-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabling publishNotReadyAddresses
causes proxy to direct traffic to NotReady pods.
#124914
Comments
This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/sig network |
https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/#ready maybe is not clear, but is the way it works /remove-kind bug |
@aojea - could you elaborate why does it work the way it does? What's the benefit of routing traffic to a Pod that doesn't even has its containers up? |
and the DNS? :) You are focusing on the behaviors and is important to understand the internals, Services provide discovery via DNS and ClusterIP (L4 load balancers). Services depend on the EndpointSlices, that represent the set of pods that belong to that Service and their state These Services/EndpointSlices objects have a 1to1 relation and are used by the DNS implementation (commonly CoreDNS) and the Services implementations (commonly kube-proxy) , so both the DNS records and and proxy will do whatever the EndpointSlice says, if it says is ready then it will trust the object. If we go to the API you have the explanation of this field kubernetes/pkg/apis/core/types.go Lines 4507 to 4516 in 5ceb99d
This is an opt-in feature to deal with very specific behaviors that has side effects as the one you are describing, so the user that wants to use it need to understand this (put a side we could have done differently, this is an v1 API and we need to respect it, changing behaviors at this point will be a backwards compatibility break)... in your description you describe a scenario that will fail as WAI, why any user will choose to do that? |
Hi @aojea, That comment you've quoted indeed states things clear as day - couldn't find that within the docs though. Thanks again! |
What happened?
Documentation states that enabling
publishNotReadyAddresses
will cause DNS records to appear for pods, even ifNotReady
. Documentation does not state that enabling this flag will cause incoming traffic to be directed to pods that areNotReady
.What did you expect to happen?
I expected DNS records to be created, nothing beyond that.
How can we reproduce it (as minimally and precisely as possible)?
sleep 30
publishNotReadyAddresses
set totrue
Anything else we need to know?
It can be easily fixed by changing condition for building topology from
isReady
toisServing && !isTerminating
.Kubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: