Bug 1801410 - Ingress operator does not configure deployment strategy or affinity policy with the "NodePortService" endpoint publishing strategy type
Summary: Ingress operator does not configure deployment strategy or affinity policy wi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.4.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-10 20:06 UTC by Miciah Dashiel Butler Masters
Modified: 2020-05-07 12:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-04 11:35:28 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 357 None closed Bug 1801410: Set affinity for "NodePortService" 2020-07-20 12:37:18 UTC
Red Hat Product Errata RHBA-2020:0581 None None None 2020-05-04 11:35:55 UTC

Description Miciah Dashiel Butler Masters 2020-02-10 20:06:24 UTC
Description of problem:

For an IngressController object configured to use the "LoadBalancerService" or "Private" endpoint publishing strategy type, the ingress operator configures an ingress-controller deployment with a deployment strategy and affinity scheduling rule to prevent downtime during rolling updates and an anti-affinity scheduling rule to promote spread across nodes.

[[https://github.com/openshift/cluster-ingress-operator/pull/343][openshift/cluster-ingress-operator#343]] added support for the "NodePortService" endpoint publishing strategy type, but the implementation fails to configure a deployment strategy or affinity policy on the ingress-controller deployment for an IngressController that uses this endpoint publishing strategy type.

The operator should configure the same deployment strategy and affinity policy for all three endpoint publishing strategy types ("LoadBalancerService", "NodePortService", and "Private").


Version-Release number of selected component (if applicable):

The "NodePortService" endpoint publishing strategy type is introduced in 4.4.


Steps to Reproduce:

1. Create a new IngressController with the "NodePortService" endpoint publishing strategy type and another with the "Private" type:

    oc create -f - <<'EOF'
    apiVersion: operator.openshift.io/v1
    kind: IngressController
    metadata:
      name: nodeport
      namespace: openshift-ingress-operator
    spec:
      replicas: 1
      domain: npexample.com
      endpointPublishingStrategy:
        type: NodePortService
    EOF
    
    oc create -f - <<'EOF'
    apiVersion: operator.openshift.io/v1
    kind: IngressController
    metadata:
      name: private
      namespace: openshift-ingress-operator
    spec:
      replicas: 1
      domain: privateexample.com
      endpointPublishingStrategy:
        type: Private
    EOF

2. Check the Deployments that the operator creates:

    oc -n openshift-ingress get deployments/router-private -o $'jsonpath=.spec.strategy={.spec.strategy}\n.spec.template.spec.affinity={.spec.template.spec.affinity}\n'
    oc -n openshift-ingress get deployments/router-nodeport -o $'jsonpath=.spec.strategy={.spec.strategy}\n.spec.template.spec.affinity={.spec.template.spec.affinity}\n'


Actual results:

The Deployments have different deployment strategies and affinity policies:

    % oc -n openshift-ingress get deployments/router-private -o $'jsonpath=.spec.strategy={.spec.strategy}\n.spec.template.spec.affinity={.spec.template.spec.affinity}\n'
    .spec.strategy=map[rollingUpdate:map[maxSurge:1 maxUnavailable:0] type:RollingUpdate]
    .spec.template.spec.affinity=map[podAffinity:map[preferredDuringSchedulingIgnoredDuringExecution:[map[podAffinityTerm:map[labelSelector:map[matchExpressions:[map[key:ingresscontroller.operator.openshift.io/deployment-ingresscontroller operator:In values:[private]] map[key:ingresscontroller.operator.openshift.io/hash operator:NotIn values:[6b64598cc9]]]] topologyKey:kubernetes.io/hostname] weight:100]]] podAntiAffinity:map[requiredDuringSchedulingIgnoredDuringExecution:[map[labelSelector:map[matchExpressions:[map[key:ingresscontroller.operator.openshift.io/deployment-ingresscontroller operator:In values:[private]] map[key:ingresscontroller.operator.openshift.io/hash operator:In values:[6b64598cc9]]]] topologyKey:kubernetes.io/hostname]]]]
    % oc -n openshift-ingress get deployments/router-nodeport -o $'jsonpath=.spec.strategy={.spec.strategy}\n.spec.template.spec.affinity={.spec.template.spec.affinity}\n'
    .spec.strategy=map[rollingUpdate:map[maxSurge:25% maxUnavailable:25%] type:RollingUpdate]
    .spec.template.spec.affinity=
    % 


Expected results:

The Deployments should have the same deployment strategy and affinity policy.

Comment 1 Hongan Li 2020-02-11 09:32:12 UTC
seems the maxSurge/maxUnavailable are also different, I wonder if that need fix as well? 

    .spec.strategy=map[rollingUpdate:map[maxSurge:1 maxUnavailable:0] type:RollingUpdate]

    .spec.strategy=map[rollingUpdate:map[maxSurge:25% maxUnavailable:25%] type:RollingUpdate]

Comment 3 Miciah Dashiel Butler Masters 2020-02-13 00:07:01 UTC
> seems the maxSurge/maxUnavailable are also different, I wonder if that need fix as well? 

Yes, the maxSurge and maxUnavailable parameters should both be as follows:

    .spec.strategy=map[rollingUpdate:map[maxSurge:1 maxUnavailable:0] type:RollingUpdate]

Comment 4 Hongan Li 2020-02-13 07:35:01 UTC
verified with 4.4.0-0.nightly-2020-02-12-235629 and issue has been fixed.

$ oc -n openshift-ingress get deployments/router-nodeport -o $'jsonpath=.spec.strategy={.spec.strategy}\n.spec.template.spec.affinity={.spec.template.spec.affinity}\n'
.spec.strategy=map[rollingUpdate:map[maxSurge:1 maxUnavailable:0] type:RollingUpdate]
.spec.template.spec.affinity=map[podAffinity:map[preferredDuringSchedulingIgnoredDuringExecution:[map[podAffinityTerm:map[labelSelector:map[matchExpressions:[map[key:ingresscontroller.operator.openshift.io/deployment-ingresscontroller operator:In values:[nodeport]] map[key:ingresscontroller.operator.openshift.io/hash operator:NotIn values:[5485665fd]]]] topologyKey:kubernetes.io/hostname] weight:100]]] podAntiAffinity:map[requiredDuringSchedulingIgnoredDuringExecution:[map[labelSelector:map[matchExpressions:[map[key:ingresscontroller.operator.openshift.io/deployment-ingresscontroller operator:In values:[nodeport]] map[key:ingresscontroller.operator.openshift.io/hash operator:In values:[5485665fd]]]] topologyKey:kubernetes.io/hostname]]]]

$ oc -n openshift-ingress get deployment router-nodeport -o yaml
<---snip--->
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    spec:
      affinity:
        podAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: ingresscontroller.operator.openshift.io/deployment-ingresscontroller
                  operator: In
                  values:
                  - nodeport
                - key: ingresscontroller.operator.openshift.io/hash
                  operator: NotIn
                  values:
                  - 5485665fd
              topologyKey: kubernetes.io/hostname
            weight: 100
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: ingresscontroller.operator.openshift.io/deployment-ingresscontroller
                operator: In
                values:
                - nodeport
              - key: ingresscontroller.operator.openshift.io/hash
                operator: In
                values:
                - 5485665fd
            topologyKey: kubernetes.io/hostname

Comment 6 errata-xmlrpc 2020-05-04 11:35:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.