I don't understand what this is doing. Can you please explain or point to some documentation?

Since we have local storage mounted it was preventing to scale-down and delete the node.

https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-types-of-pods-can-prevent-ca-from-removing-a-node

Actually, I just realised your question was about the podAffinity.

It's actually wrong it's podAntiAffinity it's to make sure that when it's scale-down it leave the pod on multiple zones.

OK, that makes more sense, thanks.

Why limit to so little memory? The nodes have 3.75 GB available, and only one imageserver pod should be running on each node.

I'm testing with preempt instances the 1.7G one just so i dont spend to much money on testing the auto scale. I will adjust the memory accordingly once i'm content with my pr.

OK, sounds good.

Do we need to limit CPU usage? Why not let the pod use as much CPU as is available?

no, i was testing at that time. I will remove the limit for cpu.

Either the comment needs to be updated, or something else...

noted!

Is there a reason to change to /dev/stdout and /dev/stderr? This wrapper is being run via monit, so stdout and stderr of the monit process are not necessarily the right place for this output.

yes, never mind that.

Would it be reasonable to make this higher? In streambed we upgrade 25% of our nodes at a time (or that was the intention anyway), and if we lose an availability zone that's 33% of our nodes.

if we have 3 pods running it will spin-up 3 new with the latest image and kill one by one the old one.

OK, but if we have 15 pods running it still kills them one by one, right? Wouldn't it make sense to kill more at a time?

yes its either a fixed number or a % so we can probably set it to 50%

30% would be safer, unless you can guarantee that Kubernetes will wait for all the new nodes to become available before starting to remove nodes. (We wouldn't want to end up with 50% of the required number of nodes.)

it actually wait for new pods to ready before it start killing the old one. The default is 25% we can also leave it to default.

OK, the default sounds reasonable.

Don't we still need antiAffinity to prevent two pods from ending up on the same node? Or are you counting on resource limits to do that? (Smaller commits, and explaining your reasoning in the commit comment would help here...)

counting on the resource limit to do that.. and if we do switch for larger instances than we won't care if they spin-up to the same server.

When I designed this initially I couldn't find a way to set the resource requests such that one and only one imageserver process could occupy a node, but also allow Kubernetes internal pods to occupy that node.

Is there a way to do it now? This will be an issue if we want to have imageservers in the default node pool, and I think we do.

its the case now that's why i'm using a new pool like we have for redis. This way kube-system won't be allow to run there so we won't affect our critical pods.

The only way i saw it done was with toleration + taint

I don't see why we would want imageservers to run on the default pool. Any reason?

I explained my concerns about adding a new node pool briefly in the last paragraph here: #128 (review)

You don't need tolerations and taints to prevent two pods from occupying the same node. That's what the podAntiAffinity statement you're removing was doing, and it was working.

• If I use pod podAntiAffinity to prevent imageserver on kube-system. Will end-up with the same having dedicated machine for kube-system but sharing the same pool... I don't mind doing. Just simpler to use a pool "backend" and put everything else related in there.

• If I set an podAntiAffinity for imageserver we must make sure to apply it on every app this is where I think a pool make sense.

• Another situation is when it scale down it evict the kube-system service that is on the node and it restart else where in case of heapster we lose 5 min of metrics. Not a big deal but we might end up with lots of gap in our graph

I'm just suggesting using podAntiAffinity to prevent two imageserver pods from occupying the same node like we do now.

I still don't understand why having Kubernetes internal pods on the same nodes as the imageserver pods is a big deal. They don't use significant amounts of resources, do they? I do understand your concern about losing metrics, but I think it's worth trying anyway. I'm surprised Kubernetes isn't designed to scale down by terminating other nodes rather than these, but it sounds like something we have to live with.

I've changed it back the way it was to use the default-pool and re-added the AntiAffinity to prevent two imageserver on the same host.

• I've re-ran a stress test and no issue with heapster.

Can you please explain the reason for this change?

this is to scale down we want to have a minimum a 3 instances when the load is low.

I mean changing maxReplicas to be 12x "max-nodes".

i might have to increase it, we peaked at 16 last night

Why are we changing this from 3x "max-nodes" to 12x or 16x "max-nodes"? Unless something else changed, the "max-nodes" variable set in GKE sets the maximum number of nodes per zone, and so with 3 zones we want to multiply this number by 3 to get "maxReplicas".

"minReplicas" works the same way except for "min-nodes".

If things have changed (as a result of some change elsewhere in GKE, or as a result of your work), please explain what's changed.

it still 3x "max-nodes" I'll fix the comment 👍

Is this right? We discussed it over here: #128 (comment) and you said it should be podAntiAffinity.

If this is right as written, can you please explain what it's doing and how it works?

I'm going to check with @etpinard and make sure the CI pass before merging and deploying.

I've tested with the following examples : https://drive.google.com/open?id=19_bM6OPBQ-T74qZbz32uSpD50DDloXJs and the folder : jody-imageserver-test:/home/scjody/full/

Your right about AntiAffinity.. I just commited the change.

ref #130 (comment)

#130 should get merged soon, merging master into this branch after that should suffice to get the tests to pass again.

Alternatively, you can cherry-pick the 4 commits off #130 into this branch.

Thanks for the podAntiAffinity fix.