Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k3s implement clean automated maintenance #813

Merged
merged 1 commit into from
Nov 16, 2023
Merged

k3s implement clean automated maintenance #813

merged 1 commit into from
Nov 16, 2023

Conversation

dpausp
Copy link
Member

@dpausp dpausp commented Oct 19, 2023
edited
Loading

k3s: automated maintenance

  • Add fc-kubernetes agent command to be used manually and in maintenance
    enter/leave commands.
  • Only allow one k3s-agent in maintenance at the same time
  • Drain nodes before running maintenance requests.

@flyingcircusio/release-managers

Release process

Impact:

Changelog:

  • k3s/kubernetes: implement clean automated maintenance. Agent nodes are drained (pods move to other nodes if possible) before executing maintenance requests and are uncordoned after maintenance is finished. Only one agent node can be in maintenance at any given time (PL-131525).

Security implications

  • Security requirements defined? (WHERE)
    • kubernetes maintenance commands must be limited to sudo-srv and admins groups
  • Security requirements tested? (EVIDENCE)
    • checked on the test k3s cluster that
      • automated maintenance drains and uncordons agent nodes properly
      • drain timeouts cause an agent tempfail
      • server-only nodes cannot be drained (which makes only sense for agents)
      • sudo rules are correct
    • automated tests cover new functionality

@dpausp dpausp force-pushed the PL-131525-k3s-maint branch 3 times, most recently from f62928c to 880703e Compare November 11, 2023 18:51
@dpausp dpausp changed the title k3s: add fc-kubernetes cmd, wait for nodes to drain before maintenance k3s implement clean automated maintenance Nov 11, 2023
@dpausp dpausp marked this pull request as ready for review November 11, 2023 23:15
@dpausp dpausp force-pushed the PL-131525-k3s-maint branch from 880703e to 10e37b8 Compare November 11, 2023 23:20
@dpausp dpausp requested a review from osnyx November 14, 2023 11:15
@dpausp dpausp force-pushed the PL-131525-k3s-maint branch from 10e37b8 to dc72d2d Compare November 15, 2023 10:51
@dpausp
k3s: automated maintenance
a32da67 
- Add fc-kubernetes agent command to be used manually and in maintenance
  enter/leave commands.
- Only allow one k3s-agent in maintenance at the same time
- Drain nodes before running maintenance request.

PL-131525
@dpausp dpausp force-pushed the PL-131525-k3s-maint branch from dc72d2d to a32da67 Compare November 16, 2023 14:39
@dpausp dpausp merged commit 6fc5d01 into fc-23.05-dev Nov 16, 2023
2 checks passed
@dpausp dpausp deleted the PL-131525-k3s-maint branch November 16, 2023 18:23
@dpausp dpausp mentioned this pull request Nov 21, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sysvinit sysvinit sysvinit approved these changes

@osnyx osnyx Awaiting requested review from osnyx

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpausp @sysvinit