Add ClusterClaim deletion validator

[luolanzone]

1. Refine ClusterClaim webhook and add deletion validator to deny deletion
   if there is any ClusterSet referring to the ClusterClaim.
2. Move status data initialization from leader ClusterSet controller to
   MemberClusterAnnounce controller and simplify the status:

• When the MemberClusterAnnounce is created, the Ready status will be
  True and Reason will be Connected.
• When the MemberClusterAnnounce is not updated in the agreed period,
  the Ready status will be false and Reason will be Disconnected.
• When the MemberClusterAnnounce is updated after Disconnected, the Ready
  status will be reset to true and Reason will be Connected, and
  lastUpdateTime will also be reset.
• When the MemberCLusterAnnounce is deleted, the corresponding status
  will be removed.

Signed-off-by: Lan Luo luola@vmware.com

[luolanzone]

/test-multicluster-e2e

[codecov]

Codecov Report

Merging #4062 (25c10a9) into main (024254d) will increase coverage by 0.49%.
The diff coverage is 84.39%.

@@            Coverage Diff             @@
##             main    #4062      +/-   ##
==========================================
+ Coverage   67.51%   68.00%   +0.49%     
==========================================
  Files         297      310      +13     
  Lines       44988    45477     +489     
==========================================
+ Hits        30373    30928     +555     
+ Misses      12238    12125     -113     
- Partials     2377     2424      +47     

Flag	Coverage Δ
e2e-tests	58.46% <59.57%> (?)
integration-tests	35.47% <23.25%> (+0.10%)	⬆️
kind-e2e-tests	50.03% <ø> (-0.74%)	⬇️
unit-tests	44.28% <71.63%> (-0.03%)	⬇️

Impacted Files	Coverage Δ
...luster-controller/memberclusterannounce_webhook.go	63.33% <ø> (+8.33%)	⬆️
...llers/multicluster/member_clusterset_controller.go	75.87% <ø> (+2.07%)	⬆️
...md/multicluster-controller/clusterclaim_webhook.go	74.50% <74.50%> (ø)
...s/multicluster/memberclusterannounce_controller.go	74.73% <86.53%> (+10.57%)	⬆️
...llers/multicluster/leader_clusterset_controller.go	77.58% <87.50%> (+12.14%)	⬆️
...lers/multicluster/commonarea/remote_common_area.go	76.01% <96.15%> (+6.22%)	⬆️
...icluster/cmd/multicluster-controller/controller.go	66.66% <100.00%> (+58.80%)	⬆️
.../flowexporter/connections/conntrack_connections.go	66.66% <0.00%> (-12.86%)	⬇️
...kg/controller/networkpolicy/antreanetworkpolicy.go	74.75% <0.00%> (-12.43%)	⬇️
pkg/agent/interfacestore/types.go	61.11% <0.00%> (-8.34%)	⬇️
... and 62 more

[luolanzone]

The InvalidClusterID will be set only when the ClusterSet is not created and common area is nil or the ClusterSet is deleted and common area is reset to nil. So there is no case to call updateLeaderStatus when the leader ID is InvalidClusterID.

[luolanzone]

/test-multicluster-e2e

[jianjuns]

We need to unlock. I suggest to set err to nil if apierrors.IsNotFound(err), and break and check err and return after line 135.

[luolanzone]

Fixed, defined a variable err.

[jianjuns]

"and no need to update cluster status"

I actually suggest to remove this sentence.

[luolanzone]

Removed the whole sentence.

[jianjuns]

When possible the leader clusterID does not match? Again, I suggest to remove laderClusterID from memberAnnounce.

[luolanzone]

It's possible that user creates a member ClusterSet with right access but incorrect leader ClusterID, if we didn't validate the leader ID and allow it to create the member cluster announce, then member cluster will show a status with wrong cluster ID but connected status.

[jianjuns]

I actually feel leader cluster ID in ClusterSet is not very useful. It is not used anywhere, except these validations. But anyway, we can keep the current way, if you prefer.

[jianjuns]

I feel we should revisit the design of Add/RemoveMember() after ClusterSet changes. Why that indirect, but not start/stop memberAnnounce periodic check right after the memberAnnounce is created/deleted in MemberClusterAnnounceReconciler?

Pasted below my earlier comments too.

1. Do we really need leader cluster ID in the MemberAnnounce?
2. Do we still need all status conditions after we remove election?
3. Add/RemoveMember() need not to be called by ClusterSet changes, after we change to auto-update ClusterSet, but we can start to maintain the timerdata once MemberClusterAnnounce is created?

[luolanzone]

Yeah, from member cluster's perspective, I feel we don't have to provide leader's ClusterID as long as the access token is correct. We probably need to refactor the whole ClusterSet part including the ClusterSet spec vs ClusterSet status for joined member.

[jianjuns]

We can decide leader ClusterID later. But please consider 3). The current code is unnecessarily complex.

[luolanzone]

Sure, I will double check this part.

[luolanzone]

Hi @jianjuns I have refined this part, the MemberClusterAnnounce is responsible to initialize the data now. Could you help to take another look? thanks.

[jianjuns]

We should remove or rephrase the comment: "// If the member is not found in timerData, it means the member is not added to the ClusterSet or was deleted."?

[luolanzone]

Done, changed it to If the member is not found in timerData, it means MemberClusterAnnounce is not created or it was deleted.

[jianjuns]

After reading the code more, I wonder should we do the following two:

1. Merge timerData and memberStatus to one map (and call it memberStatusMap)
2. Move this block to addMember() (and rename the func to sth like addUpdateMemberStatus())

What you think?

[luolanzone]

Yes, I am thinking it should work, but If we'd like to include this PR to 1.8, I feel it's better to has a follow up PR to rethink about the whole status part, what's your suggestion?

[jianjuns]

I am fine to do another PR, but I do feel we should clean up the code. The current implementation is unnecessarily complex, hard to follow and may include bugs due to that.

[luolanzone]

Sure, I feel we need rethink the design including ClusterClaim/ClusterSet and status.

[jianjuns]

If MemberClusterAnnounce is deleted, no further processing is needed, as cleanup must have been done when the Finalizer was removed.

[jianjuns]

I am fine to do another PR, but I do feel we should clean up the code. The current implementation is unnecessarily complex, hard to follow and may include bugs due to that.

[jianjuns]

Again, I think this block (from line 94 to 119) should be moved to addMemberStatus (probably rename it to addOrUpdateMemberStatus). Could you check?

[luolanzone]

Updated.

[jianjuns]

Should we move it to the end of the func after adding the Finalizer?

[luolanzone]

I think it's better to place it before adding Finalizer since member is actually connected and able to do export/import etc.

[jianjuns]

We should ignore "already exists" error in addMemberToClusterSet (in my mind better to add comments on addMemberToClusterSet to explain the behavior)?

[luolanzone]

Yes, return nil for already exists error.

[jianjuns]

Oh, I did not see that. Then we should move r.addOrUpdateMemberStatus() to line 113 before "if common.StringExistsInSlice(memberAnnounce.Finalizers, finalizer)"?

I assume we can call the func only once, and remove the call at line 95.

[jianjuns]

We will repeatedly log this message for every memberAnnounce update. Should should check if Finalizer is already added?

[luolanzone]

When the finalizer exists, it will return, code won't reach here.

	if common.StringExistsInSlice(memberAnnounce.Finalizers, finalizer) {
		return ctrl.Result{}, nil
	}

[luolanzone]

/test-multicluster-e2e

[jianjuns]

Oh, I did not see that. Then we should move r.addOrUpdateMemberStatus() to line 113 before "if common.StringExistsInSlice(memberAnnounce.Finalizers, finalizer)"?

I assume we can call the func only once, and remove the call at line 95.

[jianjuns]

Can we remove this call, and keep only a single call of addOrUpdateMemberStatus(), e.g. at line 112?

[luolanzone]

Fixed.

[jianjuns]

Questions and a few nits.

[jianjuns]

We can just do:

localClusterMemberAnnounceExists := err == nil

[luolanzone]

Done

[jianjuns]

localClusterMemberAnnounceExist -> localClusterMemberAnnounceExists

[luolanzone]

Done

[jianjuns]

Question - what is difference between "Member Created" and "Member Connected"? Should we just set the condition to "ConditionTrue + Member Connected"? Or there is a protocol that member should notify leader after it is ready by updating the Announce?

[luolanzone]

"Member Created" will be used only when controller starts. It will become Member Connected" when member cluster send a MemberClusterAnnounce update. The purpose is handle the case MemberClusterAnnounce aleady exists on leader cluster, but it might be stale and will be cleaned up soon.

[jianjuns]

But I meant what is the problem if we set the condition to "ConditionTrue + Member Connected" directly here? If the member cluster does not update the Announce, it will be changed to "Disconnected" anyway?

[luolanzone]

Yes, it will be changed to "Disconnected", I feel both way works. Do you recommend to use Member Connected only?

[jianjuns]

Does member update the Announce right away after the creation? If yes, I am fine with the current way too; if not, I feel "ConditionTrue + Member Connected" works better, while "ConditionUnknown" is misleading.

[luolanzone]

It will be updated every 5 seconds if member cluster works well. But you are right, I feel stale MemberClusterAnnounce case will be rare, let me change it to "ConditionTrue + Member Connected".

[jianjuns]

BTW, do you think 5 seconds may be too frequent?

[luolanzone]

Yeah, I feel it can be longer, how about 15s?

[jianjuns]

Was thinking about 10 seconds. 15 seconds sound good to me too.

[luolanzone]

OK, I updated it to 10s in this PR, it can be quicker to detect failure.

[luolanzone]

/test-multicluster-e2e

[jianjuns]

Is it safe to pass nil to apierrors.IsNotFound()? I would suggest:

localClusterMemberAnnounceExists := err == nil

[luolanzone]

Done

[jianjuns]

/test-multicluster-e2e
/test-integration

[jianjuns]

/skip-all