🐛 Fix MachinePool nodeRef UID mismatch after K8s upgrade #12392
Conversation
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
size/S
|
@jayesh-srivastava: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/area machinepool |
mboersma
left a comment
mboersma
left a comment
There was a problem hiding this comment.
It seems reasonable to add this additional verification in general, but I wonder if this problem has been seen in providers other than CAPZ.
| // Validate that the UIDs in NodeRefs are still valid | ||
| if s.nodeRefMap != nil { | ||
| // Create a name-to-node mapping for efficient lookup | ||
| nodeNameMap := make(map[string]*corev1.Node) |
There was a problem hiding this comment.
| nodeNameMap := make(map[string]*corev1.Node) | |
| nodeNameMap := make(map[string]*corev1.Node, len(s.nodeRefMap)) |
There was a problem hiding this comment.
I have addressed this suggestion.
|
|
Is it possible that because of such mismatch, after a scale with kubectl downgrading the number of replicas from 3 to 2 instances - capi decides to drain and delete ALL of the nodes of the machine pool? This happened to me this morning. I am using the following versions |
I haven't seen this with CAPA on recently upgraded EC2-only (non-EKS) clusters. But worker nodes typically roll on Kubernetes upgrade due to the changed machine image, and I guess then this wouldn't be an issue since it's not expected that any old nodes remain. I wouldn't know why existing |
richardcase
left a comment
richardcase
left a comment
There was a problem hiding this comment.
Looks good to me @jayesh-srivastava . Just the one comment/suggestion
| foundNode, exists := nodeNameMap[nodeRef.Name] | ||
|
|
||
| // If node not found or UID doesn't match, mark as invalid | ||
| if !exists || foundNode.UID != nodeRef.UID { |
There was a problem hiding this comment.
It might be good to have a higher verbosity log entry if the node names are the same but the UIDs are different.
k8s-ci-robot
added
the
needs-rebase
jayesh-srivastava
force-pushed
the
fix-uid-mismatch
branch
from
089da7d to
5944db9
Compare
k8s-ci-robot
added
size/M
|
/assign @richardcase @mboersma lgtm from your side? |
|
From my side: /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: c7fa774464cd9a1993182fdfbafcc15966e27bec
|
sbueringer
added
the
tide/merge-method-squash
|
/test pull-cluster-api-e2e-main-gke |
|
Thx! /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbueringer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
…sigs#12392) * Fix MachinePool nodeRef UID mismatch after K8s upgrade * Add len when creating nodeNameMap * Add logs
7 participants
What this PR does / why we need it:
When a K8s upgrade is performed on a Managed cluster, new nodes will come up with new UIDs. However, the MachinePool controller has an early return condition that only validates the count of NodeRefs but doesn't check if the UIDs are still valid. This leads to MachinePools retaining stale NodeRef UIDs after upgrades, causing UID mismatches that persist until manual intervention.
This PR adds UID validation logic before the early return condition.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #12388