-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doesn't clean up invalid target groups #475
Comments
The problem could be if you mix manual and our CF stack related Load Balancers. If you would clean up the ones that are not having our Tag, then you clean up things you do not own. |
This issue is only about cleaning up non-existent thus invalid target groups. I cannot think of a reason why it should not remove such broken links in any case. It could be a simple check if the linked TG ID is existent, otherwise deregistering it. |
@universam1 but you link to code path which tests for ownership. If you like to add some cleanup code here you would need to check the Tag anyways, because we should only care about our resources. Other controllers need to keep track on theirs and manual created ones need to be manually maintained or you have a custom control loop that cleans up "broken things". |
@universam1 @szuecs We do try to cleanup non-existing target groups: kube-ingress-aws-controller/aws/asg.go Line 176 in 9f2db47
If there are cases not handled by the current logic then it makes sense to handle that especially if it's is caused by the controller. We have a disconnect between target group creation/deletion (Cloudformation) and attaching to ASG which is done in the referenced controller code. As already stated checking for the ownership of target groups and checking for non-existing target groups is not the same. |
@szuecs Maybe I was too deep into the solution to explain verbose enough that this is a bug created by this controller.
|
@szuecs @mikkeloscar I've ran some more debug sessions and found the actual bug that the cleanup would work as expected but it is simply not called. Thanks for the discussion. Given that there is only one TG and it is of type IP created by the stack, we are not callling kube-ingress-aws-controller/aws/adapter.go Lines 597 to 609 in 9f2db47
That means this condition is oversimplified |
From my tests removing this condition does solve the problem just fine! kube-ingress-aws-controller/aws/adapter.go Lines 598 to 600 in 9f2db47
However, this practically reverts #141 and might open up #139 again - so wondering if we can cover #141 differently @mikkeloscar such as to filter calls where 'targetGroupARNs' is 'nil'? |
@universam1 We should just move the |
Thanks - sounds great! kube-ingress-aws-controller/aws/asg.go Lines 216 to 226 in 9f2db47
|
fixes: zalando-incubator#475 Given that there is only one TG and it is of type IP created by the stack, we are not callling `updateTargetGroupsForAutoScalingGroup` -> `detachTargetGroupsFromAutoScalingGroup` This possible solution is to move this guard inside `updateTargetGroupsForAutoScalingGroup` - see zalando-incubator#475 (comment) However, the guard introduced in zalando-incubator#141 is practically present now inside `updateTargetGroupsForAutoScalingGroup` introduced by zalando-incubator#436 and therefore we can simply remove it. Tested in lab clusters. Signed-off-by: Samuel Lang <[email protected]>
Yes I agree that this is already implemented in meantime via #436 |
fixes: #475 Given that there is only one TG and it is of type IP created by the stack, we are not callling `updateTargetGroupsForAutoScalingGroup` -> `detachTargetGroupsFromAutoScalingGroup` This possible solution is to move this guard inside `updateTargetGroupsForAutoScalingGroup` - see #475 (comment) However, the guard introduced in #141 is practically present now inside `updateTargetGroupsForAutoScalingGroup` introduced by #436 and therefore we can simply remove it. Tested in lab clusters. Signed-off-by: Samuel Lang <[email protected]>
Invalid, non-existent target groups registrations on autoscaling groups are not removed, causing errors such as that scaling is blocked.
Invalid registrations can appear when CFN replaces a target group which happens due to various reasons.
Looks like a bug that the controller keeps non-existent target groups registered because it cannot determine the ownership - given that the TG is gone and thus not enumerable.
Probably this logic can be simplified to remove any invalid registration, even when it lost track of.
@AlexanderYastrebov @szuecs
The text was updated successfully, but these errors were encountered: