Fix 2797 on Kubernetes - Cluster goes down because all IPs become unreachable

[bricef]

PR to fix #2797. Includes changes from #3022.

[bricef]

Not just a location change for the API, but also a functional change. Will need to refactor code to use new API methods.

[brb]

A few more things not mentioned in my comments:

1. The commit 71bc6f7 message mentions "should break up this commit".
2. It would be useful to have some short explanations in a form of commit message for some non-trivial commits explaining why a change is needed.
3. How safe do we fell about this change? Have we inspected a code coverage (you can find it among CircleCI artifacts) that all branches of reclaimRemovedPeers are tested?
4. What happens when some nodes in a cluster are powered by older version of weave-kube? Have we tested that upgrade works?
5. A few sentences (probably in a form of pkg doc) about how all this thing works would be helpful.

[skny5]

Any thoughts on when this will be merged into a release? This is an extremely critical piece of functionality when running K8S on a dynamic infrastructure, weave becomes pretty much unusable when an error (#2797) occurs.

[bboreham]

@skny5 right now we're trying to clear up all the points and give it another thorough review; hopefully days rather than weeks.
As you may understand it is a rather destructive operation if we get it wrong.

[bricef]

@skny5 Working on it as we speak. Hoping this will pass review and hit mainline this week.

[bboreham]

Some notes from my testing:

I fired up a 3-node Kubernetes cluster using the test 840 script.
Checked logs from all three weave containers.
Checked weave status ipam
Deleted a node with kubectl delete node brya-2
Initially the weave network still had three peers, but then the eviction manager kicked in on brya-2 and deleted all pods, killing all containers including Weave.

Next I restarted one of the remaining weave-net pods, so it would notice the node had gone; this all appeared to go to plan:

INFO: 2017/11/08 12:14:09.239399 Added myself to peer list &{[{76:a1:dd:6c:12:51 brya-0} {0e:e4:4e:dd:92:ca brya-2} {ba:23:5a:0c:f3:10 brya-1}]}
DEBU: 2017/11/08 12:14:09.239596 Nodes that have disappeared: map[brya-2:{0e:e4:4e:dd:92:ca brya-2}]
DEBU: 2017/11/08 12:14:09.239643 Preparing to remove disappeared peer {0e:e4:4e:dd:92:ca brya-2}
DEBU: 2017/11/08 12:14:09.239665 Noting I plan to remove  0e:e4:4e:dd:92:ca
DEBU: 2017/11/08 12:14:09.245074 Nodes that have disappeared: map[brya-2:{0e:e4:4e:dd:92:ca brya-2}]
DEBU: 2017/11/08 12:14:09.245149 Preparing to remove disappeared peer {0e:e4:4e:dd:92:ca brya-2}
DEBU: 2017/11/08 12:14:09.245171 Existing annotation 76:a1:dd:6c:12:51
DEBU: 2017/11/08 12:14:09.245191 weave DELETE to http://127.0.0.1:6784/peer/0e:e4:4e:dd:92:ca with map[]
INFO: 2017/11/08 12:14:09.252523 rmpeer of 0e:e4:4e:dd:92:ca : 393216 IPs taken over from 0e:e4:4e:dd:92:ca

I attempted to rejoin brya-2 using kubeadm reset then kubeadm join [...]
This resulted in the peer picking up the previous /var/lib/weave/weave-netdata.db so now it cannot join the cluster because it has an incompatible update. This was previously noted

I manually deleted the persistence file then went through kubectl delete node kubeadm reset kubeadm join again. Weave Net fired up ok.

slightly puzzling ipam state, presumably because it reclaimed the bridge address and nothing further:

# weave status ipam
76:a1:dd:6c:12:51(brya-0)               917503 IPs (87.5% of total) (1 active)
0e:e4:4e:dd:92:ca(brya-2)                    1 IPs (00.0% of total) 
ba:23:5a:0c:f3:10(brya-1)               131072 IPs (12.5% of total) 

After moving one of the nettest pods onto brya-2 it is more reasonable:

# weave status ipam
76:a1:dd:6c:12:51(brya-0)               655359 IPs (62.5% of total) (1 active)
0e:e4:4e:dd:92:ca(brya-2)               262145 IPs (25.0% of total) 
ba:23:5a:0c:f3:10(brya-1)               131072 IPs (12.5% of total) 

Next I am going to abruptly shut down brya-1 and see what happens.

[24 hours later...]

Node status goes to NotReady; pods on that node go to status NodeLost, but the node is not deleted and the code in this PR does not reclaim its IPs. This is all as expected.

[bricef]

I attempted to rejoin brya-2 using kubeadm reset then kubeadm join [...]
This resulted in the peer picking up the previous /var/lib/weave/weave-netdata.db so now it cannot join the cluster because it has an incompatible update. This was previously noted

I manually deleted the persistence file then went through kubectl delete node kubeadm reset kubeadm join again. Weave Net fired up ok.

@bboreham I haven't encountered this. Running kubeadm reset then kubeadm join ... leaves me with a (eventually) clean IPAM table across the cluster. I'm not doing kubectl delete though.

I am getting the following from somewhere when listening to the k8s_weave_weave-net-... container:

INFO: 2017/11/08 16:13:55.261671 Removed unreachable peer e6:78:31:8a:e6:e1(vagr-1)

Although apparently not from the weave-net codebase? (ran a search for "Removed" and "unreachable", and git couldn't find it!)

Is it at this point (or after some retries) that we should be removing the IP allocations for that peer?

This is the log I get when removing a peer with kubeadm reset

INFO: 2017/11/08 16:26:14.364090 ->[10.128.0.19:56777|e6:78:31:8a:e6:e1(vagr-1)]: connection shutting down due to error: read tcp4 10.128.0.20:6783->10.128.0.19:56777: read: connection reset by peer
INFO: 2017/11/08 16:26:14.364386 ->[10.128.0.19:56777|e6:78:31:8a:e6:e1(vagr-1)]: connection deleted
INFO: 2017/11/08 16:26:14.365670 Removed unreachable peer e6:78:31:8a:e6:e1(vagr-1)

But sudo weave status ipam still shows up unreachable addresses.

9a:33:6c:88:6b:5f(vagr-0)               393216 IPs (37.5% of total) (1 active)
2e:eb:78:2c:d6:d8(vagr-2)               131072 IPs (12.5% of total) 
e6:78:31:8a:e6:e1(vagr-1)               524288 IPs (50.0% of total) - unreachable!

Pretty sure I'm running your latest version. (I get the [kube-peers] tagged logs), but I never get the Preparing to remove disappeared peer message, and the 860 test is (correctly) failing.

[bboreham]

kubeadm reset removes the k8s installation and stopps running processes, but doesn't delete the node from the api-server. So this PR doesn't reclaim those IPs.

[bricef]

Ok, I'll amend the test to delete the node using kubectl delete node instead.

[bboreham]

I think this is in fairly good shape; I am minded to merge it and raise new issues for follow-up.

One area we need to cover off is what happens when you upgrade from a previous release - the current code will delete persisted data which is ok if you do it one node at a time but not idea.

Also we need to update the cloud.weave.works config generator.