes. {: shortdesc}
| Flow schema | Resources that requests come from | Priority level |
|---|---|---|
apiserver-health |
Kubernetes API server health resources | Custom priority level for these resources. |
calico-apiserver-service-accounts |
Resources in the calico-apiserver namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. This schema is available for {{site.data.keyword.openshiftlong}} version 4.16 and later. |
calico-system-service-accounts |
Resources in the calico-system namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. |
ibm-admin |
Resources from IBM cluster administrators | Exempts requests by cluster administrators from priority restrictions. |
ibm-system-service-accounts |
Resources in the ibm-system namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts |
tigera-operator-service-accounts |
Resources in the tigera-operator namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. |
| {: caption="Default flow schema and priority levels" caption-side="bottom"} |
You can create your own flow schema and priorities, but don't modify the default settings. Unexpected results might occur in your cluster when you modify API request priorities. {: important}
Follow the steps to review the flow schemas and priority levels set by {{site.data.keyword.openshiftlong_notm}}.
-
List all flow schemas in your cluster, including those set by {{site.data.keyword.openshiftlong_notm}}, and their corresponding priority levels .
oc get flowschemas
{: pre}
-
Review the details of a particular flow schema including which resources can make prioritized API requests, what type of API requests can be made, and what objects the requests can modify.
oc describe flowschema <flow-schema-name>
{: pre}
{: #kube-api-prioritylevelconfig}
{{site.data.keyword.openshiftlong_notm}} sets a custom priority level configuration for the apiserver-health resource.
{: shortdesc}
Use the following commands to view details about the configuration.
oc get prioritylevelconfiguration apiserver-health{: pre}
oc describe prioritylevelconfiguration apiserver-health{: pre}