Under following conditions session affinity leads to a deadlock:
- Self hosted controller-manager, where it talks to API servers
via kubernetes service ClusterIP
- default master-count reconcilier is used
- --apiserver-count is set to >1 according to the help message
- number of responsive APIServers goes below `apiserver-count`
- all controller-managers happen to be hashed to APIServers which
are down.
What then happens is that controller managers never be able to
contact APIServer, despite correctly working APIServer available.
Less serious outages also possible for other consumers of kubernetes
service, such as operators, kube-dns, flannel & calico, etc. There is
always non zero chance, that given consumer is hashed to an apiserver
which is down.
Revert "give the kubernetes service client ip session affinity"
This reverts commit e21ebbcac4.
checkEndpointSubsetFormat ensures that,
1. the current master's IP is in the list of addresses
2. the number of IPs in the list exactly matches the master count
This is problematic while masters are in the process of starting
because it causes frequent updates to the kubernetes endpoints until
all masters have started and added themselves to the list.
checkEndpointSubsetFormat should report success if the current
master's IP is found and the count of addresses is less than or equal
to the expected count.
These are "Bootstrap Controllers" as distinct from
the controllers in the controller-manager binary - they
are necessary for the cluster to start running.
Maxim Ivanov