[BUG] Reading stale RabbitmqCluster information can lead to undesired statefulset deletion #648
Labels
bug
Something isn't working
Comments
|
I think using type DeleteOptions struct {
unversioned.TypeMeta `json:",inline"`
// Optional duration in seconds before the object should be deleted. Value must be non-negative integer.
// The value zero indicates delete immediately. If this value is nil, the default grace period for the
// specified type will be used.
GracePeriodSeconds *int64 `json:"gracePeriodSeconds,omitempty"`
// Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be
// returned.
Preconditions *Preconditions `json:"preconditions,omitempty"`
// Should the dependent objects be orphaned. If true/false, the "orphan"
// finalizer will be added to/removed from the object's finalizers list.
OrphanDependents *bool `json:"orphanDependents,omitempty"`
} |
|
@embano1 Thanks for the pointer! |
|
Thank you @srteam2020 for reporting this and for submitting a PR to fix it. We discussed this issue yesterday in our internal sync up and we will have a look at your PR, likely tomorrow. |
srteam2020
added a commit
to srteam2020/cluster-operator
that referenced
this issue
Apr 7, 2021
…error msg in statefulSetUID
srteam2020
added a commit
to srteam2020/cluster-operator
that referenced
this issue
Apr 7, 2021
ChunyiLyu
added a commit
that referenced
this issue
Apr 9, 2021
fix #648: delete the statefulset with precondition set to the correct…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We find that rabbitmq-cluster-operator could accidentally delete the statefulset when the controller experiences a restart and talks to one stale apiserver in an HA k8s cluster. After some inspection, we find that the root cause is the staleness populated from the apiserver that makes the controller think the RabbitmqCluster is going to be deleted (with a non-zero
DeletionTimestamp), while it is actually not. One potential approach to handle this issue is to label each statefulset the UID of the RabbitmqCluster, and check the label before deleting the statefulset.To Reproduce
Steps to reproduce the behavior:
rabbitmq-cluster1in a HA k8s cluster. The controller is talking to apiserver1 and the reconcile() will create a statefulset forrabbitmq-cluster1.rabbitmq-cluster1. Apiserver1 will send the update events with a non-zeroDeletionTimestampto the controller and the controller will delete the statefulset ofrabbitmq-cluster1inprepareForDeletion. Meanwhile, apiserver2 is partitioned so its watch cache stops at the moment thatrabbitmq-cluster1is tagged with a non-zeroDeletionTimestamp.rabbitmq-cluster1and its statefulset get back. However, apiserver2 still holds the stale view thatrabbitmq-cluster1has a non-zeroDeletionTimestampand is about to be deleted.rabbitmq-cluster1from apiserver2 thatrabbitmq-cluster1has a non-zeroDeletionTimestamp. Since the controller identifies the statefulset only with the name of the RabbitmqCluster, the statefulset belonging to the newly created RabbitmqCluster will be deleted inprepareForDeletion.Expected behavior
The controller should be able to differentiate the statefulsets belonging to different RabbitmqCluster instances with the same name (in history). When reading the stale information about (previously deleted) RabbitmqCluster, the controller should be able to check whether the existing statefulset really belongs to that RabbitmqCluster (e.g., by using the UID) before perform any deletion.
Version and environment information
Additional context
We are willing to issue a PR to help fix this issue.
As mentioned above, we can label each statefulset with the UID of the RabbitmqCluster, and check the label before deleting the statefulset to ensure we are deleting the correct statefulset.
The text was updated successfully, but these errors were encountered: