baremetal + kube_ovn: k8s-cp stuck waiting for 46 pods to start

I'm still looking into this. It's a bizarre one. There are 23 ovn-central pods and 29 kube-ovn-monitor pods. There should only be 3 of each. The extra pods are failing with:

Status: Failed
Reason: NodeAffinity
Message: Pod was rejected: Predicate NodeAffinity failed

These pods have anti-affinity policies that prevent more than 1 of each from being placed on any given node. The failure makes sense, but it does not make sense why there are so many pods. The charm correctly requested 3 replicas.

From the kube-controller-manager logs, it looks like the ReplicaSet controller spam-created pods during a 10 second window in which one of the control-plane nodes was NotReady. The extra pods were never deleted.

I think I should be able to reproduce this by forcing a kubernetes-control-plane node into a NotReady state during kube-ovn deployment. Let me give that a try.

I'm not having any luck reproducing this. Under normal conditions, if there are too many pods, the NodeAffinity error doesn't occur because kube-scheduler is smart enough not to schedule multiple conflicting pods onto the same node. Somehow, this deployment hit a corner case where kube-scheduler thought that the node had room for a new pod, but kubelet thought that it had a conflict.

Regardless of how the deployment got here, I think the kubernetes-control-plane charm either should not block on the Failed pods (which will not retry and will not be cleaned up by Kubernetes), or it should clean up Failed pods on behalf of the user.

Thanks for the triage George,

I can say that we've only seen this one time, so something weird happened for sure and I'm not certain we can reproduce it either, but ill let you know if we see it more.

PR: https://github.com/charmed-kubernetes/charm-kubernetes-control-plane/pull/269