Azure: use per-vmss vmssvm incremental cache

[bpineau]

What type of PR is this?

/kind bug

What this PR does / why we need it:

Azure's cloud provider VMSS VMs API accesses are mediated through a cache holding and refreshing all VMSS together.

Due to that we hit VMSSVM.List API more often than we could: an instance's cache miss or expiration should only require a single VMSS re-list, while it's currently O(n) relative to the number of attached Scale Sets.

Under hard pressure (clusters with many attached VMSS that can't all be listed in one sequence of successive API calls) the controller manager might be stuck trying to re-list everything from scratch, then aborting the whole operation due to rate limits, affecting the whole Subscription.

This patch replaces the global VMSS VMs cache by per-VMSS VMs caches. Refreshes (VMSS VMs lists) are scoped to the single relevant VMSS; under severe throttling the various caches can be incrementally refreshed.

Which issue(s) this PR fixes:

Fixes #93106

Special notes for your reviewer:

We are assuming VMSS nodes are named from VMSS' computerNamePrefix+id (or vmssName+id, when computerNamePrefix isn't specified), as described https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-instance-ids and https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2018-10-01/virtualmachinescalesets#virtualmachinescalesetosprofile-object. Are there special cases not covered by that doc? if so we can probably complement that optimistic lookup (trying the vmss matching name prefix first, happy path) by a fallback to a scan over remaining scale sets. The non-optimal fallback path would still be an improvement as (in case of throttling) we keep partial results (per VMSS caches), refreshes are incremental.

Does this PR introduce a user-facing change?:

Azure: per VMSS VMSS VMs cache to prevent throttling on clusters having many attached VMSS

/assign @andyzhangx @feiskyer
/sig cloud-provider
/area provider/azure

[k8s-ci-robot]

Hi @bpineau. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/ok-to-test
/priority important-soon
/sig cloud-provider
/area provider/azure
thanks for the contribution @bpineau

[liggitt]

https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/93107/pull-kubernetes-node-e2e/1283340355466432512 flake is #93210

[nilo19]

1/37 Tests Failed. | expand_less
-- | --
staticcheck expand_less6m57sErrors from staticcheck: vendor/k8s.io/legacy-cloud-providers/azure/azure_vmss_cache_test.go:118:2: this value of err is never used (SA4006)  Please review the above warnings. You can test via:   hack/verify-staticcheck.sh <failing package> If the above warnings do not make sense, you can exempt the line or file. See:   https://staticcheck.io/docs/#ignoring-problems | staticcheck expand_less | 6m57s | Errors from staticcheck: vendor/k8s.io/legacy-cloud-providers/azure/azure_vmss_cache_test.go:118:2: this value of err is never used (SA4006)  Please review the above warnings. You can test via:   hack/verify-staticcheck.sh <failing package> If the above warnings do not make sense, you can exempt the line or file. See:   https://staticcheck.io/docs/#ignoring-problems
staticcheck expand_less | 6m57s
Errors from staticcheck: vendor/k8s.io/legacy-cloud-providers/azure/azure_vmss_cache_test.go:118:2: this value of err is never used (SA4006)  Please review the above warnings. You can test via:   hack/verify-staticcheck.sh <failing package> If the above warnings do not make sense, you can exempt the line or file. See:   https://staticcheck.io/docs/#ignoring-problems

could you please fix the error and re-run the tests?

[feiskyer]

could we use getScaleSetVMInstanceID() here to check whether a node is VMSS instance or not?

[feiskyer]

Thanks for fixing the issue. Add it to v1.19 milestone since it would fix a serious bug for large number of VMSS scenarios.
/milestone v1.19

[feiskyer]

/retest

[feiskyer]

/retest

[nilo19]

/retest

[feiskyer]

/lgtm
/approve
/retest

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bpineau, feiskyer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• staging/src/k8s.io/legacy-cloud-providers/azure/OWNERS [feiskyer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[k8s-ci-robot]

@bpineau: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-kubernetes-conformance-kind-ga-only-parallel	fcb3f1f	link	/test pull-kubernetes-conformance-kind-ga-only-parallel

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.