Azure: fix node removal race condition on VMSS deletion

[bpineau]

What type of PR is this?

/kind bug

What this PR does / why we need it:

When a VMSS is being deleted, instances are removed first. The VMSS itself will disappear once empty. That delay is generally enough for kube-controller-manager to delete the corresponding k8s nodes, but might not when busy or throttled (for instance).

If kubernetes nodes remains after their backing VMSS were removed, Azure cloud-provider will fail listing that VMSS VMs, and downstream callers (ie. InstanceExistsByProviderID) won't account those errors for a missing instance. The nodes will remain (still considered as "existing"), and controller-manager will indefinitely retry to VMSS VMs list it, draining API calls quotas, potentially causing throttling.

In practice a missing scale set implies instances attributed to that VMSS don't exists either: InstanceExistsByProviderID (part of the general cloud provider interface) should return false in that case.

The graph below shows the retries impact on ARM API calls count, on a cluster having such a leaked node, before and after that patch was deployed:

Which issue(s) this PR fixes:

Fixes #95288

Special notes for your reviewer:

Could we consider backporting that fix to 1.19?

Does this PR introduce a user-facing change?:

Gracefully delete nodes when their parent scale set went missing

/assign @andyzhangx @feiskyer
/sig cloud-provider
/area provider/azure

[k8s-ci-robot]

@bpineau: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @bpineau. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/kind bug
/priority important-soon
/sig cloud-provider
/area provider/azure
/ok-to-test

[andyzhangx]

in this case, what about return cloudprovider.InstanceNotFound directly? then it would save quite a lot code changes

[bpineau]

updated accordingly

[andyzhangx]

thanks for the contribution

[andyzhangx]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, bpineau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• staging/src/k8s.io/legacy-cloud-providers/azure/OWNERS [andyzhangx]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bpineau]

Thank you @andyzhangx !
Would it be possible to cherry-pick to 1.19?

[andyzhangx]

Thank you @andyzhangx !
Would it be possible to cherry-pick to 1.19?

@bpineau yes, will you do that?

[bpineau]

Yes, thanks, done in #95305