✨ Add AWSMachines to back the ec2 instances in AWSMachinePools

[cnmcavoy]

What type of PR is this?
/kind feature

What this PR does / why we need it: Implements the MachinePool Machines clusterAPI proposal

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #4184

Special notes for your reviewer:

Checklist:

• squashed commits
• includes documentation
• adds unit tests
• adds or updates e2e tests

Release note:

Added AWSMachines to back the ec2 instances in AWSMachinePools and AWSManagedMachinePools.

[k8s-ci-robot]

Hi @cnmcavoy. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cnmcavoy]

Still missing new tests to cover the functionality, have been testing locally with tilt

Edit: tests have been added.

[Skarlso]

/ok-to-test

[Skarlso]

/assign

[Skarlso]

So if I understand this correctly...

If there is a machine for which there is no provider... check if there is an owner. If there is an owner, we delete the owner? And then we hope that cascading delete will also delete this machine?

[cnmcavoy]

That is how I parsed the proposal language:

When a MachinePool Machine is deleted manually, the system will delete the corresponding provider-specific resource. The opposite is also true: when a provider-specific resource is deleted, the system will delete the corresponding MachinePool Machine. This happens by virtue of the infrastructureRef <-> ownerRef relationship.

https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20220209-machinepool-machines.md#proposal

@Jont828 @mboersma @devigned wrote the proposal and perhaps can provide clarity ...?

What is the expected outcome when an AWSMachine and Machine pair, which is owned by a MachinePool, when it's ec2 instance is destroyed via an external action (e.g user terminates the instance in the aws console). Should the infrastructure provider (CAPA) detect this termination and delete the CAPI Machine resource?

[Jont828]

Yes, if an AWSMachine's associated provider instance is deleted, we expect the AWSMachinePool to delete the Machine and AWSMachine pair. This is so that we are not left with hanging resources in the event of an out-of-band instance deletion like you described.

[Skarlso]

Yes, but... if we delete its owner, is it okay that any OTHER machine this thing owns will also get deleted?

[Jont828]

I'm not quite sure I understand. Are you saying that if you delete the CAPI Machine, i.e. owner of the AWS Machine, you want to also delete another CAPI Machine associated with the same instance?

[Skarlso]

No, I mean is it a problem if the deleted owner owns more machines? Those would also be deleted then.

[Jont828]

When you delete the CAPI Machine, we expect the CAPI Machine controller to delete the AWSMachine. It would be the same behavior we already have with MachineDeployments except there is no KubeadmConfig object to delete. Does that answer your question?

[Ankitasw]

@cnmcavoy is there a final review pending for this PR, or any other items?

[cnmcavoy]

@Ankitasw I think all the questions have been answered, it probably needs a new reviewer to give it a look over for a lgtm. It's ready to be merged if there are no more review items to address.

[AndiDog]

I can have a look into this, @cnmcavoy – do you want to resolve conflicts first?

[cnmcavoy]

I can have a look into this, @cnmcavoy – do you want to resolve conflicts first?

Sure, I think I got them all sorted.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[AndiDog]

I reviewed most of the PR except the test and managed machine pool code. Sorry, I have quite a few questions and comments 😉.

Overall, this looks pretty good. Did you successfully test this already?

[AndiDog]

When you tested the new feature, did this code block spam the logs with lots of errors? I can imagine that a missing EC2 instance can happen a lot if the ASG terminates instances. Or does this not happen because CAPA watches for deletion events?

Wondering because findInstance has no special logic for a "not found" error which would allow us to swallow those.

And shouldn't we delete the Machine (and thereby InfraMachine) in this case (EC2 instance went away, so it shouldn't be represented as object anymore)? Otherwise the object may dangle indefinitely.

(TODO / note to self: the AWSMachinePool reconciler may do that, check in my code review)

[cnmcavoy]

I do not recall being spammed with errors, but I last tested this cod in a cluster 6 months ago.

[AndiDog]

Do we need to set BlockOwnerDeletion: true in the owner reference?

In CAPZ, that is done, and they're using AzureMachinePool, not MachinePool as the owner. I'm wondering which is better. Having CAPI's MachinePool controller own an AWS* resource seems wrong at first sight, since it won't delete the referenced object.

[cnmcavoy]

re: BlockOwnerDeletion I am not sure. I didn't set it bc this is supposed to be temporary ownership.

I'm not familiar with the CAPZ implementation. Do they have AzureMachinePool act as a long-lived owner, or does the ownership get passed to the Machine resource? I don't have a strong opinion here, I was trying to follow the specification as closely as possible.

[AndiDog]

Probably not worth the effort until we see issues.

CAPZ code reference – I'm also not famliiar with it.

Regarding this PR, is our temporary owner reference deleted anywhere? Or do we have both our reference and CAPI's Machine as owners? Once I grasp the concept here, I can maybe look through CAPZ or ask how it's done there, and why.

[AndiDog]

/remove-lifecycle stale

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign richardcase for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[AndiDog]

Probably not worth the effort until we see issues.

CAPZ code reference – I'm also not famliiar with it.

Regarding this PR, is our temporary owner reference deleted anywhere? Or do we have both our reference and CAPI's Machine as owners? Once I grasp the concept here, I can maybe look through CAPZ or ask how it's done there, and why.

[AndiDog]

As an update: I'll try to test this major feature. PR looks mostly fine, I think. I'm only unsure about the owner reference in the non-happy case.

[AndiDog]

I got a working test environment, and the AWSMachine/Machine objects get created correctly 🍀.

First blocking issue I found: deletion by downscaling the ASG/AWSMachinePool leads to this permanent error rather than deleting the AWSMachine:

  failureMessage: EC2 instance state "terminated" is unexpected
  failureReason: UpdateError
  instanceState: terminated
  ready: false

The Machine/AWSMachine combo also can't be deleted due to:

capa_control… │ I0822 16:04:49.507270       1 awsmachine_controller.go:303] "Handling deleted AWSMachine"
capa_control… │ E0822 16:04:49.508449       1 awsmachine_controller.go:308] "unable to delete machine" err="failed to get raw userdata: error retrieving bootstrap data: linked Machine's bootstrap.dataSecretName is nil"

Other than that, the Node object went away and the cluster reacted according to the node deletion. @cnmcavoy what happened when you tested this? And which other cases do you think should be tested? I guess cluster-autoscaler scaling of ASGs may be a good external trigger that CAPA should have no problem with – I can test that.

[cnmcavoy]

@AndiDog thanks for taking a look. I think that's slightly concerning bc there should be test cases covering that sort of condition.

I suspect this PR has been left too long and the code has rotted. Indeed doesn't use ASGs anymore for autoscaling, so I can't really justify the time investment it would take to cut a new PR and start this fresh.