Page MenuHomePhabricator

[k8s] Add node anti-affinity topologySpreadConstraints to infrastructure components where relevant
Closed, ResolvedPublic

Description

T355883: Create a pool of NFS-less Toolforge Kubernetes workers introduced a new type of workers. As the number of them is relatively low, and as most of our infrastructure components do not have NFS access, the risk of all of the pods in a given deployment ending up on the same node is higher than I'd like. For that reason(*) we should tell the Kubernetes scheduler to spread them to different nodes if possible.

Since Kubernetes 1.19 the best way to do this is with topologySpreadConstraints on the kubernetes.io/hostname field: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/.

(*): It'd always been a good idea, but now the risk of this causing issues is much higher.

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
taavi triaged this task as Medium priority.Feb 22 2024, 11:19 AM
taavi removed taavi as the assignee of this task.Feb 22 2024, 1:47 PM
dcaro renamed this task from Add node anti-affinity topologySpreadConstraints to infrastructure components where relevant to [k8s] Add node anti-affinity topologySpreadConstraints to infrastructure components where relevant.Mar 5 2024, 5:13 PM
Slst2020 changed the task status from Open to In Progress.Apr 4 2024, 6:51 AM
Slst2020 moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 08) board.

This has been open for some time now so we should probably close it. To test it here is what I plan to do:

For each target service in the description (builds-api, jobs-api, etc),

(1) pick a node from the list

* toolsbeta-test-k8s-worker-10.toolsbeta.eqiad1.wikimedia.cloud
* toolsbeta-test-k8s-worker-11.toolsbeta.eqiad1.wikimedia.cloud
* toolsbeta-test-k8s-worker-nfs-1.toolsbeta.eqiad1.wikimedia.cloud
* toolsbeta-test-k8s-worker-nfs-2.toolsbeta.eqiad1.wikimedia.cloud
* toolsbeta-test-k8s-worker-nfs-3.toolsbeta.eqiad1.wikimedia.cloud
* toolsbeta-test-k8s-worker-nfs-4.toolsbeta.eqiad1.wikimedia.cloud

and configure the pods of the service to be scheduled on that node, verify that all the pods of the service are being scheduled on that node.

(2) add the topology-spread-constraint with nodeAffinityPolicy set to ignore. deploy and observe the the pods are now getting spread.

(3) remove the nodeAffinity/nodeSelector that was configured in step (1) ( also remove the nodeAffinityPolicy from the topology-spread-constraint configuration )

All the above means we'll have to deploy each service three times on toolsbeta alone to mark this task completed and ensure the target behavior is achieved and reliable, for that particular service.
Any other way to have less number of deployments for this?

Any other way to have less number of deployments for this?

Deploying is easy xd, so three times is not a lot.

Now, we don't need to do the full test for each deployment, and we don't need to do it in toolsbeta, lima-kilo now has several workers running where you can play to make sure the affininty policy is working as expected.

Then we can do one full test with one of the deployment in toolsbeta, and just copy the config for the rest, wdyt?

Any other way to have less number of deployments for this?

Deploying is easy xd, so three times is not a lot.

Now, we don't need to do the full test for each deployment, and we don't need to do it in toolsbeta, lima-kilo now has several workers running where you can play to make sure the affininty policy is working as expected.

Then we can do one full test with one of the deployment in toolsbeta, and just copy the config for the rest, wdyt?

ok that sounds better

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/481

[toolforge-deploy] DO_NOT_MERGE : increase builds-api replicas in local env

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-api/-/merge_requests/108

Draft: [builds-api] DO_NOT_MERGE: schedule all pods on toolforge-worker

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-api/-/merge_requests/45

Draft: [envvars-api] DO_NOT_MERGE: schedule all pods on toolforge-worker

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/183

Draft: [lima-kilo] DO_NOT_MERGE: enable node inclusion policy feature gate

raymond-ndibe closed https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-api/-/merge_requests/108

Draft: [builds-api] DO_NOT_MERGE: schedule all pods on toolforge-worker

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/499

jobs-emailer: bump to 0.0.43-20240902122251-1677ec5f

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/500

ingress-admission: bump to 0.0.49-20240902122319-b0b4ce16

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/501

volume-admission: bump to 0.0.54-20240902122354-18500992

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/502

envvars-admission: bump to 0.0.17-20240902122423-94921cad

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/503

builds-builder: bump to 0.0.117-20240902122920-3b0529c7

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/504

api-gateway: bump to 0.0.44-20240902122941-a7ca33e8

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/505

registry-admission: bump to 0.0.50-20240902122909-507a2f0d

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/506

jobs-api: bump to 0.0.332-20240902122934-464b67dd

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/507

envvars-api: bump to 0.0.60-20240902124757-342c4931

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/508

builds-api: bump to 0.0.170-20240902125720-e7b15322

Raymond_Ndibe updated the task description. (Show Details)

raymond-ndibe closed https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-api/-/merge_requests/45

Draft: [envvars-api] DO_NOT_MERGE: schedule all pods on toolforge-worker

raymond-ndibe closed https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/183

Draft: [lima-kilo] DO_NOT_MERGE: enable node inclusion policy feature gate

raymond-ndibe closed https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/481

Draft: [toolforge-deploy] DO_NOT_MERGE : increase envvars-api replicas in local env