Enforce "spread across hosts" only for zonal Istio ingress-gateways #12007
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 tasks
|
/assign |
ScheererJ
approved these changes
May 6, 2025
|
LGTM label has been added. Git tree hash: 1798d6884d701e0a14961afb1876a9cd81d704ee
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ScheererJ The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
How to categorize this PR?
/area auto-scaling cost
/kind enhancement
What this PR does / why we need it:
With this PR Gardener enforces spreading Istio ingress-gateway pods across hosts only for zonal deployments.
For zonal Istio ingress-gateway deployments this enforcement is beneficial for the availability of the endpoints served by Istio since the failure of a single node does not lead to unavailable endpoints.
In case of regional Istio ingress-gateway deployments there are at least 4 other pods in the other zones even when the distribution across nodes is only preferred since we enforce a zonal spread in this case anyway. This saves some resources in the Garden runtime cluster and on small HA Seeds since it reduces the minimum node count from 6 to 3.
Additionally, this PR removes the pod anti affinity since according to the Gardener component check list it is best practice to add HA relevant settings via GRM HA webhook.
Which issue(s) this PR fixes:
Part of #8810
Special notes for your reviewer:
Release note: