Force timeout nodeunstagevolume

[davis-haba]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change

/kind bug

/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

Adds a 30 second timeout to NodeUnstageVolume. If a device has been in use for longer than 30 seconds, the next NodeUnstageVolume attempt to succeed.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

2 CMEK E2E tests are failing locally, but I believe this is due to test setup issues, as this change is entirely unrelated to CMEK.

Does this PR introduce a user-facing change?:

NONE

[k8s-ci-robot]

Welcome @davis-haba!

It looks like this is your first PR to kubernetes-sigs/gcp-compute-persistent-disk-csi-driver 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gcp-compute-persistent-disk-csi-driver has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @davis-haba. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[davis-haba]

/cc @pwschuurman

[davis-haba]

/test all

[k8s-ci-robot]

@davis-haba: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[davis-haba]

/ok-to-test

[k8s-ci-robot]

@davis-haba: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/ok-to-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mattcary]

/ok-to-test

I'll let @pwschuurman comment on the PR.

[pwschuurman]

/ok-to-test

[davis-haba]

/retest

[davis-haba]

/retest

[pwschuurman]

I think this should succeed, right?

[davis-haba]

Yea, unless I'm missing something, it does succeed. Expects err to be nil.

[davis-haba]

/retest

[pwschuurman]

I think the boolean flag should bypass the "device in use" check entirely, and be renamed enable-device-in-use-check-on-node-unstage. I don't see much value in having a boolean for using the timeout or not (eg: if a user really wants a disable the timeout, they can set device-in-use-timeout to infinity). I think the value of the switch more for users where the device in use check is blocking NodeUnstage due to the way /sys/fs/ is reacting, and wants to skip in entirely, for all disks.

In retrospect, this is something that I should have added in #1658, to allow the feature to be turned off.

[davis-haba]

Ah, I see what you mean. Fixed --the confirmDeviceUnused in node.go will now always return nil if the flag is true.

[pwschuurman]

There are some edge cases if a NodeUnstage that gets skipped due to force detach, or manual intervention. I don't know how often these could occur, and I think generally they're just theoretical problems:

1. A pre-existing old deviceInUse, resulting in the device in use signal being ignored. I'm less concerned about this one, as worst case it wouldn't block a user's workload, and this is a best effort deviceInUse check. We could solve this with a TTL cache, but I don't see an existing reference implementation we could easily use.
2. Device entries growing unbounded, if there are new unique volume IDs being added every now and then, and NodeUnstage gets skipped. In GCE the maximum number of concurrent disks is 128, so we could set a maximum cache entry to something larger, say 256 or 512 to bound the growth. This would allow for a fresh set of ~128 concurrent disks with room for some overlap. We could solve this with a LRU cache (github.com/hashicorp/golang-lru).

[davis-haba]

I implemented the LRU cache you suggested to address point 2.

Regarding point 1, it looks the library you mentioned also has a cache that will auto-expire keys (e.g. TTL): https://github.com/hashicorp/golang-lru?tab=readme-ov-file#expirable-lru-cache-example

Do we want to use this? What would a reasonable TTL be? maybe deviceInUseTimeout * 2?

[pwschuurman]

Do we want to use this? What would a reasonable TTL be? maybe deviceInUseTimeout * 2?

Yeah, that seems reasonable.

[davis-haba]

Thanks. I added the exirable cache.
c := expirable.NewLRU[string, time.Time](maxDeviceCacheSize, nil, timeout*2)

[davis-haba]

/retest

[pwschuurman]

Wouldn't the cache hold the first error time, rather than the last? Maybe rename this to indicate something like "first time error encountered".

[davis-haba]

Yes, good call. Renamed to firstEncounteredErrTime.

[pwschuurman]

Might be more readable to compare Time objects with After()

expirationTime := lastErrTime.Add(devErrMap.timeout)
return exists && currentTime().After(expirationTime)

[davis-haba]

Done

[davis-haba]

/retest

[davis-haba]

/retest

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davis-haba, pwschuurman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [pwschuurman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@davis-haba: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-gcp-compute-persistent-disk-csi-driver-kubernetes-integration	f15a491	link	true	/test pull-gcp-compute-persistent-disk-csi-driver-kubernetes-integration

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[davis-haba]

/retest

[pwschuurman]

/lgtm