DaemonSets: add SurgingRollingUpdate strategy

[diegs]

What this PR does / why we need it:

Adds a new update strategy for DaemonSets called SurgingRollingUpdate. It is the complement of the existing RollingUpdate strategy: instead of deleting pods up to MaxUnavailable and then waiting for new pods to be created, it creates new pods up to MaxSurge and then cleans up the old pods once the new ones are running successfully.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Fixes #48841
Implements kubernetes/enhancements#373

Release note:

DaemonSets: New SurgingRollingUpdate strategy creates new pods up to MaxSurge before deleting old pods.

cc @aaronlevy @lpabon

[k8s-ci-robot]

Hi @diegs. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: diegs
We suggest the following additional approver: smarterclayton

Assign the PR to them by writing /assign @smarterclayton in a comment when ready.

Associated issue: 48841

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• api/OWNERS
• docs/OWNERS
• federation/OWNERS
• pkg/apis/OWNERS
• pkg/controller/daemon/OWNERS
• pkg/kubelet/OWNERS
• staging/OWNERS

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[calebamiles]

/ok-to-test

[k8s-ci-robot]

@diegs: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
pull-kubernetes-unit	e56baff	link	/test pull-kubernetes-unit
pull-kubernetes-verify	e56baff	link	/test pull-kubernetes-verify
pull-kubernetes-bazel	e56baff	link	/test pull-kubernetes-bazel

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[luxas]

@kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-apps-pr-reviews
/assign @janetkuo @Kargakis @kow3ns @roberthbailey @luxas

[lukemarsden]

This is needed so that SIG-cluster-lifecycle can get self-hosted upgrades working in time for 1.8. Please prioritize reviewing this 😄 ❤️

Thanks!

[lpabon]

Few documentation comments but LGTM. good tests.

[lpabon]

This may need to be reworded, it is a little confusing:

Example: when this is set to 30%, at most 30% of the total number of nodes that
should be running the daemon pod (i.e. status.desiredNumberScheduled) can have
2 pods running at any given time...

Where does the 2 pods running calculation come from?

[lpabon]

Just curious, why set to the variable rollingUpdate which is only used in this scope?

[lpabon]

Please add some comments to these two conditions. The first is pretty simple, but the second could use some explanation.

[lpabon]

Nice, good test 👍

[liggitt]

this strategy wouldn't work well for pods that make use of resources like host ports, right? (since the new pod would not be able to bind to the port while the old one was still running, and therefore wouldn't ever become healthy, assuming its health check actually indicated whether it was successfully bound and running). that doesn't mean the strategy isn't useful, but that limitation should probably be called out somewhere.

[0xmichalis]

This is not different from using a Rolling deployment with a RWO volume. Worth calling out though.

[liggitt]

deployments put both MaxUnavailable and MaxSurge in the rolling update strategy parameters. is there a reason not to do the same here?

[luxas]

There were some discussion about that, but sig-apps didn't want to break current API and behavior, hence this new strategy. Keeping things as stable as possible...

[liggitt]

wouldn't current behavior be modeled as a default of 0 for maxsurge?

[luxas]

That was proposed, but shot down at some stage
cc @janetkuo @erictune @roberthbailey

see #48841 as well

[0xmichalis]

One reason for a separate strategy is to minimize the risk of introducing bugs in the existing paths. Also, bearing in mind that the only use case we have today for maxSurge in daemonsets is self-hosting, we decided to go down the separate strategy path.

[kow3ns]

Is there any design doc associated with what will be implemented here?

[erictune]

Prefer to review this in the context of a design doc.

[erictune]

See comments on #48841 (comment)

[diegs]

Thanks for the reviews and questions. Please see #48841 (comment)

[k8s-github-robot]

@diegs PR needs rebase

[resouer]

What's the status of this PR? Any future update?

[roberthbailey]

The discussion moved to the design proposal. The short version is that this feature has been put on hold and won't be part of the 1.9 release. We may reconsider adding it in the future. See kubernetes/community#977 (comment)