Skip to main content
Version: 1.3.0

Service Configuration

The official distribution of YuniKorn is deployed via Helm charts to Kubernetes. Configuration for YuniKorn is split into two parts: Helm configuration, and YuniKorn service configuration.

Helm Configuration

Helm configuration is used to configure options for the deployment of YuniKorn to Kubernetes.

The following settings can be configured during YuniKorn installation via Helm, either via Helm's command-line, as in --set key=value, or via an external file: -f file.yaml. The examples below will be given in YAML syntax.

Container images

YuniKorn ships as a set of container images. The locations and pull policies can be customized as follows:

# Image information for the standard scheduler
image:
repository: apache/yunikorn
tag: scheduler-1.0.0 # default depends on YuniKorn version
pullPolicy: Always

# Image information for the plugin scheduler
pluginImage:
repository: apache/yunikorn
tag: scheduler-plugin-1.0.0 # default depends on YuniKorn version
pullPolicy: Always

# Image information for the web UI
web:
image:
repository: apache/yunikorn
tag: web-1.0.0 # default depends on YuniKorn version
pullPolicy: Always

# Image information for the admission controller
admissionController:
image:
repository: apache/yunikorn
tag: admission-1.0.0 # default depends on YuniKorn version
pullPolicy: Always

Kubernetes configuration

affinity

Sets the affinity for the YuniKorn scheduler pod.

Default: {}

Example:

affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- primary1
- primary2

admissionController.affinity

Sets the affinity for the YuniKorn admission controller pod.

Default: {}

Example:

admissionController:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- primary1
- primary2

hostNetwork

Controls whether the scheduler should run in the host network.

Default: false

Example:

hostNetwork: true

admissionController.hostNetwork

Controls whether the admission controller should run in the host network.

Default: true

Example:

admissionController:
hostNetwork: false

imagePullSecrets

Provides secrets needed for pulling YuniKorn images.

Default: []

Example:

imagePullSecrets:
- secret1
- secret2

nodeSelector

Sets a node selector(s) to use for placement of the YuniKorn scheduler pod.

Default: {}

Example:

nodeSelector:
node-role.kubernetes.io/control-plane: "true"

admissionController.nodeSelector

Sets a node selector(s) to use for placement of the YuniKorn admission controller pod.

Default: {}

Example:

admissionController:
nodeSelector:
node-role.kubernetes.io/control-plane: "true"

admissionController.replicaCount

Sets the number of replicas to use for the YuniKorn admission controller. This can be set to greater than 1 for high-availability.

Default: 1

Example:

admissionController:
replicaCount: 2

serviceAccount

Sets an alternate service account for the YuniKorn scheduler.

Changing this value is not recommended, as Helm installs role-based access control (RBAC) policies for the default user that are required for proper functionaliy.

Default: yunikorn-admin

Example:

serviceAccount: my-account

admissionController.serviceAccount

Sets an alternate service account for the YuniKorn admission controller.

Changing this value is not recommended, as Helm installs role-based access control (RBAC) policies for the default user that are required for proper functionaliy.

Default: yunikorn-admission-controller

Example:

admissionController:
serviceAccount: my-account

service.type

Sets the type of service used for the scheduler.

Default: ClusterIP

Example:

service:
type: ClusterIP

admissionController.service.type

Sets the type of service used for the admission controller.

Default: ClusterIP

Example:

admissionController:
service:
type: ClusterIP

service.port

Sets the port exposed in the YuniKorn scheduler service for the REST API. It is not recommended to change this value.

Default: 9080

Example:

service:
port: 9080

service.portWeb

Sets the port exposed in the YuniKorn scheduler service for the Web UI. It is not recommended to change this value.

Default: 9889

Example:

service:
portWeb: 9889

tolerations

Sets the tolerations for the YuniKorn scheduler pod.

Default: []

Example:

tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Equal
value: "true"
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists

admissionController.tolerations

Sets the tolerations for the YuniKorn admission controller pod.

Default: []

Example:

admissionController:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Equal
value: "true"
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists

Resource utilization

The resources requested for YuniKorn pods can be customized as follows:

# Scheduler container resources
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
cpu: 4
memory: 2Gi

# Web UI container resources
web:
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 500Mi

# Admission controller resources
admissionController:
resources:
requests:
cpu: 100m
memory: 500Mi
limits:
cpu: 500m
memory: 500Mi

Optional features

embedAdmissionController

Controls whether to enable the YuniKorn admission controller.

Default: true

Example:

embedAdmissionController: false

enableSchedulerPlugin

Controls whether to run YuniKorn in scheduler plugin mode.

Default: false

Example:

enableSchedulerPlugin: true

YuniKorn defaults

yunikornDefaults

Sets entries which will be rendered to the yunikorn-defaults ConfigMap. This can be used to pre-configure YuniKorn at deployment time. Any settings declared in YuniKorn configuration may be set here.

Default: {}

Example:

yunikornDefaults:
service.clusterId: yunikorn-01
service.policyGroup: group-01
group-01.yaml: |
partitions:
- name: default
placementrules:
- name: tag
value: namespace
create: true
queues:
- name: root
submitacl: '*'

Deprecated settings

The following settings are deprecated, and will be removed from a future YuniKorn release. They should now be specified in the yunikorn-configs ConfigMap or via the Helm yunikornDefaults section:

Deprecated settingConfigMap replacement
operatorPluginsservice.operatorPlugins
placeHolderImageservice.placeholderImage
admissionController: processNamespacesadmissionController.filtering.processNamespaces
admissionController: bypassNamespacesadmissionController.filtering.bypassNamespaces
admissionController: labelNamespacesadmissionController.filtering.labelNamespaces
admissionController: noLabelNamespacesadmissionController.filtering.noLabelNamespaces
configurationqueues.yaml

Deprecated example:

operatorPlugins: general
placeHolderImage: registry.k8s.io/pause:3.7
admissionController:
processNamespaces: "^spark-,^mpi-"
bypassNamespaces: "^kube-system$"
labelNamespaces: "^spark-"
noLabelNamespaces: "^mpi-legacy-"
configuration: |
partitions:
- name: default
placementrules:
- name: tag
value: namespace
create: true
queues:
- name: root
submitacl: '*'

Replacement example:

yunikornDefaults:
service.policyGroup: queues
service.operatorPlugins: general
service.placeholderImage: registry.k8s.io/pause:3.7
admissionController.filtering.processNamespaces: "^spark-,^mpi-"
admissionController.filtering.bypassNamespaces: "^kube-system$"
admissionController.filtering.labelNamespaces: "^spark-"
admissionController.filtering.noLabelNamespaces: "^mpi-legacy-"
queues.yaml: |
partitions:
- name: default
placementrules:
- name: tag
value: namespace
create: true
queues:
- name: root
submitacl: '*'

Currently, if both the deprecated parameter and the replacement ConfigMap entry are specified, the ConfigMap entry will take precedence.

YuniKorn Configuration

Service configuration for YuniKorn is controlled by two Kubernetes ConfigMaps in the namespace where YuniKorn is installed: yunikorn-defaults and yunikorn-configs.

At runtime, these ConfigMaps are polled by YuniKorn and merged together to form an effective configuration. If a setting is present in both ConfigMaps, the yunikorn-configs setting will override the one present in yunikorn-defaults.

The purpose of yunikorn-defaults is to provide a mechanism for Helm to configure initial service configuration details. It should not be modified directly.

The yunikorn-configs ConfigMap is completely unmanaged by Helm, and is meant for configurations which may change over time, such as queue configuration. All changes to YuniKorn configuration outside of provisioning infrastructure should be made here.

Default ConfigMap

If neither ConfigMap is provided, or if an option is not specified, YuniKorn will use the default values listed here:

apiVersion: v1
kind: ConfigMap
metadata:
name: yunikorn-configs
data:
service.clusterId: "mycluster"
service.policyGroup: "queues"
service.schedulingInterval: "1s"
service.volumeBindTimeout: "10s"
service.eventChannelCapacity: "1048576"
service.dispatchTimeout: "5m"
service.operatorPlugins: "general"
service.disableGangScheduling: "false"
service.enableConfigHotRefresh: "true"
service.placeholderImage: "registry.k8s.io/pause:3.7"
service.instanceTypeNodeLabelKey: "node.kubernetes.io/instance-type"
health.checkInterval: "30s"
log.level: "0"
kubernetes.qps: "1000"
kubernetes.burst: "1000"
admissionController.webHook.amServiceName: "yunikorn-admission-controller-service"
admissionController.webHook.schedulerServiceAddress: "yunikorn-service:9080"
admissionController.filtering.processNamespaces: ""
admissionController.filtering.bypassNamespaces: "^kube-system$"
admissionController.filtering.labelNamespaces: ""
admissionController.filtering.noLabelNamespaces: ""
admissionController.filtering.generateUniqueAppId: "false"
admissionController.filtering.defaultQueue: "root.default"
admissionController.accessControl.bypassAuth: "false"
admissionController.accessControl.trustControllers: "true"
admissionController.accessControl.systemUsers: "^system:serviceaccount:kube-system:"
admissionController.accessControl.externalUsers: ""
admissionController.accessControl.externalGroups: ""
queues.yaml: |
partitions:
- name: default
placementrules:
- name: tag
value: namespace
create: true
queues:
- name: root
submitacl: '*'

Service settings

The following parameters are understood by YuniKorn:

service.clusterId

Sets an identifier for the cluster being configured. This is returned as part of REST API calls.

A change to this setting requires a restart of YuniKorn to take effect.

Default: mycluster

Example:

service.clusterId: "yunikorn-east"

service.policyGroup

Defines the policy group in use by this scheduler. The policy group is used to choose one of several queue configurations. The value of this setting plus an extension of .yaml controls the ConfigMap entry used to retrieve partition and queue configuration.

A change to this setting requires a restart of YuniKorn to take effect.

Default: queues

Example:

service.policyGroup: group_b
group_b.yaml: |
partitions:
- name: default
placementrules:
- name: tag
value: namespace
create: true
queues:
- name: root
submitacl: '*'

service.schedulingInterval

Controls the frequency with which YuniKorn executes scheduling runs.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 1s

Example:

service.schedulingInterval: "5s"

service.volumeBindTimeout

Controls the timeout before volume binding fails.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 10s

Example:

service.volumeBindTimeout: "30s"

service.eventChannelCapacity

Controls the number of internal scheduling events that YuniKorn will allow to be in-flight at one time. This acts as an out-of-memory guard.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 1048576

Example:

service.eventChannelCapacity: "1000000"

service.dispatchTimeout

Controls how long internal events will reattempt dispatching if the event channel is full. Warnings will be emitted if this timeout is exceeded.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 5m

Example:

service.dispatchTimeout: "10m"

service.operatorPlugins

Controls the set of operator plugins which are enabled within YuniKorn. Currently, only the general, spark-k8s-operator, and yunikorn-app plugins are implemented. The general plugin should not be disabled.

A change to this setting requires a restart of YuniKorn to take effect.

Default: general

Example:

service.operatorPlugins: "general,spark-k8s-operator"

service.disableGangScheduling

Allows global disabling of the gang scheduling feature (not recommended).

A change to this setting requires a restart of YuniKorn to take effect.

Default: false

Example:

service.disableGangScheduling: "true"

service.enableConfigHotRefresh

Controls whether configuration should be hot-reloaded. By default, this is set to true, but it can be disabled to avoid changes to the ConfigMaps from being picked up until a scheduler restart.

A change to this setting will be picked up without a restart of YuniKorn.

NOTE: If this setting is disabled, it may not be re-enabled again without a restart of YuniKorn.

Default: true

Example:

service.enableConfigHotRefresh: "false"

service.placeholderImage

Sets the Pod image that will be used for gang scheduling placeholders.

A change to this setting requires a restart of YuniKorn to take effect.

Default: registry.k8s.io/pause:3.7

Example:

service.placeholderImage: "registry.k8s.io/pause:3.6"

service.instanceTypeNodeLabelKey

Sets the node label that will be used to determine the instance type of node.

A change to this setting requires a restart of YuniKorn to take effect.

Default: node.kubernetes.io/instance-type

Example:

service.instanceTypeNodeLabelKey: "node.kubernetes.io/my-instance-type"

Health settings

health.checkInterval

Sets the time between automatic health checks of YuniKorn.

Setting the value to 0 or a negative interval will disable background health checking.

A change to this setting will be picked up without a restart of YuniKorn.

Default: 30s

Example:

health.checkInterval: "1m"

Log settings

log.level

Sets the verbosity that YuniKorn will log at.

A change to this setting will be picked up without a restart of YuniKorn. The available values are:

  • -1: Debug
  • 0: Info
  • 1: Warn
  • 2: Error
  • 3: DPanic
  • 4: Panic
  • 5: Fatal

Default: 0 (Info)

Example:

log.level: "-1"

Kubernetes settings

kubernetes.qps

Sets the number of Kubernetes queries per second (QPS) used by YuniKorn's Kubernetes client. This number must be >= 0.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 1000

Example:

kubernetes.qps: "500"

kubernetes.burst

Sets the maximum size of bursty queries to Kubernetes, temporarily allowing events to burst to this number while not still exceeding kubernetes.qps.

A change to this setting requires a restart of YuniKorn to take effect.

Default: 1000

Example:

kubernetes.burst: "500"

Admission controller webhook settings

admissionController.webHook.amServiceName

Sets the name of the service that the YuniKorn admission controller is registered under. This is required for the admission controller to register itself properly with Kubernetes, and should normally not be changed.

A change to this setting requires a restart of the YuniKorn admission controller to take effect.

Default: yunikorn-admission-controller-service

Example:

admissionController.webHook.amServiceName: "yunikorn-admission-controller-alt-service-name"

admissionController.webHook.schedulerServiceAddress

Sets the address of the YuniKorn scheduler service. This address must be reachable by the admission controller, and is used by the admission controller when validating ConfigMap changes. The admission controller will contact the REST API on the scheduler to validate any proposed ConfigMap changes. This setting should not normally be changed.

A change to this setting requires a restart of the YuniKorn admission controller to take effect.

Default: yunikorn-service:9080

Example:

admissionController.webHook.schedulerServiceAddress: "alt-yunikorn-service:9080"

Admission controller filtering settings

admissionController.filtering.processNamespaces

Controls which namespaces will have pods forwarded to YuniKorn for scheduling.

This setting is a comma-separated list of regular expressions. If this setting is an empty string, pods created in all namespaces will be scheduled by YuniKorn.

A change to this setting will be picked up without a restart of the admission controller.

Default: empty

Example:

# Schedule only pods in spark-* and mpi-* namespaces with YuniKorn
admissionController.filtering.processNamespaces: "^spark-,^mpi-"

admissionController.filtering.bypassNamespaces

Controls which namespaces will not have pods forwarded to YuniKorn for scheduling. This acts as an exception list to admissionController.filtering.processNamespaces.

This setting is a comma-separated list of regular expressions. If this setting is an empty string, no pods in any namespaces will be excluded from processing by YuniKorn.

By default, this setting excludes pods in the kube-system namespace as scheduling of these pods is often required for a node to be added to a cluster successfully. This could possibly prevent starting of YuniKorn itself or other critical services.

A change to this setting will be picked up without a restart of the admission controller.

Default: ^kube-system$

Example:

# Don't schedule pods in kube-system or fluentd-* namespaces
admissionController.filtering.bypassNamespaces: "^kube-system$,^fluentd-"

NOTE :
To simplify management, you can directly set the yunikorn.apache.org/namespace.enableYunikorn annotation on the namespace itself, regardless of whether it is specified in a regular expression. This annotation enables you to determine if the namespace should be managed by Yunikorn.

admissionController.filtering.labelNamespaces

Controls which namespaces will have pods labeled with an applicationId. By default, all pods which are scheduled by YuniKorn will have an applicationId label applied.

When running YuniKorn using the standard deployment model, all pods should be labeled, as YuniKorn is unable to schedule pods without an applicationId defined.

When running YuniKorn using the scheduler plugin deployment model, this setting can be used to filter which namespaces should be scheduled via YuniKorn's queueing model, and which should bypass queueing and be scheduled by the embedded default scheduler.

This setting is a comma-separated list of regular expressions. If this setting is an empty string, all pods forwarded to YuniKorn will have an applicationId label applied.

A change to this setting will be picked up without a restart of the admission controller.

Default: empty

Example:

# Add applicationId labels to pods spark-* namespaces
admissionController.filtering.labelNamespaces: "^spark-"

admissionController.filtering.noLabelNamespaces

Controls which namespaces will not have pods labeled with an applicationId. This acts as an exception list to admissionController.filtering.labelNamespaces.

When running YuniKorn using the standard deployment model, all pods should be labeled, as YuniKorn is unable to schedule pods without an applicationId defined.

When running YuniKorn using the scheduler plugin deployment model, this setting can be used to filter which namespaces should be scheduled via YuniKorn's queueing model, and which should bypass queueing and be scheduled by the embedded default scheduler.

This setting is a comma-separated list of regular expressions. If this setting is an empty string, no exclusions to admissionController.filtering.labelNamespaces will be applied.

A change to this setting will be picked up without a restart of the admission controller.

Default: empty

Example:

# Skip queueing in the noqueue namespace
admissionController.filtering.labelNamespaces: "^noqueue$"

NOTE : To simplify management, you can directly set the yunikorn.apache.org/namespace.generateAppId annotation on the namespace itself, regardless of whether it is specified in a regular expression. This annotation enables you to determine if the namespace should be labeled by Yunikorn.

admissionController.filtering.generateUniqueAppId

YuniKorn generates applicationId for all the apps that do not have an applicationId to start with. This property controls if a unique applicationId should be generated for each such application or all the apps in a namespace should be bundled under a single applicationId.

This setting is turned off by default and only one applicationId will be generated per namespace.

When enabled, unique applicationId is generated using the namespace and the application's pod uid.

Default: false

Example:

admissionController.filtering.generateUniqueAppId: "true"

admissionController.filtering.defaultQueue

Controlls what will be the default queue name for the application.

If the application does not define a queue name during app submission, admission controller will add a default queue name to the pod labels. root.default queue name will be added to the pod labels if this property is not set.

In case, the default queue name needs to be updated to something other than root.default, admissionController.filtering.defaultQueue can be set with the desired queue name.

Example:

# Change default queue to root.mydefault
admissionController.filtering.defaultQueue: "root.mydefault"

NOTE : The queue name needs to be a fully qualified queue name.

For certain use-cases, there may be a need to skip adding a default queue name to the pod labels. In such cases, admissionController.filtering.defaultQueue can be set to empty string.

Adding default queue name should be avoided when provided rule is used in conjunction with other placement rules and provided rule is higher in the hierarchy. If default queue label is added whenever there is no queue name specified, all the apps will be placed via provided rule and the other rules after that will never be executed.

Default: empty

Example:

# Skip adding default queue name
admissionController.filtering.defaultQueue: ""

Admission controller ACL settings

admissionController.accessControl.bypassAuth

Allow external users to create pods with user information already set.

A change to this setting will be picked up without a restart of the admission controller.

Default: false

Example:

admissionController.accessControl.bypassAuth: "true"

admissionController.accessControl.trustControllers

Allow controller users to create pods with user information already set.

A change to this setting will be picked up without a restart of the admission controller.

Default: true

Example:

admissionController.accessControl.trustControllers: "false"

admissionController.accessControl.systemUsers

Comma-separated list of regular expressions that match allowed controller service accounts.

A change to this setting will be picked up without a restart of the admission controller.

Default: ^system:serviceaccount:kube-system:

Example:

# allow all kube-system accounts as well as kube-controller-manager
admissionController.accessControl.systemUsers: "^system:serviceaccount:kube-system,^system:kube-controller-manager$"

admissionController.accessControl.externalUsers

Comma-separated list of regular expressions that match allowed external users.

A change to this setting will be picked up without a restart of the admission controller.

Default: empty

Example:

# allow 'alice', 'bob', and 'admin-*'
admissionController.accessControl.externalUsers: "^alice$,^bob$,^admin-"

admissionController.accessControl.externalGroups

Comma-separated list of regular expressions that match allowed external groups.

A change to this setting will be picked up without a restart of the admission controller.

Default: empty

Example:

# allow 'sales', 'marketing', and 'admin-*'
admissionController.accessControl.externalGroups: "^sales$,^marketing$,^admin-"