Add disruption admin guide. #1244
Conversation
|
Can you please retarget this PR to the release-1.4 branch? |
|
We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm. |
Done. |
|
No idea why the bot freaked out. % git log upstream/release-1.4..disruption
commit e5c144b7cde8b92308a59fc3d7cd4b154ea2ad6a
Author: Matt Liggett <[email protected]>
Date: Fri Sep 16 10:21:21 2016 -0700
Add disruption admin guide. |
@googlebot I authored all these commits. |
|
|
||
| ## Rationale | ||
|
|
||
| Various cluster management operations may "voluntarily" evict pods. By |
There was a problem hiding this comment.
Avoid using "we" as a general principle. Suggested rephrase:
"In a "voluntary" eviction , a pod is removed from a node in a controlled manner, such as draining the node for maintenance (kubectl drain) or autoscaling a cluster downward. In the future, the [rescheduler] may also perform voluntary evictions. By contrast, a non-voluntary eviction removes a pod because a node has become unreachable or reports NotReady."
There was a problem hiding this comment.
I went more directly definitional for the first sentence.
For the second one, the given example is just that, an example. It's not the definition of non-voluntary and only illustrates the principle.
| have the | ||
| [rescheduler](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/rescheduling.md) | ||
| and possibly other examples. (In contrast, something like evicting pods because | ||
| a node has become unreachable or reports NotReady, is not "voluntary.") For |
There was a problem hiding this comment.
I'd start a new paragraph here.
"For voluntary evictions, it can be useful..."
|
CLAs look good, thanks! |
|
@davidopp think I just need a technical LG on this. |
| because a node has become unreachable or reports NotReady, is not "voluntary." | ||
|
|
||
| For voluntary evictions, it can be useful for applications to be able to limit | ||
| the number of pods that are down, or the rate with which pods are evicted. For |
There was a problem hiding this comment.
Since we didn't implement it yet, I would just remove the "or the rate with which pods are evicted"
| temporarily. Or a web front end might want to ensure that the number of replicas | ||
| serving load never falls below a certain percentage of the total, even briefly. | ||
| `PodDisruptionBudget` is an API object that specifies the minimum number or | ||
| percentage of replicas of a collection that must be up at a time, and/or the |
There was a problem hiding this comment.
remove "and/or the maximum eviction rate across the collection."
| serving load never falls below a certain percentage of the total, even briefly. | ||
| `PodDisruptionBudget` is an API object that specifies the minimum number or | ||
| percentage of replicas of a collection that must be up at a time, and/or the | ||
| maximum eviction rate across the collection. Components that wish to eviction a |
|
|
||
| ## Specifying a PodDisruptionBudget | ||
|
|
||
| A `PodDisruptionBudget` has two components: a selector to specify the set of |
There was a problem hiding this comment.
I would rewrite this as
Currently a PodDisruptionBudget has two components: a selector to specify a set of pods, and a description of the minimum number of pods from that set that must be available (i.e. an eviction will not be allowed if it will cause the number of available pods to fall below this threshold).
There was a problem hiding this comment.
The "i.e." is not how it's implemented. This may be a simple off-by-one error, or it may be a place where we didn't think carefully enough about the spec.
As it stands, if you say "100%", we will allow evictions if all the pods are ready. If we want "100%" to mean "never permit a 'voluntary' eviction", I will clarify the docs, and changing the code and tests will be easy.
Or maybe the right thing is to open an issue to discuss and track this, and for now document the way it works?
There was a problem hiding this comment.
Yes sorry I didn't catch this sooner but I think the semantics you described are not what people are going to expect. I now see that the comment in the proto, "the minimum number of pods that must be available simultaneously" is ambiguous. And I guess I wasn't thinking about this when I was looking at the code and tests. In any event, I do think we want people to be able to say "don't allow any voluntary evictions". Can you send a PR to change the behavior and tests, and change the documentation to say something like what I suggested? Very sorry about that. Thanks for noting the discrepancy with my suggestion!
There was a problem hiding this comment.
Also can you update the comment on the proto to describe the new behavior.
There was a problem hiding this comment.
Yes to all of these. Alright if I address the semantic change in a followup when I actually change the code? It'll be sent today, but I would like to get this merged in some form, and it is correct as-is.
| pods, and a description of the minimum number of available pods for a disruption | ||
| to be allowed. The latter can be either an absolute number or a percentage. In | ||
| typical usage, a single budget would be used for a collection of pods managed by | ||
| a controller. |
There was a problem hiding this comment.
add ", for example the pods in a single ReplicaSet"
| 3. If there is some kind of misconfiguration, like multiple budgets pointing at | ||
| the same pod, you will get `500 Internal Server Error`. | ||
|
|
||
| For a given eviction, there are two cases. |
| to be allowed. The latter can be either an absolute number or a percentage. In | ||
| typical usage, a single budget would be used for a collection of pods managed by | ||
| a controller. | ||
|
|
There was a problem hiding this comment.
I would add something at the end that says "Note that DisruptionBudget does not truly guarantee that the specified number/percentage of pods will always be up -- for example, a node that hosts a pod from the collection may fail when the collection is at the minimum size specified in the PodDisruptionBudget, thus bringing the number of available pods from the collection below the specified size. DisruptionBudget can only protect against voluntary evictions, not all causes of unavailability."
|
@davidopp PTAL |
|
Sure, LGTM. |
…tes#1290) This back-ports the install instructions from the 2.12 branch (kubernetes#1244) into the 2.11 branch, specifically for the edge helm charts. Co-authored-by: cpretzer <[email protected]>
Fixes linkerd/linkerd2#7745 Copied `grafana.md` doc from kubernetes#1244 from the 2.12 docs into 2.11, for folks that are on edge releases, that already have stripped-off the Grafana instance.
This change is