Node lifecycle controller does not markPodsNotReady when the node Ready state changes from false to unknown
#112733
Comments
k8s-ci-robot
added
needs-sig
xenv
changed the title
markPodsNotReady when the node Ready state changes from fail to unknownmarkPodsNotReady when the node Ready state changes from false to unknown
|
/sig node |
k8s-ci-robot
added
sig/node
|
Thanks for the report and the simple repro steps. This sounds like a generalized duplicate of #109998 /triage accepted |
|
/assign |
|
Is this a |
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
Yes, I believe the change required is very localized. |
|
/good-first-issue |
|
@akankshakumari393: GuidelinesPlease ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
good first issue
|
Hey, I would like to work on this |
|
@MustkimKhatik i am already working on it, and have raised a PR as well.🙂 |
Oh alright |
@akankshakumari393 Hi, I think node-controller has some complex logic, it's not suitable for a new contributor. I have reviewed your PR and found there are some broken UT. Please close your PR, @xenv and me were trying to fix this issue. /assign |
|
/assign not sure if this has been fixed already. looks like it is not. |
|
there are 3 PRs targeting this bug, please coordinate with the reviewers to avoid duplicating efforts |
|
@aojea Does this need some work? |
|
I have found this problem in node_lifycycle_controller : when node is changed from ready to not ready, the ds pod is still in ready status, and will not be removed in the ep |
|
/assign |
|
This issue, is still under consideration for good-first-issue, as it is reported here ⇾
|
|
/assign |
|
Hi all. Although I know there have been many commits and I am aware of the earliest issue, it has not been fixed yet. I am truly sorry for the inconvenience. Therefore, I have made a new commit in an attempt to fix the issue. |
|
Curious, I am trying to think why this was initially implemented this way. Was it because it was assumed that if node's |
|
for daemonset pod, it seems that the DaemonSet controller automatically adds a set of tolerations to DaemonSet Pods, and these tolerations can not be overwrite even the user has claimed in the daemonset yaml like this: apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
name: fluentd-elasticsearch
template:
metadata:
labels:
name: fluentd-elasticsearch
spec:
tolerations:
# these tolerations are to have the daemonset runnable on control plane nodes
# remove them if your control plane nodes should not run pods
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 30
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 30When check the pod, the |
|
I’d like to work on this |
|
Hey! I’m new to open-source |
|
@jzlyy @chiru0631 you can take this issue both by work independently or work together. |
|
You can use |
What happened?
When kubelet loses connect, the node goes into the unknown state. The node lifecycle controller marks the pod as not ready by the
markPodsNotReadyfunction because the health check status of the pod can not be obtained through kubelet. This feature is available only when node'sReadystate transitions fromtruetounknown.However, if the node is already in the fail state (such as a containerd failure),
markPodsNotReadywill not take effect if the node loses its connection at this time.kubernetes/pkg/controller/nodelifecycle/node_lifecycle_controller.go
Lines 883 to 888 in cac5388
In this case, the pod may accidentally remain ready, which may cause some network traffic to be accidentally forwarded to this node.
What did you expect to happen?
As long as the node loses its connection beyond grace time,
MarkPodsNotReadyshould always workHow can we reproduce it (as minimally and precisely as possible)?
Readystate to falseReadystate to unknownAnything else we need to know?
In the node lifecycle controller logic,
MarkPodsNotReadyis just triggered when a node goes fromtruestate to anunknownstate. The correct way is to trigger when the node becomesunknownstate regardless of whether the node state was previously trueKubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: