machine pool surge, max unavailable and instance delete

[devigned]

What type of PR is this?
/kind feature

What this PR does / why we need it:
This PR introduces API changes to AzureMachinePool to enable users of CAPZ to perform safe, fast rolling upgrades building off of #1067. In this change set MaxSurge and MaxUnavailable fields are introduced to the AzureMachinePool spec.

• MaxSurge enables machine pools to over-provision machines, increase the number of machines above the desired count, during an upgrade, which would allow faster upgrades at the cost of Azure compute core quota.
• MaxUnavailable enables one to specify how many nodes must be available during a rolling upgrade.
• Instance delete enables an individual to delete Azure Machine Pool Machines individually and controller initiated node drain. As part of the instance delete / node drain state tracking for AzureMachinePoolMachines, it is advantageous to track state on these resources individually. That is why in the PR, the AzureMachinePool.Status.Instances array is removed in favor of AzureMachinePoolMachine resources.
• Node drain will be completed in a subsequent PR

⚠️ Breaking out AzureMachinePool instances into individual AzureMachinePoolMachine resources will be a breaking change in the experimental API.

This PR is work in progress. Please provide early feedback.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #819

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

Introduce maxUnavailable and maxSurge to `AzureMachinePool` and remove `AzureMachinePool.Status.Instances` in favor of representing machine pool machines as individual resources of type `AzureMachinePoolMachine`. This is a breaking change to the experimental API.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign devigned after the PR has been reviewed.
You can assign the PR to them by writing /assign @devigned in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[devigned]

I should probably pull this out into another PR, but what's 1 line on 4k+ 😞

[devigned]

This wraps the AzureMachinePool and AzureMachinePoolMachine reconcilers so that they debounce, the reconcilers rate limit the incoming events so they only do so many within a window of time to not overwhelm Azure API limits.

There is no good way to do this in controller-runtime. I'll intro a proposal over there for middleware or incoming rate limiting.

[devigned]

Thought we should be explicit about image defaulting. This enables users to use default image versions for K8s versions specified on MachinePools while being safe to specify their own without updates to MachinePools overriding their image reference.

[fiunchinho]

This sounds like a good idea. Should these AzureDefaultingImage changes be part of a different PR instead?

[devigned]

This contains the logic for selecting machines to delete when over-provisioned or upgrading. The AzureMachinePool informs the AzureMachinePoolMachine to delete and the AzureMachinePoolMachine is expected to safely remove itself from the pool.

[devigned]

This contains the logic to compare the state of Azure VMSS with the state of AzureMachinePool(Machine)s. If a machine exists in Azure, a AzureMachinePoolMachine is created. If an AzureMachinePoolMachine exists, but doesn't have an Azure counterpart, it is asked to delete. At the end, the upgrade / over-provision state is evaluated and machines can be deleted if the state requires.

[devigned]

@nader-ziada and @CecileRobertMichon I believe this PR is now ready for review. I'm so sorry of the enormity of the change set. With that in mind, I'm going to introduce AzureMachinePoolMachine cordon and drain functionality to a subsequent PR.

One design aspect I've vacillated on is how to represent MaxSurge and MaxUnavailable. Right now, they are on the top level spec for AzureMachinePool. Would it be better to use a rollout strategy structure similar to (or the same type as) kubernetes-sigs/cluster-api#4073?

[CecileRobertMichon]

@devigned I've been thinking about this and I think we need a proposal to explain what this does, why, what future work is planned and what alternatives were considered (and why they don't work). This is a pretty big PR and it's not obvious why we're doing upgrade this way, so we should document it for the record.

Also, it can serve as developer-facing documentation once the feature is merged. What do you think?

[nader-ziada]

I went through the changes and it all makes sense, but I have a comment about the structure of the code, the main logic that figures out what machines to create/delete is in the scope instead of in the controller, even setting the conditions, which is different that how we have done things in other places, was this by design?

[devigned]

I went through the changes and it all makes sense, but I have a comment about the structure of the code, the main logic that figures out what machines to create/delete is in the scope instead of in the controller, even setting the conditions, which is different that how we have done things in other places, was this by design?

It was a conscious decision. It was a bit of an experiment to see how it would turn out.

• Scope should be responsible for updating the K8s state upon closing the scope.
• Controller / Reconciler is responsible for creating the Scope, calling services, responding to errors in reconciliation, and closing the Scope.
• Services are responsible for manipulating external state and updating the Scope with the external state.

That was a perceptive review. Thank you. WDYT?

[k8s-ci-robot]

@devigned: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[nader-ziada]

• Scope should be responsible for updating the K8s state upon closing the scope.
• Controller / Reconciler is responsible for creating the Scope, calling services, responding to errors in reconciliation, and closing the Scope.
• Services are responsible for manipulating external state and updating the Scope with the external state.

That was a perceptive review. Thank you. WDYT?

I don't feel strongly about it, but I expected the controller / reconciler to be responsible for also updating the status on the k8s resources, which would include setting the condition.

[fiunchinho]

Suggested change

	ctx, span := tele.Tracer().Start(ctx, "scalesets.Service.Reconcile")
	ctx, span := tele.Tracer().Start(ctx, "scalesetvms.Service.Reconcile")

[fiunchinho]

This needs to be changed. Maybe something like "Reconcile fetches the latest data about the scaleset instance".

[fiunchinho]

Suggested change

	// ScaleSetVMScope defines the scope interface for a scale sets service.
	// ScaleSetVMScope defines the scope interface for a scaleset vms service.

[fiunchinho]

Suggested change

	ctx, span := tele.Tracer().Start(ctx, "scalesets.Service.Delete")
	ctx, span := tele.Tracer().Start(ctx, "scalesetvms.Service.Delete")

[fiunchinho]

Suggested change

	// AzureMachinePoolToAzureMachinePoolMachines maps an AzureMachinePool to it's child AzureMachinePoolMachines through
	// AzureMachinePoolToAzureMachinePoolMachines maps an AzureMachinePool to its child AzureMachinePoolMachines through

[fiunchinho]

In this case Defaulted means not only that the value was defaulted but that the Image will be managed by the controller. What do you think about calling this field Managed instead? IMHO the word better conveys the behavior. I believe managed is also how we refer to resources managed by the controllers in the code base.

[fiunchinho]

Suggested change

	WithEventFilter(predicates.ResourceNotPaused(log)). // don't queue reconcile if resource is paused
	WithEventFilter(predicates.ResourceNotPausedAndHasFilterLabel(ctrl.LoggerFrom(ctx), r.WatchFilterValue)).

[fiunchinho]

Suggested change

	func NewAzureMachinePoolMachineController(c client.Client, log logr.Logger, recorder record.EventRecorder, reconcileTimeout time.Duration) *AzureMachinePoolMachineController {
	return &AzureMachinePoolMachineController{
	Client: c,
	Log: log,
	Recorder: recorder,
	ReconcileTimeout: reconcileTimeout,
	reconcilerFactory: newAzureMachinePoolMachineReconciler,
	}
	}
	func NewAzureMachinePoolMachineController(c client.Client, log logr.Logger, recorder record.EventRecorder, reconcileTimeout time.Duration, watchFilterValue string) *AzureMachinePoolMachineController {
	return &AzureMachinePoolMachineController{
	Client: c,
	Log: log,
	Recorder: recorder,
	ReconcileTimeout: reconcileTimeout,
	reconcilerFactory: newAzureMachinePoolMachineReconciler,
	WatchFilterValue: watchFilterValue,
	}
	}

[fiunchinho]

Suggested change

	ReconcileTimeout time.Duration
	ReconcileTimeout time.Duration
	WatchFilterValue string

[fiunchinho]

seems like the comment got truncated

[fiunchinho]

The maxSurge field in the k8s Deployment object accepts an absolute number but also a percentage. Should we support percentage as well? I believe it improves the UX as the user doesn't have to adapt the maxSurge value when scaling up/down their VMSS. If we decide to support percentages, that would mean changing the type of the field.

[fiunchinho]

Oh actually the proposal talks about both absolute numbers and percentages.

[fiunchinho]

Suggested change

	// DeleteAsync is the operation to delete a virtual machine scale set asynchronously. DeleteAsync sends a DELETE
	// DeleteAsync is the operation to delete a virtual machine scale set vm asynchronously. DeleteAsync sends a DELETE

[fiunchinho]

Suggested change

	// vmssName - the name of the VM scale set to create or update. parameters - the scale set object.
	// vmssName - the name of the VM scale set to create or update. parameters - the scale set object.
	// instanceID - the ID of the VM scale set VM.

[fiunchinho]

Suggested change

	ctx, span := tele.Tracer().Start(ctx, "scalesets.AzureClient.DeleteAsync")
	ctx, span := tele.Tracer().Start(ctx, "scalesetvms.AzureClient.DeleteAsync")

[fiunchinho]

Suggested change

	ctx, span := tele.Tracer().Start(ctx, "scalesets.AzureClient.Get")
	ctx, span := tele.Tracer().Start(ctx, "scalesetvms.AzureClient.Get")

[devigned]

I'm going to close this PR and open a new PR with an updated branch based off or the proposal in #1191. I think it will help us to apply fresh eyes and a clean slate.

/close

[k8s-ci-robot]

@devigned: Closed this PR.

Details

In response to this:

I'm going to close this PR and open a new PR with an updated branch based off or the proposal in #1191. I think it will help us to apply fresh eyes and a clean slate.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.