kubeadm: wait for the etcd cluster to be available when growing it

[ereslibre]

What this PR does / why we need it:

When the etcd cluster grows we need to explicitly wait for it to be
available. This ensures that we are not implicitly doing this in
following steps when they try to access the apiserver.

Which issue(s) this PR fixes:

Fixes kubernetes/kubeadm#1353

Does this PR introduce a user-facing change?:

kubeadm: explicitly wait for `etcd` to have grown when joining a new control plane

/kind bug

[k8s-ci-robot]

Hi @ereslibre. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rosti]

/ok-to-test
/priority critical-urgent

[rosti]

/assign @fabriziopandini @timothysc @neolit123

[neolit123]

thanks for this @ereslibre
i think apart from the retry rate this is good.

also please add a release note instead of NONE
kubeadm: ......

[neolit123]

what do your tests reveal for the interval and n-retries @ereslibre ?

i think the 1 second rate might be too high. i would do something like 5 seconds, with 20 retries.
but let's gather more comments on this one before changing.

[ereslibre]

In my environment it's succeeding around the third time. An environment that has been alive for seconds, so I agree that 5 seconds looks reasonable (if the cluster of one machine is long-living more sync would be neded).

I'll adapt the PR, thanks!

[neolit123]

as a note/TODO: in a separate PR we need to make all the client methods to use pointers.
golang encourages a matching pattern.

[rosti]

Thanks @ereslibre !
Overall it looks good, though we need to fix the AddMember call.

[rosti]

Re-lgtm after things are back to normal.
/lgtm

[ereslibre]

/retest

[fabriziopandini]

@ereslibre Great work! this is a candidate a cherry pick!
Only a few small nits mostly UX related
Ping me when this is ready for approval

[fabriziopandini]

I don't like this function printing

    [util/etcd] Attempt timed out
    [util/etcd] Waiting 5s until next retry
    [util/etcd] Attempt timed out
    [util/etcd] Waiting 5s until next retry

IMO those output should be removed (or converted into log messages) in order to be consistent with all the other waiters in kubeadm.

However, considering that this requires to add "This can take up to ..." in every place where WaitForClusterAvailable is used, this goes out of the scope of this PR, so please open an issue to track this as a todo/good first issue

[ereslibre]

I proposed to use klog here too but @rosti didn't want to address this change on this PR, only changing the one potentially long with the endpoints. I agree with your point of view though @fabriziopandini.

@rosti, wdyt? Should I change this now that @fabriziopandini also raised this issue?

[ereslibre]

Marked as resolved as per discussion with @fabriziopandini, leaving it as it was as @rosti proposed.

[rosti]

I do think, that we need some sort of indication about the reason we wait another 5 seconds. This is tightly coupled with the UX of end users, that run kubeadm directly on command line. For that matter I am not a fan of klogging this. In my opinion it should go out via print.
On the other hand, we can certainly reduce the output here to say a single, more descriptive message per retry.
However, as @fabriziopandini mentioned, this will require changes in a few more places, thus it may better be done in another PR. We can file a backlog issue for now.

[neolit123]

i wanted to get more feedback on the 5 seconds and the interval of 20 tries.
if we can get a check faster than 5 on the average, possibly we can reduce the value?
also 20 tries is a lot. in reality, we might get the failed state much sooner.

[ereslibre]

In the last run it took 4 retries (of 5 seconds interval), this one was way off-charts and with a clean environment :(

[neolit123]

i've mentioned this on slack:

we may want to keep the overall time under 40seconds to match the kubelet timeout.
how about 2 seconds rate with 20 retries.

[neolit123]

@fabriziopandini @rosti please give you stamp of approval for the above comment.

[rosti]

I like the 40 seconds idea, but let's keep the steps at 5 sec. Bear in mind, that we have just written out the static pod spec, so the kubelet needs to detect it, spin it up and for etcd to become responsive. On some systems it's easy for this to come above 2 seconds.

[neolit123]

ok, @rosti is voting for 5 sec / 8 retries.
@fabriziopandini ?

[rosti]

@ereslibre can you, please, re-run the update-gofmt.sh script to fix the verify test? Thanks!

[ereslibre]

/retest

[fabriziopandini]

Looking at the code I don't see a relation between the kubelet timeout for TLS bottstrap and the timeout this PR sets for waiting for the new etcd member joining the cluster.

Said that, IMO 5s * 8 is reasonable for unblocking this fix and start the cherry-picking process;
so, considering that it seems there is consensus on those settings also from the other reviewers, and that the proposed solution is definetly an improvement vs current situation
/approve
/lgtm

Let's continue the discussion in parallel (slack/at the next office hours meeting) eventually asking to broader sig for some more feedbacks from the field

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ereslibre, fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [fabriziopandini]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[MalloZup]

We could also use kind of backoff algo for don't use a fixed timeout. https://en.m.wikipedia.org/wiki/Exponential_backoff?wprov=sfla1

[ereslibre]

@fabriziopandini I also have the same feeling and have discussed it with @neolit123 previously. So, just for the record, WaitForKubeletAndFunc basically waits for two things:

1. WaitForHealthyKubelet before some initial timeout (40 seconds)
2. The given function to WaitForKubeletAndFunc

When any of these two functions (given one or WaitForHealthyKubelet) returns, WaitForKubeletAndFunc returns. If the given function takes more than 40 seconds to finish, then the sleep on WaitForHealthyKubelet timeouts and actually checks that the kubelet is healthy.

I guess that I would say WaitForKubeletAndFunc basically means "please, run this function I give you, if it fails or succeeds it's fine, but if it takes more than 40 seconds to answer, then we check that the kubelet is running and healthy"