tiproxy: add spec field gracefulShutdownDeleteDelaySeconds to gracefully mark unhealthy before deleting the pods (#6829)

Author: YangKeao

api/core/v1alpha1/common_types.go

@@ -164,6 +164,13 @@ const (
 	// Last instance template is recorded to check whether the pod should be restarted because of changes of instance template
 	AnnoKeyLastInstanceTemplate = AnnoKeyPrefix + "last-instance-template"
 
+	// TiProxy graceful shutdown begin time is recorded on the pod when graceful shutdown begins.
+	AnnoKeyTiProxyGracefulShutdownBeginTime = AnnoKeyPrefix + "tiproxy-graceful-shutdown-begin-time"
+
+	// TiProxy graceful shutdown delete delay controls how long operator waits before deleting a TiProxy pod
+	// after it has been marked unhealthy during graceful shutdown.
+	AnnoKeyTiProxyGracefulShutdownDeleteDelaySeconds = AnnoKeyPrefix + "tiproxy-graceful-shutdown-delete-delay-seconds"
+
 	// Features is recorded to check whether the pod should be restarted because of changes of features
 	AnnoKeyFeatures = AnnoKeyPrefix + "features"
 

pkg/controllers/tiproxy/builder.go

@@ -37,6 +37,7 @@ func (r *Reconciler) NewRunner(state *tasks.ReconcileContext, reporter task.Task
 		common.TaskContextCluster[scope.TiProxy](state, r.Client),
 		// if it's paused just return
 		task.IfBreak(common.CondClusterIsPaused(state)),
+		common.TaskContextPod[scope.TiProxy](state, r.Client),
 		// if the cluster is deleting, del all subresources and remove the finalizer directly
 		task.IfBreak(common.CondClusterIsDeleting(state),
 			common.TaskInstanceFinalizerDel[scope.TiProxy](state, r.Client, common.DefaultInstanceSubresourceLister),
@@ -45,7 +46,10 @@ func (r *Reconciler) NewRunner(state *tasks.ReconcileContext, reporter task.Task
 		task.IfBreak(common.CondClusterPDAddrIsNotRegistered(state)),
 
 		task.IfBreak(common.CondObjectIsDeleting[scope.TiProxy](state),
-			common.TaskInstanceFinalizerDel[scope.TiProxy](state, r.Client, common.DefaultInstanceSubresourceLister),
+			tasks.TaskDrainPodForDelete(state, r.Client),
+			task.If(task.CondFunc(func() bool { return state.Pod() == nil }),
+				common.TaskInstanceFinalizerDel[scope.TiProxy](state, r.Client, common.DefaultInstanceSubresourceLister),
+			),
 			// TODO(liubo02): if the finalizer has been removed, no need to update status
 			common.TaskInstanceConditionSynced[scope.TiProxy](state),
 			common.TaskInstanceConditionReady[scope.TiProxy](state),
@@ -54,8 +58,7 @@ func (r *Reconciler) NewRunner(state *tasks.ReconcileContext, reporter task.Task
 		),
 		common.TaskFinalizerAdd[scope.TiProxy](state, r.Client),
 
-		// get pod and check whether the cluster is suspending
-		common.TaskContextPod[scope.TiProxy](state, r.Client),
+		// check whether the cluster is suspending
 		task.IfBreak(common.CondClusterIsSuspending(state),
 			common.TaskSuspendPod(state, r.Client),
 			common.TaskInstanceConditionSuspended[scope.TiProxy](state),

pkg/controllers/tiproxy/tasks/finalizer.go

@@ -0,0 +1,208 @@
+// Copyright 2024 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tasks
+
+import (
+	"context"
+	"crypto/tls"
+	"strconv"
+	"time"
+
+	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+
+	"github.com/pingcap/tidb-operator/api/v2/core/v1alpha1"
+	"github.com/pingcap/tidb-operator/v2/pkg/apicall"
+	coreutil "github.com/pingcap/tidb-operator/v2/pkg/apiutil/core/v1alpha1"
+	"github.com/pingcap/tidb-operator/v2/pkg/client"
+	"github.com/pingcap/tidb-operator/v2/pkg/runtime/scope"
+	"github.com/pingcap/tidb-operator/v2/pkg/tiproxyapi/v1"
+	"github.com/pingcap/tidb-operator/v2/pkg/utils/task/v3"
+)
+
+func TaskDrainPodForDelete(state State, c client.Client) task.Task {
+	return task.NameTaskFunc("DrainPodForDelete", func(ctx context.Context) task.Result {
+		pod := state.Pod()
+		if pod == nil {
+			return task.Complete().With("pod doesn't exist")
+		}
+
+		retryAfter, err := drainOrDeletePod(ctx, c, state, pod)
+		if err != nil {
+			return task.Fail().With("cannot delete pod of tiproxy: %v", err)
+		}
+		if retryAfter > 0 {
+			return task.Retry(retryAfter).With("wait for tiproxy pod to be deleted")
+		}
+		return task.Complete().With("pod is deleted")
+	})
+}
+
+func drainOrDeletePod(ctx context.Context, c client.Client, state State, pod *corev1.Pod) (time.Duration, error) {
+	logger := logr.FromContextOrDiscard(ctx)
+	tiproxy := state.Object()
+
+	if !pod.GetDeletionTimestamp().IsZero() {
+		return task.DefaultRequeueAfter, nil
+	}
+
+	seconds, ok, err := gracefulShutdownDeleteDelaySeconds(tiproxy)
+	if err != nil {
+		return 0, err
+	}
+	if !ok || seconds <= 0 {
+		return deleteTiProxyPod(ctx, c, pod)
+	}
+
+	startAt, ok := gracefulShutdownBeginTime(pod)
+	if !ok {
+		if !ensureTiProxyMarkedUnhealthy(ctx, state, c, logger) {
+			return task.DefaultRequeueAfter, nil
+		}
+		startAt = time.Now()
+		if err := markGracefulShutdownBeginTime(ctx, c, pod, startAt); err != nil {
+			return 0, err
+		}
+	}
+
+	remaining := time.Until(startAt.Add(time.Duration(seconds) * time.Second))
+	if remaining > task.DefaultRequeueAfter {
+		remaining = task.DefaultRequeueAfter
+	}
+	if remaining > 0 {
+		return remaining, nil
+	}
+
+	return deleteTiProxyPod(ctx, c, pod)
+}
+
+func gracefulShutdownDeleteDelaySeconds(tiproxy *v1alpha1.TiProxy) (seconds int32, ok bool, err error) {
+	raw := tiproxy.Annotations[v1alpha1.AnnoKeyTiProxyGracefulShutdownDeleteDelaySeconds]
+	if raw == "" {
+		return 0, false, nil
+	}
+
+	parsed, err := strconv.ParseInt(raw, 10, 32)
+	if err != nil {
+		return 0, false, err
+	}
+	return int32(parsed), true, nil
+}
+
+func gracefulShutdownBeginTime(pod *corev1.Pod) (time.Time, bool) {
+	raw := pod.Annotations[v1alpha1.AnnoKeyTiProxyGracefulShutdownBeginTime]
+	if raw == "" {
+		return time.Time{}, false
+	}
+
+	startAt, err := time.Parse(time.RFC3339Nano, raw)
+	if err != nil {
+		return time.Time{}, false
+	}
+	return startAt, true
+}
+
+func markGracefulShutdownBeginTime(ctx context.Context, c client.Client, pod *corev1.Pod, startAt time.Time) error {
+	newPod := pod.DeepCopy()
+	if newPod.Annotations == nil {
+		newPod.Annotations = map[string]string{}
+	}
+	newPod.Annotations[v1alpha1.AnnoKeyTiProxyGracefulShutdownBeginTime] = startAt.Format(time.RFC3339Nano)
+	return c.Update(ctx, newPod)
+}
+
+func deleteTiProxyPod(ctx context.Context, c client.Client, pod *corev1.Pod) (time.Duration, error) {
+	if err := c.Delete(ctx, pod); err != nil && !apierrors.IsNotFound(err) {
+		return 0, err
+	}
+	return task.DefaultRequeueAfter, nil
+}
+
+func ensureTiProxyMarkedUnhealthy(ctx context.Context, state State, c client.Client, logger logr.Logger) bool {
+	tiproxy := state.Object()
+
+	tpClient, err := newTiProxyDeleteClient(ctx, state, c)
+	if err != nil {
+		logger.Info(
+			"failed to build TiProxy API client before graceful delete, continue retrying",
+			"namespace", tiproxy.Namespace,
+			"name", tiproxy.Name,
+			"error", err,
+		)
+		return false
+	}
+
+	healthy, err := tpClient.IsHealthy(ctx)
+	if err != nil {
+		logger.Info(
+			"failed to query TiProxy health before graceful delete retry, continue retrying",
+			"namespace", tiproxy.Namespace,
+			"name", tiproxy.Name,
+			"error", err,
+		)
+		return false
+	}
+	if !healthy {
+		return true
+	}
+
+	if err := tpClient.MarkUnhealthy(ctx); err != nil {
+		logger.Info(
+			"failed to mark TiProxy unhealthy before graceful delete, continue retrying",
+			"namespace", tiproxy.Namespace,
+			"name", tiproxy.Name,
+			"error", err,
+		)
+		return false
+	}
+
+	healthy, err = tpClient.IsHealthy(ctx)
+	if err != nil {
+		logger.Info(
+			"failed to re-check TiProxy health after graceful delete action, continue retrying",
+			"namespace", tiproxy.Namespace,
+			"name", tiproxy.Name,
+			"error", err,
+		)
+		return false
+	}
+	if healthy {
+		logger.Info(
+			"TiProxy health is still healthy after graceful delete action, continue retrying",
+			"namespace", tiproxy.Namespace,
+			"name", tiproxy.Name,
+		)
+		return false
+	}
+	return true
+}
+
+func newTiProxyDeleteClient(ctx context.Context, state State, c client.Client) (tiproxyapi.TiProxyClient, error) {
+	ck := state.Cluster()
+
+	var tlsConfig *tls.Config
+	if coreutil.IsTiProxyHTTPServerTLSEnabled(ck, state.Object()) {
+		var err error
+		tlsConfig, err = apicall.GetClientTLSConfig(ctx, c, ck)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	tiproxy := state.TiProxy()
+	addr := coreutil.InstanceAdvertiseAddress[scope.TiProxy](ck, tiproxy, coreutil.TiProxyAPIPort(tiproxy))
+	return tiproxyapi.NewTiProxyClient(addr, tiproxyRequestTimeout, tlsConfig), nil
+}