StatefulSet - can't rollback from a broken state #67250
Comments
k8s-ci-robot
added
needs-sig
|
/sig apps |
k8s-ci-robot
added
sig/apps
|
Anybody have any ideas on this one? |
k8s-ci-robot
added
the
sig/scheduling
|
As far as I can tell, StatefulSet doesn't make any attempt to support this use case, namely using a rolling update to fix a StatefulSet that's in a broken state. If any of the existing Pods are broken, it appears that StatefulSet bails out before even reaching the rolling update code: kubernetes/pkg/controller/statefulset/stateful_set_control.go Lines 428 to 435 in 30e4f52 I haven't found any mention of this limitation in the docs, but it's possible that it was a choice made intentionally to err on the side of caution (stop and make the human decide) since stateful data is at stake and stateful Pods often have dependencies on each other (e.g. they may form a cluster/quorum). With that said, I agree it would be ideal if StatefulSet supported this, at least for clear cases like this one where deleting a Pod that's stuck Pending is unlikely to cause any additional damage. cc @kow3ns |
|
+1, I just discovered this and had assumed that it would work more like the Deployment controller. In https://github.com/yelp/paasta we are programmatically creating/updating Deployments and StatefulSets. For that to make sense I really want them to always attempt to converge to the definition. |
This option gives us the option to workaround current StatefulSet limitations around updates See: kubernetes/kubernetes#67250 By default it is false.
This option gives us the option to workaround current StatefulSet limitations around updates See: kubernetes/kubernetes#67250 By default it is false.
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@mattmb: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Heh, well it was worth a go I suppose... |
|
/reopen |
|
@MrTrustor: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
+1 meet the same problem |
|
+1. This is a pretty big landmine in using StatefulSet, if you ever make any mistake you're stuck with just destroying your StatefulSet and starting over. IOW, if you ever make a mistake with StatefulSet, you need to cause an outage to recover :( |
|
/remove-lifecycle rotten |
with rollingUpdateStrategy: RollingUpdate, operator doens't perform statefulset update it delegates it to the kubernetes statefulset controller. Default strategy is OnDelete, which controlls rolling update process by operator RollingUpdate strategy may be useful, when user wants to perform kubectl restart command or for some reason don't trust rolling update process for operator Fixes annotations merge for pod templates, which make possible kubectl restart command for other services related kubernetes issue with statefulset broken state and why manual rolling update may be needed. kubernetes/kubernetes#67250 #389
|
This issue also affects our operator - https://github.com/redhat-developer/gitops-operator. Any updates on this problem? |
|
Hitting the same issue in k8s version 1.21.6 |
|
/assign |
|
/unassign |
|
+1 |
|
/assign |
|
FYI: KEP initialized here kubernetes/enhancements#3562, glad to hear any advices. |
This change ensures that the generate-tenant-config script when running via the zuul-scheduler pod's init-container won't fail when the config location is unaccurate. Having the init-container to success even when the main.yaml file cannot be fully computed ensures that zuul-scheduler pod is in the running state. Indeed, without that change it is impossible (except manually) to recover after a mistake in the config location setting. Three components must restart when the location change: git-server, nodepool, zuul-scheduler. While components restart work well for git-server and nodepool it is broken for zuul-scheduler. According to https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback a rollout will only happen when the Pod is Ready which is not the case when the zuul-scheduler pod failed to start because of the init-container failure. More insights here: kubernetes/kubernetes#67250 The approach implemented in this patch is quite simple as it is just about to bypass the init-container failures and ensures the pod start. The idea is to make it easy to just recover from a wrong config location setting. Change-Id: I6885605d30b5ffc8c4c327dc4590b56316bd7955
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Changes to a StatefulSet are not propagated to pods in a broken state (e.g. CrashLoopBackOff) See kubernetes/kubernetes#67250 This is a workaround for the above issue. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
|
/reopen |
and others
/kind bug
What happened:
I updated a StatefulSet with a non-existent Docker image. As expected, a pod of the statefulset is destroyed and can't be recreated (ErrImagePull). However, when I change back the StatefulSet with an existing image, the StatefulSet doesn't try to remove the broken pod to replace it by a good one. It keeps trying to pull the non-existing image.
You have to delete the broken pod manually to unblock the situation.
Related Stackoverflow question
What you expected to happen:
When rolling back the bad config, I expected the StatefulSet to remove the broken pod and replace it by a good one.
How to reproduce it (as minimally and precisely as possible):
k8s.gcr.io/nginx-slim:foobarAnything else we need to know?:
Environment:
kubectl version):cc @joe-boyce
The text was updated successfully, but these errors were encountered: