Retry on leader lease renewal failure #9563
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
davidjumani
added
the
work in progress
github-actions
bot
added
the
keep pr updated
|
Visit the preview URL for this PR (updated for commit 7cf3c2b): https://gloo-edge--pr9563-dont-crash-on-failed-6s4x9piv.web.app (expires Tue, 25 Jun 2024 00:48:42 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 77c2b86e287749579b7ff9cadb81e099042ef677 |
davidjumani
removed
the
work in progress
davidjumani
commented
Jun 6, 2024
ashishb-solo
reviewed
Jun 6, 2024
There was a problem hiding this comment.
thanks @davidjumani - i've read it over a few times and have a few questions. i think a little more documentation (especially around the go funcs) would be helpful. also, a major question regarding whether we still have the regular behavior if we're not configured to recover from failure.
happy to talk in person if that would be easier
ps: i haven't had a chance to look at the test yet
ashishb-solo
reviewed
Jun 6, 2024
sam-heilbron
reviewed
Jun 6, 2024
nfuden
previously approved these changes
Jun 14, 2024
ashishb-solo
approved these changes
Jun 17, 2024
nfuden
approved these changes
Jun 18, 2024
Open
|
kick bulldozer |
davidjumani
added a commit
that referenced
this pull request
Jun 18, 2024
* retry on leader lease renewal failure * Die if unable to recover * use env var * add basic tests * udpate tests * add comments * Add commnets around ci changes * update tests * refactor * cleanup * udpate test * rename env var * add changelog * address comments v1 * address comments v2 * fix test * sue GinkgoHelper * Adding changelog file to new location * Deleting changelog file from old location * specify a duration * Adding changelog file to new location * Deleting changelog file from old location * remove default * Adding changelog file to new location * Deleting changelog file from old location * fix tests * move changelog * move conter --------- Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> Co-authored-by: changelog-bot <changelog-bot> Co-authored-by: Nathan Fudenberg <nathan.fudenberg@solo.io>
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
After a container has become a leader, any Kube API server unavailability results in the container crashing. This happens as the leader is unable to renew the lease. This is by design as outlined here
However, crashing the gloo pods can also lead to an outage during scaling as the gateway-proxy pods that come up cannot fetch any configs and all routes result in 404s.
Now instead of crashing, the gloo pod falls back to a follower. This prevents an outage and any other pod can take over as leader if possible
This is fine as a leader only writes reports / statuses over here and here. On any failure, the pod becomes a follower and if elected back as a leader will continue to write reports.
Code changes
Resetmethod on the identity implementation that allows an identity to fall back to a followerCI changes
Instead, cilium is installed as CNI as we need to test Kube API server unavailability
Context
Kube API unavailability results in a gloo container crash
When leader election fails, gloo crashes
Design Doc
Interesting decisions
Testing steps
Kube2e tests to verify the following :
Notes for reviewers
Be sure to verify intended behavior by ...
Please proofread comments on ...
This is a complex PR and may require a huddle to discuss ...
Checklist:
BOT NOTES:
resolves #8107