-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Node taints should go back to baseline on machine restart #404
Comments
@achandrasekar @mikedanese I wonder if you considered this regression when you were looking at #322? |
can you expand on this? do you have a controller that watches nodes and taint based on the events? |
Yes, there's a controller that watches for the daemon and it removes the taint when it sees the daemon has started. |
shouldn't you be watching the Node and acting on the Node object? you can detect a node has changed based on the UUID |
We tried that too. But there's nothing that means we get to make our change to the node before the scheduler starts putting pods on it. That's what the taint would guarantee, but it's not added back even though the rest of the node state has returned to baseline |
@philpearl #322 was not a regression. In fact it was a fix to address the regression introduced with #285. We introduced the behavior to reapply taints. But there are a lot of people relying on the older behavior of not reapplying taints. They use these taints similar to the way you mentioned. Except for them it is only needed on new node startup and not on node restarts. Since this was a regression, we had to revert the change. But ideally, like you mentioned, we need a way to configure if the taints should be reapplied and when.
|
@achandrasekar thanks for the update - it's good to understand the full history! Is finding a way to |
@philpearl There is work planned to address this. But we don't have an ETA yet. I can provide an update once we do. The tainting behavior has a lot of implications to Cluster Autoscaler's scale up/down behavior. So, accepting a PR on this is difficult. |
Are you facing the issue only with preemptible nodes like the one mentioned here - cilium/cilium#21594? There is ongoing work to address this specific case. |
Hey all, I think I might be running into the same issue here (also running Cilium with The effective outcome is the same as what phil is dealing with. I was expecting the Let me know if there's anything I can provide that would be helpful to debugging this, this is impacting our customers with some regularity. |
We are facing the same issue with underlying VM restarts in GKE. It is pretty easy to replicate by restarting the underlying VM instance. In some cases, some pods (both deployments and daemonsets) run before cilium and enter a bad state requiring restarts. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
We apply a taint to nodes, and remove the taint once our daemon is up and running on the node. This then allows other pods to run on the node. We don't want other pods to run on the node until the daemon is up & running.
This works well until the underlying machine is restarted. If the kubernetes node is destroyed and we get a fresh new node then everything is OK. If not then our taint is not reapplied, and pods are started on the node even though the daemon is not fully active.
I believe the changes made under #322 (Remove taints re-application from node annotator) have caused or contributed to this issue.
The text was updated successfully, but these errors were encountered: