-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement issue-19 add prefer no schedule taint to avoid double draining of pods #250
Conversation
31ed67c
to
79c2426
Compare
The test is failing because the taint code uses the update method, but RBAC does only include patching nodes. |
79c2426
to
523dbba
Compare
it works now 😃 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First, allow me to thank you for this PR! Well thought out.
Please see my comments inline for the first part of the review (maybe a comment, and a little code change?) on the preferNoSchedule code location/behaviour.
Finally, I see a problem with the PR right now (maybe I am mistaken, could you clarify?):
This PR changes the state of the taint TaintEffectPreferNoSchedule
regardless of not it was tained by kured. This is a problem for me, because one administrator might want to mark a node for NoSchedule for other reasons, and we might remove it without its approval. WDYT?
Only the taint "weave.works/kured-node-reboot" (by default) is added or remove by the new behavior. Other taints will be untouched. The code from https://github.com/damoon/kured/blob/19-PreferNoSchedule/cmd/kured/main.go#L326 until https://github.com/damoon/kured/blob/19-PreferNoSchedule/cmd/kured/main.go#L367 ensures only to add/remove this one taint. |
I was not sure who the code was organized. |
0f60dba
to
bd21661
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have not tested it, but I like it.
CI tested it, so I guess that's a good start. Should we extend smoke test to ensure that we can schedule a basic workload? (And maybe ensuring the behaviour of this PR?) |
I tested the parallel reboot of nodes and the taint creation/removal. |
i found an issue: once the testing is done is push the fix. |
bd21661
to
6caf951
Compare
fixed and tested. works for me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left some minor comments below.
It would be good to mention this feature in the README.
I did not really follow the test
/ add
patch stuff. Do you have a reference to some documentation explaining it, or another program that does the same? (kubectl taint
does not appear to do it).
Also I think there is another corner case: if rebootRequired()
goes from true to false the taint will not be removed until the end of the reboot window, or until restart of kured.
…ining) additional pods from other rebooting nodes
…aint name to an empty string.
6caf951
to
3a35d6a
Compare
I updated the parameter section in README. For patches I found this https://dwmkerr.com/patching-kubernetes-resources-in-golang/ example and for I changed the behavior in case |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
Thanks for all changes, and for the explanation of why it is done this way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added a question/comment to clarify our goals. I would prefer if this is clarified before merging. However, I don't think it's worth blocking this PR from merging if we don't get consensus.
Please note that I didn't test this patch. The code looks okay to me.
} | ||
|
||
if rebootBlocked(client, nodeID) { | ||
continue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the reboot is Blocked by a pod or prometheus, shouldn't we still unmark the node?
For me it means that this node was voluntarily put out of the loop by an administrator, even if the reboot is required during the maintenance window.
In this case, I think that rebootBlocked should also remove any existing NoSchedule taint.
On the other hand, one could argue that a node "out of the loop" shouldn't be touched at all.
In any case, this decision should be recorded somewhere (in a comment, or in the commit message).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Being blocked by prometheus can be from a "pending" alert: in my case I see those come and go quite often.
So I think it would be bad to oscillate the taint; I would say once you need to reboot you shouldn't be scheduling new pods onto that node. (But it's only "preferred" so may get some if necessary).
Maybe we should make the taint ""
by default, so people can choose to try out the feature and report back?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am fine with both parts of your answer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@damoon do you mind updating the taint to "" by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatively, we can merge this after 16.0, and I can do another PR with updating the default taint.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed the flag to be disabled by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking about the rebootBlocked() cases.
Situation: A node that waits for a long time to reboot, but is blocked by other rebooting nodes. Then a pod, that blocks reboots, is scheduled onto that node.
A) The taint is remove. As a result even more work gets scheduled here, and needs to be drained again. This should be avoided.
B) The taint stays. As a result the nodes without the taint get a higher average load, even so this node can not reboot once it is its turn to do so. This should also be avoided.
The same should be true for prometheus alert.
My feeling is, to leave a node, that wants to reboot, but is blocked to do so, tainted. It expresses the intend best.
As mentioned, the taint is "only" preferred, and in case B i trust the kubernetes scheduler and resource requests enough for uneven load not be a real issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks!
Nice work and thanks for hanging in there. Do you think you could add a note #295 about this feature? |
This implements #19
The idea is to set a prefer no schedule taint.
The taint is set when the reboot sentinel is found and removed after the restart.
In case the node can not restart immediately the taint asks the kubernetes scheduler to avoid placing new pods on the tainted node.
But this is only preferred, as a last resort the kubernetes scheduler does place pods onto the node.