Skip to content

Under certain conditions, a DeleteSnapshot will never get issued for a deleted volumesnapshot #1258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
akalenyu opened this issue Dec 23, 2024 · 8 comments
Open

Under certain conditions, a DeleteSnapshot will never get issued for a deleted volumesnapshot #1258

akalenyu opened this issue Dec 23, 2024 · 8 comments

Comments

@akalenyu
Copy link
Contributor

What happened:
Some race that I have yet to figure out will cause the sidecar controller to opt out of sending a
DeleteSnapshot and thus the volumesnapshot/content to stay pending in deletion indefinitely
(including waiting out the resync period)

What you expected to happen:
volumesnapshot/content requeued on some condition so eventually deleted properly

How to reproduce it:
seems tough, but something along the lines of quickly deleting a recently created snapshot

apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  annotations: ...
  creationTimestamp: 2024-12-23T08:01:21Z
  deletionGracePeriodSeconds: 0
  deletionTimestamp: 2024-12-23T08:01:34Z
  finalizers:
    - snapshot.storage.kubernetes.io/volumesnapshot-bound-protection
  generation: 2
  labels: ...
spec:
  source:
    persistentVolumeClaimName: ...
  volumeSnapshotClassName: ocs-...
status:
  boundVolumeSnapshotContentName: snapcontent-...
  readyToUse: false

Anything else we need to know?:

Environment:

  • Driver version:
  • Kubernetes version (use kubectl version):
  • OS (e.g. from /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools:
  • Others:
@akalenyu akalenyu mentioned this issue Dec 23, 2024
Open
@xing-yang
Copy link
Collaborator

Can you show the details of the VolumeSnapshotContent in this case?

@akalenyu
Copy link
Contributor Author

akalenyu commented Dec 23, 2024
edited
Loading

I actually had it backed up:

apiVersion: snapshot.storage.k8s.io/v1
  kind: VolumeSnapshotContent
  metadata:
    annotations:
      snapshot.storage.kubernetes.io/deletion-secret-name: ...
      snapshot.storage.kubernetes.io/deletion-secret-namespace: ...
      snapshot.storage.kubernetes.io/volumesnapshot-being-deleted: "yes"
    creationTimestamp: "2024-12-23T08:01:21Z"
    deletionGracePeriodSeconds: 0
    deletionTimestamp: "2024-12-23T08:01:34Z"
    finalizers:
    - snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection
    generation: 2
    name: snapcontent-...
...
  spec:
    deletionPolicy: Delete
    driver: openshift-storage.rbd.csi.ceph.com
    source:
      volumeHandle: ...
    sourceVolumeMode: Block
    volumeSnapshotClassName: ocs-...
    volumeSnapshotRef:
      apiVersion: snapshot.storage.k8s.io/v1
      kind: VolumeSnapshot
      name: ...
      namespace: ...
...
  status:
    creationTime: 1734940895115234196
    readyToUse: true
    restoreSize: 32212254720
    snapshotHandle: ...

Actually, now that I think about it some more, it's possible #1259 fixes this even without waiting out the entire resync period
(Since some things like status changes don't result in a requeue)

@xing-yang
Copy link
Collaborator

Please provide logs if deletion does not happen.

@akalenyu
Copy link
Contributor Author

Please provide logs if deletion does not happen.

I'll try to reproduce and increase verbosity. Which value should I set it to?

Actually, now that I think about it some more, it's possible #1259 fixes this even without waiting out the entire resync period
(Since some things like status changes don't result in a requeue)

Does this theory make sense?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 23, 2025
@akalenyu
Copy link
Contributor Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 23, 2025
@akalenyu
Copy link
Contributor Author

Please provide logs if deletion does not happen.

I'll try to reproduce and increase verbosity. Which value should I set it to?

Actually, now that I think about it some more, it's possible #1259 fixes this even without waiting out the entire resync period
(Since some things like status changes don't result in a requeue)

Does this theory make sense?

@xing-yang I think the theory is correct, the PR should be ready for review

@ConnorJC3 ConnorJC3 mentioned this issue May 20, 2025
Open
@ConnorJC3
Copy link
Contributor

ConnorJC3 commented May 20, 2025
edited
Loading

I've been helping try to chase down what I suspect is either this bug or some variation on it.

As I see it, there's 2 parts to this:

1) For some reason, the csi-snapshotter sidecar fails to perform an initial delete call

I think the flow looks something like this:

  1. A create is ongoing - the content has the VolumeSnapshotBeingCreated annotation
  2. The VolumeSnapshotContent is deleted - this delete is (correctly) rejected as the snapshot is still being created in shouldDelete
  3. In a CreateSnapshot call the CSI Driver returns a ReadyToUse state of true
  4. In checkandUpdateContentStatus, storeContentUpdate returns an error for whatever reason (most likely is that it happened to race with another update to the content)
  5. checkandUpdateContentStatus returns !contentIsReady(contentObj) for requeue - because the content just became ready to use, this means it will return false in this case
  6. The content is therefore not requeued
  7. The update to the content's status is (correctly) discarded at the informer level as it is an update the sidecar itself initiated
  8. We're now in a state where the snapshot needs to be deleted, but wasn't requeued

My theory is that changing the requeue return to something like !contentIsReady(contentObj) || contentObj.DeletionTimestamp != nil would solve this problem by requeuing snapshots that are marked for deletion and just finished creating. However, I'm still trying to get a working repro case and confirm my above theory of what's going on.

2) Resync is broken in the sidecar for VolumeSnapshotContent objects

Normally, even with the above bug from 1) - the VolumeSnapshotContent should get requeued after the resync period (default 15 minutes), and at that point the sidecar will realize it needs to make a DeleteSnapshot call. However, due to a mistake that was missed in #1009 no VolumeSnapshotContent resyncs ever occur.

I've submitted a PR (#1302) to fix this that uses a similar mechanism to how the external-attacher handles this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xing-yang @ConnorJC3 @k8s-ci-robot @akalenyu @k8s-triage-robot