✨Support draining unready nodes

[hypnoglow]

What this PR does / why we need it:
Adds support for draining unready nodes.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1870

[k8s-ci-robot]

Hi @hypnoglow. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ncdc]

/ok-to-test

FYI @michaelgugino

[hypnoglow]

@michaelgugino @ncdc Does this PR covers the issue? Is anything missing?

[hypnoglow]

/retest

[k8s-ci-robot]

@hypnoglow: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-cluster-api-e2e	1dc0442	link	/test pull-cluster-api-e2e

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[enxebre]

shouldn't this be checking the node is unreachable instead?

[hypnoglow]

Could you please elaborate? The issue stated about "unready" node. How do we want to check if the node is unreachable?

[ncdc]

I don't believe there is any way for Cluster API to evaluate a node's reachability other than by looking at the conditions of the node in the workload cluster. Or am I missing something?

@michaelgugino @vincepri would we want to always set drainer.SkipWaitForDeleteTimeoutSeconds, or only if certain node conditions are set?

[enxebre]

This feature comes in handy when the node is unreachable, see https://kubernetes.io/docs/concepts/architecture/nodes/.
In some cases when the node is unreachable, the apiserver is unable to communicate with the kubelet on the node. The decision to delete the pods cannot be communicated to the kubelet until communication with the apiserver is re-established. In the meantime, the pods that are scheduled for deletion may continue to run on the partitioned node.
#1870 (comment)

I believe we can assume this when the nodeReady status [1] is unknown [2].

[1] https://github.com/kubernetes-sigs/cluster-api/blob/master/controllers/noderefutil/util.go#L62-L67
[2] https://github.com/kubernetes/api/blob/master/core/v1/types.go#L2318

[ncdc]

100% agree with what you wrote, but I'm not clear if this is something we should always set, or only when the ready status is unknown?

[ncdc]

@enxebre did you see my last question?

[enxebre]

I think I'd be in favour of setting the flag only when the kubelet status is unknown as we deliberately want to let draining move forward in such scenario. It seems safe to let any other unknown scenario where this might happen be visible by blocking draining for now.

[hypnoglow]

I've updated the PR to check if node ready status is "Unknown" instead of "not True". Please check if this matches what we have discussed.

[chuckha]

/test pull-cluster-api-capd-e2e

[ncdc]

I'm not sure we need this check. It should only ever be called with a valid node.

[ncdc]

/assign @enxebre @michaelgugino

[k8s-ci-robot]

@ncdc: GitHub didn't allow me to assign the following users: enxebre.

Note that only kubernetes-sigs members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @enxebre @michaelgugino

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ncdc]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hypnoglow, ncdc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ncdc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[enxebre]

We should probably include a logging message here e.g "This node is unreachable, draining will wait for pod deletion during skipWaitForDeleteTimeoutSeconds after the request and will skip otherwise." cc @ncdc @alexander-demichev @hypnoglow

[alexander-demicev]

I can open a PR if everyone is ok with the change.

[detiber]

Do we want this to be something end users are aware of? If so, I would suggest an Event in addition to the log message.

[riking]

The shouldSkipPod function doesn't seem like it takes into account nodes that come back or become unhealthy during the drain. Additionally, I'm pretty sure that kubelet updates the DeletionTimestamp multiple times while evicting a pod.