Fix race condition in PVC deletion #7149
Conversation
tekton-robot
added
release-note
QuanZhang-William
force-pushed
the
fix-purge-pvc-order
branch
from
2b52afc to
5e40cff
Compare
tekton-robot
added
size/L
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
| @@ -243,35 +242,3 @@ func TestCreateExistPersistentVolumeClaims(t *testing.T) { | |||
| t.Fatalf("unexpected PVC name on created PVC; expected: %s got: %s", expectedPVCName, pvcList.Items[0].Name) | |||
| } | |||
| } | |||
|
|
|||
| func TestPurgeFinalizerAndDeletePVCForWorkspace(t *testing.T) { | |||
There was a problem hiding this comment.
why was this test deleted? it should still be valid no?
There was a problem hiding this comment.
It seems like the simple client set cannot mock the pvc with finalizer scenario. Specifically, the pvcs are already successfully deleted in the first API call, so the second call to remove finalizer will fail since the pvc is already deleted.
I could potentially use some expected errors in the test case to compare, but I feel it is quite confusing. And the functionality is already covered by integration test.
There was a problem hiding this comment.
got it, one way to do this could be to use something like PrependReactor for the delete call and have it set the deletionTimestamp instead of deleting the object
not exactly the same thing, but similar:
pipeline/pkg/reconciler/pipelinerun/affinity_assistant_test.go
Lines 435 to 438 in f5578a8
There was a problem hiding this comment.
Thanks for the advice, I have added the test back with your suggestion. PTAL!
| return pollImmediateWithContext(ctx, func() (bool, error) { | ||
| pvcList, err := c.KubeClient.CoreV1().PersistentVolumeClaims(namespace).List(ctx, metav1.ListOptions{}) | ||
| if err != nil { | ||
| return true, err |
There was a problem hiding this comment.
Would you mind adding docString here for the indications of the bool error being returned?
There was a problem hiding this comment.
I think it just follows the expected function signature, and k8s does have docstring for it:
QuanZhang-William
force-pushed
the
fix-purge-pvc-order
branch
from
5e40cff to
097cfd0
Compare
|
/lgtm |
|
/test pull-tekton-pipeline-go-coverage |
fixes [tektoncd#7138][tektoncd#7138]. In `coschedule:pipelineruns` mode, the `pvcs` created by `VolumeClaimTemplate` should be automatically deleted when the owning `pipelinerun` is completed. To delete a `pvc` used by a pod (pipelinerun), the [kubernetes.io/pvc-protection][finalizer] finalizer must be removed. Prior to this commit, the Tekton reconciler attempted to remove the `kubernetes.io/pvc-protection` finalizer first and then deletes the created pvcs. This results in race condition since `PVCProtectionController` tries to add back the finalizer if the `pvc` is in `bounded` status . If the add back action happens before the PVC deletion call is completed, the `PVC` will be left in `terminating` status. This commit changes the reconciler to delete the `PVC` first and then removes the `finalizer` to fix the race condition. This commit removes `TestPurgeFinalizerAndDeletePVCForWorkspace` UT, since the finalizer behavior cannot be mocked when a PVC is deleted. This commit also adds integration test to cover this scenario. /kind bug [tektoncd#7138]: tektoncd#7138 [finalizer]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#storage-object-in-use-protection
QuanZhang-William
force-pushed
the
fix-purge-pvc-order
branch
from
097cfd0 to
c5a2c80
Compare
tekton-robot
added
size/M
|
Nicely done! thanks @QuanZhang-William |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dibyom, Yongxuanzhang The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
|
/lgtm |
Changes
fixes #7138. In
coschedule:pipelinerunsmode, thepvcscreated byVolumeClaimTemplateshould be automatically deleted when the owningpipelinerunis completed. To delete apvcused by a pod (pipelinerun), the kubernetes.io/pvc-protection finalizer must be removed.Prior to this commit, the Tekton reconciler attempted to remove the
kubernetes.io/pvc-protectionfinalizer first and then deletes the created pvcs. This results in race condition sincePVCProtectionControllertries to add back the finalizer if thepvcis inboundedstatus . If the add back action happens before the PVC deletion call is completed, thePVCwill be left interminatingstatus.This commit changes the reconciler to delete the
PVCfirst and then removes thefinalizerto fix the race condition. This commit also adds integration test to validatepvcstatus when apipelinerunis completed./kind bug
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes