Fail on swap enabled and deprecate experimental-fail-swap-on flag #47181
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-github-robot
added
kind/api-change
|
/cc @mtaufen |
|
When people are running kubelet locally on their workstations (we do this for some dev environment stuff), there will likely be swap enabled. Can a |
|
@kiall that's a good point. Maybe we should just print warnings in some of these cases and report conformance failures in a Node condition, rather than crashing the Kubelet? Or maybe we should discuss having a dev mode that relaxes some of the node conformance requirements? @vishh what do you think? |
|
Adding an opt-out for strict conformance sounds like a good idea for development. However I'd prefer not having an opt-out per feature/check. Can we have one global conformance opt-out flag instead? |
The problem I see with a global opt-out flag is, people will want to opt out of 1 thing (e.g. swap off), and once they enable it, they'll never notice the 100 other things they should be doing, but aren't. This may be OK, but it's something to consider :) |
Devs who opt-out of error checking are expected to understand what they are doing. |
|
Absolutely, but production deployments will opt out of some rules too, and many will likely never notice the list of opt outs behind a global flag has grown since they initially evaluated what they opted out of. Again, this may be OK in the context of e.g. certification, but certification is likely not the only reason to want to be aware of additional differences between newly expected requirements and actual deployment environments. |
|
In general, we try to not have the kubelet crash explicitly unless the underlying configuration is incompatible with Kubelet's core functionalities. So in theory I can see how a single flag cannot satisfy all use cases, but in practice, I think that will just work for the foreseeable future. |
|
I'd support adding an explicit |
|
Just to provide a use case where we will need While we should try not to swap at all, they are cases where we do see swapping. In the cloud, when you don't have swap and you do start swapping, it makes the VMs unreachable after a while since the OS will most probably start killing processes (sshd and friends). Having a flag to only disable Swap would be a necessity I would say for our use case. |
|
If you see swapping caused by pressure from your containers, doesn't that mean the requests and limits need to be adjusted? Ideally requests and limits are set such that the scheduler helps you avoid triggering OOM-kills. Sorry if I'm misunderstanding your situation. |
What do you meant by "see swapping"?
Kubelet expects swap to be disabled by default. Are you requesting that it should allow swapping? |
|
@mtaufen @vishh First of all, we only set CPU requests in the manifest. we also set since we create a ram disk with almost all the RAM available, we have processes that will fill up the RAM for other containers to share. Since the memory is managed outside of the container, we end up having possibilities where Memory could fill up hence triggering some swapping. This is not a desired behavior, but it could occur on some occasions. When we moved to the cloud, we didnt have swap enabled and this caused the CLoud VM to become unresponsive from time to time. |
|
Note that I might not be understanding the whole |
|
Interesting. Would it be possible to run a container that does nothing, but sets memory requests and limits equal to the size of the RAM disk so that the Kubernetes scheduler can know you intend to allocate that much memory to the RAM disk? If the scheduler is aware, it should be able to avoid sending too many other containers to the Node, and then you should be able to both turn off swap and avoid OOM kills. Would it help to slightly reduce the size of the RAM disk or slightly increase the size of the RAM? It may also be that your margin of safety is just too thin. |
|
For best performance, we require to almost fill the RAM disk to its max capacity which is all of the RAM. We use POD anti-affinity and affinity logics to make sure that only the pods that uses the RAM disk are scheduled on those nodes. There are edge cases where during a rolling update the RAM disk gets over filled, hence the need for the SWAP. |
|
Don't see a consensus, abandoning for now |
|
Re-opening. This discussion trailed off during the release but we should resolve it. I propose we deprecate the experimental flag name and replace it with |
|
Sounds good to me. Thanks for taking into consideration our use case.
… On Jul 26, 2017, at 9:12 PM, Michael Taufen ***@***.***> wrote:
Re-opening. This discussion trailed off during the release but we should resolve it. I propose we deprecate the experimental flag name and replace it with fail-swap-on, and default this flag to true. That gives @djsly an out for his use case and we still enforce no swap for most users.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
k8s-ci-robot
added
the
lgtm
|
/assign @yujuhong for approval |
|
@mtaufen: GitHub didn't allow me to assign the following users: for, approval. Note that only kubernetes members can be assigned. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/approve |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cblecker, dims, mtaufen, yujuhong Associated issue: 34726 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
Automatic merge from submit-queue (batch tested with PRs 50119, 48366, 47181, 41611, 49547) |
|
Can someone explain why kubernetes shouldn't be run with swap enabled? Neither this pull request nor the referenced ticket gives any explanation for it. |
The terraform apply command got stuck at a point when it was trying to initialize all the hosts in the cluster. It kept on saying "Waiting for API server to respond". Further investigation showed that it was failing on preflight checks: module.kubernetes.null_resource.kubernetes[0] (remote-exec): [preflight] Some fatal errors occurred: module.kubernetes.null_resource.kubernetes[0] (remote-exec): [ERROR Swap]: running with swap on is not supported. Please disable swap This pre-flight check was enabled in kubernetes/kubernetes#47181 Since, the swap was being enabled in main.tf, i have removed that bit to stop terraform from enabling swap on the host machines. This closes hobby-kube/guide#25
|
I would also like to know why running with swap on is not supported. |
|
@blackknight36 please see #53533 |
|
Hi Sir, How to deal w/ this issue? I'm running CenOS 7 on vagrant. [root@k8s-master ~]# kubeadm init \
Unfortunately, an error has occurred: This error is likely caused by: If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands: |
|
|
|
|
What this PR does / why we need it:
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Fixes #34726
Special notes for your reviewer:
Release note: