-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[backport] Disable session affinity for internal kubernetes service #65177
[backport] Disable session affinity for internal kubernetes service #65177
Conversation
Under following conditions session affinity leads to a deadlock: - Self hosted controller-manager, where it talks to API servers via kubernetes service ClusterIP - default master-count reconcilier is used - --apiserver-count is set to >1 according to the help message - number of responsive APIServers goes below `apiserver-count` - all controller-managers happen to be hashed to APIServers which are down. What then happens is that controller managers never be able to contact APIServer, despite correctly working APIServer available. Less serious outages also possible for other consumers of kubernetes service, such as operators, kube-dns, flannel & calico, etc. There is always non zero chance, that given consumer is hashed to an apiserver which is down. Revert "give the kubernetes service client ip session affinity" This reverts commit e21ebbc.
/assign @derekwaynecarr |
/ok-to-test |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: afritzler, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
@afritzler: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/hold |
/hold cancel |
/retest |
/test all [submit-queue is verifying that this PR is safe to merge] |
[MILESTONENOTIFIER] Milestone Pull Request Labels Incomplete @afritzler @derekwaynecarr @thockin Action required: This pull request requires label changes. kind: Must specify exactly one of |
Automatic merge from submit-queue. |
Under following conditions session affinity leads to a deadlock:
via kubernetes service ClusterIP
apiserver-count
are down.
What then happens is that controller managers never be able to
contact APIServer, despite correctly working APIServer available.
Less serious outages also possible for other consumers of kubernetes
service, such as operators, kube-dns, flannel & calico, etc. There is
always non zero chance, that given consumer is hashed to an apiserver
which is down.
Revert "give the kubernetes service client ip session affinity"
This reverts commit e21ebbc.
What this PR does / why we need it:
Backporting #56690 to 1.10 release branch.
Which issue(s) this PR fixes
Fixes #23129
Release note: