Add PersistVolumne Support

[rjtsdl]

Successor of #1695

Copy the plan:

• add PVC for etcd pod (Add PersistVolumne Support #1861)
• handle node restart case
  Behavior: first, it will has the eviction behavior. After that, when the nodes back. The Unknown pod(s) would disappear in the pod list.
• handle node partition case
• handle node eviction case
  Behavior: the pod(s) scheduled on the evicted node will become Unknown after a certain period. Then another pod(s) will be scheduled on the healthy nodes to reach the desired replica count. The Unknown will not disappear though.

[etcd-bot]

Can one of the admins verify this patch?

[etcd-bot]

Can one of the admins verify this patch?

[etcd-bot]

Can one of the admins verify this patch?

[xiang90]

/cc @msohn @georgekuruvillak

Can you guys also help on this PR.

As a side note, I noticed the SAP fork of etcd operator. Now etcd operator can already work with swift through its s3 compatible API. We want to get PV in.

We want to put some love in the project to move everyone back to upstream.

[hongchaodeng]

@etcd-bot ok to test

[rjtsdl]

@hongchaodeng , can you explain a bit, what is the node partition case?
For other cases, i have tested, and documented the behavior in the description. Check if it makes sense.

[brendandburns]

LGTM.

[xiang90]

@rjtsdl

i have not really looked into the code. but want to mention that if PV is enabled, etcd operator should

1. always use write once mode to avoid two pods use the same etcd metadata. this can happen if k8s thinks a node is dead (however it is not) and creates a pod on some other node.
2. disable disaster detection. even if there is 1 out of 3 pods left there (or even 0/3 pods), the data is on PV. we can just wait for the other two member comes back with data.

[hongchaodeng]

Can you remove the changes related to AutomountServiceAccountToken?
This PR should be about PersistentVolumeClaimSpec.

[rjtsdl]

Sure thing

[hongchaodeng]

remove blank line

[hongchaodeng]

This changes aren't needed?

[rjtsdl]

It is taken care by function AddEtcdVolumeToPod in the same file.

[hongchaodeng]

Sorry. I don't understand your comment?
Why add this change here?

[rjtsdl]

Here is

func AddEtcdVolumeToPod(pod *v1.Pod, pvc *v1.PersistentVolumeClaim) {
	vol := v1.Volume{Name: etcdVolumeName}
	if pvc != nil {
		vol.VolumeSource = v1.VolumeSource{
			PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{ClaimName: pvc.Name},
		}
	} else {
		vol.VolumeSource = v1.VolumeSource{EmptyDir: &v1.EmptyDirVolumeSource{}}
	}
	pod.Spec.Volumes = append(pod.Spec.Volumes, vol)
}

If it is not PV, it will just append the EmptyDir.

[hongchaodeng]

I still don't understand it.
Why is this related to PV or emptyDir? This is what I saw on this PR on github:

	if cs.Pod != nil {
		container = containerWithRequirements(container, cs.Pod.Resources)
	}

It only deals with resources.

[rjtsdl]

Ah, i thought you are asking line 267 & 268.

This line I don't think it has anything to do with this PR scope. It was there mostly because of my cherry pick from the old PR.

I do think it is a nice thing to have. But not belong to this PR's scope. I can remove it though

[hongchaodeng]

Please remove this.
It's duplicate. Resource requirements/pod policy are applied outside this func:

etcd-operator/pkg/util/k8sutil/k8sutil.go

Line 338 in 7880638

applyPodPolicy(clusterName, pod, cs.Pod)

[xiang90]

@rjtsdl

it seems that this PR only adds the PV as the non-stable storage (same as empty dir) for etcd pod, not use PV as a stable storage?

if we consider PV as stable storage, we should not add/remove members if the size field is not changed. if one pod dies, we should create another pod with the same FQDN + PV. no member changes need to be involved. when size is changed, we need to add/remove member as before.

[rjtsdl]

@xiang90 you are right. It is treated as non-stable storage. We should make it as a stable storage.

[xiang90]

@rjtsdl

i am fine marking this as alpha which uses PV as temp storage. then we can iterate on it.

[hongchaodeng]

@rjtsdl
Let me clarify the four points in the plan:

• 1. Add PVC for etcd pod. This is basically what is achieved in this PR.
• 2. When node restart happens, current etcd pods would fail and won't come up anymore. This PR DOES NOT handle it. Besides changing the restart policy to "Always", following cases need be addressed:
  • 2.1. kubelet couldn't report to master and node would become "unready". etcd-operator would need to tolerate this case for some period of time. If node restarts and then etcd pods restarts and everything turns to healthy state, then etcd-operator wouldn't do anything. Otherwise, etcd-operator needs to take the nodes and thus etcd pods on it as unhealthy and do healing.
  • 2.2. Precious case assumes etcd pods still exist. If not, e.g. evicted, we will handle it like case 4.
• 3. If node partition happens, it could encounter case 2.1 that node would become "unready" and case 2.2 that etcd pods get deleted. The solution applies the same. But we need to think about and test this case.
• 4. Node eviction happens, and etcd pods get deleted. Let's assume PV are still there. In this case, etcd-operator should have the knowledge of current membership and reschedule the "failed" members onto healthy nodes, and mount its corresponding PV back, and then everything should be fine because network and storage are still the same.

[hongchaodeng]

No need to change this?

[rjtsdl]

It is updated automatically after I ran update_vendor.sh. Do I need to revert?

[hongchaodeng]

yes

[xiang90]

When node restart happens, current etcd pods would fail and won't come up anymore.

it is unfair to say this PR does not handle it. this PR adds PV as non-stable storage.

if the node goes down, the operator will still remove the member and add a new one as the empty-dir case, no?

[hongchaodeng]

I'm fine to use it to replace ephemeral storage initially.

[xiang90]

I'm fine to use it to replace ephemeral storage initially.

just to be clear. not to replace current ephemeral storage, but another ephemeral storage options besides current empty-dir, right? eventually we should make PV a stable storage option.

[hongchaodeng]

@xiang90
Yes. That's the plan in #1323 (comment) which is explained above. Those items are expected to be solved one by one.

[rjtsdl]

That would be awesome. I will address comments, then we can merge it as initial step.

[xiang90]

please add doc string on public method.

[xiang90]

please add doc string on public method.

[xiang90]

please add doc string on public method.

[xiang90]

please add doc string on public method.

[xiang90]

complete the comment?

[xiang90]

lgtm defer to @hongchaodeng

[xiang90]

Please mention that this field is alpha, and not use PV as stable storage as it should yet.

[hongchaodeng]

PVCNameFromMemberName -> PVCNameFromMember

[hongchaodeng]

I still don't understand it.
Why is this related to PV or emptyDir? This is what I saw on this PR on github:

	if cs.Pod != nil {
		container = containerWithRequirements(container, cs.Pod.Resources)
	}

It only deals with resources.

[hongchaodeng]

revert this. It is not related to this PR.

[rjtsdl]

I need to delete AutomountServiceAccountToken . That is basically all the change here.

[hongchaodeng]

I need to delete AutomountServiceAccountToken

What's the reason for it?

[rjtsdl]

Because we want to

Can you remove the changes related to AutomountServiceAccountToken?
This PR should be about PersistentVolumeClaimSpec.

The comment from your previous review.

[hongchaodeng]

Can you explain why AutomountServiceAccountToken is related to PV?

[rjtsdl]

I just get it back.

I deleted it while I was trying to remove changes to AutomountServiceAccountToken. Apparently, it shouldn't be removed here.

[hongchaodeng]

lgtm after nit

[hongchaodeng]

Please remove this.
It's duplicate. Resource requirements/pod policy are applied outside this func:

etcd-operator/pkg/util/k8sutil/k8sutil.go

Line 338 in 7880638

applyPodPolicy(clusterName, pod, cs.Pod)

[rjtsdl]

@hongchaodeng thx for explaining. Removed the line.

[hongchaodeng]

Thanks everyone!
Especially @sgotti for the initiate and @rjtsdl for the finish!