chenk008
commented
7 months ago How about double-check node lease before marking node NotReady? The node-lifecycle-controller can get reference lease from apiserver with resourceversion=''
Open chenk008 opened 7 months ago
chenk008
commented
7 months ago How about double-check node lease before marking node NotReady? The node-lifecycle-controller can get reference lease from apiserver with resourceversion=''
neolit123
commented
7 months ago /sig node
chenk008
commented
7 months ago /sig api-machinery
aojea
commented
7 months ago /cc @aojea @liggitt
We have discussed this timeouts values before @andrewsykim @linxiulei and myself, I also think @linxiulei got some metrics with lower timeouts for the HTTP2 connections.
In this situation is clear that the defaults of the node watcher and the timeouts are related and having good defaults will be ideal, but the question is which values do we change ?
chenk008
commented
7 months ago @aojea I think in internal network, the ping response almost return in 1 second, the HTTP2_PING_TIMEOUT_SECONDS default value should be 5 seconds. And the total timeout will 35 seconds. WDYT?
SergeyKanzhelev
commented
7 months ago /triage accepted
We have discussed this timeouts values before @andrewsykim @linxiulei and myself, I also think @linxiulei got some metrics with lower timeouts for the HTTP2 connections.
In this situation is clear that the defaults of the node watcher and the timeouts are related and having good defaults will be ideal, but the question is which values do we change ?
@aojea any pointers in other places where those timeouts were changed for http2? Any notes from those discussions?
SergeyKanzhelev
commented
7 months ago /priority important-longterm
since it is not a regression I will keep it longterm priority and not higher. But we can reevaluate if we hear more reports about it.
Vincentzs
commented
7 months ago /assign
jmcmeek
commented
1 month ago I'm investigating problems similar to this, but I'm looking for a way to confirm this is what is happening - and if there are tips for how to recreate such a scenario, that would be very helpful.
We get infrequent reports of "worker goes NotReady for a short time" incidents that appear to be triggered by events like failing over a LB sitting front of the kube-apiservers.
We've done some tests with a simple client-go app and have recreated a scenario in which the app logs http2: client connection lost messages after 45 secs of "context exceeded" errors.
The failures reported to us from customers don't have http2 errors in the kubelet logs, and our attempts to recreate with kubelet have never shown more more than a single error which works on subsequent retry.
What happened?
The controller-manager node-lifecycle-controller watches node lease and update
nodeHealthMapprobeTimestamp , and it check node probeTimestamp is beforenow - node-monitor-grace-period. The node-monitor-grace-period default value is 40s.When the client connection lost, the lease watcher cannot receive new event. With the http2 health check, HTTP2_PING_TIMEOUT_SECONDS default is 30s, HTTP2_READ_IDLE_TIMEOUT_SECONDS default is 15s, it will delay 45s to kill http2 connection.
During this period, node-lifecycle-controller will mark all nodes NotReady.
Here are some logs
What did you expect to happen?
When the http2 connection lost, the watch should stop as soon as possible. The reflector should relist resource, and node-lifecycle-controller should not mark all node NotReady.
HTTP2_PING_TIMEOUT_SECONDS+HTTP2_READ_IDLE_TIMEOUT_SECONDS should be less than 40s.
How can we reproduce it (as minimally and precisely as possible)?
Anything else we need to know?
No response
Kubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)