From 858525a91d79789520bf9e31d8425ab028b696b2 Mon Sep 17 00:00:00 2001 From: Andrea Hoffer Date: Tue, 21 Mar 2023 13:13:15 -0400 Subject: [PATCH] OSDOCS-5336: Adding PDBUnhealthyPodEvictionPolicy as tech preview feature --- ...nodes-cluster-enabling-features-about.adoc | 1 + ...nodes-pods-pod-disruption-configuring.adoc | 4 +- modules/pod-disruption-eviction-policy.adoc | 56 +++++++++++++++++++ .../nodes-cluster-pods-configuring.adoc | 11 +++- nodes/pods/nodes-pods-configuring.adoc | 12 +++- .../cluster-tasks.adoc | 7 +++ 6 files changed, 84 insertions(+), 7 deletions(-) create mode 100644 modules/pod-disruption-eviction-policy.adoc diff --git a/modules/nodes-cluster-enabling-features-about.adoc b/modules/nodes-cluster-enabling-features-about.adoc index 726f5dcd6a44..71df8ff95e12 100644 --- a/modules/nodes-cluster-enabling-features-about.adoc +++ b/modules/nodes-cluster-enabling-features-about.adoc @@ -32,6 +32,7 @@ The following Technology Preview features are enabled by this feature set: ** External cloud providers. Enables support for external cloud providers for clusters on vSphere, AWS, Azure, and GCP. Support for OpenStack is GA. (`ExternalCloudProvider`) ** Pod topology spread constraints. Enables the `matchLabelKeys` parameter for pod topology constraints. The parameter is list of pod label keys to select the pods over which spreading will be calculated. (`MatchLabelKeysInPodTopologySpread`) ** Pod security admission enforcement. Enables restricted enforcement for pod security admission. Instead of only logging a warning, pods are rejected if they violate pod security standards. (`OpenShiftPodSecurityAdmission`) +** Pod disruption budget (PDB) unhealthy pod eviction policy. Enables support for specifying how unhealthy pods are considered for eviction when using PDBs. (`PDBUnhealthyPodEvictionPolicy`) -- //// diff --git a/modules/nodes-pods-pod-disruption-configuring.adoc b/modules/nodes-pods-pod-disruption-configuring.adoc index 23f99f03d2a9..9421a3e4cabc 100644 --- a/modules/nodes-pods-pod-disruption-configuring.adoc +++ b/modules/nodes-pods-pod-disruption-configuring.adoc @@ -33,7 +33,7 @@ spec: <2> The minimum number of pods that must be available simultaneously. This can be either an integer or a string specifying a percentage, for example, `20%`. <3> A label query over a set of resources. The result of `matchLabels` and - `matchExpressions` are logically conjoined. Leave this paramter blank, for example `selector {}`, to select all pods in the project. + `matchExpressions` are logically conjoined. Leave this parameter blank, for example `selector {}`, to select all pods in the project. + Or: + @@ -53,7 +53,7 @@ spec: <2> The maximum number of pods that can be unavailable simultaneously. This can be either an integer or a string specifying a percentage, for example, `20%`. <3> A label query over a set of resources. The result of `matchLabels` and - `matchExpressions` are logically conjoined. Leave this paramter blank, for example `selector {}`, to select all pods in the project. + `matchExpressions` are logically conjoined. Leave this parameter blank, for example `selector {}`, to select all pods in the project. . Run the following command to add the object to project: + diff --git a/modules/pod-disruption-eviction-policy.adoc b/modules/pod-disruption-eviction-policy.adoc new file mode 100644 index 000000000000..9e03540f1556 --- /dev/null +++ b/modules/pod-disruption-eviction-policy.adoc @@ -0,0 +1,56 @@ +// Module included in the following assemblies: +// +// * nodes/nodes-pods-configuring.adoc +// * nodes/nodes-cluster-pods-configuring +// * post_installation_configuration/cluster-tasks.adoc + +:_content-type: PROCEDURE +[id="pod-disruption-eviction-policy_{context}"] += Specifying the eviction policy for unhealthy pods + +When you use pod disruption budgets (PDBs) to specify how many pods must be available simultaneously, you can also define the criteria for how unhealthy pods are considered for eviction. + +You can choose one of the following policies: + +IfHealthyBudget:: Running pods that are not yet healthy can be evicted only if the guarded application is not disrupted. + +AlwaysAllow:: Running pods that are not yet healthy can be evicted regardless of whether the criteria in the pod disruption budget is met. This policy can help evict malfunctioning applications, such as ones with pods stuck in the `CrashLoopBackOff` state or failing to report the `Ready` status. + +:FeatureName: Specifying the unhealthy pod eviction policy for pod disruption budgets +include::snippets/technology-preview.adoc[] + +To use this Technology Preview feature, you must have enabled the `TechPreviewNoUpgrade` feature set. + +[WARNING] +==== +Enabling the `TechPreviewNoUpgrade` feature set on your cluster cannot be undone and prevents minor version updates. You should not enable this feature set on production clusters. +==== + +.Procedure + +. Create a YAML file that defines a `PodDisruptionBudget` object and specify the unhealthy pod eviction policy: ++ +.Example `pod-disruption-budget.yaml` file +[source,yaml] +---- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-pdb +spec: + minAvailable: 2 + selector: + matchLabels: + foo: bar + unhealthyPodEvictionPolicy: AlwaysAllow <1> +---- +<1> Choose either `IfHealthyBudget` or `AlwaysAllow` as the unhealthy pod eviction policy. The default is `IfHealthyBudget` when the `unhealthyPodEvictionPolicy` field is empty. + +. Create the `PodDisruptionBudget` object by running the following command: ++ +[source,terminal] +---- +$ oc create -f pod-disruption-budget.yaml +---- + +With a PDB that has the `AlwaysAllow` unhealthy pod eviction policy set, you can now drain nodes and evict the pods for a malfunctioning application guarded by this PDB. diff --git a/nodes/clusters/nodes-cluster-pods-configuring.adoc b/nodes/clusters/nodes-cluster-pods-configuring.adoc index 8cc1caff0d0f..12ebffb7bd05 100644 --- a/nodes/clusters/nodes-cluster-pods-configuring.adoc +++ b/nodes/clusters/nodes-cluster-pods-configuring.adoc @@ -10,7 +10,7 @@ As an administrator, you can create and maintain an efficient cluster for pods. By keeping your cluster efficient, you can provide a better environment for your developers using such tools as what a pod does when it exits, ensuring that the required number of pods is always running, -when to restart pods designed to run only once, limit the bandwidth available to pods, and how to keep +when to restart pods designed to run only once, limit the bandwidth available to pods, and how to keep pods running during disruptions. // The following include statements pull in the module files that comprise @@ -26,7 +26,14 @@ include::modules/nodes-pods-pod-disruption-about.adoc[leveloffset=+1] include::modules/nodes-pods-pod-disruption-configuring.adoc[leveloffset=+2] +include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates] +* link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation + include::modules/nodes-pods-configuring-pod-critical.adoc[leveloffset=+1] // modules/nodes-pods-configuring-run-once.adoc[leveloffset=+1] - diff --git a/nodes/pods/nodes-pods-configuring.adoc b/nodes/pods/nodes-pods-configuring.adoc index 3549a9344c36..fbba702f4304 100644 --- a/nodes/pods/nodes-pods-configuring.adoc +++ b/nodes/pods/nodes-pods-configuring.adoc @@ -10,7 +10,7 @@ As an administrator, you can create and maintain an efficient cluster for pods. By keeping your cluster efficient, you can provide a better environment for your developers using such tools as what a pod does when it exits, ensuring that the required number of pods is always running, -when to restart pods designed to run only once, limit the bandwidth available to pods, and how to keep +when to restart pods designed to run only once, limit the bandwidth available to pods, and how to keep pods running during disruptions. // The following include statements pull in the module files that comprise @@ -26,10 +26,16 @@ include::modules/nodes-pods-pod-disruption-about.adoc[leveloffset=+1] include::modules/nodes-pods-pod-disruption-configuring.adoc[leveloffset=+2] +include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates] +* link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation + include::modules/nodes-pods-configuring-pod-critical.adoc[leveloffset=+1] include::modules/nodes-pods-configuring-reducing.adoc[leveloffset=+1] // modules/nodes-pods-configuring-run-once.adoc[leveloffset=+1] - - diff --git a/post_installation_configuration/cluster-tasks.adoc b/post_installation_configuration/cluster-tasks.adoc index f4d49c4a5d38..b08b7049d2f6 100644 --- a/post_installation_configuration/cluster-tasks.adoc +++ b/post_installation_configuration/cluster-tasks.adoc @@ -669,6 +669,13 @@ Understand and configure pod disruption budgets. include::modules/nodes-pods-pod-disruption-about.adoc[leveloffset=+2] include::modules/nodes-pods-pod-disruption-configuring.adoc[leveloffset=+2] +include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates] +* link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation [id="post-install-rotate-remove-cloud-creds"] == Rotating or removing cloud provider credentials