✨ block move with annotation

[nojnhuh]

What this PR does / why we need it:

This PR adds a new well-known clusterctl.cluster.x-k8s.io/block-move annotation that, when defined on any resource to be moved, blocks clusterctl move from recreating any resources in the target cluster. Infrastructure providers can set this annotation ahead of time to make time to do any extra work in reaction to a cluster being paused.

More details on CAPZ's specific use case are here: #8473.

The expected flow is as follows:

1. Infra controller sets the block-move annotation on any resource(s) in the first reconciliation.
2. clusterctl move starts.
3. clusterctl sets Cluster's spec.pause to true, waits for block-move annotation to not be defined on any resource to be moved.
4. InfraCluster reconciliation invoked based on that change, controller starts work.
5. InfraCluster controller finishes work, removes block-move.
6. clusterctl move continues.

A POC implementation can be found here which I've verified with one of the self-hosted e2e tests: main...nojnhuh:cluster-api:wait-pause-docker

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #8473

[ykakarap]

I will take a look at this this week :)

[fabriziopandini]

I'm not sure the solution proposed here addresses #8473; I have summarized my understanding of the issue in #8473 (comment); if possible, let continue discussion on the issue first.

[nojnhuh]

Just updated this with something closer to I think what @fabriziopandini had in mind.

/retitle ✨ block move with annotation

[nojnhuh]

@ykakarap PTAL if you're still interested in going through this.

@fabriziopandini I added some more thoughts to the issue and updated this PR accordingly.

[nojnhuh]

I updated the PR description to match how the current changes work.

[nojnhuh]

(reminder to squash)
/hold

[nojnhuh]

/retest

[fabriziopandini]

Sorry for taking so long to provide feedback.
Overall I think we are really near the finish line, a couple of suggestions from my side but nothing really blocking

Also, could you add the new annotation in https://cluster-api.sigs.k8s.io/reference/labels_and_annotations.html and a note in https://cluster-api.sigs.k8s.io/clusterctl/provider-contract.html#move; might be worth to surface the new feature to other providers in https://main.cluster-api.sigs.k8s.io/developer/providers/migrations/v1.4-to-v1.5.html

[fabriziopandini]

As it is implemented the backoff applies to every CR, thus assuming that we are moving 100 objects, this can result in 100*5sec, which is a lot. Is that the expected behavior?

[nojnhuh]

That's what I had in mind for the time being. I generally wouldn't expect this to ever wait for N resources * timeout for one resource since while clusterctl is waiting for one resource to be paused, the provider will continue doing work out-of-band to pause that and other resources in parallel. Overall I think the total time this waits will trend toward the longest wait for an individual resource in that case.

That same parallelism could be applied to the waits here as well, but that didn't seem worth the additional complexity under the assumption that resources are going to be paused in parallel.

[fabriziopandini]

I got your point, but It is not ideal because ultimately the time the users have to wait can vary in a significant way, however, I can be ok with this approach for the first iteration if we can get a better UX as suggested in other comments.

TL;DR; if (and only if) there is a block on an object, before starting the wait loop we should log "Waiting for the block to be removed on ..." or something similar that makes the users aware of where the move process is blocked at

[nojnhuh]

Based on my read of the code, it looks like the "resource is not ready to move" error returned here will get logged here which happens before any time.Sleep:

cluster-api/cmd/clusterctl/client/cluster/client.go

Line 234 in 8f173a1

log.V(5).Info("Retrying with backoff", "Cause", err.Error())

Does that cover what you describe?

[fabriziopandini]

Not really, this is the debug of every retry and it is very noisy; it will also be printed for every object, not only the objects with an actual block move.

So it does not comply with

if (and only if) there is a block on an object, before starting the wait loop we should log "Waiting for the block to be removed on ..." or something similar that makes the users aware of where the move process is blocked at

It just provides debug/trace details on every step of the wait loop when you are already in

[nojnhuh]

So you'd like to see a single log message indicating that at least one object is blocking the move?

[fabriziopandini]

obj1 no block move annotation --> no message at all (and possibly skip entirely the wait loop)
obj2 block move annotation --> before starting the wait loop, "Waiting for the block to be removed on ..."
obj3-50 no block move annotation --> no message at all (and possibly skip entirely the wait loop)
obj51 block move annotation --> before starting the wait loop, "Waiting for the block to be removed on ..."
and so on

NOTE: this is consistent with most of the logs in clusterctl, where we inform about the next operation before starting it, which is even more important in this case because otherwise the system will seem to be stuck waiting; in this case the caveat is that according to the spec we should wait only for objects with the annotation, not for all the objects (this will be much easier if you collect collect wait for move during discovery, as I have suggested in another comment on the same topic)

[nojnhuh]

That makes sense, I've updated this to do that. FWIW we need to enter the wait loop no matter what to determine if the annotation exists, but the loop is exited as soon as the annotation doesn't exist (which may be in the first iteration). You already suggested gathering whether the resource is blocked during object discovery which could make this short-circuit earlier, but I'd like to do that as a follow-up if that's still acceptable.

[CecileRobertMichon]

I'd like to do that as a follow-up if that's still acceptable

this would also be good to track in an issue

[nojnhuh]

Opened #9196

[fabriziopandini]

It would be great if we can collect wait for move during discovery, then we can make this a no-op for most of the object, and implement a better UX for objects that are actually blocking move by printing "Wating for ... to unblock move" before starting to wait

[nojnhuh]

Yeah that seems better. I can take a look at that as a follow-up.

[nojnhuh]

@fabriziopandini Do you have any other thoughts on this?

[fabriziopandini]

@nojnhuh if I'm not wrong this point is still open

I got your point, but It is not ideal because ultimately the time the users have to wait can vary in a significant way, however, I can be ok with this approach for the first iteration if we can get a better UX as suggested in other comments.

TL;DR; if (and only if) there is a block on an object, before starting the wait loop we should log "Waiting for the block to be removed on ..." or something similar that makes the users aware of where the move process is blocked at

What I see in the code is instead the opposite; the operation start to wait without giving any info to users (so the user is blind on what is happening), then only when wait is finished, it informs the user that it has finished waiting for an object

[nojnhuh]

@nojnhuh if I'm not wrong this point is still open

Responded in the thread. I think that was the last piece of outstanding feedback.

[CecileRobertMichon]

/cc @ykakarap @Jont828

Are you both able to review this to help move it forward?

[nojnhuh]

Need to squash again
/hold

[CecileRobertMichon]

/lgtm
/assign @fabriziopandini

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 1c1addfcd6f634bd5dd89787829658463bc4da08

[Jont828]

/lgtm

[Jont828]

Just curious, are these the actual numbers it would use or did you pull this from somewhere?

[nojnhuh]

The jitter makes this inherently random to some degree, but I threw together something to simulate what these numbers could be and this is one example.

[fabriziopandini]

/test pull-cluster-api-e2e-full-main

[fabriziopandini]

/lgtm
/approve

@nojnhuh it would be great to get #9196 implemented before 1.6.0 is cut, because the current implementation is adding an unnecessary extra get for all the objects + the user can wait for x times the timeout for waitMove.

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: ef774513a8b0bd56b6b039d4ad1163fd56f6abf5

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/clusterctl/OWNERS [fabriziopandini]
• docs/OWNERS [fabriziopandini]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nojnhuh]

@nojnhuh it would be great to get #9196 implemented before 1.6.0 is cut, because the current implementation is adding an unnecessary extra get for all the objects + the user can wait for x times the timeout for waitMove.

Sounds good, I'll get going on that.

Also squashed:
/hold cancel