endpoint: Implement new Invalid endpoint state

[christarazi]

See commit msgs.

Endpoint (EP) creation can fail for many reasons due to invalid data, such as IP conflict or if it's created with reserved labels. When EP creation failed, EPs can be stuck in the "waiting-for-identity" state, and left to be garbage collected. However, even though the object would be garbage collected, the metric representing which state the EP is in, is never decremented, thus a leak.

This PR fixes this by introducing a new EP state representing an "invalid" EP. When EP creations fails, the EP will transition from its current state to "invalid", thus decrementing the current state metric.

Fix leaking endpoint state metric

[christarazi]

test-me-please

[coveralls]

Coverage increased (+0.06%) to 37.0% when pulling 8d3ddda on christarazi:pr/christarazi/fix-missed-decrement-metric-for-endpoints into 7316fa6 on cilium:master.

[aanm]

Write in the comment that this function is only used in tests.

[christarazi]

Fixed

[aanm]

I would suggest to create another function instead of reusing this one.

[aanm]

this should be false, not true. If an endpoint already exists aren't we potentially deleting that same endpoint?

[christarazi]

Good catch, will fix

[christarazi]

On second thought, this would suffer from the same thing I described below. Not deleting this endpoint object would leak the metric. Are you saying that because in this specific case, both endpoint have the same ID, that would result in the original endpoint object being deleted?

[christarazi]

Disregard my comments--was reading your comments from in order and didn't see your proposal at the end 👍

[aanm]

this should be false, not true. If an endpoint already exists aren't we potentially deleting that same endpoint?

[christarazi]

Good catch, will fix

[aanm]

this should be false, not true. same reasons above

[christarazi]

This would also be a very similar situation that I described below.

[aanm]

this should be false, not true. same reasons above

[christarazi]

This was the exact error case that a customer ran into. This specific case was causing the errant metric.

[aanm]

this should be false, not true. same reasons above

[christarazi]

Why would this be problematic? I'm not clear on what this check is validating.

[aanm]

In this file, instead of the proposed changes I suggest to do the following (on all error conditions):

		ep.SetState(endpoint.StateInvalidEndpoint, "Invalid endpoint")

and in pkg/endpoint/endpoint.go

diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
index 8bd438963..bd504c97a 100644
--- a/pkg/endpoint/endpoint.go
+++ b/pkg/endpoint/endpoint.go
@@ -96,6 +96,8 @@ const (
        // StateRestoring is used to set the endpoint is being restored.
        StateRestoring = string(models.EndpointStateRestoring)
 
+       // TODO Needs an new state in the api/v1/models`
+       StateInvalidEndpoint = string(models.StateInvalidEndpoint)
+
        // IpvlanMapName specifies the tail call map for EP on egress used with ipvlan.
        IpvlanMapName = "cilium_lxc_ipve_"
 )
@@ -1319,7 +1321,7 @@ func (e *Endpoint) setState(toState, reason string) bool {
                }
        case StateWaitingForIdentity:
                switch toState {
-               case StateReady, StateDisconnecting:
+               case StateReady, StateDisconnecting, StateInvalidEndpoint:
                        goto OKState
                }
        case StateReady:
@@ -1389,7 +1391,7 @@ OKState:
 
        // Since StateDisconnected is the final state, after which the
        // endpoint is gone, we should not increment metrics for this state.
-       if toState != "" && toState != StateDisconnected {
+       if toState != "" && (toState != StateDisconnected || toState != StateInvalidEndpoint) {
                metrics.EndpointStateCount.
                        WithLabelValues(toState).Inc()
        }
@@ -1403,7 +1405,7 @@ func (e *Endpoint) BuilderSetStateLocked(toState, reason string) bool {
        // Validate the state transition.
        fromState := e.state
        switch fromState { // From state
-       case StateWaitingForIdentity, StateReady, StateDisconnecting, StateDisconnected:
+       case StateWaitingForIdentity, StateReady, StateDisconnecting, StateDisconnected, StateInvalidEndpoint:
                // No valid transitions for the builder
        case StateWaitingToRegenerate, StateRestoring:
                switch toState {
@@ -1456,7 +1458,7 @@ OKState:
 
        // Since StateDisconnected is the final state, after which the
        // endpoint is gone, we should not increment metrics for this state.
-       if toState != "" && toState != StateDisconnected {
+       if toState != "" && (toState != StateDisconnected || toState != StateInvalidEndpoint) {
                metrics.EndpointStateCount.
                        WithLabelValues(toState).Inc()
        }

[joestringer]

Endpoint creation strikes again.

[joestringer]

FWIW I think a function like this would be nice to have in the actual code as well, to reference from the core state transition function. But I don't think it matters enough to further change this before merging.

[joestringer]

I checked through as well to see that we don't need this anywhere else such as errorDuringCreation(), but that path is fine because it invokes deleteEndpointQuiet() which would transition the endpoint into StateDisconnecting.