|
2 | 2 | title: Operator Nexus rack resiliency |
3 | 3 | description: Document how rack resiliency works in Operator Nexus Near Edge |
4 | 4 | ms.topic: article |
5 | | -ms.date: 05/28/2025 |
| 5 | +ms.date: 06/03/2025 |
6 | 6 | author: eak13 |
7 | 7 | ms.author: ekarandjeff |
8 | 8 | ms.service: azure-operator-nexus |
@@ -65,24 +65,6 @@ Operator Nexus supports control plane resiliency in single rack configurations b |
65 | 65 |
|
66 | 66 | In disaster situations when the control plane loses quorum, there are impacts to the Kubernetes API across the instance. This scenario can affect a workload's ability to read and write Custom Resources (CRs) and talk across racks. |
67 | 67 |
|
68 | | -## Automated remediation for Kubernetes Control Plane, Management Plane, and Compute nodes |
69 | | - |
70 | | -To avoid losing Kubernetes control plane (KCP) quorum, Operator Nexus provides automated remediation when certain server issues are detected. In certain situations, this automated remediation extends to Management Plane & Compute nodes as well. |
71 | | - |
72 | | -As a general overview of server resilience, here are the triggers for automated remediation: |
73 | | - |
74 | | -- For all servers: if a server fails to provision successfully after four hours, automated remediation occurs. |
75 | | -- For all servers: if a running node is stuck in a read only root filesystem mode for 10 minutes, automated remediation occurs. |
76 | | -- For KCP and Management Plane servers, if a Kubernetes node is in an Unknown state for 30 minutes, automated remediation occurs. |
77 | | - |
78 | | -Remediation Process: |
79 | | - |
80 | | -- Remediation of a Compute node is one reprovisioning attempt. If the reprovisioning fails, the node is marked `Unhealthy`. |
81 | | -- Remediation of a Management Plane node is to attempt one reboot and then one reprovisioning attempt. If those steps fail, the node is marked `Unhealthy`. |
82 | | -- Remediation of a KCP node is to attempt one reboot. If the reboot fails, the node is marked `Unhealthy` which triggers the immediate provisioning of the spare KCP node. |
83 | | - |
84 | | -Ongoing control plane resiliency requires a spare KCP node. When KCP node fails remediation and is marked `Unhealthy`, a deprovisioning of the node occurs, and an exchange with a suitable healthy Management Plane server occurs. This Management Plane server becomes the new spare KCP node. The failed KCP node is updated and labeled as a Management Plane node. Once the label changes, an attempt to provision the newly labeled management plane node occurs. If it fails to provision, the management plane remediation process takes over. If it fails provisioning or doesn't run successfully, the machine's status remains unhealthy and the user must fix. The unhealthy condition surfaces to the Bare Metal Machine's (BMM) `detailedStatus` fields in Azure, and clears through a BMM Replace action. |
85 | | - |
86 | 68 | ## Related Links |
87 | 69 |
|
88 | 70 | [Determining Control Plane Role](./reference-near-edge-baremetal-machine-roles.md) |
|
0 commit comments