add leader election retry #66
Conversation
* adds a test that ensures apiserver going away for 20 seconds would force a successfuly retry of leader election
samos123
force-pushed
the
fix-leader-election-retry
branch
from
f144193 to
e365dd7
Compare
pkg/leader/election.go
Outdated
| } | ||
| } | ||
| log.Printf("Starting leader election process. RetryCount: %v", retryCount+1) | ||
| leaderelection.RunOrDie(ctx, le.config) |
There was a problem hiding this comment.
Is the idea that RunOrDie eventually exits if it loses connection to the API Server?
There was a problem hiding this comment.
That's exactly what seems to end up happening. This Kong PR has more details: Kong/kubernetes-ingress-controller#578
There was a problem hiding this comment.
I double confirmed this by checking the logs and seeing how often it had to retry (re-run RunOrDie) when the apiserver is down for ~2 minutes
|
I verified it's working also when the connection is lost for longer duration: |
This is needed to trigger the issue
pkg/leader/election.go
Outdated
| return | ||
| default: | ||
| if retryCount > 0 { | ||
| backoff.Next(backoffID, backoff.Clock.Now()) |
There was a problem hiding this comment.
Neat, I didnt know about this library
pkg/leader/election.go
Outdated
| backoff.Next(backoffID, backoff.Clock.Now()) | ||
| delay := backoff.Get(backoffID) | ||
| log.Printf("Leader election failed, retrying in %v. RetryCount: %v", delay, retryCount+1) | ||
| <-time.After(delay) |
There was a problem hiding this comment.
time.After does not respect context cancellation. I put together what I think would be a better way to go about this loop here as an example: https://github.com/substratusai/lingo/compare/example-leader-election-loop ... I played around with this implementation and it exits immediately on context cancellation while still accomplishing expo-backoff (go run ./hack/retry ... ctrl-c). This is done by moving time.After into the select cases.
There was a problem hiding this comment.
originally I had this in a select but in favor of simplifying I removed it since I thought the higher level select was good enough. I will move it back in, makes senses, thanks for validating this with a quick experiment!
tests/e2e/test.sh
Outdated
| sleep 120 | ||
| docker exec ${KIND_NODE} iptables -D INPUT -p tcp --dport 6443 -j DROP | ||
|
|
||
| until kubectl get pods; do |
There was a problem hiding this comment.
What is until kubectl get pods; do doing?
There was a problem hiding this comment.
so even after the iptable rule is removed it takes sometimes some time for kubernetes to recover. This until statement will wait until kubectl get pods start working again, meaning only if kubectl get pods returns exit code 0 it will continue.
tests/e2e/test.sh
Outdated
| done | ||
|
|
||
| # rerun kubectl logs because previous one got killed when apiserver was down | ||
| kubectl logs --tail=500 -f deployment/lingo & |
There was a problem hiding this comment.
I think you might want --tail=-1 if you are trying to get at all logs since restart.
There was a problem hiding this comment.
I didn't want to get all the logs which may already have 1000+ entries and only the last 500. I tried and last 100 wasn't enough but last 500 was more than enough.
| echo "Waiting for deployment to scale down back to 0 within 2 minutes" | ||
| # Verify that leader election works by forcing a 120 second apiserver outage | ||
| KIND_NODE=$(kind get nodes --name=substratus-test) | ||
| docker exec ${KIND_NODE} iptables -I INPUT -p tcp --dport 6443 -j DROP |
There was a problem hiding this comment.
Is 6443 the port of the API Server running on kind?
There was a problem hiding this comment.
Yep and credit to chatGPT with coming up with the high-level idea to simply block the traffic.
k describe svc kubernetes
Name: kubernetes
Namespace: default
Labels: component=apiserver
provider=kubernetes
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.96.0.1
IPs: 10.96.0.1
Port: https 443/TCP
TargetPort: 6443/TCP
Endpoints: 172.18.0.2:6443
Session Affinity: None
Events: <none>
Utilize select in waiting for backoff to handle scenario of context cancelled while waiting. Add returning of error so any errors are propogated in the log files
| err := le.Start(ctx) | ||
| if err != nil { | ||
| setupLog.Error(err, "starting leader election") | ||
| os.Exit(1) |
There was a problem hiding this comment.
When the context is canceled on a graceful shutdown (sigterm) then Start() would return the "cancel" error that results in an Exit(1).
This error handling strategy is used in other places in this file as well. Instead, we could wrap the context in L110
ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler()) and call cancel() instead. WDYT?
There was a problem hiding this comment.
As the error comes from the context already, it may be simpler to do nothing and let the go routine complete
There was a problem hiding this comment.
I didn't fully understand how to change it. Could you elaborate? Are you saying instead of calling os.Exit() just call cancel()?
I didn't see any other example of using cancel on the context in main.go. I tried to follow the same pattern as the other start functions.
There was a problem hiding this comment.
The only error returned from Start() is coming from the context, now. Thanks to your for loop. Calling cancel on the context again is not needed. I would not return an error in Start() and let the Go routine complete. The main thread should handle the shutdown. I should have deleted my first comment. Sorry for the confusion.
To elaborate for a different use case where other errors can happen, this is an example:
ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler())
go func() {
// in subroutine
if err:= doSomething(ctx); err!=nil{
// todo: log error
cancel()
}
}()
// main thread
if err:=doSomethingElse(ctx);err!=nil{
// todo: log error
os.Exit(1)
}Please note that the error is not returned to the main thread.
There was a problem hiding this comment.
Thanks for that example! I think I get it now. To me it feels cleaner to just directly exit instead of cancelling a context which then may in the future cause an exit? I favor being explicit and going to the exit path as soon as it makes sense.
pkg/deployments/scaler.go
Outdated
| @@ -79,7 +79,7 @@ func (s *scaler) compareScales(current, desired int32) { | |||
| s.desiredScale = desired | |||
| } | |||
|
|
|||
| if s.currentScale == -1 || s.desiredScale == -1 { | |||
| if s.currentScale == -1 || s.desiredScale == -1 || desired == -1 { | |||
There was a problem hiding this comment.
It doesn't actually solve issue #67 . So I might revert this
pkg/leader/election.go
Outdated
| @@ -35,11 +36,11 @@ func NewElection(clientset kubernetes.Interface, id, namespace string) *Election | |||
| RetryPeriod: 2 * time.Second, | |||
| Callbacks: leaderelection.LeaderCallbacks{ | |||
| OnStartedLeading: func(ctx context.Context) { | |||
| log.Println("Started leading") | |||
| log.Printf("%v started leading", id) | |||
There was a problem hiding this comment.
nit: %v does the job but it is more common to use %s for string or %q to have a quoted string
There was a problem hiding this comment.
I didn't know about %q that might actually be nice here.
samos123
force-pushed
the
fix-leader-election-retry
branch
from
68f7c53 to
610ba31
Compare
|
Any ideas why it's not scaling back to 0? https://github.com/substratusai/lingo/actions/runs/7795813038/job/21259370590?pr=66 |
samos123
force-pushed
the
fix-leader-election-retry
branch
2 times, most recently
from
64fecb4 to
7310411
Compare
For reference, see Kong gateway that had to implement the same thing: Kong/kubernetes-ingress-controller#578
Fixes #60