Waiting for volumeAttachments deletion

[mlavacca]

What this PR does / why we need it:
When a machine is deleted, the machine controller now waits for the volumeAttachments deletion before deleting the node.

Which issue(s) this PR fixes (optional, in fixes #<issue number> format, will close the issue(s) when PR gets merged):
Fixes #1189

Special notes for your reviewer:

Optional Release Note:

NONE

[moadqassem]

@mlavacca This seems quite strange and I have two questions:
1- It seems that the issue is related to the vSphere not the other cloud providers, thus why you are doing this on a global level(machine level) ?
2- If the node got deleted before the volume what is the error that you get actually? Because this is quite strange and an issue in the CSI driver itself not machine controller. Usually when a node doesn't exist, CCM/CSI or whatever controller should delete its resources. IIRC, it was possible to delete the volumeAttachment objects and then the PVs are released, PVCs get deleted, via a ticker service.

In general I don't think it is the job for machine controller to remove volumes, that's why we use CSI driver :-) . If this is indeed an issue in the driver, I would strongly recommend to leave a finalizer on the machine object, during the cleanup, check for the node name under the machine status and remove the volumeAttachment. and then remove the finalizer off the machine.

[mlavacca]

@moadqassem

2- If the node got deleted before the volume what is the error that you get actually? Because this is quite strange and an issue in the CSI driver itself not machine controller.

Yes, there is an issue in the CSI driver for vSphere, and the aiming of this PR is to mitigate that. If the node is deleted before that CSI driver has time to delete the volumeAttachmentes, they will hang forever, and the new pods that will try to mount the associated volume won't be able because of the existence of the outdated volumeAttachments.

In general I don't think it is the job for machine controller to remove volumes, that's why we use CSI driver :-) . If this is indeed an issue in the driver, I would strongly recommend to leave a finalizer on the machine object, during the cleanup, check for the node name under the machine status and remove the volumeAttachment. and then remove the finalizer off the machine.

I'm not removing any volumeAttachment, this code introduces a wait to be sure that all the volumeAttachments are correctly deleted by the CSI driver. For this reason, I do not see why it should be a problem having this behavior for all the cloud providers.

BTW, something didn't work as expected during the e2e tests, I'm going to investigate and debug them

[moadqassem]

I'm not removing any volumeAttachment

That's the thing. I mean if we. can just simply remove those as part of the cleanup process. So in other words, when cleanup is called, check out the volume attachment, and remove them based on the machine referenced node. This way you will not block the node draining/termination and you keep the mitigation locally where it should be until the vmware folks fix the issue is resolved:

kubernetes-sigs/vsphere-csi-driver#359

P.S: it was created almost 2 years ago, but was active again 3 weeks ago so 🤞

[mlavacca]

I'm not removing any volumeAttachment

That's the thing. I mean if we. can just simply remove those as part of the cleanup process. So in other words, when cleanup is called, check out the volume attachment, and remove them based on the machine referenced node. This way you will not block the node draining/termination and you keep the mitigation locally where it should be until the vmware folks fix the issue is resolved:

kubernetes-sigs/vsphere-csi-driver#359

P.S: it was created almost 2 years ago, but was active again 3 weeks ago so 🤞

Problem is that the volumeAttachments are managed by the CSI driver; if you delete them, they are automatically recreated. Furthermore, they have a finalizer (external-attacher/csi-vsphere-vmware-com) that is added/removed by the CSI driver, therefore I don't see a correct way to manually clean them up.

[moadqassem]

Can we just abstract this behaviour in a method and only run it if the cloud provider is vSphere.

[moadqassem]

Just call this method here when the cloud provider is vsphere and the Volume attachment are gone.

[mlavacca]

/retest

[mlavacca]

/test pull-machine-controller-e2e-gce

[mlavacca]

@moadqassem I implemented your suggested solution, PTAL

[mlavacca]

/retest

[mlavacca]

Code has been improved to handle both the node rollout and the node deletion on a single node cluster. @moadqassem PTAL

[moadqassem]

I thought that we are not gonna need this and we will just change how the node is drained. For example if there is a volume still attached then don't remove the csi driver pod and once no volumeattachment is there then remove the pod.

[mlavacca]

Yes, and this is an implementation of that behavior. If there are volumeAttachments:

1. Cordon the old node
2. delete all pods using volumes attached to the old node
3. wait for the CSI-driver to collect the volumeAttachments
4. drain the old node.

[moadqassem]

Sure, but can't we just fix this in the NodeEviction.Run method? why don't we handle the case over there, instead of having it here. Eventually the code is kinda similar, only difference is, the deletion criteria.

[moadqassem]

Sure, but can't we just fix this in the NodeEviction.Run method? why don't we handle the case over there, instead of having it here. Eventually the code is kinda similar, only difference is, the deletion criteria.

[moadqassem]

/retest

[moadqassem]

/approve
/lgtm

[kubermatic-bot]

LGTM label has been added.

Git tree hash: 67d0192b6ca5112a0f5afb02d39ab85add9c1667

[kubermatic-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mlavacca, moadqassem

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [moadqassem]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[moadqassem]

/cherry-pick release/v1.36

[kubermatic-bot]

@moadqassem: #1190 failed to apply on top of branch "release/v1.36":

Applying: Waiting for volumeAttachments deletion
Applying: volumeAttachments check only for vSphere
Applying: ClusterRole updated
Applying: yaml linter fixed
Applying: VolumeAttachments correctly handled
Using index info to reconstruct a base tree...
M	cmd/machine-controller/main.go
M	pkg/controller/machine/machine_controller.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/controller/machine/machine_controller.go
Auto-merging cmd/machine-controller/main.go
CONFLICT (content): Merge conflict in cmd/machine-controller/main.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0005 VolumeAttachments correctly handled
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release/v1.36

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[moadqassem]

/cherry-pick release/v1.42

[kubermatic-bot]

@moadqassem: new pull request created: #1212

In response to this:

/cherry-pick release/v1.42

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kron4eg]

/cherrypick release/v1.43

[kubermatic-bot]

@kron4eg: new pull request created: #1256

In response to this:

/cherrypick release/v1.43

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kron4eg]

/cherrypick release/v1.37

[kubermatic-bot]

@kron4eg: #1190 failed to apply on top of branch "release/v1.37":

Applying: Waiting for volumeAttachments deletion
Applying: volumeAttachments check only for vSphere
Applying: ClusterRole updated
Applying: yaml linter fixed
Applying: VolumeAttachments correctly handled
Using index info to reconstruct a base tree...
M	cmd/machine-controller/main.go
M	pkg/controller/machine/machine_controller.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/controller/machine/machine_controller.go
Auto-merging cmd/machine-controller/main.go
CONFLICT (content): Merge conflict in cmd/machine-controller/main.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0005 VolumeAttachments correctly handled
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release/v1.37

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.