Add a label which prevents a node from being added to a cloud load balancer #53146
Conversation
k8s-ci-robot
added
size/XS
brendandburns
added
the
release-note
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve no-issue |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: brendandburns, FengyunPan Associated issue requirement bypassed by: brendandburns The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
After merging this PR(kubernetes#53146), if there is no available nodes for the loadbalancer service, UpdateLoadBalancer() will run panic.
|
Removing label |
|
Solves this issue: https://github.com/Azure/aci-connector-k8s/issues/51 |
| @@ -598,6 +598,10 @@ func getNodeConditionPredicate() corelisters.NodeConditionPredicate { | |||
| return false | |||
| } | |||
|
|
|||
| if _, hasExcludeBalancerLabel := node.Labels[constants.LabelNodeRoleExcludeBalancer]; hasExcludeBalancerLabel { | |||
There was a problem hiding this comment.
I just opened #53341. We shouldn't depend on cmd/kubeadm from core controllers.
There was a problem hiding this comment.
I can fix this if food have a better location for these annotations
There was a problem hiding this comment.
Erm s/food/folks/
There was a problem hiding this comment.
We can fix this later I think.
| @@ -134,6 +134,10 @@ const ( | |||
| // It's copied over to kubeadm until it's merged in core: https://github.com/kubernetes/kubernetes/pull/39112 | |||
| LabelNodeRoleMaster = "node-role.kubernetes.io/master" | |||
|
|
|||
| // LabelNodeRoleExcludeBalancer specifies that the node should be | |||
| // exclude from load balancers created by a cloud provider. | |||
| LabelNodeRoleExcludeBalancer = "node.role.kubernetes.io/exclude-balancer" | |||
There was a problem hiding this comment.
@kubernetes/sig-network-api-reviews
This doesn't follow the convetions of other labels in this file, nor does it have any versioning. Are we committing to this API?
There was a problem hiding this comment.
Sorry I screwed up the cut/paste I guess. I'm happy to add the dash instead of the dot...
After merging this PR(kubernetes#53146), if there is no available nodes for the loadbalancer service, UpdateLoadBalancer() will run panic.
Automatic merge from submit-queue (batch tested with PRs 53567, 53197, 52944, 49593). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. [OpenStack]Add codes to check the count of nodes(members) After merging this PR(#53146), if there is no available nodes for the loadbalancer service, UpdateLoadBalancer() will run panic. **Release note**: ```release-note NONE ```
|
Fixed up @mikedanese 's concern in #53621 Apologies. Mike, if you want me to extract from |
Automatic merge from submit-queue (batch tested with PRs 53621, 52320, 53625). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix a bad cut/paste of a node label. Fixes concerns [raised](#53146 (review)) in #53146 @mikedanese @jdumars
|
Hey, all. This should not have been merged without an issue, and probably should not have merged without someone from sig-network OWNERS looking at it. In truth, the whole notion of using nodes as LB targets should be folded down into per-cloud-provider logic. Service controller should not be doing this predicate check or passing nodes around. Secondly, the node-role concept is highly contentious, so we should not overload it. Thirdly, "don't do X" is not a role. Given that the nodes ARE being passed by service controller, fine. I don't think it should be about "role" though. Probably it should be named "node" rather than "node-role", or even something new like "service-controller.kubernetes.io/exclude-lb-node" ? |
Automatic merge from submit-queue (batch tested with PRs 54644, 53072). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Flag gate node exclusion for service load balancers. @thockin @jdumars ```release-note Add a new feature gate for enabling an alpha annotation which, if present, excludes the annotated node from being added to a service load balancers. ``` Issue: #54743 Notes: The original PR for this feature was: #53146 Which didn't include a gate (or the alpha label). This was refined to add the `alpha` label in: #53678 Then in the cherry-pick review: #53656 (comment) @thockin requested a gate for an alpha feature, which is this PR.
|
Removing cherry-pick labels since this has been manually cherrypicked in #54955 |
…#53678-#54644-upstream-release-1.8 Automatic merge from submit-queue. Automated cherry pick of #53146 #53678 #54644 Cherry pick of #53146 #53678 #54644 on release-1.8. #53146: Add a label which prevents a node from being added to a cloud #53678: Append an alpha label to the exclude load balancer #54644: wqFlag gate node exclusion for service load balancers. ```release-note Add a label which prevents a node from being added to a cloud.Append an alpha label to the exclude load balancer. `wqFlag` gate node exclusion for service load balancers. ```
|
Am I right that node using this label exclude itself from all LBs? So there is no way to do this per service? |
After merging this PR(kubernetes#53146), if there is no available nodes for the loadbalancer service, UpdateLoadBalancer() will run panic.
Automatic merge from submit-queue (batch tested with PRs 53567, 53197, 52944, 49593). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. [OpenStack]Add codes to check the count of nodes(members) After merging this PR(kubernetes#53146), if there is no available nodes for the loadbalancer service, UpdateLoadBalancer() will run panic. **Release note**: ```release-note NONE ```
There are a variety of reasons that you may not want a node in a cluster to participate in a cloud load balancer. For example workload isolation for security, or managing network throughput, or because the node is not in the appropriate virtual network (cluster's that span environments)
This PR adds a label so that you can select which nodes you want to participate.