Setting Kubernetes API priority and fairness
Your IBM Cloud® Kubernetes Service clusters have default settings in place to process simultaneous requests to the API server and prevent traffic overload. You can configure your own flow schema and priority levels for requests that are made to the API server of your clusters. For more information, see API priority and fairness in the Kubernetes documentation.
For example, you might have a user or namespace that runs your critical apps in prod. You can create a flow schema and priority so that your critical apps have a higher priority for the API server to fulfill their requests than other apps in the cluster.
Reviewing default flow schema and priority levels
IBM Cloud Kubernetes Service sets certain default flow schema and priority levels in addition to the default settings from Kubernetes.
| Flow schema | Resources that requests come from | Priority level |
|---|---|---|
apiserver-health |
Kubernetes API server health resources | Custom priority level for these resources. |
calico-apiserver-service-accounts |
Resources in the calico-apiserver namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. This schema is available for IBM Cloud® Kubernetes Service version 1.31 and later. |
calico-system-service-accounts |
Resources in the calico-system namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. This schema is available for IBM Cloud® Kubernetes Service version 1.29 and later. |
ibm-admin |
Resources from IBM cluster administrators | Exempts requests by cluster administrators from priority restrictions. |
ibm-system-service-accounts |
Resources in the ibm-system namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts |
ibm-operators-service-accounts |
Resources in the ibm-operators namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. |
system-node-proxiers |
The kube-proxy |
Same priority as the kubelet |
tigera-operator-service-accounts |
Resources in the tigera-operator namespace that use a service account in the namespace |
Same priority as kube-system namespace service accounts. This schema is available for IBM Cloud® Kubernetes Service version 1.29 and later. |
You can create your own flow schema and priorities, but don't modify the default settings. Unexpected results might occur in your cluster when you modify API request priorities.
Follow the steps to review the flow schemas and priority levels set by IBM Cloud Kubernetes Service.
-
List all flow schemas in your cluster, including those set by IBM Cloud Kubernetes Service, and their corresponding priority levels .
kubectl get flowschemas -
Review the details of a particular flow schema including which resources can make prioritized API requests, what type of API requests can be made, and what objects the requests can modify.
kubectl describe flowschema <flow-schema-name>
Viewing IBM Cloud Kubernetes Service created priority level configurations
IBM Cloud Kubernetes Service sets a custom priority level configuration for the apiserver-health resource.
Use the following commands to view details about the configuration.
kubectl get prioritylevelconfiguration apiserver-health
kubectl describe prioritylevelconfiguration apiserver-health