Bug 1755073: docs/user/*/install_upi: explicitly-set-control-plane-unschedulable

[wking]

We grew replicas-zeroing in c22d042 (#1649) to set the stage for changing the replicas: 0 semantics from "we'll make you some dummy MachineSets" to "we won't make you MachineSets". But that hasn't happened yet, and since 64f96df (#2004) replicas: 0 for compute has also meant "add the worker role to control-plane nodes". That leads to racy problems when ingress comes through a load balancer, because Kubernetes load balancers exclude control-plane nodes from their target set (see here and here, although this may get relaxed soonish). If the router pods get scheduled on the control plane machines due to the worker role, they are not reachable from the load balancer and ingress routing breaks. @sjenning says:

pod nodeSelectors are not like taints/tolerations. They only have effect at scheduling time. They are not continually enforced.

which means that attempting to address this issue as a day-2 operation would mean removing the worker role from the control-plane nodes and then manually evicting the router pods to force rescheduling. So until we get the changes from here, we can either drop the zeroing (#2402) or adjust the scheduler configuration to remove the effect of the zeroing. In both cases, this is a change we'll want to revert later once we bump Kubernetes to pick up a fix for the service load-balancer targets.

[openshift-ci-robot]

@wking: This pull request references Bugzilla bug 1755073, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Bug 1755073: docs/user/*/install_upi:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abhinavdahiya]

/approve

for another review
/cc @sdodson

[sdodson]

/lgtm

[wking]

I'd left off the meat of the commit-message subject 🤦‍♂️. Fixed with 7daf18eb8 -> 55caef592. Can I get a fresh /lgtm?

[sdodson]

/lgtm

[danehans]

routers are now ingress controllers :-)

[wking]

routers are now ingress controllers :-)

The pod is still called router. But is "ingress controller pod" the preferred English? Do we have plans to rename the pods to match?

[wking]

We have "Ingress router pods" in the official docs, so if any rephrasing is needed we'd probably want to bump those too.

[danehans]

Same as https://github.com/openshift/installer/pull/2440/files#r330740394

[wking]

/hold

[wking]

/hold cancel

Still need to work out #2440 (comment) , but with the True->False bumps clearing the lgtm, we no longer need the hold to keep this from merging.

[abhinavdahiya]

/lgtm

/hold
to see if @danehans thinks the doc change referencing router is required.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, sdodson, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [abhinavdahiya,sdodson,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sdodson]

/hold cancel
Lets not block on that, surely everyone will understand what is meant and it matches the name of the pod in current implementation. PRs welcome though 😁

[danehans]

I don't think the router > ingress controller is required, but an overall installer renaming for all instances of router should be considered as a future effort.