Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linkerd multicluster link --ha generates invalid deployment spec #11603

Closed
Hexcles opened this issue Nov 10, 2023 · 0 comments · Fixed by #11609 or #11642
Closed

linkerd multicluster link --ha generates invalid deployment spec #11603

Hexcles opened this issue Nov 10, 2023 · 0 comments · Fixed by #11609 or #11642
Assignees
@mateiidavid
Labels
bug

Comments

@Hexcles
Copy link

Hexcles commented Nov 10, 2023

What is the issue?

I was trying out the new HA mode with linkerd multicluster --ha and couldn't apply the generated specs with kubectl.

How can it be reproduced?

linkerd --context=foo multicluster link --cluster-name foo --ha | kubectl --context=bar apply -f -

Logs, error output, etc

error: error validating "STDIN": error validating data: ValidationError(Deployment.spec.template.spec): unknown field "podAntiAffinity" in io.k8s.api.core.v1.PodSpec; if you choose to ignore these errors, turn validation off with --validate=false

The relevant part of the spec is

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    linkerd.io/extension: multicluster
    component: service-mirror
    mirror.linkerd.io/cluster-name: foo
  name: linkerd-service-mirror-foo
  namespace: linkerd-multicluster
spec:
  replicas: 3
  selector:
    matchLabels:
      component: linkerd-service-mirror
      mirror.linkerd.io/cluster-name: foo
  strategy:
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      annotations:
        linkerd.io/inject: enabled
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
        config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
      labels:
        linkerd.io/extension: multicluster
        component: linkerd-service-mirror
        mirror.linkerd.io/cluster-name: foo
    spec:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
              - key: mirror.linkerd.io/cluster-name
                operator: In
                values:
                - foo
            topologyKey: topology.kubernetes.io/zone
          weight: 100
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: mirror.linkerd.io/cluster-name
              operator: In
              values:
              - foo
          topologyKey: kubernetes.io/hostname
...

output of linkerd check -o short

Status check results are √

Environment

  • Kubernetes 1.24
  • EKS
  • Linux
  • Linkerd 2.14.3

Possible solution

Looking at https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podspec-v1-core, podAntiAffinity only exists under spec.affinity, so there might be something wrong with this helm chart:

linkerd2/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml

Lines 123 to 126 in 4018b2f

{{- if .Values.enablePodAntiAffinity -}}
{{- $local := dict "label" "mirror.linkerd.io/cluster-name" "component" .Values.targetClusterName -}}
{{- include "linkerd.pod-affinity" $local | nindent 6 -}}
{{- end }}

Additional context

No response

Would you like to work on fixing this bug?

None
@Hexcles Hexcles added the bug label Nov 10, 2023
mateiidavid added a commit that referenced this issue Nov 13, 2023
@mateiidavid
Fix service-mirror template when running in HA mode
006f6e2 
Two clusters can be linked in HA mode. When HA values are used, the
service-mirror deployment receives some pod affinity rules to ensure
fair scheduling of pods across a cluster's nodes.

The service-mirror Deployment's template seems to be broken at the
moment when using HA values. Affinity rules are incorrectly grouped
under a top-level `podAntiAffinity` field. The Kubernetes API requires
the rules to be grouped under a top-level `affinity` field. This change
rectifies that by introducing the missing parent.

Fixes #11603

Signed-off-by: Matei David <[email protected]>
@mateiidavid mateiidavid mentioned this issue Nov 13, 2023
Merged
@mateiidavid mateiidavid self-assigned this Nov 13, 2023
mateiidavid added a commit that referenced this issue Nov 22, 2023
@mateiidavid
Fix service-mirror template when running in HA mode (#11609)
97ac3dd 
Two clusters can be linked in HA mode. When HA values are used, the
service-mirror deployment receives some pod affinity rules to ensure
fair scheduling of pods across a cluster's nodes.

The service-mirror Deployment's template seems to be broken at the
moment when using HA values. Affinity rules are incorrectly grouped
under a top-level `podAntiAffinity` field. The Kubernetes API requires
the rules to be grouped under a top-level `affinity` field. This change
rectifies that by introducing the missing parent.

Fixes #11603

Signed-off-by: Matei David <[email protected]>
@hawkw hawkw mentioned this issue Nov 22, 2023
Merged
hawkw added a commit that referenced this issue Nov 22, 2023
@hawkw
edge-23.11.4 (#11642)
6a260fa 
## edge-23.11.4

This edge release introduces support for the native sidecar containers
entering beta support in Kubernetes 1.29. This improves the startup and
shutdown ordering for the proxy relative to other containers, fixing the
long-standing shutdown issue with injected `Job`s. Furthermore, traffic
from other `initContainer`s can now be proxied by Linkerd.

In addition, this edge release includes Helm chart improvements, and
improvements to the multicluster extension.

* Added a new `config.alpha.linkerd.io/proxy-enable-native-sidecar`
  annotation and `Proxy.NativeSidecar` Helm option that causes the proxy
  container to run as an init-container (thanks @teejaded!) (#11465;
  fixes #11461)
* Fixed broken affinity rules for the multicluster `service-mirror` when
  running in HA mode (#11609; fixes #11603)
* Added a new check to `linkerd check` that ensures all extension
  namespaces are configured properly (#11629; fixes #11509)
* Updated the Prometheus Docker image used by the `linkerd-viz`
  extension to v2.48.0, resolving a number of CVEs in older Prometheus
  versions (#11633)
* Added `nodeAffinity` to `deployment` templates in the `linkerd-viz`
  and `linkerd-jaeger` Helm charts (thanks @naing2victor!) (#11464;
  fixes #10680)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mateiidavid mateiidavid

Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@Hexcles @mateiidavid