Make "kubectl drain" use taint instead of Unschedulable #44944
Comments
davidopp
added
the
sig/scheduling
|
@davidopp I can work on this, if no one else has started. |
|
Does this deprecate the Unschedulable field? |
|
Define "deprecate"... I don't think we can get rid of Unschedulable until we do a v2 of the API. Too many people are using it. Marking it "deprecated" seems fine though, to try to push people towards using NoSchedule taints instead. |
|
@ravisantoshgudimetla I don't have the bandwidth to review it for 1.7, but if @mml has time to review it then it's fine for you to implement it. |
|
"deprecate" here means "tell people it is going away eventually, and to use
taints instead". Deprecation policy is clear that this is a long, slow
process, but if we want to ever get rid of it, start now.
…On Thu, Apr 27, 2017 at 1:41 AM, David Oppenheimer ***@***.*** > wrote:
Define "deprecate"...
I don't think we can get rid of Unschedulable until we do a v2 of the API.
Too many people are using it. Marking it "deprecated" seems fine though, to
try to push people towards using NoSchedule taints instead.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#44944 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFVgVOhhKw2ppBGnEIAaJUkCtC2LMhQrks5r0FTXgaJpZM4NIclV>
.
|
|
Yes, that's reasonable. |
|
@davidopp Ok, I was under the impression that this is needed for 1.7, if not I can circle back to this later. |
|
So, I have started working on this and the way I want to implement this: For drain:
Uncordon would be exact opposite operation. I am a bit concerned about effect part. Please let me know WYT. |
|
I think just adding a NoSchedule taint (and opposite for uncordon) is sufficient -- no need to check whether there are already taints on the node. (Unless I'm missing some corner case you have in mind?) The trickier part is making sure this doesn't break the current users of cordon, since Unschedulable is unfortunately not the exact same thing as a NoSchedule taint. ref/ #42001 cc/ @kubernetes/sig-cluster-lifecycle-feature-requests |
k8s-ci-robot
added
sig/cluster-lifecycle
@davidopp I think I have an idea, but can you elaborate on the edge cases? |
So, the way I want to do it - I will update both unSchedulable field and NoSchedule taint for cordon and uncordon with a comment mentioning that unSchedulable will be eventually deprecated. Would it cause any problem, looking at the code, it seems drain is mostly a client side functionality(no code in server for it), so we should be good.
Its not an edge-case as such but I am thinking of - why to add a NoSchedule taint if one already exists. |
|
/sig cli |
…e_conversion Automatic merge from submit-queue (batch tested with PRs 48082, 48815, 48901, 48824) Changes for typecasting node in drain **What this PR does / why we need it**: **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48059 **Special notes for your reviewer**: Precursor to #44944 **Release note**: ```release-note kubectl drain now uses PATCH instead of PUT to update the node. The node object is now of type v1 instead of using internal api. ```
You can not use an existing NoSchedule taint on a node, because that means there are pods that tolerate it and can be scheduled. And that means it wouldn't work as Unschedulable. I think we should have a standard NoSchedule taint for such drain cases and make sure during validation that no pod is allowed to have any toleration tolerating this standard NoSchedule to ensure it works as Unschedulable. |
Thanks for the input @aveshagarwal but should we care about that scenario? The user explicitly wants his/her pod to be placed on node that has NoSchedule taint. AFAIU even now daemonSet controller doesn't respect the unSchedulable field and as a result could schedule pods onto nodes that are being drained.
Isn't that against the concept of taints and tolerations? We are creating a taint which will have no toleration. |
i did not say we should not use NoSchedule taint. i said we should not use an existing NoSchedule taint on a node as a signal for Unschedulable.
I dont think so. |
|
/cc @kubernetes/huawei |
|
At the sig-scheduling meeting today we realized it is not possible to implement this in a backward-compatible way because we allow pods to tolerate wildcard taint, so controllers that generate pods that tolerate wildcard taint would have their pods no longer be drain-able after upgrading the master. (I think that in the absence of wildcard taint, it would be OK to implement this.) I think we should close this issue. In the v2 API we could theoretically get rid of wildcard toleration and then it would be OK to implement this. (Users who want to opt in to being able to schedule onto machines that are draining could do so, e.g. maybe a very short-running batch job.) |
|
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/rotten
k8s-ci-robot
removed
the
lifecycle/stale
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
kubectl drain: Place NoSchedule taint, then do evictions as today
kubectl uncordon: Remove the taint
ref/ #25320
@kubernetes/sig-scheduling-feature-requests
cc/ @mml
The text was updated successfully, but these errors were encountered: