Disable a machine from being fenced

[emesika]

Documentation for the requirement to disable fencing using a special label set on the machine object

[openshift-ci-robot]

Hi @emesika. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign ingvagabund
You can assign the PR to them by writing /assign @ingvagabund in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vikaschoudhary16]

I am confused by the "fencing" term. In my understanding:
Fencing is the process of isolating a node to protect a cluster and its resources. Without fencing, a faulty node can cause data corruption in a cluster.

Your proposal looks like disabling machine healthchecking. is machine healthcking and fencing same thing?

[markmc]

I find the terminology confusing too.

We talk about health checking (noticing a failure) and remediation (currently just deletion).

I believe the point of both health checking and the remediation is (a) to allow safely moving workloads from unhealthy nodes and (b) attempting to bring the node back into a healthy state. And so we say this is fencing.

But if we're going to use that term at all, we should use it consistently.

e.g. README.md says:

Machine healthcheck controller
Reconciles desired state for MachineHealthChecks by ensuring that machines targeted by machineHealthCheck objects are healthy or remediated otherwise

Would we be happy to change that to:

Machine healthcheck (fencing) controller
Provides node level fencing by checking that machines targeted by MachineHealthCheck objects are healthy (as indicated by NodeConditions) and attempting remediation of unhealthy machines to bring them back to a healthy state

[enxebre]

why would you need this at all since mhc targets only machines of your choice via label selector?

[cynepco3hahue]

We have a maintenace controller, that should drain all VM's from the respective node, and also we do not want to fence it, because of it under the maintenance, but its temporary state and we do not want each time update node or MHC labels, because it easy to forgot to do it and disable fencing for the machine at all

[enxebre]

isn't this proposing exactly to use a label? can you please include that use casehttps://docs.google.com/document/d/10kauaJiXaWpvmd_qVsgIoZBNQLJMXMsQga3exV04ZTY/edit?ts=5d0b91e6#heading=h.4ifefbk4b4y2 so can be discussed

[cynepco3hahue]

this one who will set the label is node-maintenance controller, we just want respect this label under MHC and do not fence node
Added under the document

[vikaschoudhary16]

I think this feature is useful. In some cases, it maybe desired to skip specific machines.
Another approach could be to support list of labels, that guide nodes to be skipped, as a configuration option on mhc

[vikaschoudhary16]

PTAL openshift/cluster-api#48

[enxebre]

closing due to inactivity. Please create a PR against https://github.com/openshift/enhancements if still relevant