Removing Node Pool from Cluster Breaks Ingress Conroller

[dacox]

Hi everyone,

we're currently on 1.11.6-gke.11. We've had some issues with gce-ingress in the past, and after a recent outage are trying to dig into the root cause.

We currently have a handful of Node Pools and use an Ingress to map traffic to two services in our cluster. This has created the Cloud Load Balancer with two Backend Services with one health check each. Each Backend Service points to the same Instance Group that is also created by the controller (am I getting this right?).

As I understand, because our Service's have externalTrafficPolicy=Cluster (default), both Backend Services show all nodes in the Cluster as healthy, not just the ones that pertain to our Services.

We recently removed a Node Pool from the Cluster. To do this, we cordoned each node in the pool and then drained them. A few hours later we removed the node pool.

Immediately upon deleting the pool, we experienced a large amount of downtime. It did not seem to be resolved when the last node went offline. At one point, we saw that both Backend Services reported 0/0 as healthy.

After about half an hour, we were able to stop the fire by kubectl delete ingress-myingress and then re-creating it.

We now understand that we would get some 502s when the nodes were being deleted due to our externalTrafficPolicy. What we are having a hard time grappling with is why the outage did not recover until we re-created the ingress.

Cheers!

[MrHohn]

We recently removed a Node Pool from the Cluster. To do this, we cordoned each node in the pool and then drained them. A few hours later we removed the node pool.

Humm, I thought cordoning a node should be enough for GCE Ingress controller to remove it from the target instance group, such that it shouldn't be receiving request/healthcheck. @freehan Is it not the case?

Immediately upon deleting the pool, we experienced a large amount of downtime. It did not seem to be resolved when the last node went offline. At one point, we saw that both Backend Services reported 0/0 as healthy.

While I understand instances that being terminated may fail health check, I'm also not understanding why the new nodes (assuming there are multiple node pools?) would become unhealthy as well, and why the LB doesn't self-resolve when the last node (for the old node pool) went offline. Were the nodes from new pool not added to the target instance group?

[dacox]

@MrHohn Yes, we thought so too. I have since created one or two test clusters to try and reproduce the issue, but so far haven't been able to. However, this is not the first time we've been struck by this issue - it also occurred once during a rolling GKE node upgrade.

The part that is confusing is that all of the remaining nodes seemed fine, but the load balancer seemed to think differently. For some context, there were three node pools originally. We added one, migrated some workloads to it, and spun down another.

The two services that are actually exposed to the load balancer actually reside solely on one pool, and that pool was no the one being shut down.

[freehan]

There was a recent bug #591
I will confirm and check if the fix is contained in the GKE version.

[dacox]

@freehan From my poking around the branches it doesn't seem like that fix has landed in a release yet, and I assume 1.11.6.gke-11 is also using v1.4.3

[freehan]

Just created a cherry pick PR.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

[fejta-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

[k8s-ci-robot]

@fejta-bot: Closing this issue.

Details

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.