-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move of unreachable taint key out of alpha #54208
Conversation
/lgtm I wait for Klaus to take a look as well before approving, just in case. |
@@ -30,7 +30,7 @@ const ( | |||
// TaintNodeUnreachable would be automatically added by node controller | |||
// when node becomes unreachable (corresponding to NodeReady status ConditionUnknown) | |||
// and removed when node becomes reachable (NodeReady status ConditionTrue). | |||
TaintNodeUnreachable = "node.alpha.kubernetes.io/unreachable" | |||
TaintNodeUnreachable = "node.kubernetes.io/unreachable" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not do this similar with not-ready
? Add an new label, named DeprecateTaintNodeUnreachable
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@liggitt , any suggestion :).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
similar issue to the other taint name change... the node controller currently adds this taint, so I'd expect it to remove the alpha taint, otherwise you can end up with a node with a permanent taint added by a kubernetes component
also, the DefaultTolerationSeconds admission plugin currently adds tolerations for the alpha taint (and isn't documented to be alpha or subject to change). What's the plan for avoiding disrupting pods admitted with tolerations by that plugin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let the admission plugin replace old toleration with new one. @liggitt WDYT?
that doesn't update pods already in the system
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So maybe add a admit plugin
to fix pods tolerations? @liggitt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure the best course of action... @davidopp how did you envision updating system-added tolerations on existing pods when the system-added taint changes names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kindly ping @davidopp , we are discussing the strategy to upgrade alpha taint keys without breaking existing user, and your advice would be highly valued here.
/approve cancel |
/cc @liggitt |
/lgtm cancel |
Just to stop merge progress before we get agreement on the PR :). |
/retest |
/retest |
I'll take a look at this in the next few days, but if @gmarek has a comment it would be useful too. |
Thanks David! @davidopp @gmarek As @liggitt pointed out, the One possible approach I am thinking is adding a admit to fix pods toleration. Do you think it's reasonable? |
@resouer Why don't you take a similar approach to notReady? Leave the alpha in place and mark it deprecated and add a new taint for non-alpha version. |
@bsalamat The special problem here is the So I just proposed to adding a admit to fix pods tolerations. Does it sound good to you? |
@resouer Your description is a bit brief. So, I am not sure if your solution will handle the following scenario correctly:
Will the new pod be scheduled? |
@bsalamat I think that approach may solve the problem:
So the system should work. Am I missed something? |
I don't think this is necessary... I'd only expect us to work to smoothly transition objects tainted/tolerated by in-tree components:
I think out of tree components are responsible for stopping their own usage of alpha tolerations |
What @liggitt said makes sense. Given that this was an alpha taint, we don't need to avoid breaking external components that use the alpha taint in the future. |
OK, so the scope is much clear now. I've already update the patch and amending unit tests now. Thank you for advice. |
@resouer Can you please update the release note and mention that existing pods with the alpha toleration should be updated to tolerate the GA taint as well? |
@bsalamat Updated. Will also mention this in google group if it's fine. |
/lgtm |
I think this PR requires "action required" label. |
/assign @deads2k |
[MILESTONENOTIFIER] Milestone Pull Request Current @bsalamat @deads2k @k82cn @resouer Pull Request Labels
|
/test pull-kubernetes-unit |
/lgtm |
/retest |
You probably want to address the migration concern here: #54208 (comment) /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bsalamat, deads2k, resouer Associated issue: 54198 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest Review the full test history for this PR. |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
@deads2k Yes, the current plan is Release Note + Announcement in kubernetes-dev |
What this PR does / why we need it:
Move of unreachable taint key out of alpha, which already happened in community doc.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #54198Special notes for your reviewer:
Please see #54198 for the context of this inconsistency.
Release note: