Identifying cloud provider deleted nodes

[fookenc]

Which component this PR applies to?

cluster-autoscaler

What type of PR is this?

/kind bug

What this PR does / why we need it:

Attempts to address the issue raised in #5022 from previously approved PR. Original implementation (previous work was reverted #4896 & #5023) included that changes how Deleted nodes are determined in the cluster state. New iteration utilizes the previously cached Cloud Provider nodes in the ClusterStateRegistry to perform a diff. Cloud Provider node instances are retrieved by Node Group, which should avoid not autoscaled nodes from being flagged erroneously. Test case has been modified to include this scenario. An additional scenario has been included to ensure that previously identified Cloud Provider nodes will still be tracked until they are no longer registered in Kubernetes.

This PR includes the initial work first introduced in #4211. Feedback from that PR indicated that the original intent of determining the deleted nodes was incorrect, which led to the issues reported by other users. The nodes tainted with ToBeDeleted were misidentified as Deleted instead of Ready/Unready, which caused a miscalculation of the node being included as Upcoming. This caused problems described in #3949 and #4456.

Which issue(s) this PR fixes:

Fixes #3949, #4456, #5022

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[fookenc]

/assign @x13n

[fookenc]

/assign @MaciekPytel

[x13n]

Won't relying on previous state cause issues in case of CA restart? IIUC some nodes will be incorrectly considered as Ready/Unready/NotStarted, potentially leading to bad scaling decisions.

[fookenc]

That would definitely occur on a restart. Would it make sense to create a new taint and add it onto the nodes? There might be some additional overhead for the implementation, but should prevent that scenario.

I also thought about adding a check for each node in the deletedNodes (lines 1001 - 1006) to confirm it doesn't appear in the cloud provider nodes. I don't have good insight to know if that is a case that could happen though. I wouldn't want to keep flagging a node as deleted if the cloud provider node exists.

[x13n]

I don't particularly like the idea of introducing more taints to carry over CA internal state between restarts. That feels brittle and complex. I think maybe it is ok to just leave it as is: if the instance was deleted right before CA restart, there will be a slight risk of not scaling up until k8s API catches up with the deletion. This should be fine.

Re-checking deletedNodes would catch a case in which instance disappears from cloud provider due to some temporary problem and then comes back. Indeed now we would treat it as deleted forever and it would be better to avoid code that cannot recover from such scenario (even though it is unlikely).

[fookenc]

That makes sense to me. I agree that the API should eventually correct itself, and the scaling should only momentarily be impacted. I've created a new commit that includes the backfill safety check mentioned and some other minor cosmetic code changes.

[x13n]

Thanks for the changes!

I just realized one more problem with this approach though. Since we cannot tell the difference between nodes that were deleted and the ones that are not autoscaled, this implementation is going to treat nodes as deleted whenever someone opts out a node group from autoscaling. As a result, CA may trigger large scale ups without a good reason. One way to handle this would be to add a TTL to deletedNodes to avoid keeping nodes there forever in this scenario. (Perhaps an even better option would be some extension of cloud provider API to distinguish deleted from not autoscaled, but I'm not sure that's feasible.) WDYT?

[fookenc]

That is definitely a concern. I can add a TTL to the deletedNodes entries. Should I add a configurable value for better control or just a common default value?

I had a similar thought about extending the cloud provider implementation. After a brief investigation, it looks like most of the interactions are handled by using information in the node (the node.Spec.ProviderID specifically). It doesn't appear to validate whether the node exists in the cloud. A possible change could be to provide more context of deleted nodes versus not-autoscaled nodes within the NodeGroupForNode function.

[x13n]

I think extending the API would be much cleaner, but the need to implement it for all cloud providers calls for a broader discussion. I added this topic to SIG meeting agenda to discuss it on Monday.

[x13n]

So I guess the conclusion after yesterday's SIG meeting is that we should extend cloud provider interface and preserve the existing (taint-based) behavior in case a specific cloud provider doesn't implement the new function. That way each cloud provider will be able to fix the bug by implementing a function distinguishing deleted from non-autoscaled nodes.

[fookenc]

Should this PR be closed until the cloud provider interface can be extended? What would be the next steps on fixing the bug in the future? Please let me know if there's anything I can offer for assistance. Thanks!

[x13n]

The cloud provider interface can be extended right now, it's just that all implementations would have to get default implementation that returns NotImplemented error. I thought this PR could be re-purposed into extending the interface and using it to detect deleted nodes. Each cloud provider would then need to implement their part in a separate PR. Are you willing to make that first, cloud provider agnostic, change?

[fookenc]

Got it! I'll start working on a pass at the implementation and submit it as soon as I can. Thanks again!

[x13n]

If this requires more time, maybe it would make sense to submit change to taint cleanup (ready -> all nodes) on startup separately first?

[fookenc]

Sorry for the delay here. I've split the taint removal into another PR #5200, and will continue working on the effort here. Please let me know if there's anything else needed. Thanks!

[x13n]

Thanks! The other PR already got merged.

[x13n]

Thanks for the changes! My main concern is whether simplifying the logic is feasible - I think some of the previous approach got carried over, but isn't really necessary with the new interface.

[x13n]

Thanks for following up on this!

/lgtm

[x13n]

Hm, looks like I should be able to approve this now as well, let's see:

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fookenc, x13n

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cluster-autoscaler/OWNERS [x13n]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ohnoitsjmo]

@fookenc Will this release fix be backported to previous CA versions (including 1.22)?

[fookenc]

Unfortunately, this release alone won't fix issues until the cloud providers have implemented the new interface method. Once the cloud providers have been implemented it could be backported, but I don't know how soon that will occur. @x13n do you know if this could be backported to earlier CA versions?

[x13n]

1.22 is past k8s support window at this point, so unless there's a critical bug to fix I don't think any backport is going to be released.