bug 1804717: Switch to managing openshift-apiserver pods with a deployment

[marun]

The switch from using a daemonset to using a deployment is intended to improve reliability during upgrade.

bz: https://bugzilla.redhat.com/show_bug.cgi?id=1804717

/cc @sttts @deads2k

[marun]

@deads2k Some questions:

• should removal of the daemonset block creation of the deployment (and vise-versa for cleanup in previous releases on downgrade)?
• the bz mentioned wiring HPA to enable scaling - should that be tackled in this PR or separately?

[deads2k]

• should removal of the daemonset block creation of the deployment (and vise-versa for cleanup in previous releases on downgrade)?

no, just rollout. We can tolerate having some extras for a bit.

[marun]

@sttts Updated, PTAL

[deads2k]

4.1.0-4.3.z

[marun]

Done

[deads2k]

UntilWithContext please. This should run forever. I'm ok doing it on two cadences if you prefer (fast until we delete, slow after that), but this will run every time the pod restarts, which is just a controller on an unpredictable resync cadence.

[marun]

Done. I didn't bother with 2 cadences, can address that if you feel strongly.

[marun]

@deads2k Updated, PTAL

[deads2k]

/lgtm

this could be improved by emitting some events, but we need this badly enough not to quibble.

[marun]

@deads2k What events would you like to see? Successful deletion of daemonset? Deployment doesn't have replicas yet?

[marun]

/retest

[marun]

/retest

[marun]

Updated to use explicit tolerations which should result in e2e passing, PTAL.

[marun]

/retest

[marun]

/test all

[marun]

/retest

[marun]

/test all

[sttts]

what does this mean for single-node clusters? Will we be always progressing?

[tnozicka]

shouldn't that be observed from the number of masters in the cluster? if someone scales them to 5?

[sttts]

3 instances in a 5 master node cluster at least sounds sane and doesn't break.

[marun]

what does this mean for single-node clusters? Will we be always progressing?

Good catch. The logic should be determining health by checking whether the replica count is equal or greater to the number of masters to maintain the invariant previously guaranteed by the daemonset.

[marun]

3 instances in a 5 master node cluster at least sounds sane and doesn't break.

Is that preferable to adjusting the replica count according to the number of masters that are present?

[deads2k]

single node clusters are not a supported platform. Refinements could be made, but I don't see them as blocking us stablizing upgrades for supported platforms.

[sttts]

why this?

[marun]

Removed. I have no recollection of where that came from.

[sttts]

do we enforce that two replicasets for the deployment don't overlap and increase this number temporarily although we are still progressing?

[marun]

No, we do not enforce no overlap. As per your previous comment, health should be determined by comparing replica count to master count.

[tnozicka]

The switch from using a daemonset to using a deployment is intended to improve reliability during upgrade.

it would be nice if the description said why

[marun]

The switch from using a daemonset to using a deployment is intended to improve reliability during upgrade.

it would be nice if the description said why

I'll leave it to @deads2k to explain. I have no idea why and the bz is short on details.

[deads2k]

The switch from using a daemonset to using a deployment is intended to improve reliability during upgrade.

it would be nice if the description said why

There is an issue draining nodes. Daemonsets are not evicted early. When the termination finally happens, there is an issue where graceful deletion doesn't take place. In addition, it is opening us up to SDN restart issues which result in API outages.

[deads2k]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, marun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [deads2k]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deads2k]

/cherrypick release-4.4

[openshift-cherrypick-robot]

@deads2k: once the present PR merges, I will cherry-pick it on top of release-4.4 in a new PR and assign it to you.

In response to this:

/cherrypick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@marun: All pull requests linked via external trackers have merged. Bugzilla bug 1804717 has been moved to the MODIFIED state.

In response to this:

bug 1804717: Switch to managing openshift-apiserver pods with a deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-cherrypick-robot]

@deads2k: #313 failed to apply on top of branch "release-4.4":

Applying: Update bindata
error: Failed to merge in the changes.
Using index info to reconstruct a base tree...
M	pkg/operator/v311_00_assets/bindata.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/operator/v311_00_assets/bindata.go
CONFLICT (content): Merge conflict in pkg/operator/v311_00_assets/bindata.go
Patch failed at 0002 Update bindata

In response to this:

/cherrypick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[marun]

#324 addresses outstanding comments on this PR.

If the cherry-pick bot can't apply cleanly, does that imply that a manual PR is required?