2014-10-09 07:14:37 +08:00
/ *
2016-06-03 08:25:58 +08:00
Copyright 2014 The Kubernetes Authors .
2014-10-09 07:14:37 +08:00
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
2015-10-10 11:58:57 +08:00
package node
2014-10-09 07:14:37 +08:00
import (
2015-01-17 06:28:20 +08:00
"errors"
2015-02-05 05:56:59 +08:00
"fmt"
2015-01-10 05:14:39 +08:00
"net"
2015-09-07 21:04:15 +08:00
"sync"
2014-10-15 06:45:09 +08:00
"time"
2014-10-09 07:14:37 +08:00
2015-08-06 06:05:17 +08:00
"github.com/golang/glog"
2017-01-25 21:39:54 +08:00
apiequality "k8s.io/apimachinery/pkg/api/equality"
2017-02-07 02:35:50 +08:00
apierrors "k8s.io/apimachinery/pkg/api/errors"
2017-01-11 22:09:48 +08:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2017-01-19 22:50:16 +08:00
"k8s.io/apimachinery/pkg/fields"
2017-01-11 22:09:48 +08:00
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/types"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
2017-01-31 02:39:54 +08:00
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
clientv1 "k8s.io/client-go/pkg/api/v1"
2017-01-24 22:11:51 +08:00
"k8s.io/client-go/tools/cache"
2017-01-31 02:39:54 +08:00
"k8s.io/client-go/tools/record"
2017-01-24 02:37:22 +08:00
"k8s.io/client-go/util/flowcontrol"
2015-08-06 06:03:47 +08:00
"k8s.io/kubernetes/pkg/api"
2016-11-19 04:50:17 +08:00
"k8s.io/kubernetes/pkg/api/v1"
2017-01-06 14:34:29 +08:00
"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
2017-02-09 05:18:21 +08:00
coreinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/core/v1"
extensionsinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/extensions/v1beta1"
2017-02-07 02:35:50 +08:00
corelisters "k8s.io/kubernetes/pkg/client/listers/core/v1"
extensionslisters "k8s.io/kubernetes/pkg/client/listers/extensions/v1beta1"
2015-08-06 06:03:47 +08:00
"k8s.io/kubernetes/pkg/cloudprovider"
2017-02-06 20:58:48 +08:00
"k8s.io/kubernetes/pkg/controller"
2016-04-14 02:38:32 +08:00
"k8s.io/kubernetes/pkg/util/metrics"
2016-07-12 15:38:57 +08:00
utilnode "k8s.io/kubernetes/pkg/util/node"
2016-05-16 17:20:23 +08:00
"k8s.io/kubernetes/pkg/util/system"
2016-10-23 00:49:18 +08:00
utilversion "k8s.io/kubernetes/pkg/util/version"
2014-10-09 07:14:37 +08:00
)
2016-08-16 23:08:26 +08:00
func init ( ) {
// Register prometheus metrics
Register ( )
}
2015-01-17 06:28:20 +08:00
var (
2016-07-11 19:23:53 +08:00
ErrCloudInstance = errors . New ( "cloud provider doesn't support instances." )
2016-10-23 00:49:18 +08:00
gracefulDeletionVersion = utilversion . MustParseSemantic ( "v1.1.0" )
2016-08-18 06:33:35 +08:00
// The minimum kubelet version for which the nodecontroller
// can safely flip pod.Status to NotReady.
2016-10-23 00:49:18 +08:00
podStatusReconciliationVersion = utilversion . MustParseSemantic ( "v1.2.0" )
2017-02-06 20:58:48 +08:00
UnreachableTaintTemplate = & v1 . Taint {
Key : metav1 . TaintNodeUnreachable ,
Effect : v1 . TaintEffectNoExecute ,
}
NotReadyTaintTemplate = & v1 . Taint {
Key : metav1 . TaintNodeNotReady ,
Effect : v1 . TaintEffectNoExecute ,
}
2015-01-17 06:28:20 +08:00
)
2015-05-19 19:23:59 +08:00
const (
// nodeStatusUpdateRetry controls the number of retries of writing NodeStatus update.
nodeStatusUpdateRetry = 5
// controls how often NodeController will try to evict Pods from non-responsive Nodes.
nodeEvictionPeriod = 100 * time . Millisecond
2016-07-13 16:40:22 +08:00
// Burst value for all eviction rate limiters
evictionRateLimiterBurst = 1
2016-07-17 02:52:51 +08:00
// The amount of time the nodecontroller polls on the list nodes endpoint.
apiserverStartupGracePeriod = 10 * time . Minute
2016-09-05 18:29:28 +08:00
// The amount of time the nodecontroller should sleep between retrying NodeStatus updates
retrySleepTime = 20 * time . Millisecond
2015-05-19 19:23:59 +08:00
)
2015-03-31 19:17:12 +08:00
2016-07-12 15:38:57 +08:00
type zoneState string
const (
2016-07-13 22:57:22 +08:00
stateInitial = zoneState ( "Initial" )
stateNormal = zoneState ( "Normal" )
stateFullDisruption = zoneState ( "FullDisruption" )
statePartialDisruption = zoneState ( "PartialDisruption" )
2016-07-12 15:38:57 +08:00
)
2015-04-11 06:30:11 +08:00
type nodeStatusData struct {
2016-12-04 02:57:26 +08:00
probeTimestamp metav1 . Time
readyTransitionTimestamp metav1 . Time
2016-11-19 04:50:17 +08:00
status v1 . NodeStatus
2015-03-31 23:15:39 +08:00
}
2014-12-19 17:27:01 +08:00
type NodeController struct {
2016-07-12 20:29:46 +08:00
allocateNodeCIDRs bool
cloud cloudprovider . Interface
clusterCIDR * net . IPNet
serviceCIDR * net . IPNet
2016-11-19 04:50:17 +08:00
knownNodeSet map [ string ] * v1 . Node
2016-07-12 20:29:46 +08:00
kubeClient clientset . Interface
2015-08-04 20:44:14 +08:00
// Method for easy mocking in unittest.
lookupIP func ( host string ) ( [ ] net . IP , error )
2015-03-31 19:17:12 +08:00
// Value used if sync_nodes_status=False. NodeController will not proactively
// sync node status in this case, but will monitor node status updated from kubelet. If
// it doesn't receive update for this amount of time, it will start posting "NodeReady==
// ConditionUnknown". The amount of time before which NodeController start evicting pods
2015-08-12 04:29:50 +08:00
// is controlled via flag 'pod-eviction-timeout'.
2015-03-31 19:17:12 +08:00
// Note: be cautious when changing the constant, it must work with nodeStatusUpdateFrequency
// in kubelet. There are several constraints:
// 1. nodeMonitorGracePeriod must be N times more than nodeStatusUpdateFrequency, where
// N means number of retries allowed for kubelet to post node status. It is pointless
// to make nodeMonitorGracePeriod be less than nodeStatusUpdateFrequency, since there
// will only be fresh values from Kubelet at an interval of nodeStatusUpdateFrequency.
// The constant must be less than podEvictionTimeout.
// 2. nodeMonitorGracePeriod can't be too large for user experience - larger value takes
// longer for user to see up-to-date node status.
nodeMonitorGracePeriod time . Duration
// Value controlling NodeController monitoring period, i.e. how often does NodeController
2015-04-08 03:36:09 +08:00
// check node status posted from kubelet. This value should be lower than nodeMonitorGracePeriod.
2015-03-31 19:17:12 +08:00
// TODO: Change node status monitor to watch based.
nodeMonitorPeriod time . Duration
2015-08-04 20:44:14 +08:00
// Value used if sync_nodes_status=False, only for node startup. When node
// is just created, e.g. cluster bootstrap or node creation, we give a longer grace period.
nodeStartupGracePeriod time . Duration
// per Node map storing last observed Status together with a local time when it was observed.
// This timestamp is to be used instead of LastProbeTime stored in Condition. We do this
// to aviod the problem with time skew across the cluster.
nodeStatusMap map [ string ] nodeStatusData
2016-12-04 02:57:26 +08:00
now func ( ) metav1 . Time
2015-09-07 21:04:15 +08:00
// Lock to access evictor workers
2016-07-26 13:06:16 +08:00
evictorLock sync . Mutex
2015-09-07 21:04:15 +08:00
// workers that evicts pods from unresponsive nodes.
2017-02-06 20:58:48 +08:00
zonePodEvictor map [ string ] * RateLimitedTimedQueue
// workers that are responsible for tainting nodes.
zoneNotReadyOrUnreachableTainer map [ string ] * RateLimitedTimedQueue
podEvictionTimeout time . Duration
2015-08-21 09:11:40 +08:00
// The maximum duration before a pod evicted from a node can be forcefully terminated.
maximumGracePeriod time . Duration
2015-08-04 20:44:14 +08:00
recorder record . EventRecorder
2016-10-14 18:38:39 +08:00
2017-02-07 02:35:50 +08:00
nodeLister corelisters . NodeLister
nodeInformerSynced cache . InformerSynced
daemonSetStore extensionslisters . DaemonSetLister
daemonSetInformerSynced cache . InformerSynced
podInformerSynced cache . InformerSynced
2016-01-27 11:53:09 +08:00
// allocate/recycle CIDRs for node if allocateNodeCIDRs == true
cidrAllocator CIDRAllocator
2017-01-23 17:28:51 +08:00
// manages taints
taintManager * NoExecuteTaintManager
2015-10-20 10:25:31 +08:00
2016-11-19 04:50:17 +08:00
forcefullyDeletePod func ( * v1 . Pod ) error
2016-07-16 14:10:29 +08:00
nodeExistsInCloudProvider func ( types . NodeName ) ( bool , error )
2016-11-19 04:50:17 +08:00
computeZoneStateFunc func ( nodeConditions [ ] * v1 . NodeCondition ) ( int , zoneState )
2016-08-05 20:50:19 +08:00
enterPartialDisruptionFunc func ( nodeNum int ) float32
enterFullDisruptionFunc func ( nodeNum int ) float32
2016-05-16 17:20:23 +08:00
2016-08-05 20:50:19 +08:00
zoneStates map [ string ] zoneState
evictionLimiterQPS float32
secondaryEvictionLimiterQPS float32
largeClusterThreshold int32
unhealthyZoneThreshold float32
2017-01-23 17:28:51 +08:00
// if set to true NodeController will start TaintManager that will evict Pods from
// tainted nodes, if they're not tolerated.
runTaintManager bool
2017-02-06 20:58:48 +08:00
// if set to true NodeController will taint Nodes with 'TaintNodeNotReady' and 'TaintNodeUnreachable'
// taints instead of evicting Pods itself.
useTaintBasedEvictions bool
2014-10-09 07:14:37 +08:00
}
2014-12-19 17:27:01 +08:00
// NewNodeController returns a new node controller to sync instances from cloudprovider.
2016-07-17 02:52:51 +08:00
// This method returns an error if it is unable to initialize the CIDR bitmap with
// podCIDRs it has already allocated to nodes. Since we don't allow podCIDR changes
// currently, this should be handled as a fatal error.
2014-12-19 17:27:01 +08:00
func NewNodeController (
2017-02-07 02:35:50 +08:00
podInformer coreinformers . PodInformer ,
nodeInformer coreinformers . NodeInformer ,
daemonSetInformer extensionsinformers . DaemonSetInformer ,
2014-10-15 06:45:09 +08:00
cloud cloudprovider . Interface ,
2016-01-29 14:34:08 +08:00
kubeClient clientset . Interface ,
2015-04-02 23:13:13 +08:00
podEvictionTimeout time . Duration ,
2016-07-12 20:29:46 +08:00
evictionLimiterQPS float32 ,
2016-08-05 20:50:19 +08:00
secondaryEvictionLimiterQPS float32 ,
largeClusterThreshold int32 ,
unhealthyZoneThreshold float32 ,
2015-03-31 19:17:12 +08:00
nodeMonitorGracePeriod time . Duration ,
nodeStartupGracePeriod time . Duration ,
2015-04-01 20:52:28 +08:00
nodeMonitorPeriod time . Duration ,
2015-05-07 05:48:45 +08:00
clusterCIDR * net . IPNet ,
2016-05-16 18:57:44 +08:00
serviceCIDR * net . IPNet ,
2016-05-20 19:21:52 +08:00
nodeCIDRMaskSize int ,
2017-01-23 17:28:51 +08:00
allocateNodeCIDRs bool ,
2017-02-06 20:58:48 +08:00
runTaintManager bool ,
useTaintBasedEvictions bool ) ( * NodeController , error ) {
2015-04-08 19:45:37 +08:00
eventBroadcaster := record . NewBroadcaster ( )
2017-01-31 02:39:54 +08:00
recorder := eventBroadcaster . NewRecorder ( api . Scheme , clientv1 . EventSource { Component : "controllermanager" } )
2015-06-03 14:51:32 +08:00
eventBroadcaster . StartLogging ( glog . Infof )
2015-04-08 19:45:37 +08:00
if kubeClient != nil {
2016-05-16 17:20:23 +08:00
glog . V ( 0 ) . Infof ( "Sending events to api server." )
2017-01-31 02:39:54 +08:00
eventBroadcaster . StartRecordingToSink ( & v1core . EventSinkImpl { Interface : v1core . New ( kubeClient . Core ( ) . RESTClient ( ) ) . Events ( "" ) } )
2015-04-08 19:45:37 +08:00
} else {
2017-02-13 18:48:34 +08:00
glog . Fatalf ( "kubeClient is nil when starting NodeController" )
2015-04-08 19:45:37 +08:00
}
2016-04-14 02:38:32 +08:00
2016-10-13 20:56:07 +08:00
if kubeClient != nil && kubeClient . Core ( ) . RESTClient ( ) . GetRateLimiter ( ) != nil {
metrics . RegisterMetricAndTrackRateLimiterUsage ( "node_controller" , kubeClient . Core ( ) . RESTClient ( ) . GetRateLimiter ( ) )
2016-04-14 02:38:32 +08:00
}
2016-01-27 11:53:09 +08:00
if allocateNodeCIDRs {
if clusterCIDR == nil {
glog . Fatal ( "NodeController: Must specify clusterCIDR if allocateNodeCIDRs == true." )
}
mask := clusterCIDR . Mask
2016-05-20 19:21:52 +08:00
if maskSize , _ := mask . Size ( ) ; maskSize > nodeCIDRMaskSize {
glog . Fatal ( "NodeController: Invalid clusterCIDR, mask size of clusterCIDR must be less than nodeCIDRMaskSize." )
2016-01-27 11:53:09 +08:00
}
2015-05-07 05:48:45 +08:00
}
2015-10-20 10:25:31 +08:00
nc := & NodeController {
2017-02-06 20:58:48 +08:00
cloud : cloud ,
knownNodeSet : make ( map [ string ] * v1 . Node ) ,
kubeClient : kubeClient ,
recorder : recorder ,
podEvictionTimeout : podEvictionTimeout ,
maximumGracePeriod : 5 * time . Minute ,
zonePodEvictor : make ( map [ string ] * RateLimitedTimedQueue ) ,
zoneNotReadyOrUnreachableTainer : make ( map [ string ] * RateLimitedTimedQueue ) ,
nodeStatusMap : make ( map [ string ] nodeStatusData ) ,
nodeMonitorGracePeriod : nodeMonitorGracePeriod ,
nodeMonitorPeriod : nodeMonitorPeriod ,
nodeStartupGracePeriod : nodeStartupGracePeriod ,
lookupIP : net . LookupIP ,
now : metav1 . Now ,
clusterCIDR : clusterCIDR ,
serviceCIDR : serviceCIDR ,
allocateNodeCIDRs : allocateNodeCIDRs ,
forcefullyDeletePod : func ( p * v1 . Pod ) error { return forcefullyDeletePod ( kubeClient , p ) } ,
nodeExistsInCloudProvider : func ( nodeName types . NodeName ) ( bool , error ) { return nodeExistsInCloudProvider ( cloud , nodeName ) } ,
evictionLimiterQPS : evictionLimiterQPS ,
secondaryEvictionLimiterQPS : secondaryEvictionLimiterQPS ,
largeClusterThreshold : largeClusterThreshold ,
unhealthyZoneThreshold : unhealthyZoneThreshold ,
zoneStates : make ( map [ string ] zoneState ) ,
runTaintManager : runTaintManager ,
useTaintBasedEvictions : useTaintBasedEvictions && runTaintManager ,
2014-10-15 06:45:09 +08:00
}
2016-08-05 20:50:19 +08:00
nc . enterPartialDisruptionFunc = nc . ReducedQPSFunc
nc . enterFullDisruptionFunc = nc . HealthyQPSFunc
nc . computeZoneStateFunc = nc . ComputeZoneState
2015-10-20 10:25:31 +08:00
2016-09-24 00:01:58 +08:00
podInformer . Informer ( ) . AddEventHandler ( cache . ResourceEventHandlerFuncs {
2017-01-23 17:28:51 +08:00
AddFunc : func ( obj interface { } ) {
nc . maybeDeleteTerminatingPod ( obj )
pod := obj . ( * v1 . Pod )
if nc . taintManager != nil {
nc . taintManager . PodUpdated ( nil , pod )
}
} ,
UpdateFunc : func ( prev , obj interface { } ) {
nc . maybeDeleteTerminatingPod ( obj )
prevPod := prev . ( * v1 . Pod )
newPod := obj . ( * v1 . Pod )
if nc . taintManager != nil {
nc . taintManager . PodUpdated ( prevPod , newPod )
}
} ,
DeleteFunc : func ( obj interface { } ) {
pod , isPod := obj . ( * v1 . Pod )
// We can get DeletedFinalStateUnknown instead of *v1.Node here and we need to handle that correctly. #34692
if ! isPod {
deletedState , ok := obj . ( cache . DeletedFinalStateUnknown )
if ! ok {
glog . Errorf ( "Received unexpected object: %v" , obj )
return
}
pod , ok = deletedState . Obj . ( * v1 . Pod )
if ! ok {
glog . Errorf ( "DeletedFinalStateUnknown contained non-Node object: %v" , deletedState . Obj )
return
}
}
if nc . taintManager != nil {
nc . taintManager . PodUpdated ( pod , nil )
}
} ,
2016-07-21 04:26:07 +08:00
} )
2017-02-07 02:35:50 +08:00
nc . podInformerSynced = podInformer . Informer ( ) . HasSynced
2016-01-27 11:53:09 +08:00
2016-09-15 02:35:38 +08:00
nodeEventHandlerFuncs := cache . ResourceEventHandlerFuncs { }
2016-01-27 11:53:09 +08:00
if nc . allocateNodeCIDRs {
2016-11-19 04:50:17 +08:00
var nodeList * v1 . NodeList
2016-10-31 19:04:04 +08:00
var err error
// We must poll because apiserver might not be up. This error causes
// controller manager to restart.
if pollErr := wait . Poll ( 10 * time . Second , apiserverStartupGracePeriod , func ( ) ( bool , error ) {
2017-01-22 11:36:02 +08:00
nodeList , err = kubeClient . Core ( ) . Nodes ( ) . List ( metav1 . ListOptions {
2016-11-19 04:50:17 +08:00
FieldSelector : fields . Everything ( ) . String ( ) ,
LabelSelector : labels . Everything ( ) . String ( ) ,
2016-10-31 19:04:04 +08:00
} )
if err != nil {
glog . Errorf ( "Failed to list all nodes: %v" , err )
return false , nil
}
return true , nil
} ) ; pollErr != nil {
return nil , fmt . Errorf ( "Failed to list all nodes in %v, cannot proceed without updating CIDR map" , apiserverStartupGracePeriod )
}
nc . cidrAllocator , err = NewCIDRRangeAllocator ( kubeClient , clusterCIDR , serviceCIDR , nodeCIDRMaskSize , nodeList )
if err != nil {
return nil , err
}
2016-09-15 02:35:38 +08:00
nodeEventHandlerFuncs = cache . ResourceEventHandlerFuncs {
2016-09-24 00:01:58 +08:00
AddFunc : func ( originalObj interface { } ) {
obj , err := api . Scheme . DeepCopy ( originalObj )
2016-07-07 19:40:12 +08:00
if err != nil {
2016-09-24 00:01:58 +08:00
utilruntime . HandleError ( err )
return
}
2016-11-19 04:50:17 +08:00
node := obj . ( * v1 . Node )
2016-09-24 00:01:58 +08:00
if err := nc . cidrAllocator . AllocateOrOccupyCIDR ( node ) ; err != nil {
utilruntime . HandleError ( fmt . Errorf ( "Error allocating CIDR: %v" , err ) )
2016-07-07 19:40:12 +08:00
}
2017-01-23 17:28:51 +08:00
if nc . taintManager != nil {
nc . taintManager . NodeUpdated ( nil , node )
}
2016-07-07 19:40:12 +08:00
} ,
2017-01-23 17:28:51 +08:00
UpdateFunc : func ( oldNode , newNode interface { } ) {
node := newNode . ( * v1 . Node )
prevNode := oldNode . ( * v1 . Node )
2016-07-18 17:38:43 +08:00
// If the PodCIDR is not empty we either:
// - already processed a Node that already had a CIDR after NC restarted
// (cidr is marked as used),
// - already processed a Node successfully and allocated a CIDR for it
// (cidr is marked as used),
// - already processed a Node but we did saw a "timeout" response and
// request eventually got through in this case we haven't released
// the allocated CIDR (cidr is still marked as used).
// There's a possible error here:
// - NC sees a new Node and assigns a CIDR X to it,
// - Update Node call fails with a timeout,
// - Node is updated by some other component, NC sees an update and
// assigns CIDR Y to the Node,
// - Both CIDR X and CIDR Y are marked as used in the local cache,
// even though Node sees only CIDR Y
// The problem here is that in in-memory cache we see CIDR X as marked,
// which prevents it from being assigned to any new node. The cluster
// state is correct.
// Restart of NC fixes the issue.
if node . Spec . PodCIDR == "" {
2016-09-24 00:01:58 +08:00
nodeCopy , err := api . Scheme . Copy ( node )
2016-07-18 17:38:43 +08:00
if err != nil {
2016-09-24 00:01:58 +08:00
utilruntime . HandleError ( err )
return
}
2016-11-19 04:50:17 +08:00
if err := nc . cidrAllocator . AllocateOrOccupyCIDR ( nodeCopy . ( * v1 . Node ) ) ; err != nil {
2016-09-24 00:01:58 +08:00
utilruntime . HandleError ( fmt . Errorf ( "Error allocating CIDR: %v" , err ) )
2016-07-18 17:38:43 +08:00
}
}
2017-01-23 17:28:51 +08:00
if nc . taintManager != nil {
nc . taintManager . NodeUpdated ( prevNode , node )
}
2016-07-18 17:38:43 +08:00
} ,
2016-09-24 00:01:58 +08:00
DeleteFunc : func ( originalObj interface { } ) {
obj , err := api . Scheme . DeepCopy ( originalObj )
2016-07-07 19:40:12 +08:00
if err != nil {
2016-09-24 00:01:58 +08:00
utilruntime . HandleError ( err )
return
}
2016-11-19 04:50:17 +08:00
node , isNode := obj . ( * v1 . Node )
// We can get DeletedFinalStateUnknown instead of *v1.Node here and we need to handle that correctly. #34692
2016-10-13 17:19:00 +08:00
if ! isNode {
deletedState , ok := obj . ( cache . DeletedFinalStateUnknown )
if ! ok {
glog . Errorf ( "Received unexpected object: %v" , obj )
return
}
2016-11-19 04:50:17 +08:00
node , ok = deletedState . Obj . ( * v1 . Node )
2016-10-13 17:19:00 +08:00
if ! ok {
glog . Errorf ( "DeletedFinalStateUnknown contained non-Node object: %v" , deletedState . Obj )
return
}
}
2017-01-23 17:28:51 +08:00
if nc . taintManager != nil {
nc . taintManager . NodeUpdated ( node , nil )
}
2016-09-24 00:01:58 +08:00
if err := nc . cidrAllocator . ReleaseCIDR ( node ) ; err != nil {
2016-07-07 19:40:12 +08:00
glog . Errorf ( "Error releasing CIDR: %v" , err )
}
} ,
2016-01-27 11:53:09 +08:00
}
}
2017-01-23 17:28:51 +08:00
if nc . runTaintManager {
nc . taintManager = NewNoExecuteTaintManager ( kubeClient )
}
2016-09-24 00:01:58 +08:00
nodeInformer . Informer ( ) . AddEventHandler ( nodeEventHandlerFuncs )
2017-02-07 02:35:50 +08:00
nc . nodeLister = nodeInformer . Lister ( )
nc . nodeInformerSynced = nodeInformer . Informer ( ) . HasSynced
2016-01-27 11:53:09 +08:00
2017-02-07 02:35:50 +08:00
nc . daemonSetStore = daemonSetInformer . Lister ( )
nc . daemonSetInformerSynced = daemonSetInformer . Informer ( ) . HasSynced
2016-01-27 11:53:09 +08:00
2016-07-17 02:52:51 +08:00
return nc , nil
2014-10-15 06:45:09 +08:00
}
2015-08-04 20:44:14 +08:00
// Run starts an asynchronous loop that monitors the status of cluster nodes.
2016-08-30 20:24:56 +08:00
func ( nc * NodeController ) Run ( ) {
2016-10-15 03:36:31 +08:00
go func ( ) {
defer utilruntime . HandleCrash ( )
2017-02-07 02:35:50 +08:00
if ! cache . WaitForCacheSync ( wait . NeverStop , nc . nodeInformerSynced , nc . podInformerSynced , nc . daemonSetInformerSynced ) {
utilruntime . HandleError ( fmt . Errorf ( "timed out waiting for caches to sync" ) )
2016-10-14 18:38:39 +08:00
return
}
2015-10-20 10:25:31 +08:00
2016-10-15 03:36:31 +08:00
// Incorporate the results of node status pushed from kubelet to master.
go wait . Until ( func ( ) {
if err := nc . monitorNodeStatus ( ) ; err != nil {
glog . Errorf ( "Error monitoring node status: %v" , err )
}
} , nc . nodeMonitorPeriod , wait . NeverStop )
2017-01-23 17:28:51 +08:00
if nc . runTaintManager {
go nc . taintManager . Run ( wait . NeverStop )
}
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
// Handling taint based evictions. Because we don't want a dedicated logic in TaintManager for NC-originated
// taints and we normally don't rate limit evictions caused by taints, we need to rate limit adding taints.
go wait . Until ( func ( ) {
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
for k := range nc . zoneNotReadyOrUnreachableTainer {
// Function should return 'false' and a time after which it should be retried, or 'true' if it shouldn't (it succeeded).
nc . zoneNotReadyOrUnreachableTainer [ k ] . Try ( func ( value TimedValue ) ( bool , time . Duration ) {
node , err := nc . nodeLister . Get ( value . Value )
if apierrors . IsNotFound ( err ) {
glog . Warningf ( "Node %v no longer present in nodeLister!" , value . Value )
return true , 0
} else if err != nil {
glog . Warningf ( "Failed to get Node %v from the nodeLister: %v" , value . Value , err )
// retry in 50 millisecond
return false , 50 * time . Millisecond
} else {
zone := utilnode . GetZoneKey ( node )
EvictionsNumber . WithLabelValues ( zone ) . Inc ( )
}
_ , condition := v1 . GetNodeCondition ( & node . Status , v1 . NodeReady )
// Because we want to mimic NodeStatus.Condition["Ready"] we make "unreachable" and "not ready" taints mutually exclusive.
taintToAdd := v1 . Taint { }
oppositeTaint := v1 . Taint { }
if condition . Status == v1 . ConditionFalse {
taintToAdd = * NotReadyTaintTemplate
oppositeTaint = * UnreachableTaintTemplate
} else if condition . Status == v1 . ConditionUnknown {
taintToAdd = * UnreachableTaintTemplate
oppositeTaint = * NotReadyTaintTemplate
} else {
// It seems that the Node is ready again, so there's no need to taint it.
return true , 0
}
2015-08-19 08:34:49 +08:00
2017-02-06 20:58:48 +08:00
taintToAdd . TimeAdded = metav1 . Now ( )
err = controller . AddOrUpdateTaintOnNode ( nc . kubeClient , value . Value , & taintToAdd )
if err != nil {
utilruntime . HandleError (
fmt . Errorf (
"unable to taint %v unresponsive Node %q: %v" ,
taintToAdd . Key ,
value . Value ,
err ) )
return false , 0
}
err = controller . RemoveTaintOffNode ( nc . kubeClient , value . Value , & oppositeTaint , node )
if err != nil {
utilruntime . HandleError (
fmt . Errorf (
"unable to remove %v unneeded taint from unresponsive Node %q: %v" ,
oppositeTaint . Key ,
value . Value ,
err ) )
return false , 0
}
return true , 0
} )
}
} , nodeEvictionPeriod , wait . NeverStop )
} else {
// Managing eviction of nodes:
// When we delete pods off a node, if the node was not empty at the time we then
// queue an eviction watcher. If we hit an error, retry deletion.
go wait . Until ( func ( ) {
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
for k := range nc . zonePodEvictor {
// Function should return 'false' and a time after which it should be retried, or 'true' if it shouldn't (it succeeded).
nc . zonePodEvictor [ k ] . Try ( func ( value TimedValue ) ( bool , time . Duration ) {
node , err := nc . nodeLister . Get ( value . Value )
if apierrors . IsNotFound ( err ) {
glog . Warningf ( "Node %v no longer present in nodeLister!" , value . Value )
} else if err != nil {
glog . Warningf ( "Failed to get Node %v from the nodeLister: %v" , value . Value , err )
} else {
zone := utilnode . GetZoneKey ( node )
EvictionsNumber . WithLabelValues ( zone ) . Inc ( )
}
nodeUid , _ := value . UID . ( string )
remaining , err := deletePods ( nc . kubeClient , nc . recorder , value . Value , nodeUid , nc . daemonSetStore )
if err != nil {
utilruntime . HandleError ( fmt . Errorf ( "unable to evict node %q: %v" , value . Value , err ) )
return false , 0
}
if remaining {
glog . Infof ( "Pods awaiting deletion due to NodeController eviction" )
}
return true , 0
} )
}
} , nodeEvictionPeriod , wait . NeverStop )
}
2016-10-15 03:36:31 +08:00
} ( )
2015-10-20 10:25:31 +08:00
}
2015-08-04 20:44:14 +08:00
// monitorNodeStatus verifies node status are constantly updated by kubelet, and if not,
// post "NodeReady==ConditionUnknown". It also evicts all pods if node is not ready or
// not reachable for a long period of time.
func ( nc * NodeController ) monitorNodeStatus ( ) error {
2016-12-19 18:15:39 +08:00
// We are listing nodes from local cache as we can tolerate some small delays
// comparing to state from etcd and there is eventual consistency anyway.
2017-02-07 02:35:50 +08:00
nodes , err := nc . nodeLister . List ( labels . Everything ( ) )
2015-08-20 00:54:08 +08:00
if err != nil {
return err
}
2017-02-07 02:35:50 +08:00
added , deleted := nc . checkForNodeAddedDeleted ( nodes )
2016-07-12 15:38:57 +08:00
for i := range added {
glog . V ( 1 ) . Infof ( "NodeController observed a new Node: %#v" , added [ i ] . Name )
2016-11-19 04:50:17 +08:00
recordNodeEvent ( nc . recorder , added [ i ] . Name , string ( added [ i ] . UID ) , v1 . EventTypeNormal , "RegisteredNode" , fmt . Sprintf ( "Registered Node %v in NodeController" , added [ i ] . Name ) )
2016-07-12 15:38:57 +08:00
nc . knownNodeSet [ added [ i ] . Name ] = added [ i ]
2016-07-12 20:29:46 +08:00
// When adding new Nodes we need to check if new zone appeared, and if so add new evictor.
zone := utilnode . GetZoneKey ( added [ i ] )
2017-02-06 20:58:48 +08:00
if _ , found := nc . zoneStates [ zone ] ; ! found {
nc . zoneStates [ zone ] = stateInitial
if ! nc . useTaintBasedEvictions {
nc . zonePodEvictor [ zone ] =
NewRateLimitedTimedQueue (
flowcontrol . NewTokenBucketRateLimiter ( nc . evictionLimiterQPS , evictionRateLimiterBurst ) )
} else {
nc . zoneNotReadyOrUnreachableTainer [ zone ] =
NewRateLimitedTimedQueue (
flowcontrol . NewTokenBucketRateLimiter ( nc . evictionLimiterQPS , evictionRateLimiterBurst ) )
}
2016-09-08 18:00:07 +08:00
// Init the metric for the new zone.
2016-10-08 01:29:22 +08:00
glog . Infof ( "Initializing eviction metric for zone: %v" , zone )
2016-09-08 18:00:07 +08:00
EvictionsNumber . WithLabelValues ( zone ) . Add ( 0 )
2016-07-12 20:29:46 +08:00
}
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
nc . markNodeAsHealthy ( added [ i ] )
} else {
nc . cancelPodEviction ( added [ i ] )
}
2015-08-05 21:22:13 +08:00
}
2016-07-12 15:38:57 +08:00
for i := range deleted {
glog . V ( 1 ) . Infof ( "NodeController observed a Node deletion: %v" , deleted [ i ] . Name )
2016-11-19 04:50:17 +08:00
recordNodeEvent ( nc . recorder , deleted [ i ] . Name , string ( deleted [ i ] . UID ) , v1 . EventTypeNormal , "RemovingNode" , fmt . Sprintf ( "Removing Node %v from NodeController" , deleted [ i ] . Name ) )
2016-07-12 15:38:57 +08:00
delete ( nc . knownNodeSet , deleted [ i ] . Name )
2015-08-05 21:22:13 +08:00
}
2016-11-19 04:50:17 +08:00
zoneToNodeConditions := map [ string ] [ ] * v1 . NodeCondition { }
2017-02-07 02:35:50 +08:00
for i := range nodes {
2015-08-04 20:44:14 +08:00
var gracePeriod time . Duration
2016-11-19 04:50:17 +08:00
var observedReadyCondition v1 . NodeCondition
var currentReadyCondition * v1 . NodeCondition
2017-02-07 02:35:50 +08:00
nodeCopy , err := api . Scheme . DeepCopy ( nodes [ i ] )
2016-12-19 18:15:39 +08:00
if err != nil {
utilruntime . HandleError ( err )
continue
}
node := nodeCopy . ( * v1 . Node )
2017-01-05 20:22:35 +08:00
if err := wait . PollImmediate ( retrySleepTime , retrySleepTime * nodeStatusUpdateRetry , func ( ) ( bool , error ) {
2016-05-16 17:20:23 +08:00
gracePeriod , observedReadyCondition , currentReadyCondition , err = nc . tryUpdateNodeStatus ( node )
2015-08-04 20:44:14 +08:00
if err == nil {
2017-01-05 20:22:35 +08:00
return true , nil
2015-08-04 20:44:14 +08:00
}
name := node . Name
2016-12-07 21:26:33 +08:00
node , err = nc . kubeClient . Core ( ) . Nodes ( ) . Get ( name , metav1 . GetOptions { } )
2015-08-04 20:44:14 +08:00
if err != nil {
glog . Errorf ( "Failed while getting a Node to retry updating NodeStatus. Probably Node %s was deleted." , name )
2017-01-05 20:22:35 +08:00
return false , err
2015-08-04 20:44:14 +08:00
}
2017-01-05 20:22:35 +08:00
return false , nil
} ) ; err != nil {
glog . Errorf ( "Update status of Node %v from NodeController error : %v. " +
"Skipping - no pods will be evicted." , node . Name , err )
2015-08-04 20:44:14 +08:00
continue
}
2017-01-05 20:22:35 +08:00
2016-07-13 22:57:22 +08:00
// We do not treat a master node as a part of the cluster for network disruption checking.
2016-11-19 04:50:17 +08:00
if ! system . IsMasterNode ( node . Name ) {
2016-07-12 15:38:57 +08:00
zoneToNodeConditions [ utilnode . GetZoneKey ( node ) ] = append ( zoneToNodeConditions [ utilnode . GetZoneKey ( node ) ] , currentReadyCondition )
}
2015-08-04 20:44:14 +08:00
decisionTimestamp := nc . now ( )
2016-05-16 17:20:23 +08:00
if currentReadyCondition != nil {
2015-08-04 20:44:14 +08:00
// Check eviction timeout against decisionTimestamp
2017-02-06 20:58:48 +08:00
if observedReadyCondition . Status == v1 . ConditionFalse {
if nc . useTaintBasedEvictions {
if nc . markNodeForTainting ( node ) {
2017-03-07 17:29:57 +08:00
glog . V ( 2 ) . Infof ( "Node %v is NotReady as of %v. Adding it to the Taint queue." ,
2017-02-06 20:58:48 +08:00
node . Name ,
decisionTimestamp ,
)
}
} else {
if decisionTimestamp . After ( nc . nodeStatusMap [ node . Name ] . readyTransitionTimestamp . Add ( nc . podEvictionTimeout ) ) {
if nc . evictPods ( node ) {
2017-03-07 17:29:57 +08:00
glog . V ( 2 ) . Infof ( "Node is NotReady. Adding Pods on Node %s to eviction queue: %v is later than %v + %v" ,
2017-02-06 20:58:48 +08:00
node . Name ,
decisionTimestamp ,
nc . nodeStatusMap [ node . Name ] . readyTransitionTimestamp ,
nc . podEvictionTimeout ,
)
}
}
2015-08-04 20:44:14 +08:00
}
}
2017-02-06 20:58:48 +08:00
if observedReadyCondition . Status == v1 . ConditionUnknown {
if nc . useTaintBasedEvictions {
if nc . markNodeForTainting ( node ) {
2017-03-07 17:29:57 +08:00
glog . V ( 2 ) . Infof ( "Node %v is unresponsive as of %v. Adding it to the Taint queue." ,
2017-02-06 20:58:48 +08:00
node . Name ,
decisionTimestamp ,
)
}
} else {
if decisionTimestamp . After ( nc . nodeStatusMap [ node . Name ] . probeTimestamp . Add ( nc . podEvictionTimeout ) ) {
if nc . evictPods ( node ) {
2017-03-07 17:29:57 +08:00
glog . V ( 2 ) . Infof ( "Node is unresponsive. Adding Pods on Node %s to eviction queues: %v is later than %v + %v" ,
2017-02-06 20:58:48 +08:00
node . Name ,
decisionTimestamp ,
nc . nodeStatusMap [ node . Name ] . readyTransitionTimestamp ,
nc . podEvictionTimeout - gracePeriod ,
)
}
}
2015-08-04 20:44:14 +08:00
}
}
2016-11-19 04:50:17 +08:00
if observedReadyCondition . Status == v1 . ConditionTrue {
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
removed , err := nc . markNodeAsHealthy ( node )
if err != nil {
glog . Errorf ( "Failed to remove taints from node %v. Will retry in next iteration." , node . Name )
}
if removed {
glog . V ( 2 ) . Infof ( "Node %s is healthy again, removing all taints" , node . Name )
}
} else {
if nc . cancelPodEviction ( node ) {
glog . V ( 2 ) . Infof ( "Node %s is ready again, cancelled pod eviction" , node . Name )
}
2015-08-04 20:44:14 +08:00
}
}
// Report node event.
2016-11-19 04:50:17 +08:00
if currentReadyCondition . Status != v1 . ConditionTrue && observedReadyCondition . Status == v1 . ConditionTrue {
2016-07-07 19:40:12 +08:00
recordNodeStatusChange ( nc . recorder , node , "NodeNotReady" )
2016-08-18 06:33:35 +08:00
if err = markAllPodsNotReady ( nc . kubeClient , node ) ; err != nil {
2016-01-15 15:32:10 +08:00
utilruntime . HandleError ( fmt . Errorf ( "Unable to mark all pods NotReady on node %v: %v" , node . Name , err ) )
2015-11-25 06:46:17 +08:00
}
2015-08-04 20:44:14 +08:00
}
// Check with the cloud provider to see if the node still exists. If it
2016-02-13 05:07:45 +08:00
// doesn't, delete the node immediately.
2016-11-19 04:50:17 +08:00
if currentReadyCondition . Status != v1 . ConditionTrue && nc . cloud != nil {
2016-07-16 14:10:29 +08:00
exists , err := nc . nodeExistsInCloudProvider ( types . NodeName ( node . Name ) )
2016-02-13 05:07:45 +08:00
if err != nil {
glog . Errorf ( "Error determining if node %v exists in cloud: %v" , node . Name , err )
2015-08-04 20:44:14 +08:00
continue
}
2016-02-13 05:07:45 +08:00
if ! exists {
2016-05-16 17:20:23 +08:00
glog . V ( 2 ) . Infof ( "Deleting node (no longer present in cloud provider): %s" , node . Name )
2016-11-19 04:50:17 +08:00
recordNodeEvent ( nc . recorder , node . Name , string ( node . UID ) , v1 . EventTypeNormal , "DeletingNode" , fmt . Sprintf ( "Deleting Node %v because it's not present according to cloud provider" , node . Name ) )
2016-02-13 05:07:45 +08:00
go func ( nodeName string ) {
defer utilruntime . HandleCrash ( )
// Kubelet is not reporting and Cloud Provider says node
// is gone. Delete it without worrying about grace
// periods.
2016-10-29 01:45:04 +08:00
if err := forcefullyDeleteNode ( nc . kubeClient , nodeName ) ; err != nil {
2016-02-13 05:07:45 +08:00
glog . Errorf ( "Unable to forcefully delete node %q: %v" , nodeName , err )
}
} ( node . Name )
2015-08-04 20:44:14 +08:00
}
}
}
}
2017-02-07 02:35:50 +08:00
nc . handleDisruption ( zoneToNodeConditions , nodes )
2016-05-16 17:20:23 +08:00
2016-07-13 22:57:22 +08:00
return nil
}
2017-02-07 02:35:50 +08:00
func ( nc * NodeController ) handleDisruption ( zoneToNodeConditions map [ string ] [ ] * v1 . NodeCondition , nodes [ ] * v1 . Node ) {
2016-07-13 22:57:22 +08:00
newZoneStates := map [ string ] zoneState { }
allAreFullyDisrupted := true
2016-07-12 15:38:57 +08:00
for k , v := range zoneToNodeConditions {
2016-08-16 23:08:26 +08:00
ZoneSize . WithLabelValues ( k ) . Set ( float64 ( len ( v ) ) )
unhealthy , newState := nc . computeZoneStateFunc ( v )
ZoneHealth . WithLabelValues ( k ) . Set ( float64 ( 100 * ( len ( v ) - unhealthy ) ) / float64 ( len ( v ) ) )
UnhealthyNodes . WithLabelValues ( k ) . Set ( float64 ( unhealthy ) )
2016-07-13 22:57:22 +08:00
if newState != stateFullDisruption {
allAreFullyDisrupted = false
}
newZoneStates [ k ] = newState
if _ , had := nc . zoneStates [ k ] ; ! had {
2017-02-06 20:58:48 +08:00
glog . Errorf ( "Setting initial state for unseen zone: %v" , k )
2016-07-13 22:57:22 +08:00
nc . zoneStates [ k ] = stateInitial
}
}
allWasFullyDisrupted := true
for k , v := range nc . zoneStates {
if _ , have := zoneToNodeConditions [ k ] ; ! have {
2016-08-16 23:08:26 +08:00
ZoneSize . WithLabelValues ( k ) . Set ( 0 )
ZoneHealth . WithLabelValues ( k ) . Set ( 100 )
UnhealthyNodes . WithLabelValues ( k ) . Set ( 0 )
2016-07-13 22:57:22 +08:00
delete ( nc . zoneStates , k )
2016-07-12 15:38:57 +08:00
continue
}
2016-07-13 22:57:22 +08:00
if v != stateFullDisruption {
allWasFullyDisrupted = false
break
2016-07-12 15:38:57 +08:00
}
2016-07-13 22:57:22 +08:00
}
// At least one node was responding in previous pass or in the current pass. Semantics is as follows:
// - if the new state is "partialDisruption" we call a user defined function that returns a new limiter to use,
// - if the new state is "normal" we resume normal operation (go back to default limiter settings),
// - if new state is "fullDisruption" we restore normal eviction rate,
// - unless all zones in the cluster are in "fullDisruption" - in that case we stop all evictions.
if ! allAreFullyDisrupted || ! allWasFullyDisrupted {
// We're switching to full disruption mode
if allAreFullyDisrupted {
glog . V ( 0 ) . Info ( "NodeController detected that all Nodes are not-Ready. Entering master disruption mode." )
2017-02-07 02:35:50 +08:00
for i := range nodes {
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
_ , err := nc . markNodeAsHealthy ( nodes [ i ] )
if err != nil {
glog . Errorf ( "Failed to remove taints from Node %v" , nodes [ i ] . Name )
}
} else {
nc . cancelPodEviction ( nodes [ i ] )
}
2016-07-13 22:57:22 +08:00
}
// We stop all evictions.
2017-02-06 20:58:48 +08:00
for k := range nc . zoneStates {
if nc . useTaintBasedEvictions {
nc . zoneNotReadyOrUnreachableTainer [ k ] . SwapLimiter ( 0 )
} else {
nc . zonePodEvictor [ k ] . SwapLimiter ( 0 )
}
2016-07-13 22:57:22 +08:00
}
for k := range nc . zoneStates {
nc . zoneStates [ k ] = stateFullDisruption
2016-07-12 15:38:57 +08:00
}
2016-07-13 22:57:22 +08:00
// All rate limiters are updated, so we can return early here.
return
}
// We're exiting full disruption mode
if allWasFullyDisrupted {
glog . V ( 0 ) . Info ( "NodeController detected that some Nodes are Ready. Exiting master disruption mode." )
// When exiting disruption mode update probe timestamps on all Nodes.
now := nc . now ( )
2017-02-07 02:35:50 +08:00
for i := range nodes {
v := nc . nodeStatusMap [ nodes [ i ] . Name ]
2016-07-13 22:57:22 +08:00
v . probeTimestamp = now
v . readyTransitionTimestamp = now
2017-02-07 02:35:50 +08:00
nc . nodeStatusMap [ nodes [ i ] . Name ] = v
2016-07-13 22:57:22 +08:00
}
// We reset all rate limiters to settings appropriate for the given state.
2017-02-06 20:58:48 +08:00
for k := range nc . zoneStates {
2016-07-13 22:57:22 +08:00
nc . setLimiterInZone ( k , len ( zoneToNodeConditions [ k ] ) , newZoneStates [ k ] )
nc . zoneStates [ k ] = newZoneStates [ k ]
}
return
}
// We know that there's at least one not-fully disrupted so,
// we can use default behavior for rate limiters
for k , v := range nc . zoneStates {
newState := newZoneStates [ k ]
if v == newState {
continue
}
glog . V ( 0 ) . Infof ( "NodeController detected that zone %v is now in state %v." , k , newState )
nc . setLimiterInZone ( k , len ( zoneToNodeConditions [ k ] ) , newState )
nc . zoneStates [ k ] = newState
2016-05-16 17:20:23 +08:00
}
}
2016-07-13 22:57:22 +08:00
}
2016-07-12 15:38:57 +08:00
2016-07-13 22:57:22 +08:00
func ( nc * NodeController ) setLimiterInZone ( zone string , zoneSize int , state zoneState ) {
switch state {
case stateNormal :
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
nc . zoneNotReadyOrUnreachableTainer [ zone ] . SwapLimiter ( nc . evictionLimiterQPS )
} else {
nc . zonePodEvictor [ zone ] . SwapLimiter ( nc . evictionLimiterQPS )
}
2016-07-13 22:57:22 +08:00
case statePartialDisruption :
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
nc . zoneNotReadyOrUnreachableTainer [ zone ] . SwapLimiter (
nc . enterPartialDisruptionFunc ( zoneSize ) )
} else {
nc . zonePodEvictor [ zone ] . SwapLimiter (
nc . enterPartialDisruptionFunc ( zoneSize ) )
}
2016-07-13 22:57:22 +08:00
case stateFullDisruption :
2017-02-06 20:58:48 +08:00
if nc . useTaintBasedEvictions {
nc . zoneNotReadyOrUnreachableTainer [ zone ] . SwapLimiter (
nc . enterFullDisruptionFunc ( zoneSize ) )
} else {
nc . zonePodEvictor [ zone ] . SwapLimiter (
nc . enterFullDisruptionFunc ( zoneSize ) )
}
2016-07-13 22:57:22 +08:00
}
2015-08-04 20:44:14 +08:00
}
2015-03-31 23:15:39 +08:00
// For a given node checks its conditions and tries to update it. Returns grace period to which given node
2015-09-13 03:16:22 +08:00
// is entitled, state of current and last observed Ready Condition, and an error if it occurred.
2016-11-19 04:50:17 +08:00
func ( nc * NodeController ) tryUpdateNodeStatus ( node * v1 . Node ) ( time . Duration , v1 . NodeCondition , * v1 . NodeCondition , error ) {
2015-03-30 20:44:02 +08:00
var err error
var gracePeriod time . Duration
2016-11-19 04:50:17 +08:00
var observedReadyCondition v1 . NodeCondition
_ , currentReadyCondition := v1 . GetNodeCondition ( & node . Status , v1 . NodeReady )
2016-05-16 17:20:23 +08:00
if currentReadyCondition == nil {
2015-03-30 20:44:02 +08:00
// If ready condition is nil, then kubelet (or nodecontroller) never posted node status.
// A fake ready condition is created, where LastProbeTime and LastTransitionTime is set
// to node.CreationTimestamp to avoid handle the corner case.
2016-11-19 04:50:17 +08:00
observedReadyCondition = v1 . NodeCondition {
Type : v1 . NodeReady ,
Status : v1 . ConditionUnknown ,
2015-03-27 22:09:51 +08:00
LastHeartbeatTime : node . CreationTimestamp ,
2015-03-30 20:44:02 +08:00
LastTransitionTime : node . CreationTimestamp ,
}
2015-03-31 19:17:12 +08:00
gracePeriod = nc . nodeStartupGracePeriod
2015-04-11 06:30:11 +08:00
nc . nodeStatusMap [ node . Name ] = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : node . CreationTimestamp ,
readyTransitionTimestamp : node . CreationTimestamp ,
}
2015-03-30 20:44:02 +08:00
} else {
// If ready condition is not nil, make a copy of it, since we may modify it in place later.
2016-05-16 17:20:23 +08:00
observedReadyCondition = * currentReadyCondition
2015-03-31 19:17:12 +08:00
gracePeriod = nc . nodeMonitorGracePeriod
2015-03-30 20:44:02 +08:00
}
2015-03-31 23:15:39 +08:00
savedNodeStatus , found := nc . nodeStatusMap [ node . Name ]
// There are following cases to check:
// - both saved and new status have no Ready Condition set - we leave everything as it is,
// - saved status have no Ready Condition, but current one does - NodeController was restarted with Node data already present in etcd,
// - saved status have some Ready Condition, but current one does not - it's an error, but we fill it up because that's probably a good thing to do,
// - both saved and current statuses have Ready Conditions and they have the same LastProbeTime - nothing happened on that Node, it may be
// unresponsive, so we leave it as it is,
// - both saved and current statuses have Ready Conditions, they have different LastProbeTimes, but the same Ready Condition State -
// everything's in order, no transition occurred, we update only probeTimestamp,
// - both saved and current statuses have Ready Conditions, different LastProbeTimes and different Ready Condition State -
// Ready Condition changed it state since we last seen it, so we update both probeTimestamp and readyTransitionTimestamp.
// TODO: things to consider:
2015-07-30 05:11:19 +08:00
// - if 'LastProbeTime' have gone back in time its probably an error, currently we ignore it,
2015-03-31 23:15:39 +08:00
// - currently only correct Ready State transition outside of Node Controller is marking it ready by Kubelet, we don't check
// if that's the case, but it does not seem necessary.
2016-11-19 04:50:17 +08:00
var savedCondition * v1 . NodeCondition
2015-09-29 14:43:04 +08:00
if found {
2016-11-19 04:50:17 +08:00
_ , savedCondition = v1 . GetNodeCondition ( & savedNodeStatus . status , v1 . NodeReady )
2015-09-29 14:43:04 +08:00
}
2016-11-19 04:50:17 +08:00
_ , observedCondition := v1 . GetNodeCondition ( & node . Status , v1 . NodeReady )
2015-03-31 23:15:39 +08:00
if ! found {
glog . Warningf ( "Missing timestamp for Node %s. Assuming now as a timestamp." , node . Name )
2015-04-11 06:30:11 +08:00
savedNodeStatus = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : nc . now ( ) ,
readyTransitionTimestamp : nc . now ( ) ,
}
} else if savedCondition == nil && observedCondition != nil {
glog . V ( 1 ) . Infof ( "Creating timestamp entry for newly observed Node %s" , node . Name )
2015-04-11 06:30:11 +08:00
savedNodeStatus = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : nc . now ( ) ,
readyTransitionTimestamp : nc . now ( ) ,
}
} else if savedCondition != nil && observedCondition == nil {
glog . Errorf ( "ReadyCondition was removed from Status of Node %s" , node . Name )
// TODO: figure out what to do in this case. For now we do the same thing as above.
2015-04-11 06:30:11 +08:00
savedNodeStatus = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : nc . now ( ) ,
readyTransitionTimestamp : nc . now ( ) ,
}
2015-03-27 22:09:51 +08:00
} else if savedCondition != nil && observedCondition != nil && savedCondition . LastHeartbeatTime != observedCondition . LastHeartbeatTime {
2016-12-04 02:57:26 +08:00
var transitionTime metav1 . Time
2015-03-31 23:15:39 +08:00
// If ReadyCondition changed since the last time we checked, we update the transition timestamp to "now",
// otherwise we leave it as it is.
if savedCondition . LastTransitionTime != observedCondition . LastTransitionTime {
glog . V ( 3 ) . Infof ( "ReadyCondition for Node %s transitioned from %v to %v" , node . Name , savedCondition . Status , observedCondition )
transitionTime = nc . now ( )
} else {
transitionTime = savedNodeStatus . readyTransitionTimestamp
}
2016-02-21 04:07:23 +08:00
if glog . V ( 5 ) {
2016-05-16 17:20:23 +08:00
glog . V ( 5 ) . Infof ( "Node %s ReadyCondition updated. Updating timestamp: %+v vs %+v." , node . Name , savedNodeStatus . status , node . Status )
2016-02-21 04:07:23 +08:00
} else {
glog . V ( 3 ) . Infof ( "Node %s ReadyCondition updated. Updating timestamp." , node . Name )
}
2015-04-11 06:30:11 +08:00
savedNodeStatus = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : nc . now ( ) ,
readyTransitionTimestamp : transitionTime ,
}
}
2016-05-16 17:20:23 +08:00
nc . nodeStatusMap [ node . Name ] = savedNodeStatus
2015-03-31 23:15:39 +08:00
if nc . now ( ) . After ( savedNodeStatus . probeTimestamp . Add ( gracePeriod ) ) {
2015-03-30 20:44:02 +08:00
// NodeReady condition was last set longer ago than gracePeriod, so update it to Unknown
2015-10-23 03:47:43 +08:00
// (regardless of its current value) in the master.
2016-05-16 17:20:23 +08:00
if currentReadyCondition == nil {
2015-05-07 05:39:14 +08:00
glog . V ( 2 ) . Infof ( "node %v is never updated by kubelet" , node . Name )
2016-11-19 04:50:17 +08:00
node . Status . Conditions = append ( node . Status . Conditions , v1 . NodeCondition {
Type : v1 . NodeReady ,
Status : v1 . ConditionUnknown ,
2015-09-11 18:08:09 +08:00
Reason : "NodeStatusNeverUpdated" ,
Message : fmt . Sprintf ( "Kubelet never posted node status." ) ,
2015-03-27 22:09:51 +08:00
LastHeartbeatTime : node . CreationTimestamp ,
2015-03-30 20:44:02 +08:00
LastTransitionTime : nc . now ( ) ,
} )
} else {
2016-04-11 10:51:29 +08:00
glog . V ( 4 ) . Infof ( "node %v hasn't been updated for %+v. Last ready condition is: %+v" ,
2016-05-16 17:20:23 +08:00
node . Name , nc . now ( ) . Time . Sub ( savedNodeStatus . probeTimestamp . Time ) , observedReadyCondition )
2016-11-19 04:50:17 +08:00
if observedReadyCondition . Status != v1 . ConditionUnknown {
currentReadyCondition . Status = v1 . ConditionUnknown
2016-05-16 17:20:23 +08:00
currentReadyCondition . Reason = "NodeStatusUnknown"
2016-11-11 02:09:27 +08:00
currentReadyCondition . Message = "Kubelet stopped posting node status."
2015-03-30 20:44:02 +08:00
// LastProbeTime is the last time we heard from kubelet.
2016-05-16 17:20:23 +08:00
currentReadyCondition . LastHeartbeatTime = observedReadyCondition . LastHeartbeatTime
currentReadyCondition . LastTransitionTime = nc . now ( )
2015-03-30 20:44:02 +08:00
}
}
2015-10-23 03:47:43 +08:00
2016-11-11 02:09:27 +08:00
// remaining node conditions should also be set to Unknown
remainingNodeConditionTypes := [ ] v1 . NodeConditionType { v1 . NodeOutOfDisk , v1 . NodeMemoryPressure , v1 . NodeDiskPressure }
nowTimestamp := nc . now ( )
for _ , nodeConditionType := range remainingNodeConditionTypes {
_ , currentCondition := v1 . GetNodeCondition ( & node . Status , nodeConditionType )
if currentCondition == nil {
glog . V ( 2 ) . Infof ( "Condition %v of node %v was never updated by kubelet" , nodeConditionType , node . Name )
node . Status . Conditions = append ( node . Status . Conditions , v1 . NodeCondition {
Type : nodeConditionType ,
Status : v1 . ConditionUnknown ,
Reason : "NodeStatusNeverUpdated" ,
Message : "Kubelet never posted node status." ,
LastHeartbeatTime : node . CreationTimestamp ,
LastTransitionTime : nowTimestamp ,
} )
} else {
glog . V ( 4 ) . Infof ( "node %v hasn't been updated for %+v. Last %v is: %+v" ,
node . Name , nc . now ( ) . Time . Sub ( savedNodeStatus . probeTimestamp . Time ) , nodeConditionType , currentCondition )
if currentCondition . Status != v1 . ConditionUnknown {
currentCondition . Status = v1 . ConditionUnknown
currentCondition . Reason = "NodeStatusUnknown"
currentCondition . Message = "Kubelet stopped posting node status."
currentCondition . LastTransitionTime = nowTimestamp
}
2015-10-23 03:47:43 +08:00
}
}
2016-11-19 04:50:17 +08:00
_ , currentCondition := v1 . GetNodeCondition ( & node . Status , v1 . NodeReady )
2017-01-25 21:39:54 +08:00
if ! apiequality . Semantic . DeepEqual ( currentCondition , & observedReadyCondition ) {
2016-02-04 05:21:05 +08:00
if _ , err = nc . kubeClient . Core ( ) . Nodes ( ) . UpdateStatus ( node ) ; err != nil {
2015-03-31 23:15:39 +08:00
glog . Errorf ( "Error updating node %s: %v" , node . Name , err )
2016-05-16 17:20:23 +08:00
return gracePeriod , observedReadyCondition , currentReadyCondition , err
2015-03-31 23:15:39 +08:00
} else {
2015-04-11 06:30:11 +08:00
nc . nodeStatusMap [ node . Name ] = nodeStatusData {
2015-03-31 23:15:39 +08:00
status : node . Status ,
probeTimestamp : nc . nodeStatusMap [ node . Name ] . probeTimestamp ,
readyTransitionTimestamp : nc . now ( ) ,
}
2016-05-16 17:20:23 +08:00
return gracePeriod , observedReadyCondition , currentReadyCondition , nil
2015-03-31 23:15:39 +08:00
}
2015-03-30 20:44:02 +08:00
}
}
2016-05-16 17:20:23 +08:00
return gracePeriod , observedReadyCondition , currentReadyCondition , err
}
2017-02-07 02:35:50 +08:00
func ( nc * NodeController ) checkForNodeAddedDeleted ( nodes [ ] * v1 . Node ) ( added , deleted [ ] * v1 . Node ) {
for i := range nodes {
if _ , has := nc . knownNodeSet [ nodes [ i ] . Name ] ; ! has {
added = append ( added , nodes [ i ] )
2016-07-12 15:38:57 +08:00
}
}
// If there's a difference between lengths of known Nodes and observed nodes
// we must have removed some Node.
2017-02-07 02:35:50 +08:00
if len ( nc . knownNodeSet ) + len ( added ) != len ( nodes ) {
2016-11-19 04:50:17 +08:00
knowSetCopy := map [ string ] * v1 . Node { }
2016-07-12 15:38:57 +08:00
for k , v := range nc . knownNodeSet {
knowSetCopy [ k ] = v
}
2017-02-07 02:35:50 +08:00
for i := range nodes {
delete ( knowSetCopy , nodes [ i ] . Name )
2016-07-12 15:38:57 +08:00
}
for i := range knowSetCopy {
deleted = append ( deleted , knowSetCopy [ i ] )
}
}
return
}
2015-08-25 21:47:08 +08:00
// cancelPodEviction removes any queued evictions, typically because the node is available again. It
// returns true if an eviction was queued.
2016-11-19 04:50:17 +08:00
func ( nc * NodeController ) cancelPodEviction ( node * v1 . Node ) bool {
2016-07-12 20:29:46 +08:00
zone := utilnode . GetZoneKey ( node )
2015-09-07 21:04:15 +08:00
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
2016-07-12 20:29:46 +08:00
wasDeleting := nc . zonePodEvictor [ zone ] . Remove ( node . Name )
2016-10-29 01:45:04 +08:00
if wasDeleting {
2016-07-12 15:38:57 +08:00
glog . V ( 2 ) . Infof ( "Cancelling pod Eviction on Node: %v" , node . Name )
2015-09-16 05:45:56 +08:00
return true
}
return false
2015-08-25 21:47:08 +08:00
}
2016-07-11 19:23:53 +08:00
// evictPods queues an eviction for the provided node name, and returns false if the node is already
// queued for eviction.
2016-11-19 04:50:17 +08:00
func ( nc * NodeController ) evictPods ( node * v1 . Node ) bool {
2016-07-11 19:23:53 +08:00
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
2016-08-14 09:41:20 +08:00
return nc . zonePodEvictor [ utilnode . GetZoneKey ( node ) ] . Add ( node . Name , string ( node . UID ) )
2016-05-16 17:20:23 +08:00
}
2016-08-05 20:50:19 +08:00
2017-02-06 20:58:48 +08:00
func ( nc * NodeController ) markNodeForTainting ( node * v1 . Node ) bool {
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
return nc . zoneNotReadyOrUnreachableTainer [ utilnode . GetZoneKey ( node ) ] . Add ( node . Name , string ( node . UID ) )
}
func ( nc * NodeController ) markNodeAsHealthy ( node * v1 . Node ) ( bool , error ) {
nc . evictorLock . Lock ( )
defer nc . evictorLock . Unlock ( )
err := controller . RemoveTaintOffNode ( nc . kubeClient , node . Name , UnreachableTaintTemplate , node )
if err != nil {
glog . Errorf ( "Failed to remove taint from node %v: %v" , node . Name , err )
return false , err
}
err = controller . RemoveTaintOffNode ( nc . kubeClient , node . Name , NotReadyTaintTemplate , node )
if err != nil {
glog . Errorf ( "Failed to remove taint from node %v: %v" , node . Name , err )
return false , err
}
return nc . zoneNotReadyOrUnreachableTainer [ utilnode . GetZoneKey ( node ) ] . Remove ( node . Name ) , nil
}
2016-08-05 20:50:19 +08:00
// Default value for cluster eviction rate - we take nodeNum for consistency with ReducedQPSFunc.
func ( nc * NodeController ) HealthyQPSFunc ( nodeNum int ) float32 {
return nc . evictionLimiterQPS
}
// If the cluster is large make evictions slower, if they're small stop evictions altogether.
func ( nc * NodeController ) ReducedQPSFunc ( nodeNum int ) float32 {
if int32 ( nodeNum ) > nc . largeClusterThreshold {
return nc . secondaryEvictionLimiterQPS
}
return 0
}
// This function is expected to get a slice of NodeReadyConditions for all Nodes in a given zone.
// The zone is considered:
// - fullyDisrupted if there're no Ready Nodes,
// - partiallyDisrupted if at least than nc.unhealthyZoneThreshold percent of Nodes are not Ready,
// - normal otherwise
2016-11-19 04:50:17 +08:00
func ( nc * NodeController ) ComputeZoneState ( nodeReadyConditions [ ] * v1 . NodeCondition ) ( int , zoneState ) {
2016-08-05 20:50:19 +08:00
readyNodes := 0
notReadyNodes := 0
for i := range nodeReadyConditions {
2016-11-19 04:50:17 +08:00
if nodeReadyConditions [ i ] != nil && nodeReadyConditions [ i ] . Status == v1 . ConditionTrue {
2016-08-05 20:50:19 +08:00
readyNodes ++
} else {
notReadyNodes ++
}
}
switch {
case readyNodes == 0 && notReadyNodes > 0 :
2016-08-16 23:08:26 +08:00
return notReadyNodes , stateFullDisruption
2016-08-05 20:50:19 +08:00
case notReadyNodes > 2 && float32 ( notReadyNodes ) / float32 ( notReadyNodes + readyNodes ) >= nc . unhealthyZoneThreshold :
2016-08-16 23:08:26 +08:00
return notReadyNodes , statePartialDisruption
2016-08-05 20:50:19 +08:00
default :
2016-08-16 23:08:26 +08:00
return notReadyNodes , stateNormal
2016-08-05 20:50:19 +08:00
}
}
