forked from NationTech/harmony
fix:translated documentaion notes into English
This commit is contained in:
@@ -1,58 +1,56 @@
|
|||||||
1. ### **Titre : Retrait du flag *worker* sur les control planes (UPI)**
|
## **Remove Worker flag from OKD Control Planes**
|
||||||
|
|
||||||
1. ### **Contexte**
|
### **Context**
|
||||||
Dans certaines installations OpenShift UPI, les nodes de control plane (masters) héritent par erreur du label worker (node-role.kubernetes.io/worker).\
|
On OKD user provisioned infrastructure the control plane nodes can have the flag node-role.kubernetes.io/worker which allows non critical workloads to be scheduled on the control-planes
|
||||||
Cela provoque la planification de workloads non critiques (par ex. routers, Ceph pods, etc.) sur les control planes, ce qui compromet la stabilité et la séparation des rôles.
|
|
||||||
|
|
||||||
1. ### **Symptômes observés**
|
### **Observed Symptoms**
|
||||||
- Apres avoir ajouté des serveur dans HAProxy, tous les serveurs backend (wk0, wk1, wk2) apparaissent en état DOWN.\
|
- After adding HAProxy servers to the backend each back end appears down
|
||||||
Le trafic HTTP/HTTPS est redirigé vers les control planes au lieu des workers.
|
- Traffic is redirected to the control planes instead of workers
|
||||||
- Les pods router-default sont déployés sur cp1 et cp2 plutôt que sur les workers.
|
- The pods router-default are incorrectly applied on the control planes rather than on the workers
|
||||||
- Sur les masters, la commande suivante montre une écoute sur le port 80 :
|
- Pods are being scheduled on the control planes causing cluster instability
|
||||||
|
|
||||||
|
```
|
||||||
ss -tlnp | grep 80
|
ss -tlnp | grep 80
|
||||||
|
```
|
||||||
|
- shows process haproxy is listening at 0.0.0.0:80 on cps
|
||||||
|
- same problem for port 443
|
||||||
|
- In namespace rook-ceph certain pods are deploted on cps rather than on worker nodes
|
||||||
|
|
||||||
-> processus haproxy en écoute sur 0.0.0.0:80
|
### **Cause**
|
||||||
|
- when intalling UPI, the roles (master, worker) are not managed by the Machine Config operator and the cps are made schedulable by default.
|
||||||
-> meme chose pour port 443
|
|
||||||
|
|
||||||
- Dans le namespace rook-ceph, certains pods (mon, mgr, operator) ne se planifient pas, sont aussi deployé sur les cp au lieu des worker nodes :
|
|
||||||
|
|
||||||
1. ### **Cause**
|
|
||||||
En installation UPI, les rôles (master, worker) ne sont pas gérés par le Machine Config Operator (MCO).\
|
|
||||||
Les controls planes sont schedulable par default. Qui amene les trois roles, worker, master et control-plane.
|
|
||||||
|
|
||||||
1. ### **Diagnostic**
|
|
||||||
1. Vérifier les labels du node :
|
|
||||||
|
|
||||||
|
### **Diagnostic**
|
||||||
|
check node labels:
|
||||||
|
```
|
||||||
oc get nodes --show-labels | grep control-plane
|
oc get nodes --show-labels | grep control-plane
|
||||||
|
```
|
||||||
|
Inspecter kubelet configuration:
|
||||||
|
|
||||||
1. Inspecter la configuration du kubelet :
|
```
|
||||||
|
cat /etc/systemd/system/kubelet.service
|
||||||
cat /etc/systemd/system/kubelet.service
|
```
|
||||||
|
|
||||||
Rechercher la ligne :
|
|
||||||
|
|
||||||
|
find the line:
|
||||||
|
```
|
||||||
--node-labels=node-role.kubernetes.io/control-plane,node-role.kubernetes.io/master,node-role.kubernetes.io/worker
|
--node-labels=node-role.kubernetes.io/control-plane,node-role.kubernetes.io/master,node-role.kubernetes.io/worker
|
||||||
|
```
|
||||||
|
→ presence of label worker confirms the problem.
|
||||||
|
|
||||||
→ présence du label worker confirme le problème.
|
Verify the flag doesnt come from MCO
|
||||||
|
```
|
||||||
1. Vérifier que ce flag ne provient pas du MCO :
|
|
||||||
|
|
||||||
oc get machineconfig | grep rendered-master
|
oc get machineconfig | grep rendered-master
|
||||||
|
```
|
||||||
|
|
||||||
**Solution:**\
|
**Solution:**
|
||||||
Pour rendre les **control planes non planifiables** (c’est-à-dire empêcher tout déploiement de workloads dessus), il faut appliquer le patch suivant sur la ressource scheduler du cluster :\
|
To make the control planes non schedulable you must patch the cluster scheduler resource
|
||||||
\```
|
|
||||||
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
||||||
oc patch scheduler cluster --type merge -p '{"spec":{"mastersSchedulable":false}}'\
|
|
||||||
\```\
|
|
||||||
Cette commande **désactive la planification sur les masters** et **supprime efficacement le rôle worker** de leurs fonctions.
|
|
||||||
|
|
||||||
Une fois le patch appliqué, il faut **déplacer les workloads** encore présents sur les control planes vers les **workers** à l’aide des commandes :
|
```
|
||||||
|
oc patch scheduler cluster --type merge -p '{"spec":{"mastersSchedulable":false}}'
|
||||||
|
```
|
||||||
|
after the patch is applied the workloads can be deplaced by draining the nodes
|
||||||
|
|
||||||
\```\
|
```
|
||||||
oc adm cordon <cp-node>\
|
oc adm cordon <cp-node>
|
||||||
oc adm drain <cp-node> --ignore-daemonsets –delete-emptydir-data\
|
oc adm drain <cp-node> --ignore-daemonsets –delete-emptydir-data
|
||||||
\```
|
```
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user