Skip to content

🐛 Fix race conditions ScaleDownOldMS #12812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

🐛 Fix race conditions ScaleDownOldMS #12812

wants to merge 6 commits into from
+1,442 −333

Conversation

fabriziopandini
Copy link
Member

What this PR does / why we need it:
This PR fixes two race conditions in the logic that is responsible for scaling down OldMSs when performing rollingRollout.
The two race conditions were surfaced and documented in the context of the work for #12804. More specifically:

  • fails when the MD controller is called twice in a row, without MS controller being triggered in the between, e.g.
    • first reconcile scales down ms1, 6-->5 (-1)
    • second reconcile is not taking into account scales down already in progress, unhealthy count is wrongly computed as -1 instead of 0, this leads to increasing replica count instead of keeping it as it is (or scaling down), and then the safeguard below errors out.
  • fails when the MD controller is called twice in a row e.g. reconcile of md 6 replicas MaxSurge=3, MaxUnavailable=1
    • when current state is: ms1, 6/5 replicas << one is scaling down, but scale down not yet processed by the MS controller, ms2, 3/3 replicas
    • reconcile leads to: ms1, 6/1 replicas << it further scaled down by 4, which leads to totAvailable machines is less than MinUnavailable, which should not happen

Notably after the fix:

  • All the rollout sequence tests with default rollout order are completed without any change from the old logic
  • It is now possible to run rollout sequence tests with random rollout order, increasing the number of tested scenarios for 9 to 918

Which issue(s) this PR fixes *(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the Part of #12291

/area machinedeployment

@k8s-ci-robot k8s-ci-robot added area/machinedeployment Issues or PRs related to machinedeployments cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 1, 2025
@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Oct 1, 2025
@fabriziopandini fabriziopandini mentioned this pull request Oct 1, 2025
Open
47 tasks
stmcginnis
stmcginnis reviewed Oct 3, 2025
View reviewed changes
Copy link
Contributor

@stmcginnis stmcginnis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code wise everything looks fine to me. I'm being a little nit picky on some docstring comments, just thinking from the context of reading through this code at some point in the future needing to understand what is happening once the current context is lost.

internal/controllers/machinedeployment/machinedeployment_rolling.go Outdated
// NOTE: we are scaling up unavailable machines first in order to increase chances for the rollout to progress;
// however, the MS controller might have different opinion on which machines to scale down.
// As a consequence, the scale down operation must continuously assess if reducing the number of replicas
// for an older MS could further impact availability under the assumption than any scale down could further impact availability (same as above).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having a hard time parsing this sentence.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rephrased + added an example, PTAL

internal/controllers/machinedeployment/machinedeployment_rolling.go Outdated
Comment on lines 222 to 223
// Then scale down old MS up to zero replicas / up to residual totalScaleDownCount.
// NOTE: also in this case, continuously assess if reducing the number of replicase could further impact availability,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also having trouble parsing this sentence too. I think you're saying we will scale down the MS decrementing by totalScaleDownCount without going below 0?

Suggested change
// Then scale down old MS up to zero replicas / up to residual totalScaleDownCount.
// NOTE: also in this case, continuously assess if reducing the number of replicase could further impact availability,
// Then scale down old MS by totalScaleDownCount to get to zero.
// NOTE: also in this case, continuously assess if reducing the number of replicas could further impact availability,

@fabriziopandini fabriziopandini added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Oct 4, 2025
@fabriziopandini fabriziopandini mentioned this pull request Oct 6, 2025
Open
sbueringer
sbueringer reviewed Oct 6, 2025
View reviewed changes
@fabriziopandini
Copy link
Member Author

@sbueringer @stmcginnis thanks for the first round of feedback,
I have reviewed the PR to add examples, improve godoc + also reviewed part of the logic in scaleDownOldMSs
PTAL

@fabriziopandini
Copy link
Member Author

/test pull-cluster-api-e2e-main

@sbueringer
Copy link
Member

Reviewing now. I'm also going to open a PR against your PR to fixup some minor doc findings

sbueringer
sbueringer reviewed Oct 7, 2025
View reviewed changes
@sbueringer
Fix review findings
7e8ac3a 
Signed-off-by: Stefan Büringer [email protected]
@sbueringer
Copy link
Member

sbueringer commented Oct 7, 2025
edited
Loading

PR with minor fixups. It should not contain any logic changes (just godoc / variable renames / etc), but please double check: fabriziopandini#314

@fabriziopandini
Merge pull request #314 from sbueringer/fix-scaleDownOldMS-fixups
26e82c4 
🌱 Fix ScaleDownOldMS: Fix review findings
sbueringer
sbueringer reviewed Oct 7, 2025
View reviewed changes
@sbueringer
Copy link
Member

Thank you!

/lgtm
/approve

/hold
for other reviews

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 7, 2025
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 7, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 45c79a98bd7773b41dc97d99dcab2d8b613ecdac

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbueringer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 7, 2025
@sbueringer
Copy link
Member

/test pull-cluster-api-e2e-main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbueringer sbueringer sbueringer left review comments

@chrischdi chrischdi Awaiting requested review from chrischdi

@JoelSpeed JoelSpeed Awaiting requested review from JoelSpeed

+1 more reviewer

@stmcginnis stmcginnis stmcginnis left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@sbueringer sbueringer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/machinedeployment Issues or PRs related to machinedeployments cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fabriziopandini @sbueringer @k8s-ci-robot @stmcginnis