Add support for Preservation of Machines and Backing nodes #1059
Conversation
gardener-robot
added
kind/api-change
|
@thiyyakat You need rebase this pull request with latest master branch. Please check. |
gardener-robot
added
needs/review
# Conflicts: # pkg/util/provider/machinecontroller/machine.go # pkg/util/provider/machinecontroller/machine_util.go
* remove use of machineStatusUpdate in machine preservation code since it uses a similarity check * introduce check of phase change in updateMachine() to initiate drain of preserved machine on failure. This check is only for preserved machines
* Introduce new annotation value for preservation `PreserveMachineAnnotationValuePreservedByMCM` * Update Condition.Reason and Condition.Message to reflect preservation by user and auto-preservation * Update Machine Deployment Spec to include AutoPreservedFailedMachineMax * Modify MachineSet controller to update status with count of auto-preserved machines * Add updated CRDs and generated code
* Split larger functions into smaller ones * Remove debug comments * Add comments where required
thiyyakat
force-pushed
the
feat/preserve-machine
branch
from
dece79a to
06ecf58
Compare
thiyyakat
force-pushed
the
feat/preserve-machine
branch
from
06ecf58 to
89f2900
Compare
|
Questions that remain unanswered:
|
…ler returns retry period
There was a problem hiding this comment.
Note: A review meeting was held today for this PR. The comments were given during the meeting.
During the meeting, we revisited the decision to move drain to Failed state for preserved machine. The reason discussed previously was that it didn't make sense semantically to move the machine to Terminating and then do the drain, because there is a possibility that the machine may recover. Since Terminating is a final state, the drain (separate from the drain in triggerDeletionFlow) will be performed in Failed phase. There was no change proposed during the meeting. This design decision was only reconfirmed.
takoverflow
left a comment
takoverflow
left a comment
There was a problem hiding this comment.
Have only gone through half of the PR, have some suggestions PTAL.
| // or if it is a candidate for auto-preservation | ||
| // TODO@thiyyakat: find more suitable name for function | ||
| func (c *controller) isMachineCandidateForPreservation(ctx context.Context, machineSet *v1alpha1.MachineSet, machine *v1alpha1.Machine) (bool, error) { | ||
| if machineutils.IsPreserveExpiryTimeSet(machine) && !machineutils.HasPreservationTimedOut(machine) { |
There was a problem hiding this comment.
IsPreserveExpiryTimeSet already checks that the time is non-zero, then only HasPreservationTimedOut is called.
Is there any reason to perform the redundant IsZero check for PreserveExpiryTime again in HasPreservationTimedOut?
I don't see the function being called elsewhere as well.
If the zero check is removed, it could just be simplified to
func HasPreservationTimedOut(m *v1alpha1.Machine) bool {
return !m.Status.CurrentStatus.PreserveExpiryTime.After(time.Now())
}| } | ||
| nodeName := machine.Labels[v1alpha1.NodeLabelKey] | ||
| if nodeName != "" { | ||
| preservedCondition := v1.NodeCondition{ |
There was a problem hiding this comment.
Consider renaming this to preservedConditionFalse?
| err := nodeops.AddOrUpdateConditionsOnNode(ctx, c.targetCoreClient, nodeName, preservedCondition) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| // Step 2: remove CA's scale-down disabled annotations to allow CA to scale down node if needed | ||
| CAAnnotations := make(map[string]string) | ||
| CAAnnotations[autoscaler.ClusterAutoscalerScaleDownDisabledAnnotationKey] = "" | ||
| latestNode, err := c.targetCoreClient.CoreV1().Nodes().Get(ctx, nodeName, metav1.GetOptions{}) | ||
| if err != nil { | ||
| klog.Errorf("error trying to get backing node %q for machine %s. Retrying, error: %v", nodeName, machine.Name, err) | ||
| return err | ||
| } | ||
| latestNodeCopy := latestNode.DeepCopy() | ||
| latestNodeCopy, _, _ = annotations.RemoveAnnotation(latestNodeCopy, CAAnnotations) // error can be ignored, always returns nil | ||
| _, err = c.targetCoreClient.CoreV1().Nodes().Update(ctx, latestNodeCopy, metav1.UpdateOptions{}) | ||
| if err != nil { | ||
| klog.Errorf("Node UPDATE failed for node %q of machine %q. Retrying, error: %s", nodeName, machine.Name, err) | ||
| return err | ||
| } |
There was a problem hiding this comment.
Is there a reason why there are two get and update calls made for a node, can these not be combined into a single atomic node object update?
And I know this is not part of your PR but can we update this RemoveAnnotation function, it's needlessly complicated.
All you have to do after fetching the object and checking that annotations are non-nil is
delete(obj.Annotations, annotationKey)Creating a dummy annotation map, then passing it and then creating a new map which doesn't have the key. All of this complication can be avoided.
There was a problem hiding this comment.
By 2 Get() calls are you referring to the call within AddOrUpdateConditionsOnNode and the following Get() here:
latestNode, err := c.targetCoreClient.CoreV1().Nodes().Get(ctx, nodeName, metav1.GetOptions{})?
The first one can be avoided if we didn't use the function. The second one is required because step 1 adds conditions to the node object, and the function does not return the updated node object. Fetching from the cache doesn't guarantee an up-to-date node object (tested this out empirically). I could potentially avoid fetching the objects if I didn't use the function. Will test it out.
The two update calls cannot be combined since step 1 requires an UpdateStatus() call, and step 2 updates the Spec, and requires an Update() call.
I will update the RemoveAnnotation function as recommended by you.
Edit: The RemoveAnnotation function returns a boolean indicating whether or not an update is needed. This value is being used in other usages of the function. The function cannot be updated. I will use your suggestion instead of using the function since the boolean value is not required in this case.
| // stopMachinePreservation stops the preservation of the machine and node | ||
| func (c *controller) stopMachinePreservation(ctx context.Context, machine *v1alpha1.Machine) error { | ||
| // check if preserveExpiryTime is set, if not, no need to do anything | ||
| if !machineutils.IsPreserveExpiryTimeSet(machine) { |
There was a problem hiding this comment.
Can there be scenarios where the preserveExpiryTime hasn't been set but the node has preserve conditions
and scale-down disabled annotation added to it? If so, then the removal will never proceed right?
Please let me know if it's not a possible scenario.
There was a problem hiding this comment.
The setting of the preserveExpiryTime is the first step in machine preservation. Node conditions and the CA annotation are added only if the step 1 completes successfully. However, if a user manually adds the CA annotation and the node condition, but not the preserveExpiryTime then the case you described may occur. I'm not sure we should handle that case though.
| if nodeName == "" && isExpirySet { | ||
| return true, nil | ||
| } | ||
| node, err := c.nodeLister.Get(nodeName) |
There was a problem hiding this comment.
What happens when a machine doesn't have the nodeName set i.e. nodeName is "" and isExpirySet is false.
Wouldn't this always fail? Why even try to get the node in that case?
Why not move the check above outside of this function i.e. inside preserveMachine, fetch the nodeName and
use isExpirySet. WDYT?
if nodeName == "" && isExpirySet {
return true, nil
}
if isExpirySet {
isComplete, err := c.isMachinePreservationComplete(machine, nodeName)
if err != nil {
return err
}
}| // if machine is preserved, stop preservation. Else, do nothing. | ||
| // this check is done in case the annotation value has changed from preserve=now to preserve=when-failed, in which case preservation needs to be stopped | ||
| preserveExpirySet := machineutils.IsPreserveExpiryTimeSet(clone) | ||
| machineFailed := machineutils.IsMachineFailed(clone) | ||
| if !preserveExpirySet && !machineFailed { | ||
| return | ||
| } else if !preserveExpirySet { | ||
| err = c.preserveMachine(ctx, clone, preserveValue) | ||
| return | ||
| } | ||
| // Here, we do not stop preservation even when preserve expiry time is set but the machine is in Running. | ||
| // This is to accommodate the case where the annotation is when-failed and the machine has recovered from Failed to Running. | ||
| // In this case, we want the preservation to continue so that CA does not scale down the node before pods are assigned to it | ||
| return |
There was a problem hiding this comment.
Please revisit this case, the comments and the code seem to contradict each other, if you wish to compare oldMachine annotation value with the newMachine
to make decisions to stop preservation etc, consider utilising updateMachine which would have both objects available.
Co-authored-by: Prashant Tak <[email protected]>
thiyyakat
force-pushed
the
feat/preserve-machine
branch
from
22c646e to
7c062b5
Compare
* fix edge case of handling switch from preserve=now to when-failed * Create map in package with valid preserve annotation values * Fix big where node condition's reason wouldn't get updated after toggling of preservation
* remove duplicate function to check preservation timeout * rename variables
* reduce get calls * remove usage of RemoveAnnotations()
3 participants
What this PR does / why we need it:
This PR introduces a feature that allows operators and endusers to preserve a machine/node and the backing VM for diagnostic purposes.
The expected behaviour, use cases and usage are detailed in the proposal that can be found here
Which issue(s) this PR fixes:
Fixes #1008
Special notes for your reviewer:
preserve=nowis set on node and machine has no annotations:preserve=false:preserve=nowis set on machine and node has no annotations:preserve=false:preserve=when-failedis set on machine:preserve=false:preservechanges fromnowtowhen-failed:TODO:
isMachineCandidateForPreservation()inmanageReplicas()returns an error.Release note: