K
Q

Web-Server running in an EKS cluster with spot-instances

5/2/2021

I'm running a web-server deployment in an EKS cluster. The deployment is exposed behind a NodePort service, ingress resource, and AWS Load Balancer controller. This deployment is configured to run on "always-on" nodes, using a Node Selector.

The EKS cluster runs additional auto-scaled workloads which can also use spot instances if needed (in the same namespace).

Since the Node-Port service exposes a static port across all nodes in the cluster, there are many targets in the said target group, which are being registered and de-registered whenever a new node is being added/removed from the cluster.

What exactly happens if a request from the client is being navigated to the service that resides in a node that is about the be scaled down?

I'm asking since I'm getting many 504 Gateway Timeouts from the ALB. Specifically, these requests do not reach our FE/BE pods and terminate at the ALB level.

-- Gil Shelef
amazon-eks
aws-application-load-balancer
kubernetes
kubernetes-ingress
kubernetes-service

Similar Questions

Is there a way to get ordinal index of a pod with in kubernetes statefulset configuration file?
How do I present a custom GCP service account to kubernetes workloads?
Kubernetes Helm chart requirements.yaml file dependencies false condition
Cloud SQL Connection with Kubernetes/Proxy Side Car
cross-region k8s inter-cluster communication in GCP

1 Answer

5/4/2021

Welcome to the community @gil-shelef!

Based on AWS documentation, there should be used additional handlers to add both resilience and cost-savings.

Let's start with understanding how this works: There is a specific node termination handler DaemonSet which adds pods to each spot instances and listens to spot instance interruption notification. This provides a possibility to gracefully terminate any running pods on that node, drain the node from loadbalancer and for Kubernetes scheduler to reschedule removed pods on different instances.

Workflow looks like following (taken from aws documentation - Spot Instance Interruption Handling. This link also has an example):

The workflow can be summarized as:

  • Identify that a Spot Instance is about to be interrupted in two minutes.
  • Use the two-minute notification window to gracefully prepare the node for termination.
  • Taint the node and cordon it off to prevent new pods from being placed on it.
  • Drain connections on the running pods.

Once pods are removed from endpoints, kube-proxy will trigger an update in iptables. It takes a little bit of time. To make this smoother for end-users, you should consider adding pre-stop pause about 5-10 seconds. More information about how this happens and how you can mitigate it, you can find in my answer here.

Also here are links for these handlers:

For your last question, please check this AWS KB article on how to troubleshoot EKS and 504 errors

-- moonkotte
Source: StackOverflow