Skip to content

filter out inactive negs in isZoneChange #2989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

filter out inactive negs in isZoneChange #2989

wants to merge 1 commit into from
+14 −0

Conversation

@midavadim
Copy link
Contributor

@midavadim midavadim commented Sep 22, 2025
edited
Loading

  1. Upgrade Starts: The E2E test triggers the cluster upgrade. The node in us-central1-a is cordoned and becomes temporarily NotReady.
  2. Controller Restarts: The NEG controller pod is rescheduled onto the new, upgraded master.
  3. The Race Condition: The new controller starts up and immediately runs a sync loop. Crucially, this happens in the small time window when the node is still NotReady.
  4. Incorrect State Detection: The controller's syncInternal() logic queries for the current state of the cluster. Since the only node is NotReady, the zoneGetter reports that there are zero active nodes in us-central1-a.
  5. NEG Marked INACTIVE: The controller compares the current state (zero active nodes) with the pre-upgrade state (one active NEG in us-central1-a). It concludes that the zone is no longer active and correctly, based on this limited information, patches the ServiceNetworkEndpointGroup CR to set the NEG's state to INACTIVE.
  6. Node Becomes Ready: A moment later, the node finishes its upgrade and becomes Ready.
  7. The Bug is Exposed: On the next sync, the controller should see that us-central1-a is active again and switch the NEG back to ACTIVE. This is where it fails. The isZoneChange() function, which is supposed to detect this, has a flaw. It checks the zones of all NEGs in the CR status, including INACTIVE ones.
  • existingZones from the CR status is {"us-central1-a"} (from the INACTIVE NEG).
  • currZones from the now-ready node is {"us-central1-a"}.
    The function sees no difference ({"us-central1-a"} == {"us-central1-a"}) and returns false.
  1. Stuck State: Because isZoneChange() returns false, the controller doesn't trigger the reconciliation logic needed to switch the NEG back to ACTIVE. The test waits for an active NEG, which never happens, and times out.

Solution

This is why the proposed change to isZoneChange is so critical. By making it ignore INACTIVE NEGs, it can correctly detect the transition from "no active zones" to "one active zone," triggering the necessary reconciliation to bring the NEG back to an ACTIVE state and fix the load balancer.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 22, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Sep 22, 2025

Hi @midavadim. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 22, 2025
@midavadim
Copy link
Contributor Author

midavadim commented Sep 22, 2025

/assign @swetharepakula

@midavadim
Copy link
Contributor Author

midavadim commented Sep 22, 2025

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 22, 2025
@midavadim
Copy link
Contributor Author

midavadim commented Sep 22, 2025

@swetharepakula please check if provided update looks fine for you and can fix this problem. If yes I will proceed with testing

@swetharepakula
Copy link
Member

swetharepakula commented Sep 22, 2025

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 22, 2025
@midavadim midavadim force-pushed the filter_inactive_nodes_in_isZoneChange branch from 05c2c6f to 26da96a Compare October 10, 2025 10:23
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 10, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: midavadim
Once this PR has been reviewed and has the lgtm label, please ask for approval from swetharepakula. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@midavadim midavadim force-pushed the filter_inactive_nodes_in_isZoneChange branch from 26da96a to 259298b Compare October 10, 2025 10:28
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 10, 2025
@midavadim
Copy link
Contributor Author

midavadim commented Oct 10, 2025

@swetharepakula

I have added unittest for this update.
So we can proceed with review.
Please let me know if you are fine with this update.

@midavadim
Copy link
Contributor Author

midavadim commented Oct 16, 2025

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 16, 2025
swetharepakula
swetharepakula reviewed Nov 13, 2025
View reviewed changes
pkg/neg/syncers/transaction_test.go
refs = append(refs, neg)
}
if tc.negCRStateInactive {
refs[0].State = negv1beta1.InactiveState
Copy link
Member

@swetharepakula swetharepakula Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make all of the NEGs inactive instead of just 1?

This makes the what the flag does consistent. Otherwise, it is a little non-obvious that we are only affecting the first one to be inactive.

Or I would change negCRStateInactive to be instead be a list of zones where inactive negs exist. And we can make the refs considering that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aojea aojea Awaiting requested review from aojea

@sawsa307 sawsa307 Awaiting requested review from sawsa307

1 more reviewer

@swetharepakula swetharepakula swetharepakula left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@swetharepakula swetharepakula

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@midavadim @k8s-ci-robot @swetharepakula