我的书签
添加书签
移除书签Failover Analysis
Let’s briefly analyze the Karmada failover feature.
Add taints on fault cluster
After the cluster is determined to be unhealthy, a taint with Effect set to NoSchedule will be added to the cluster as follows:
- when cluster’s
Readycondition isFalse, add the following taint:
key: cluster.karmada.io/not-readyeffect: NoSchedule
- when cluster’s
Readycondition isUnknown, add the following taint:
key: cluster.karmada.io/unreachableeffect: NoSchedule
If an unhealthy cluster is not recovered for a period of time, which can be configured via --failover-eviction-timeout flag(default is 5 minutes), a new taint with Effect set to NoExecute will be added to the cluster as follows:
- when cluster’s
Readycondition isFalse, add the following taint:
key: cluster.karmada.io/not-readyeffect: NoExecute
- when cluster’s
Readycondition isUnknown, add the following taint:
key: cluster.karmada.io/unreachableeffect: NoExecute
Tolerate cluster taints
After users creates a PropagationPolicy/ClusterPropagationPolicy, Karmada will automatically add the following toleration through webhook:
apiVersion: policy.karmada.io/v1alpha1kind: PropagationPolicymetadata:name: nginx-propagationnamespace: defaultspec:placement:clusterTolerations:- effect: NoExecutekey: cluster.karmada.io/not-readyoperator: ExiststolerationSeconds: 300- effect: NoExecutekey: cluster.karmada.io/unreachableoperator: ExiststolerationSeconds: 300resourceSelectors:- apiVersion: apps/v1kind: Deploymentname: nginxnamespace: default
The tolerationSeconds can be configured via --default-not-ready-toleration-seconds flag(default is 300) and default-unreachable-toleration-seconds flag(default is 300).
Failover
When karmada detects that the faulty cluster is no longer tolerated by PropagationPolicy/ClusterPropagationPolicy, the cluster will be removed from the resource scheduling result and the karmada scheduler will reschedule the reference application.
There are several constraints:
- For each rescheduled application, it still needs to meet the restrictions of
PropagationPolicy/ClusterPropagationPolicy, such as ClusterAffinity or SpreadConstraints. - The application distributed on the ready clusters after the initial scheduling will remain when failover schedule.
Duplicated schedule type
For Duplicated schedule policy, when the number of candidate clusters that meet the PropagationPolicy restriction is not less than the number of failed clusters, it will be rescheduled to candidate clusters according to the number of failed clusters. Otherwise, no rescheduling. The candidate cluster refers to the newly calculated cluster scheduling result in this scheduling process, which is different from the scheduled cluster in the last scheduling result.
Take Deployment as example:
unfold me to see the yaml
apiVersion: apps/v1kind: Deploymentmetadata:name: nginxlabels:app: nginxspec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginx---apiVersion: policy.karmada.io/v1alpha1kind: PropagationPolicymetadata:name: nginx-propagationspec:resourceSelectors:- apiVersion: apps/v1kind: Deploymentname: nginxplacement:clusterAffinity:clusterNames:- member1- member2- member3- member5spreadConstraints:- maxGroups: 2minGroups: 2replicaScheduling:replicaSchedulingType: Duplicated
Suppose there are 5 member clusters, and the initial scheduling result is in member1 and member2. When member2 fails, it triggers rescheduling.
It should be noted that rescheduling will not delete the application on the ready cluster member1. In the remaining 3 clusters, only member3 and member5 match the clusterAffinity policy.
Due to the limitations of spreadConstraints, the final result can be [member1, member3] or [member1, member5].
Divided schedule type
For Divided schedule policy, karmada scheduler will try to migrate replicas to the other health clusters.
Take Deployment as example:
unfold me to see the yaml
apiVersion: apps/v1kind: Deploymentmetadata:name: nginxlabels:app: nginxspec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginx---apiVersion: policy.karmada.io/v1alpha1kind: PropagationPolicymetadata:name: nginx-propagationspec:resourceSelectors:- apiVersion: apps/v1kind: Deploymentname: nginxplacement:clusterAffinity:clusterNames:- member1- member2replicaScheduling:replicaDivisionPreference: WeightedreplicaSchedulingType: DividedweightPreference:staticWeightList:- targetCluster:clusterNames:- member1weight: 1- targetCluster:clusterNames:- member2weight: 2
Karmada scheduler will divide the replicas according the weightPreference. The initial schedule result is member1 with 1 replica and member2 with 2 replicas.
When member1 fails, it triggers rescheduling. Karmada scheduler will try to migrate replicas to the other health clusters. The final result will be member2 with 3 replicas.
Graceful eviction feature
In order to prevent service interruption during cluster failover, Karmada need to ensure the removal of evicted workloads will be delayed until the workloads are available on new clusters.
The GracefulEvictionTasks field is added to ResourceBinding/ClusterResourceBinding to indicate the eviction task queue.
When the faulty cluster is removed from the resource scheduling result by taint-manager, it will be added to the eviction task queue.
The gracefulEviction controller is responsible for processing tasks in the eviction task queue. During the procession, the The gracefulEviction controller evaluates whether the current task can be removed form the eviction task queue one by one. The judgement conditions are as follows:
- Check the health status of the current resource scheduling result. If the resource health status is healthy, the condition is met.
- Check whether the waiting duration of the current task exceeds the timeout interval, which can be configured via
graceful-eviction-timeoutflag(default is 10 minutes). If exceeds, and meets the condition.
