🏃[KCP] Recover from a manual machine deletion

[sedefsavas]

What this PR does / why we need it:
This PR adds KCP logic to recover from a manual machine deletion. When an ETCD member with missing machine is detected, delete it from the ETCD members and from Kubeadm configmap.

Which issue(s) this PR fixes
Fixes #2818

[sedefsavas]

The only place we understand if the machine is missing is during ETCD healthcheck by comparing ETCD members and nodes in the workload cluster. So, doing this check every time ETCD health is checked makes sense IMO but need some feedback on this.

[sedefsavas]

I opened another PR to perform health checks before scale up/down in reconcile logic.
#2849

Will continue on this PR ones it is merged.

[sedefsavas]

@vincepri @sethp-nr Feel free to add any other comments you have for this PR. It is no longer waiting for the PR I mentioned above.

[sethp-nr]

I don't have any other comments – I would /lgtm but I also don't have the permission bit for that to do anything :)

[vincepri]

@sethp-nr you should be able to lgtm :)

[vincepri]

/assign @benmoss

[vincepri]

/milestone v0.3.4

[vincepri]

 Error: Unexpected non-nil/non-zero extra argument at index 1:
  	<*errors.errorString>: &errors.errorString{s:"old nodes remain"}

I've been seeing this flake a lot, should we file an issue to look at it separately?
cc @sedefsavas @fabriziopandini

[vincepri]

/test pull-cluster-api-capd-e2e

[sedefsavas]

@vincepri Yes I am opening an issue about this. I think it is related to timeouts.

[sedefsavas]

Waiting for @benmoss if he has any comments before squashing.
Thanks @benmoss and @vincepri for your comments.

[benmoss]

Lots of nits about wording and capitalizing etcd and just one real complaint about the nested for loops in ReconcileEtcdMembers

[benmoss]

Suggested change

// We don't want to health check at the beginning of this method to avoid blocking re-entrancy

[sedefsavas]

I don't think we should remove this before making sure moving healthcheck at the beginning of this function does not break anything related to machine deletion. We can follow up on this in a new issue.

[benmoss]

I don't understand, you want to leave the comment as a reminder that if things break it's because of the healthcheck?

[vincepri]

Either we should move the comment back up there where it was, or remove it altogether

[vincepri]

also cc @JoelSpeed @enxebre

[sedefsavas]

/test pull-cluster-api-capd-e2e

[sedefsavas]

/test pull-cluster-api-capd-e2e

[vincepri]

@sedefsavas when you have a chance, can you make sure to rebase on master?

[vincepri]

@ncdc @detiber if you have some spare time for a review, I'd love more 👀 on this one

[ncdc]

I probably won't be able to dedicate a solid enough chunk of time to it ☹️

[detiber]

I can queue it up for a review tomorrow morning

[vincepri]

/assign @detiber

[benmoss]

LGTM, I'll leave final signoff to @detiber

[benmoss]

/lgtm
/hold

[detiber]

A few tangential items that could be handled as a separate items:

• it might be good if we could differentiate some of the different failures/error conditions, so that we only reconcile membership if the error/failure is related to mismatched machine/etcd membership
• we don't currently differentiate between an etcd static pod that hasn't yet been configured vs one that is crash looping:

  cluster-api/controlplane/kubeadm/internal/workload_cluster_etcd.go

  Lines 69 to 77 in a19b557

  	if err := checkStaticPodReadyCondition(pod); err != nil {
  	// Nothing wrong here, etcd on this node is just not running.
  	// If it's a true failure the healthcheck will fail since it won't have checked enough members.
  	continue
  	}
  	// Only expect a member reports healthy if its pod is ready.
  	// This fixes the known state where the control plane has a crash-looping etcd pod that is not part of the
  	// etcd cluster.
  	expectedMembers++

[detiber]

/hold cancel