-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce the pressure on api server caused by daemonset related pod queries #5761
Conversation
Codecov Report
@@ Coverage Diff @@
## master #5761 +/- ##
==========================================
- Coverage 45.37% 44.44% -0.93%
==========================================
Files 214 214
Lines 10244 9124 -1120
Branches 110 110
==========================================
- Hits 4648 4055 -593
+ Misses 5321 4794 -527
Partials 275 275 |
IIRC we have intentionally not used this type of filtering as the only certain way to check if pod is controlled by deamon set is to do it based on the controller ref as it is done at the end of this method @maciaszczykm do you remember that case? |
More or less I think this was the case. Perhaps it has changed, but we would need to have some kind of docs to confirm that. |
In the actual production process, frequent queries of damonset pod caused the k8s api server pressure to reach 70%, |
But it may break accuracy if the label selector will be missing on the daemon set, isn't it? |
The first and most important thing that we need to ensure is to always match correct pods with correct daemon sets. The second thing is the performance. If the first point would be somehow impacted by the performance improvement then we cannot allow that. |
Label filtering during query to reduce api server pressure, |
|
Can you guarantee with 100% certainty that filtering by selector will not filter out a pod that does not match some selector but would be matched by controller ref? |
Yes, we use the daemonset selector to match to ensure that the matched pod and controller ref match the same. If there are other pods configured with the same daemonset label, the controller ref shall prevail. I have created many in the system daemonset, can be 100% guaranteed to match the corresponding POD |
I have done some tests and it seems that a selector is required when creating DaemonSet and it is always propagated to the created Pods. Updating the Pod itself forces it to get "disconnected" from the daemon set and it gets replcaed by a new Pod. It should be safe then to limit the search to matched pods only. PS. Fix the static check. |
@twilight327426371 can you fix the CI so we can merge? |
/retest |
@twilight327426371: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@floreks Please help retest |
… api server caused by daemonset related pod queries
5801b09
to
75714a0
Compare
@floreks fix static check. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: floreks, twilight327426371 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Query pods related to daemonset. If select is not set, all pods in the current namespace of daemonset will be queried. If there are more pods in the current namespace, the pressure on the api server will increase greatly. Set the label when querying to reduce the number of query pods.