Allowed Pod disruptions
You can configure the allowed Pod disruptions for Zookeeper nodes as described in Allowed Pod disruptions.
Unless you configure something else or disable our PodDisruptionBudgets (PDBs), we write the following PDBs:
Servers
Zookeeper servers need a certain number of nodes to be available to form a quorum to serve client requests.
Taking this into consideration, our operator uses the following algorithm to determine the maximum number of servers allowed to be unavailable at the same time:
num_servers is the number of server in the Zookeeper cluster, summed over all roleGroups.
fn quorum_size(num_servers: u16) -> u16 {
// Same as max((num_servers / 2) + 1, 1), but without the need for floating point arithmetics,
// which are subject to rounding errors.
max((num_servers + 2) / 2, 1)
}
// Minimum required amount of servers to form quorum.
let quorum_size = quorum_size(num_servers);
// Subtract one to not cause a single point of failure
let max_unavailable = num_servers.saturating_sub(quorum_size).saturating_sub(1);
// Clamp to at least a single node allowed to be offline, so we don't block Kubernetes nodes from draining.
let max_unavailable = max(max_unavailable, 1)This results e.g. in the following numbers:
| It is strongly recommended to use an odd number of servers (e.g. 3, 5 or 7). |
Number of servers |
Quorum size |
Maximum unavailable servers |
1 |
1 |
1 |
2 |
2 |
1 |
3 |
2 |
1 |
4 |
3 |
1 |
5 |
3 |
1 |
6 |
4 |
1 |
7 |
4 |
2 |
8 |
5 |
2 |
9 |
5 |
3 |
10 |
6 |
3 |
20 |
11 |
8 |