-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Load balancer behavior changed for unmanaged nodes #112313
Comments
/sig cloud-provider |
Hi @yangl900 |
We made that change because the LoadBalancers (including both the External LB and Internal LB) are fully managed by cloud provider. Refer the documents on https://cloud-provider-azure.sigs.k8s.io/topics/cross-resource-group-nodes/, "unmanaged nodes will not be part of the load balancer managed by cloud provider". If putting those nodes into cloud provider managed LBs is required, is it possible moving them to managed nodes? |
@feiskyer I don't think there is is any technical blocker for a "unmanaged" cloud node to join load balancer. There are legitimate reasons that some node cannot be managed by AKS. For example, if someone wants to manage their own OS images, using unmanaged nodes is the only option. |
btw @feiskyer I understand LB is managed by cloud provide, and I don't expect LB to reconcile the backend pool for these "unmanaged" nodes. But if these "unmanaged" or "externally managed" nodes were configured to be the backend pool externally, why cloud provider force removing them? For self-hosted k8s, there is actually a workaround. If we configure the cloud provider to say "LB is pre-configured", then it will not manage the LB at all. But this workaround won't work for AKS. |
/assign @bridgetkromhout |
/triage accepted |
Hi @bridgetkromhout - any update for this issue? This blocks people from using "unmanged" or self-managed nodes. |
I'm asking @feiskyer to weigh in - but as far as I can tell, the best option for self-managed would be CAPZ - see https://capz.sigs.k8s.io/ for details. |
Clarity as to when this bug was fixed: kubernetes-sigs/cloud-provider-azure#851 |
The original commit was introduced because it would make the LB management much easier. There are two problems here to allow unmanaged Node in LB:
As suggested above, it it possible to use CAPZ for self-managed cluster? |
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
What happened?
Before commit aecaac0 the LB behavior for unmanaged nodes (labeled with
kubernetes.azure.com/managed: false
) is that:So basically unmanaged nodes are ignored from cloud provider operation. This makes sense because it is "unmanaged". However, starting from commit aecaac0, we will reconcile the unmanaged VMs and remove them from LB.
I believe the original intention is to remove nodes with "node.kubernetes.io/exclude-from-external-load-balancers" label, however, the
ShouldNodeExcludedFromLoadBalancer()
include both unmanaged nodes and exclude-lb nodes.This caused a behavior change from v1.20.15 because the commit was cherry-picked into 1.20 branch. I don't think we should force unmanaged nodes gets removed from LB. They are "unmanaged", so why we manage them?
What did you expect to happen?
Nodes with label
kubernetes.azure.com/managed: false
will not be forcefully removed from LB backends.How can we reproduce it (as minimally and precisely as possible)?
Label a node with
kubernetes.azure.com/managed: false
and see it's getting removed from LBAnything else we need to know?
No response
Kubernetes version
Cloud provider
Azure
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: