feat: disruption.terminationGracePeriod

kubernetes-sigs · Jan 23, 2024 · f4ae490 · f4ae490
1 parent 4e85912
commit f4ae490
Show file tree

Hide file tree

Showing 11 changed files with 331 additions and 242 deletions.
diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml
diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml
diff --git a/pkg/apis/v1beta1/nodepool.go b/pkg/apis/v1beta1/nodepool.go
@@ -96,6 +96,23 @@ type Disruption struct {
 	// +kubebuilder:validation:MaxItems=50
 	// +optional
 	Budgets []Budget `json:"budgets,omitempty" hash:"ignore"`
+	// TerminationGracePeriod is the duration the controller will wait before forcefully terminating a node, measured from when deletion is first initiated.
+	// Once the GracePeriod has expired, all pods on the node will be shutdown using the official non-graceful shutdown taint.
+	// If a pod would be terminated without being granted its full terminationGracePeriodSeconds prior to the node timeout,
+	// that pod will be deleted up at T = node timeout - pod terminationGracePeriodSeconds.
+	//
+	// Warning: this bypasses any PDB or terminationGracePeriodSeconds value set for a Pod.
+	// Requires: K8s 1.26 or higher:  https://kubernetes.io/docs/concepts/architecture/nodes/#non-graceful-node-shutdown
+	//
+	// This field is intended to be used by cluster administrators to enforce that nodes can be cycled within a given time period.
+	// It can also be used to allow maximum time limits for long-running jobs which can delay node termination with preStop hooks.
+	// If left undefined, the controller will wait indefinitely for pods to be drained.
+	//
+	// +kubebuilder:validation:Pattern=`^(([0-9]+(s|m|h))+)$`
+	// +kubebuilder:validation:Type="string"
+	// +kubebuilder:validation:Schemaless
+	// +optional
+	TerminationGracePeriod *metav1.Duration `json:"terminationGracePeriod"`
 }
 
 // Budget defines when Karpenter will restrict the

diff --git a/pkg/apis/v1beta1/taints.go b/pkg/apis/v1beta1/taints.go
@@ -22,6 +22,9 @@ import v1 "k8s.io/api/core/v1"
 const (
 	DisruptionTaintKey             = Group + "/disruption"
 	DisruptingNoScheduleTaintValue = "disrupting"
+
+	DisruptionNonGracefulShutdownKey   = "node.kubernetes.io/out-of-service"
+	DisruptionNonGracefulShutdownValue = "nodeshutdown"
 )
 
 var (
@@ -32,6 +35,15 @@ var (
 		Effect: v1.TaintEffectNoSchedule,
 		Value:  DisruptingNoScheduleTaintValue,
 	}
+
+	// DisruptionNonGracefulShutdown is used by the deprovisioning controller to forcefully
+	// shut down a node. This does not respect graceful termination of any pods on the node.
+	// https://kubernetes.io/docs/concepts/architecture/nodes/#non-graceful-node-shutdown
+	DisruptionNonGracefulShutdown = v1.Taint{
+		Key:    DisruptionNonGracefulShutdownKey,
+		Value:  DisruptionNonGracefulShutdownValue,
+		Effect: v1.TaintEffectNoExecute,
+	}
 )
 
 func IsDisruptingTaint(taint v1.Taint) bool {

diff --git a/pkg/apis/v1beta1/zz_generated.deepcopy.go b/pkg/apis/v1beta1/zz_generated.deepcopy.go
diff --git a/pkg/controllers/controllers.go b/pkg/controllers/controllers.go
@@ -55,6 +55,7 @@ func NewControllers(
 
 	p := provisioning.NewProvisioner(kubeClient, kubernetesInterface.CoreV1(), recorder, cloudProvider, cluster)
 	evictionQueue := terminator.NewQueue(kubernetesInterface.CoreV1(), recorder)
+	deletionQueue := terminator.NewDeletionQueue(kubernetesInterface.CoreV1(), recorder)
 	disruptionQueue := orchestration.NewQueue(kubeClient, recorder, cluster, clock, p)
 
 	return []controller.Controller{
@@ -67,7 +68,7 @@ func NewControllers(
 		informer.NewPodController(kubeClient, cluster),
 		informer.NewNodePoolController(kubeClient, cluster),
 		informer.NewNodeClaimController(kubeClient, cluster),
-		termination.NewController(kubeClient, cloudProvider, terminator.NewTerminator(clock, kubeClient, evictionQueue), recorder),
+		termination.NewController(kubeClient, cloudProvider, terminator.NewTerminator(clock, kubeClient, evictionQueue, deletionQueue), recorder),
 		metricspod.NewController(kubeClient),
 		metricsnodepool.NewController(kubeClient),
 		metricsnode.NewController(cluster),

diff --git a/pkg/controllers/node/termination/controller.go b/pkg/controllers/node/termination/controller.go
@@ -25,6 +25,7 @@ import (
 	"golang.org/x/time/rate"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/workqueue"
 	"knative.dev/pkg/logging"
 	controllerruntime "sigs.k8s.io/controller-runtime"
@@ -77,13 +78,24 @@ func (c *Controller) Finalize(ctx context.Context, node *v1.Node) (reconcile.Res
 	if !controllerutil.ContainsFinalizer(node, v1beta1.TerminationFinalizer) {
 		return reconcile.Result{}, nil
 	}
+
+	nodeGracePeriodExpirationTime, err := c.terminationGracePeriodExpirationTime(ctx, node)
+	if err != nil {
+		return reconcile.Result{}, fmt.Errorf("couldn't evaulate node's terminationGracePeriod, %w", err)
+	} else if nodeGracePeriodExpirationTime != nil && time.Now().After(*nodeGracePeriodExpirationTime) {
+		if err := c.terminator.Taint(ctx, node, v1beta1.DisruptionNonGracefulShutdown); err != nil {
+			logging.FromContext(ctx).Infof("node's terminationGracePeriod has expired, adding non-graceful shutdown taint: %v", node.Name)
+			return reconcile.Result{}, fmt.Errorf("error while tainting node with node.kubernetes.io/out-of-service=nodeshutdown:NoExecute, %w", err)
+		}
+	}
+
 	if err := c.deleteAllNodeClaims(ctx, node); err != nil {
 		return reconcile.Result{}, fmt.Errorf("deleting nodeclaims, %w", err)
 	}
-	if err := c.terminator.Taint(ctx, node); err != nil {
-		return reconcile.Result{}, fmt.Errorf("tainting node, %w", err)
+	if err := c.terminator.Taint(ctx, node, v1beta1.DisruptionNoScheduleTaint); err != nil {
+		return reconcile.Result{}, fmt.Errorf("tainting node with karpenter.sh/disruption taint, %w", err)
 	}
-	if err := c.terminator.Drain(ctx, node); err != nil {
+	if err := c.terminator.Drain(ctx, node, nodeGracePeriodExpirationTime); err != nil {
 		if !terminator.IsNodeDrainError(err) {
 			return reconcile.Result{}, fmt.Errorf("draining node, %w", err)
 		}
@@ -138,6 +150,52 @@ func (c *Controller) removeFinalizer(ctx context.Context, n *v1.Node) error {
 	return nil
 }
 
+func (c *Controller) terminationGracePeriodExpirationTime(ctx context.Context, node *v1.Node) (*time.Time, error) {
+
+	nodeClaim := &v1beta1.NodeClaim{}
+
+	if len(node.OwnerReferences) == 0 {
+		logging.FromContext(ctx).Errorf("node has no owner, could not find NodeClaim for Node: %v", node.Name)
+		return nil, nil
+	}
+
+	// assume the only Node ownerRef is the NodeClaim
+	nodeClaimName := types.NamespacedName{
+		Name: node.OwnerReferences[0].Name,
+	}
+	if err := c.kubeClient.Get(ctx, nodeClaimName, nodeClaim); err != nil {
+		logging.FromContext(ctx).Errorf("could not find NodeClaim for Node: %v", node.Name)
+		return nil, err
+	}
+
+	nodePool := &v1beta1.NodePool{}
+	// assume the only NodeClaim ownerRef is the NodePool
+	nodePoolName := types.NamespacedName{
+		Name: nodeClaim.OwnerReferences[0].Name,
+	}
+	if err := c.kubeClient.Get(ctx, nodePoolName, nodePool); err != nil {
+		logging.FromContext(ctx).Errorf("could not find NodePool for NodeClaim: %v", nodeClaim.Name)
+		return nil, err
+	}
+
+	if nodePool.Spec.Disruption.TerminationGracePeriod != nil {
+		expirationTime := node.DeletionTimestamp.Time.Add(nodePool.Spec.Disruption.TerminationGracePeriod.Duration)
+		logging.FromContext(ctx).Infof("node %v will be forcefully terminated at %v (terminationGracePeriod=%v)", node.Name, expirationTime, nodePool.Spec.Disruption.TerminationGracePeriod)
+		return &expirationTime, nil
+	}
+
+	// TODO: remove, holding this here in case it's decided that NodePool.spec.template.spec.terminationGracePeriod is a preferred implementation
+	// if nodeClaim.Spec.TerminationGracePeriod != nil {
+	// 	if node.DeletionTimestamp.Time.Add(nodeClaim.Spec.TerminationGracePeriod.Duration).Before(time.Now()) {
+	// 		return true, nil
+	// 	} else {
+	// 		logging.FromContext(ctx).Infof("pods on node %v will be forcefully evicted at %v (terminationGracePeriod=%v)", node.Name, node.DeletionTimestamp.Time.Add(nodeClaim.Spec.TerminationGracePeriod.Duration), nodeClaim.Spec.TerminationGracePeriod)
+	// 	}
+	// }
+
+	return nil, nil
+}
+
 func (c *Controller) Builder(_ context.Context, m manager.Manager) operatorcontroller.Builder {
 	return operatorcontroller.Adapt(controllerruntime.
 		NewControllerManagedBy(m).

diff --git a/pkg/controllers/node/termination/suite_test.go b/pkg/controllers/node/termination/suite_test.go
@@ -56,6 +56,7 @@ var fakeClock *clock.FakeClock
 var cloudProvider *fake.CloudProvider
 var recorder *test.EventRecorder
 var queue *terminator.Queue
+var deletionQueue *terminator.DeletionQueue
 
 func TestAPIs(t *testing.T) {
 	ctx = TestContextWithLogger(t)
@@ -70,7 +71,8 @@ var _ = BeforeSuite(func() {
 	cloudProvider = fake.NewCloudProvider()
 	recorder = test.NewEventRecorder()
 	queue = terminator.NewQueue(env.KubernetesInterface.CoreV1(), recorder)
-	terminationController = termination.NewController(env.Client, cloudProvider, terminator.NewTerminator(fakeClock, env.Client, queue), recorder)
+	deletionQueue = terminator.NewDeletionQueue(env.KubernetesInterface.CoreV1(), recorder)
+	terminationController = termination.NewController(env.Client, cloudProvider, terminator.NewTerminator(fakeClock, env.Client, queue, deletionQueue), recorder)
 })
 
 var _ = AfterSuite(func() {

diff --git a/pkg/controllers/node/termination/terminator/deletion.go b/pkg/controllers/node/termination/terminator/deletion.go
@@ -0,0 +1,125 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package terminator
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	set "github.com/deckarep/golang-set"
+	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/util/workqueue"
+	"knative.dev/pkg/logging"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	terminatorevents "sigs.k8s.io/karpenter/pkg/controllers/node/termination/terminator/events"
+	"sigs.k8s.io/karpenter/pkg/operator/controller"
+
+	"sigs.k8s.io/karpenter/pkg/events"
+)
+
+const (
+	deletionQueueBaseDelay = 100 * time.Millisecond
+	deletionQueueMaxDelay  = 10 * time.Second
+)
+
+type DeletionQueue struct {
+	workqueue.RateLimitingInterface
+	set.Set
+
+	coreV1Client corev1.CoreV1Interface
+	recorder     events.Recorder
+}
+
+func NewDeletionQueue(coreV1Client corev1.CoreV1Interface, recorder events.Recorder) *DeletionQueue {
+	queue := &DeletionQueue{
+		RateLimitingInterface: workqueue.NewRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(evictionQueueBaseDelay, evictionQueueMaxDelay)),
+		Set:                   set.NewSet(),
+		coreV1Client:          coreV1Client,
+		recorder:              recorder,
+	}
+	return queue
+}
+
+func (q *DeletionQueue) Name() string {
+	return "deletion-queue"
+}
+
+func (q *DeletionQueue) Builder(_ context.Context, m manager.Manager) controller.Builder {
+	return controller.NewSingletonManagedBy(m)
+}
+
+// Add adds pods to the Queue
+func (q *DeletionQueue) Add(pods ...*v1.Pod) {
+	for _, pod := range pods {
+		if nn := client.ObjectKeyFromObject(pod); !q.Set.Contains(nn) {
+			q.Set.Add(nn)
+			q.RateLimitingInterface.Add(nn)
+		}
+	}
+}
+
+func (q *DeletionQueue) Reconcile(ctx context.Context, _ reconcile.Request) (reconcile.Result, error) {
+	// Check if the queue is empty. client-go recommends not using this function to gate the subsequent
+	// get call, but since we're popping items off the queue synchronously, there should be no synchonization
+	// issues.
+	if q.Len() == 0 {
+		return reconcile.Result{RequeueAfter: 1 * time.Second}, nil
+	}
+	// Get pod from queue. This waits until queue is non-empty.
+	item, shutdown := q.RateLimitingInterface.Get()
+	if shutdown {
+		return reconcile.Result{}, fmt.Errorf("EvictionQueue is broken and has shutdown")
+	}
+	nn := item.(types.NamespacedName)
+	defer q.RateLimitingInterface.Done(nn)
+
+	if q.Delete(ctx, nn) {
+		q.RateLimitingInterface.Forget(nn)
+		q.Set.Remove(nn)
+		return reconcile.Result{RequeueAfter: controller.Immediately}, nil
+	}
+	// Requeue pod if delete failed
+	q.RateLimitingInterface.AddRateLimited(nn)
+	return reconcile.Result{RequeueAfter: controller.Immediately}, nil
+}
+
+// Delete returns true if successful delete call, and false if there was an error
+func (q *DeletionQueue) Delete(ctx context.Context, nn types.NamespacedName) bool {
+	ctx = logging.WithLogger(ctx, logging.FromContext(ctx).With("pod", nn))
+	if err := q.coreV1Client.Pods(nn.Namespace).Delete(ctx, nn.Name, metav1.DeleteOptions{}); err != nil {
+		if apierrors.IsNotFound(err) { // 404
+			return true
+		}
+		logging.FromContext(ctx).Errorf("deleting pod, %s", err)
+		return false
+	}
+	q.recorder.Publish(terminatorevents.DeletePod(&v1.Pod{ObjectMeta: metav1.ObjectMeta{Name: nn.Name, Namespace: nn.Namespace}}))
+	return true
+}
+
+func (q *DeletionQueue) Reset() {
+	q.RateLimitingInterface = workqueue.NewRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(evictionQueueBaseDelay, evictionQueueMaxDelay))
+	q.Set = set.NewSet()
+}
diff --git a/pkg/controllers/node/termination/terminator/events/events.go b/pkg/controllers/node/termination/terminator/events/events.go
@@ -34,6 +34,16 @@ func EvictPod(pod *v1.Pod) events.Event {
 	}
 }
 
+func DeletePod(pod *v1.Pod) events.Event {
+	return events.Event{
+		InvolvedObject: pod,
+		Type:           v1.EventTypeNormal,
+		Reason:         "Deleted",
+		Message:        "Deleted pod",
+		DedupeValues:   []string{pod.Name},
+	}
+}
+
 func NodeFailedToDrain(node *v1.Node, err error) events.Event {
 	return events.Event{
 		InvolvedObject: node,