Add docs for the new kops reconcile cluster command #17191
Conversation
k8s-ci-robot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
rifelpet
force-pushed
the
reconcile-docs
branch
from
e1ff234 to
46ea30d
Compare
Why would this be an error? |
Because updating both the cluster's control plane launch templates (or other cloud provider equivalents) and node launch templates at the same time will cause new nodes to fail to join the cluster until all control plane instances have been upgraded. So if Cluster Autoscaler or Karpenter scale up nodes before or during the control plane rolling-update, they will fail to join and workloads will be stuck in Pending. This is almost certainly not what the user wants and is why we're introducing the new command. |
|
We could allow the user to bypass the error if they know what they're doing. for example, on clusters that dont use Cluster Autoscaler or Karpenter. |
Hold on, hasn't this sequence: always been the standard upgrade sequence? These steps are even documented in https://kops.sigs.k8s.io/operations/updates_and_upgrades/#automated-update And now it is an error? |
|
Now it may cause node failures during the k8s 1.31 upgrade, yes. Hence the bold release note being added in this PR and my proposal to prevent users from making this mistake by returning a (skippable) error. I'll update that docs page to note this change as well. |
Sorry for my persistence, what has changed in k8s 1.31 that the regular kOps upgrade procedure has become dangerous? |
I updated this PR to link to the k/k issue that goes into more detail: kubernetes/kubernetes#127316 |
Oh, what a longread! Maybe #16907 would be shorter and more to the point, it is also mentioned within the longer post. However I think I understand the innovation now. The new |
Yes, that's correct. |
|
|
||
| Upgrading kubernetes is similar to changing the image on an InstanceGroup, except that the kubernetes version is | ||
| Upgrading kubernetes is similar to changing the image on an InstanceGroup, the kubernetes version is |
There was a problem hiding this comment.
I think the language here was clearer with "except that".
|
@danports: changing LGTM is restricted to collaborators In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Yes, eventually, but I don't think it needs to happen right away, since
That would be a smart idea, though perhaps it should only be a warning if the cluster doesn't have CAS/Karpenter enabled.
👍 More context for error messages is always good.
I am confused about this myself. Based on the commit history I think maybe @justinsb just added the |
Good point, we can probably just get rid of this now as I don't think we've shipped it in any releases. I don't think there's any reason to keep it? All |
Co-authored-by: Dan Ports <[email protected]>
Co-authored-by: Dan Ports <[email protected]>
|
Summarizing what I think we've agreed in office hours discussions:
We think it's too early to "hide" rolling-update cluster, but we should maybe add pointers at key places suggesting that users try "reconcile cluster"
We think no, but we might add a warning. The argument for "no" is we break users (and only users with rapidly autoscaling clusters are likely to be affected by the underlying problem). The argument for "yes" is it might be better to break users and get them to consider whether they should switch to "reconcile". I think we decided to push users to "reconcile" more in kOps 1.32, we're going to treat "reconcile" as a preview for now (kOps 1.31).
I don't think we discussed in office hours, but sounds like a good idea in 1.32
I don't think we discussed in office hours, but sounds like we should remove it. |
|
If you remove the new UPD Or, on the other hand, if |
Hold on, if I change something by |
|
@rifelpet: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
That's right, reconcile == update + rolling-update. It's done by instance group to comply with the "update control plane first" rules. (Technically it's done by instance group role). And yes, I think the We always complied with the rules about "control plane first", just there is an edge case because
No worries, we're all trying to figure out what makes the most sense and how best to explain it :-) |
|
I think this PR looks pretty good. I agree that "except that" was probably clearer, but I propose we merge this PR and iterate on the docs. |
| 2. `kops rolling-update cluster --instance-group-roles=control-plane,apiserver --yes` | ||
| 3. `kops update cluster --yes` | ||
| 4. `kops rolling-update cluster --yes` | ||
| 5. `kops update cluster --prune --yes` |
There was a problem hiding this comment.
| 5. `kops update cluster --prune --yes` | |
| 5. `kops update cluster --prune --yes` | |
My bad, we need an extra line break in here to fix the list formatting.
/hold for feedback
A few open questions:
rolling-update clusterdocs references toreconcile cluster?update cluster --yes? (with no--instance-group*filtering)update cluster --reconcileflag? When would a user use it instead ofkops reconcile cluster?