-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kube-dns should support custom tolerations #57659
Comments
/sig network |
Unfortunately, there's not really a way to have a field that takes values from two different sources. In this case, the addon's base YAML (managed by GKE) sets one toleration and you are trying to set another. The patch logic will throw your changes out periodically, when the addon is re-asserted, as you are experiencing. Once we are using priority and preemption, we won't need this toleration. In fact, I can not convince myself it is being used at all. |
I agree with @thockin that GKE and your deployment race against one another in setting As @thockin also mentioned, priority and preemption remove the need to have critical pods and CriticalAddonsOnly taint, but the feature is in alpha and is not enabled in GKE. Our plan is to move it to Beta in the next release. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/lifecycle frozen |
Any updates on this issue? We'd love to apply tolerations/affinity to kube-dns in a proper and maintainable way. |
+1 for this, at the moment it's not possible to add pre-emptible pools to your GKE cluster if you want to run any other service reliably on it. Since you can give your essential pods a nodeAffinity but not the kube-system pods it relies on (like kube-dns). |
Ref #23233 |
@Glennvd You can create a node pool with a taint - any pod that doesn't explicitly tolerate that taint will avoid those nodes. |
@thockin but doing that causes "Does not have minimum availability" for kube-dns, because apparently once GKE sees more nodes it changes |
Related issue #kubernetes/kops#6063 |
Any update on adding tolerations on kube-dns via kops? |
Also would like an update for this issue. We currently experience dns latency because we have a large tainted node-pool (relative to untainted) that we cannot run dns pods on. Thus traffic is constantly routed for the dns service to nodes with no kube-dns pods. |
Any update on this issue? Our node pool has all nodes tainted. But coz of this issue, it has become necessary for us to have node pools with untainted nodes. We can't have untainted node just to run this pod. Ideally, we would like to be able to add custom tolerations to kube-dns, kube-dns-autoscaler, heapster, so we can run them on tainted nodes |
would love to see this implemented so I can set some tolerations on those pods. |
Please look into this issue, it's been years. |
|
|
point is that is a GKE issue, not a kubernetes or sig-network issue 😅 |
/kind feature
(note: we're not using the latest Kubernetes version yet, but I couldn't find any changes related to this in the latest updates, so please close this if I simply updating will fix this for us)
Currently, when you edit a kube-dns deployment, some changes are persisted (f.e. adding a
nodeAffinity
config block), while others are reverted (f.e. adding a second toleration to the already existingCriticalAddonsOnly
toleration).The last example is problematic for us (running on GKE).
We have two node pools:
We want
kube-dns
(and any other critical pods) to run on the regular nodes for better uptime (see also: #41125), so we update its deployment with the following blocks:After saving this change, for a brief moment, the pods are scheduled as expected, but moments after, the change is reverted, and specifically the added toleration is removed, the nodeAffinity is still there however.
Can we make toleration changes persistent and not be reverted by the API itself?
Environment:
Kubernetes version (use
kubectl version
):Cloud provider or hardware configuration: GKE
The text was updated successfully, but these errors were encountered: