Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: ability to specify a min/max replica count on scaleable resources #33843

Closed
derekwaynecarr opened this issue Sep 30, 2016 · 22 comments
Closed

Feature request: ability to specify a min/max replica count on scaleable resources #33843

derekwaynecarr opened this issue Sep 30, 2016 · 22 comments
Assignees
@derekwaynecarr
Labels
area/stateful-apps lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/apps Categorizes an issue or PR as relevant to SIG Apps.

Comments

@derekwaynecarr
Copy link
Member

Users have requested the ability to set local min/max replica constraints for any resource that is a target for manual scaling (i.e. Deployment / ReplicaSet / ReplicationController / Job / PetSet).

The idea is that each spec for the related resources would have the following (similar to HPA):

// lower limit for the number of replicas (defaults to 0)
MinReplicas *int32 `json:"minReplicas,omitempty"`
// upper limit for the number of replicas
MaxReplicas *int32 `json:"maxReplicas,omitempty"`

If a user submitted a kubectl scale command that caused Replicas to fall out of the configured boundary, the request would fail validation, and not proceed.

The example use case is as follows:

When deploying a database (pod) with no replication using persistent volumes and persistent volume claims, I want to restrict the scaling of the pod to no more than one replica. The reason is that I don't want data distributed over various persistent stores causing fragmentation.

Keeping a min/max local to the resource may make the most sense, and is easily enforceable via validation. I had debated a pattern using LimitRange but that has the drawback that the scope covered is too large. While I am interested in adding label selectors to LimitRange to let you scope constraints to particular classes of things better, I think in this case, it may make the most sense to have min/max replicas on the local resource that is being constrained most closely.

Thoughts?

/cc @smarterclayton @eparis @bgrant0607 @lavalamp
@derekwaynecarr derekwaynecarr self-assigned this Sep 30, 2016
@derekwaynecarr derekwaynecarr added this to the v1.5 milestone Sep 30, 2016
@derekwaynecarr
Copy link
Member Author

derekwaynecarr commented Sep 30, 2016
edited
Loading

I have users that want to run Spark or a Gluster management service that have basically requested this extra level of control to set local min/max replica boundaries for their resources where they wanted to prevent operator changes to replicas.

@bgrant0607
Copy link
Member

cc @erictune

@bgrant0607 bgrant0607 added sig/apps Categorizes an issue or PR as relevant to SIG Apps. area/workload-api/deployment and removed area/kubectl team/ux labels Sep 30, 2016
@bgrant0607
Copy link
Member

I am not a fan of this feature. It would add API complexity and seems cumbersome. I think there are much more important issues with the controllers that we need to tackle if we're going to spend API review bandwidth.

@derekwaynecarr
Copy link
Member Author

@bgrant0607 - my response echoed your sentiment, but I got a fair amount of push-back from three distinct user communities looking to support Spark, Gluster, and a mobile application scenario.

At it's core the request is asking to have a way to prevent users from harming themselves. User's can harm themselves any number of ways, so I get the complexity/cumbersome argument may not be worth it for all workloads.

Any objection to the concept via annotations on the objects in question, and enforcement via some optional admission controller? If it gets broad adoption, then we could revisit when more bandwidth is needed?

@eparis
Copy link
Contributor

eparis commented Sep 30, 2016

We are running into a number of places where the dev/person who wrote the app has these restrictions, but the operator doesn't likely know. It looks to me like a dev/ops split. Allow dev to keep ops from doing things to hurt themselves.

@danmcp
Copy link
Contributor

danmcp commented Sep 30, 2016

I think @eparis nailed the interaction exactly. The application writers are often the ones applying/suggesting these limitations for the deployer/operator. It should generally be possible for the operator to override (at a config level) separate from the scaling operation itself.

@smarterclayton
Copy link
Contributor

It's usually not enough to do min/max. We'd need to do cut outs - an etcd
pet set should probably only be allowed to exist at scales 3, 5, or 7.

On Fri, Sep 30, 2016 at 2:16 PM, Dan McPherson notifications@github.com
wrote:

I think @eparis https://github.com/eparis nailed the interaction
exactly. The application writers are often the ones applying/suggesting
these limitations for the deployer/operator. It should generally be
possible for the operator to override (at a config level) separate from the
scaling operation itself.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33843 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABG_pxnI6rZvk6j6LcVo2-6elzyUMqkaks5qvVHpgaJpZM4KLR_D
.

@derekwaynecarr
Copy link
Member Author

ack: enforcing odd numbers is a reasonable request

@smarterclayton
Copy link
Contributor

I share some of Brian's concerns as I've mentioned before. I think this
tends to be more of a requirement for pet sets (which was documented in
the original proposal but is not currently in the critical implementation
path). Ultimately the expectation that the person doing the scaling
doesn't understand what is being scaled is somewhat difficult to enforce,
even if it's not unreasonable when dealing with white box deployed software.

This most frequently comes up for things that are "stateful" - I can only
have 1 of something, but nothing prevents me from setting it to 2 or more.
I would argue the database case is best solved by PV, and the "I'm using a
PVC with RWO but based on RWM and it scales up and breaks me" case is best
solved by not allowing a PVC with RWO to be mounted in two locations (this
has been discussed under the pet set fencing and storage locking
discussion, and applies to local persistent storage and users performing in
place upgrades on the same node).

On Fri, Sep 30, 2016 at 9:52 PM, Derek Carr notifications@github.com
wrote:

ack: enforcing odd numbers is a reasonable request


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33843 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABG_p-J8Ws36jScRP0FD0y_ABLtm32Y5ks5qvbz2gaJpZM4KLR_D
.

@bgrant0607
Copy link
Member

cc @erictune

@smarterclayton
Copy link
Contributor

smarterclayton commented Oct 12, 2016 via email

@smarterclayton
Copy link
Contributor

Also, enforcing an annotation would break autoscaling, and autoscaling
a pet set should be possible, so an enforcing admission controller
needs to at least take that into account and prevent abuse / bugs /
unexpected behavior.

On Oct 11, 2016, at 10:15 PM, Clayton Coleman ccoleman@redhat.com wrote:

It's not enough to do odd numbers though - 3,5,7 may be valid but
others are not. A few systems require 3n+1. Also, does zero count,
or is it a potential exception?

I think this is a requirement to be leveraged against petsets, not
against general resources, and should be solved there, not across all
scalable resources.

@smarterclayton
Copy link
Contributor

A much simpler option might be a "scale protection", like the "delete
protection" we discussed previously. An annotation which clients respect
as "the caller suggested not scaling this". That makes this less of an API
problem than a UX problem.

On Tue, Oct 11, 2016 at 7:25 PM, Clayton Coleman ccoleman@redhat.com
wrote:

Also, enforcing an annotation would break autoscaling, and autoscaling
a pet set should be possible, so an enforcing admission controller
needs to at least take that into account and prevent abuse / bugs /
unexpected behavior.

On Oct 11, 2016, at 10:15 PM, Clayton Coleman ccoleman@redhat.com
wrote:

It's not enough to do odd numbers though - 3,5,7 may be valid but
others are not. A few systems require 3n+1. Also, does zero count,
or is it a potential exception?

I think this is a requirement to be leveraged against petsets, not
against general resources, and should be solved there, not across all
scalable resources.

@dims
Copy link
Member

dims commented Nov 16, 2016

This needs to be triaged as a release-blocker or not for 1.5 @smarterclayton @derekwaynecarr

@eparis
Copy link
Contributor

eparis commented Nov 16, 2016

not blocker.

@dims
Copy link
Member

dims commented Nov 18, 2016

thanks @eparis

@dims
Copy link
Member

dims commented Dec 9, 2016

@derekwaynecarr Is it appropriate to move this to the next milestone or clear the 1.5 milestone? (and remove the non-release-blocker tag as well)

@eparis eparis modified the milestones: v1.6, v1.5 Dec 9, 2016
@ethernetdan
Copy link
Contributor

Moving to 1.7 as late to happen in 1.6. Feel free to switch back if this is incorrect.

@ethernetdan ethernetdan modified the milestones: v1.7, v1.6 Mar 13, 2017
@bgrant0607 bgrant0607 removed this from the v1.7 milestone Mar 21, 2017
@bgrant0607 bgrant0607 mentioned this issue Mar 21, 2017
Closed
@lpshikhar
Copy link

Any progress on the scale selector ?

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 23, 2017
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 22, 2018
@bgrant0607
Copy link
Member

This kind of policy should be implemented outside the workload controllers.

@dturn dturn mentioned this issue Jan 24, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derekwaynecarr derekwaynecarr

Labels
area/stateful-apps lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/apps Categorizes an issue or PR as relevant to SIG Apps.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests