I have a Kubernetes cluster setup with a cluster autoscaler, and I'm trying to get Istio behaving properly on this cluster.
In my setup, I'm stuck with a few things:
The issue comes when the cluster autoscaler adds a new node when one of the aforementioned pods try to come up, but there aren't any resources available.
Istio CNI daemonset needs to finish bootstrapping the new node, but Kubernetes scheduler immediately schedules the pod when it sees that the node is in a ready state. There doesn't seem to be a way yet to stop kubernetes from marking the node ready until the daemonset finishes. This whole issue is covered in the Istio docs here.
For reasons I won't get into, I can't make the above pods a deployment/replicaset which probably rules out using Istio's recommended solution, since deleted pods won't spin up again.
The only solution I can think of right now is using a dynamic admission controller to mutate the pod spec and inject an init container that will watch the daemonset until it reaches the completed state.
So basically this leaves me with the following two questions:
Any help would be much appreciated! Thanks in advance!
Cheers
The only other viable solution which I was able to implement is to create a new deployment that will watch the istio-cni daemonset pods.
If it finds these pods not in a running state, it will:
Do ensure that you are aware of this potential side effect where if the node scales down with the custom added taints, the ASG will use this taint on any future nodes it spins up, preventing future pods from being scheduled on that NodeGroup.