Allow customers to use priority expander in GKE [249990466]

Assigned

Feature Request

Status Update

No update yet.

Description

po...@google.com

created issue #1

Sep 30, 2022 02:55PM

Problem you have encountered:

Unable to modify the default parameter of the Kubernetes Cluster Autoscaler Expanders to Priority based, as the profiles of Cluster Autoscaling do not behave as required. The request is to ask for a creation of a parameter of the cluster autoscaling feature or a cluster autoscaler profile, which enables the usage of this Kubernetes Autscaler Expander on Priority Based, and other values (if possible).

What you expected to happen:

That Google Kubernetes Engine clusters allow the possibility to implement the use of different Kubernetes Cluster Autoscaler Expanders in any way or form, more specifically, setting the Cluster Autoscaler Expander to a Priority based expander instead of the default parameter set by the setup script for nodes on GCE, “Price”.

Other information (workarounds you have tried, documentation consulted, etc):

The official and supported alternative to this are the profiles of the Cluster Autoscaling feature on GKE, with usage of the "optimize utilization" profile and other additional features (Node Taints, Node Affinity, PodDisruptionBudgets and configuration of the Autoscalers), and in terms of modifications to the Cluster Autoscaler, the nature of GKE being a layer of abstraction and system with its skeleton being the Managed Instance Groups of Google Compute Engine, make the possibility to use features such as these, an opportunity to generate conflicts and scaling issues, as both auto scaling systems are different and separate of each other.

The workarounds might work, but wanted to make a Feature Request for this feature to be inside of Google Cloud Platform nevertheless.

What are Expanders?: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders

Priority based expander for cluster-autoscaler: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/expander/priority/readme.md

"Price" parameter: https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/config-default.sh#:~:text=export%20AUTOSCALER_EXPANDER_CONFIG%3D%22%24%7BKUBE_AUTOSCALER_EXPANDER_CONFIG%3A%2D%2D%2Dexpander%3Dprice

Cluster autoscaler - How cluster autoscaler works: https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#how_cluster_autoscaler_works

Comments

po...@google.com <po...@google.com> #2Sep 30, 2022 02:58PM

Hello,

Thanks for reaching out to us!

The Product Engineering Team has been made aware of your feature request, and will address it in due course. Though we can't provide an ETA on feature requests nor guarantee their implementation, rest assured that your feedback is always taken very seriously, as it allows us to improve our products. Thank you for your trust and continued support to improve Google Cloud Platform products.

In case you want to report a new issue, please do not hesitate to create a new Issue Tracker thread describing your issue. Once again, thank you for the suggestions.

Thanks & Regards,
Manish Bavireddy.
Google Cloud Support

mw...@singlestore.com <mw...@singlestore.com> #3Mar 1, 2023 12:34AM

Hello,

We are stuck with the same problem.
We have an open case with Google Support about this and, among others, they have redirected us here.
We have tried the following workaround:

START THE WORKARROUND

As per temporary fix the recommended way to match on port would be at the Gateway level.In the following example, the Route will only match incoming traffic on port 80 because it's attaching to the "http" Gateway listener.

apiVersion:

gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
spec:
gatewayClassName: gke-l7-global-external-managed
listeners:
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
---
apiVersion:

gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-store-80
spec:
parentRefs:
- name: my-gateway
sectionName: http
hostnames:
- "

store.example.com"
rules:
backendRefs:
- name: my-service
port: 8080

END THE WORKARROUND

But the workarround has not worked, the problem persists.
We post this comment to see what the status of the Issue is and to see if there are other workarrounds available.

Thanks & Regards,
Joan Cholvi.
Mercadona

bo...@google.com <bo...@google.com> Mar 17, 2023 05:10AM

Assigned to bo...@google.com.

bo...@google.com <bo...@google.com> #4Mar 17, 2023 12:46PM

Hi,

Thanks for your response.

The information has been shared with the Product Team and further updates will be provided in this thread.

According to the Public Issue Tracker Process, we wait for a bug to gain a handful of stars, and hopefully, comments from several users before the engineering team works on the issue. Though we can't provide an ETA on this issue nor guarantee their implementation, rest assured that your feedback is always taken very seriously.

Please note that the Issue Tracker is primarily meant for reporting bugs and requesting new features. If you have any additional issues or concerns, please don’t hesitate to create a new thread on the Issue Tracker. We appreciate your cooperation!

Thanks

bo...@google.com <bo...@google.com> Mar 20, 2023 08:29AM

Reassigned to gc...@google.com.

ed...@doubleverify.com <ed...@doubleverify.com> #5Mar 20, 2023 12:29PM

Team, this is a blocker for new customer. Please advise any workarounds.

ae...@gmail.com <ae...@gmail.com> #6Jun 1, 2023 05:42AM

Hello,

we also had the problem of receiving an 404 HTTP Error with the body message 'fault filter abort' whenever a client connects to the gatway with a port inside the 'Host' Header.

For everyone looking for a workaround, try it this way: For every domain, create one HTTPRoute with two matchers for the HTTP Header "Host". One matching "Host" to "domain:port" and one matching "Host" to "domain" without the port.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: my-workaround-https-route
spec:
#  hostnames:
#    - "mydomain.com"
  parentRefs:
    - kind: Gateway
      name: my-gateway
      sectionName: https-listener
  rules:
    # This host header matchers are the workaround 
    # Open issue at google (https://issuetracker.google.com/issues/294510336)
    - matches:
        # Matches domain with port
        - headers:
            - name: "Host"
              value: "mydomain.com:443"
          path:
            value: /
            type: PathPrefix
        # Matches domain only
        - headers:
            - name: "Host"
              value: "mydomain.com"
          path:
            value: /
            type: PathPrefix
      # This is not important for the workaround but maybe also useful for people switching from ingress to gateway
      filters:
        - type: RequestHeaderModifier
          requestHeaderModifier:
            set:
              - name: X-Forwarded-Host
                value: "{tls_sni_hostname}"
      backendRefs:
        - name: my-backend-service
          port: 8080

The downside is that you have to create matchers instead of just simply listing all the domains you want to route through this rule. If you use multiple HTTPRoute resources for the same domains, make sure that the rules do not overwrite each other.

I hope the issue gets resolved quickly, we can't implement it on all domains and can't migrate all load balancers to gateway api.

ma...@google.com <ma...@google.com> Mar 29, 2024 10:30AM

Reassigned to ma...@google.com.

ma...@google.com <ma...@google.com> Mar 29, 2024 01:13PM

Reassigned to gc...@google.com.

ch...@gmail.com <ch...@gmail.com> #7Jun 26, 2024 06:00AM

Experiencing the same issue after upgrading gateway class from gke-l7-gxlb to gke-l7-global-external-managed.

ol...@aspira.global <ol...@aspira.global> #8Feb 13, 2025 04:53PM

Hey folks, do you have any plan to implement such feature?

Also, as work-a-round, is it possible to disable preinstalled Cluster Autoscaler and install the custom one with different priority expander?