New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression 2.14.0 breaks TransportServer
targeting services on control plane nodes
#3079
Comments
I think I see a bit of the difference here, In version But in neither version, the control-plane nodes running the pods are not being added to the pool and seem to be getting filtered out by some process in CTLR. |
The removal of control planes nodes from getting added to the pool comes from this commit: b7d33d5 by @lavanya-f5 Which looks at I'm not sure where the change came in |
@braunsonm For first issue, even if it is node-role.kubernetes.io/control-plane=true, only NoSchedule taint is added.NoExecute should only be added when node is unreachable or goes to not ready state because of memory or disk pressure.Will discuss this with team and get back. For second issue, on 2.14 where no pool members are added i.e even worker nodes are added.Need more information to debug further Also please share the CIS logs |
@lavanya-f5 That isn't true on all distributions. On Rancher RKE2 Server:
Worker:
Also why would you care if a node has memory or disk pressure if it's still running workloads that F5 should proxy to and is passing the health check? Just looking for NotReady should be sufficient here. RE: Workers, is there anything specific that you want me to share? I'm not comfortable posting my entire node yamls including IPs here. For the logs, the CIS simply logs:
The service itself has 3 endpoints (all on the server nodes) |
@braunsonm Thanks for the info. will be fixing the logic for notready check and share the build |
@braunsonm dev build with fix quay.io/f5networks/k8s-bigip-ctlr-devel:aed60df8b8b25242f7f0ab1f41eed1b5ef7e7672. Please use this image for testing and provide your feedback if issue still exists |
Tested and this seems to work! @lavanya-f5 |
Setup Details
CIS Version : 2.14.0
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP 15.1.8.1
Agent Mode: AS3
Orchestration: K8S
Orchestration Version: 1.26.6
Pool Mode: Nodeport
Additional Setup details: 3 control plane, 2 agents
Description
In the previous version of BigIP CTLR, we had a
TransportServer
which load balances our kube-api across the control plane "master" nodes. This has worked fine for over a year. Starting in2.14.0
this now breaks as there are no members added to the pool. I'm not sure if there was a change to the node selection but we do not specify a node label filter.Steps To Reproduce
Expected Result
The pool should be created with the 3 control plane nodes running the kubernetes API server. There are 3 endpoints for the service and hitting the nodeport directly works.
Actual Result
There are no members in the pool.
Observations
This works on 2.13.1
The text was updated successfully, but these errors were encountered: