forked from NationTech/harmony
fix:translated documentaion notes into English
This commit is contained in:
@@ -1,58 +1,56 @@
|
||||
1. ### **Titre : Retrait du flag *worker* sur les control planes (UPI)**
|
||||
## **Remove Worker flag from OKD Control Planes**
|
||||
|
||||
1. ### **Contexte**
|
||||
Dans certaines installations OpenShift UPI, les nodes de control plane (masters) héritent par erreur du label worker (node-role.kubernetes.io/worker).\
|
||||
Cela provoque la planification de workloads non critiques (par ex. routers, Ceph pods, etc.) sur les control planes, ce qui compromet la stabilité et la séparation des rôles.
|
||||
### **Context**
|
||||
On OKD user provisioned infrastructure the control plane nodes can have the flag node-role.kubernetes.io/worker which allows non critical workloads to be scheduled on the control-planes
|
||||
|
||||
1. ### **Symptômes observés**
|
||||
- Apres avoir ajouté des serveur dans HAProxy, tous les serveurs backend (wk0, wk1, wk2) apparaissent en état DOWN.\
|
||||
Le trafic HTTP/HTTPS est redirigé vers les control planes au lieu des workers.
|
||||
- Les pods router-default sont déployés sur cp1 et cp2 plutôt que sur les workers.
|
||||
- Sur les masters, la commande suivante montre une écoute sur le port 80 :
|
||||
### **Observed Symptoms**
|
||||
- After adding HAProxy servers to the backend each back end appears down
|
||||
- Traffic is redirected to the control planes instead of workers
|
||||
- The pods router-default are incorrectly applied on the control planes rather than on the workers
|
||||
- Pods are being scheduled on the control planes causing cluster instability
|
||||
|
||||
```
|
||||
ss -tlnp | grep 80
|
||||
```
|
||||
- shows process haproxy is listening at 0.0.0.0:80 on cps
|
||||
- same problem for port 443
|
||||
- In namespace rook-ceph certain pods are deploted on cps rather than on worker nodes
|
||||
|
||||
-> processus haproxy en écoute sur 0.0.0.0:80
|
||||
|
||||
-> meme chose pour port 443
|
||||
|
||||
- Dans le namespace rook-ceph, certains pods (mon, mgr, operator) ne se planifient pas, sont aussi deployé sur les cp au lieu des worker nodes :
|
||||
|
||||
1. ### **Cause**
|
||||
En installation UPI, les rôles (master, worker) ne sont pas gérés par le Machine Config Operator (MCO).\
|
||||
Les controls planes sont schedulable par default. Qui amene les trois roles, worker, master et control-plane.
|
||||
|
||||
1. ### **Diagnostic**
|
||||
1. Vérifier les labels du node :
|
||||
### **Cause**
|
||||
- when intalling UPI, the roles (master, worker) are not managed by the Machine Config operator and the cps are made schedulable by default.
|
||||
|
||||
### **Diagnostic**
|
||||
check node labels:
|
||||
```
|
||||
oc get nodes --show-labels | grep control-plane
|
||||
```
|
||||
Inspecter kubelet configuration:
|
||||
|
||||
1. Inspecter la configuration du kubelet :
|
||||
|
||||
cat /etc/systemd/system/kubelet.service
|
||||
|
||||
Rechercher la ligne :
|
||||
```
|
||||
cat /etc/systemd/system/kubelet.service
|
||||
```
|
||||
|
||||
find the line:
|
||||
```
|
||||
--node-labels=node-role.kubernetes.io/control-plane,node-role.kubernetes.io/master,node-role.kubernetes.io/worker
|
||||
```
|
||||
→ presence of label worker confirms the problem.
|
||||
|
||||
→ présence du label worker confirme le problème.
|
||||
|
||||
1. Vérifier que ce flag ne provient pas du MCO :
|
||||
|
||||
Verify the flag doesnt come from MCO
|
||||
```
|
||||
oc get machineconfig | grep rendered-master
|
||||
```
|
||||
|
||||
**Solution:**\
|
||||
Pour rendre les **control planes non planifiables** (c’est-à-dire empêcher tout déploiement de workloads dessus), il faut appliquer le patch suivant sur la ressource scheduler du cluster :\
|
||||
\```
|
||||
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
||||
oc patch scheduler cluster --type merge -p '{"spec":{"mastersSchedulable":false}}'\
|
||||
\```\
|
||||
Cette commande **désactive la planification sur les masters** et **supprime efficacement le rôle worker** de leurs fonctions.
|
||||
**Solution:**
|
||||
To make the control planes non schedulable you must patch the cluster scheduler resource
|
||||
|
||||
Une fois le patch appliqué, il faut **déplacer les workloads** encore présents sur les control planes vers les **workers** à l’aide des commandes :
|
||||
```
|
||||
oc patch scheduler cluster --type merge -p '{"spec":{"mastersSchedulable":false}}'
|
||||
```
|
||||
after the patch is applied the workloads can be deplaced by draining the nodes
|
||||
|
||||
\```\
|
||||
oc adm cordon <cp-node>\
|
||||
oc adm drain <cp-node> --ignore-daemonsets –delete-emptydir-data\
|
||||
\```
|
||||
```
|
||||
oc adm cordon <cp-node>
|
||||
oc adm drain <cp-node> --ignore-daemonsets –delete-emptydir-data
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user