Fix Race conditions in Targeted Deletion of machines by CA

[rishabh-11]

What this PR does / why we need it:
This PR fixes the issues noticed in live issues 6120 and 6101. We introduce a mutex in the NodeGroupImpl struct (node group implementation) which must be acquired before performing a scale-down or scale-up operation.

We also introduce an annotation on the MachineDeployment TriggerDeletionByMCM = "node.machine.sapcloud.io/trigger-deletion-by-mcm" whose value denotes the machines CA wants to remove and then atomically update replica count and annotation as one single step. This will help recognize machines for which CA has already reduced the replicas of the MachineDeployment and prevent it from being duplicated - race conditions are avoided when CA scaledowns are occurring in parallel. The MCM is also updated to check this TriggerDeletionByMCM annotation on the MachineDeployment.

The CA no longer directly sets the MachinePriority=1 annotation on the Machine objects. This is now done by the MCM controller when reconciling the updated MachineDeployment.

Which issue(s) this PR fixes:
Fixes #342

Special notes for your reviewer:

Release note:

Fix for data-races in concurrent CA scaledowns and CA restarts

[elankath]

Please move this to a small function mcm.getMachinesMarkedByCAForDeletion(mcd) (machineNames sets.Set[string]) which is unit testable and can be consumed by both the mcm_cloud_provider.go and mcm_manager.go

[elankath]

I believe we can omit the Ref struct and just used types.NamespacedName which is already being used anyways in this file

[elankath]

Perhaps using the "comma, ok" idiom here for mcd.Annotations[machinesMarkedByCAForDeletion] would be good for clarity to avoid unnecessary split of empty string.

[rishabh-11]

Isn't it allowed to read from a nil map? Only writes will cause panic, right?

[elankath]

getMachinesMarkedByCAForDeletion->getMachineNamesMarkedByCAForDeletion

[elankath]

Shouldn't we return an error here ? We are doing it for other cases of !isRollingUpdateFinished.

[rishabh-11]

I think we should remove this check. Even if a machineDeployment is under rolling update, we should allow the annotation update if needed. wdyt?

[elankath]

buildMachineDeploymentFromSpec should also be moved to mcm_manager.go.

[elankath]

This is repeated nearly a dozen times everywhere including common error handling: machineDeployment.mcmManager.machineDeploymentLister.MachineDeployments(machineDeployment.Namespace).Get(machineDeployment.Name) . Move to a method in mcmManager called GetMachineDeploymentResource which returns a formatted error that can simply be returned, so that error message is fully consistent with all uses. we are already having methods like mcmManager.getMachinesForMachineDeployment so this matches the existing convention.

[elankath]

Out of curiosity, Why is this called priorityValueForCandidateMachines ? Shouldn't it be defined as const PriorityDeletionValueForCandidateMachine = 1 ?

[rishabh-11]

I think we can rename it to PriorityValueForDeletionCandidateMachine. wdyt?

[elankath]

we should also add a comment here to explain what we are doing so next guy making a patch doesn't scratch his head.

[elankath]

This strings.Join to construct the annotation repeated elsewhere. Make a utility method called getMarkedForDeletionAnnotationValue(machineNames []string) string

[elankath]

minor (need not correct): types.NamespacedName is a simple struct - a value object. Modern programming practices discourages use of pointers to value objects for keeping data inline for processor cache performance. Pointers should be used only for structs holding active resource (like locks/files/etc) or class/service objects. Using a simple []types.NamespacedName and using types.NamespacedName instead of *types.NamespacedName should be followed for newer code.

[elankath]

Name function to getMachineNamesMarkedByCAForDeletion

[elankath]

markedMachines -> machineNamesMarkedByCA

[elankath]

UPDATE: Testing has shown that the current fix in this PR has a tendency to slow down the CA scaling due to the all the NodeGroup mutexes acquired in CloudProvider.Refresh. We are looking whether this is acceptable or whether we can improve this.

[elankath]

Testing has revealed that the current fix unfortunately does not address all data races and also slows down the performance due to the multiple NodeGroup locks needed in the CloudProvider.Refresh.

It has been determined we cannot achieve this as a CA-cloudprovider isolated fix and we need to make MCM changes too to ensure that scaledown works correctly even in cases where CA issues concurrent scaledowns for a NodeGroup and changes its mind later about which node to scale down in a future iteration.