Pod crashing when podTerminationGracePeriod is reached

[heschlie]

I've noticed that when the podTerminationGracePeriod is reached the NTH looks to crash, I'm unsure if it is my settings or an actual problem with NTH. We unfortunately have some pods that sometimes seem to hang around indefinitely, but I had figured after reaching the grace period it would simply forcibly kill those pods.

aws-node-termination-handler arguments:
dry-run: false,
node-name: <snip>,
metadata-url: http://169.254.169.254,
kubernetes-service-host: 172.20.0.1,
kubernetes-service-port: 443,
delete-local-data: true,
ignore-daemon-sets: true,
pod-termination-grace-period: 120,
node-termination-grace-period: 120,
enable-scheduled-event-draining: false,
enable-spot-interruption-draining: false,
enable-sqs-termination-draining: true,
enable-rebalance-monitoring: false,
metadata-tries: 3,
cordon-only: false,
taint-node: false,
json-logging: false,
log-level: info,
webhook-proxy: ,
webhook-headers: <not-displayed>,
webhook-url: ,
webhook-template: <not-displayed>,
uptime-from-file: ,
enable-prometheus-server: true,
prometheus-server-port: 9092,
aws-region: us-east-1,
queue-url: <snip>,
check-asg-tag-before-draining: true,
managed-asg-tag: aws-node-termination-handler/managed,
aws-endpoint: ,

I unfortunately don't have the logs, but the last bit of output is always the list of pods it is evicting, followed by the error There was a problem while trying to cordon and drain the node saying it reached the pod grace period. It then exit(1) and a new pod is spun up, which sees the old message, and picks up where the last one left off. It seems like when it is trying to forcibly kill the nuisance pods (assuming it actually does this) is when the NTH dies, as then the next one comes in all of the pods are gone and it simply wraps up the lifecycle event and deletes the SQS message.

[heschlie]

I looks like this is happening here https://github.com/aws/aws-node-termination-handler/blob/main/cmd/node-termination-handler.go#L318

I'm guessing when the grace period is reached in the drain.RunNodeDrain(n.drainHelper, node.Name) from the k8s pkg is reached it forcibly deletes the pods but returns an error. If that's the case it might be possible to check that error and not have it exit(1)?

[heschlie]

I managed to catch the errors across pods, essentially what is happening is:

1. NTH cordons pod, starts draining
2. NTH hits pod grace period (120s for me)
3. Kube API returns an error as it had to kill pods that reached the time limit
4. NTH exit(1)s
5. New NTH pod is spun up
6. New NTH pod cleans up and continues

2021/04/19 17:51:10 ??? Trying to get token from IMDSv2
2021/04/19 17:51:10 INF Starting to serve handler /metrics, port 9092
2021/04/19 17:51:10 INF Starting to serve handler /healthz, port 8080
2021/04/19 17:51:10 ??? Got token from IMDSv2
2021/04/19 17:51:10 ??? Startup Metadata Retrieved metadata={"accountId":"<snip>","availabilityZone":"<snip>","instanceId":"<snip>","instanceType":"m5.4xlarge","localHostname":"<snip>","privateIp":"<snip>","publicHostname":"","publicIp":"","region":"<snip>"}
2021/04/19 17:51:10 ??? aws-node-termination-handler arguments: 
	dry-run: false,
	node-name: <snip>,
	metadata-url: http://169.254.169.254,
	kubernetes-service-host: 172.20.0.1,
	kubernetes-service-port: 443,
	delete-local-data: true,
	ignore-daemon-sets: true,
	pod-termination-grace-period: 120,
	node-termination-grace-period: 120,
	enable-scheduled-event-draining: false,
	enable-spot-interruption-draining: false,
	enable-sqs-termination-draining: true,
	enable-rebalance-monitoring: false,
	metadata-tries: 3,
	cordon-only: false,
	taint-node: false,
	json-logging: false,
	log-level: info,
	webhook-proxy: ,
	webhook-headers: <not-displayed>,
	webhook-url: ,
	webhook-template: <not-displayed>,
	uptime-from-file: ,
	enable-prometheus-server: true,
	prometheus-server-port: 9092,
	aws-region: <snip>,
	queue-url: <snip>,
	check-asg-tag-before-draining: true,
	managed-asg-tag: aws-node-termination-handler/managed,
	aws-endpoint: ,
<SUCCESSFUL CORDON/DRAIN>
2021/04/19 17:51:10 ??? Started watching for interruption events
2021/04/19 17:51:10 ??? Kubernetes AWS Node Termination Handler has started successfully!
2021/04/19 17:51:10 ??? Started watching for event cancellations
2021/04/19 17:51:10 ??? Started monitoring for events event_type=SQS_TERMINATE
2021/04/19 17:51:13 ??? Adding new event to the event store event={"AutoScalingGroupName":"<snip>","Description":"ASG Lifecycle Termination event received. Instance will be interrupted at 2021-04-19 17:47:30 +0000 UTC \n","Drained":false,"EndTime":"0001-01-01T00:00:00Z","EventID":"asg-lifecycle-term-63663936393066322d613734322d376536322d333433312d373463613935333465653236","InProgress":false,"InstanceID":"<snip>","Kind":"SQS_TERMINATE","NodeLabels":null,"NodeName":"<snip>","Pods":null,"StartTime":"2021-04-19T17:47:30Z","State":""}
2021/04/19 17:51:13 ??? Cordoning the node
2021/04/19 17:51:13 ??? Draining the node
2021/04/19 17:51:13 ??? WARNING: ignoring DaemonSet-managed Pods: <snip>
2021/04/19 17:51:13 ??? evicting pod <snipped list of pods>
2021/04/19 17:51:24 ??? Node successfully cordoned and drained node_name=i<snip>
2021/04/19 17:51:24 INF Completed ASG Lifecycle Hook (<snip>) for instance <snip>
2021/04/19 17:51:24 ??? SQS Deleted Message: {
  Attributes: {
    SentTimestamp: "1618854451407"
  },
  Body: "{\"version\":\"0\",\"id\":\"cf9690f2-a742-7e62-3431-74ca9534ee26\",\"detail-type\":\"EC2 Instance-terminate Lifecycle Action\",\"source\":\"aws.autoscaling\",\"account\":\"<snip>\",\"time\":\"2021-04-19T17:47:30Z\",\"region\":\"<snip>\",\"resources\":[\"<snip>\"],\"detail\":{\"LifecycleActionToken\":\"<snip>\",\"AutoScalingGroupName\":\"<snip>\",\"LifecycleHookName\":\"<snip>\",\"EC2InstanceId\":\"<snip>\",\"LifecycleTransition\":\"autoscaling:EC2_INSTANCE_TERMINATING\",\"Origin\":\"AutoScalingGroup\",\"Destination\":\"EC2\"}}",
  MD5OfBody: "<snip>",
  MessageId: "5ad87fea-0ce5-4542-b71d-810a87f76c09",
  ReceiptHandle: "AQEBqQpoObajN+e2XpvYh1DtsuzvxTkFVm1a0jBKPcf4AmdU0H9Wjn5b5AolpWoXBI+3oDypGXJhiJx6zIbiJzopkQHleECaDmGvoz/TFRemMMF8ttnk6nKcxHDCuslVGjK7wKyVIVFXuT0ukW9IawsusKnx+OqjhqH2+NOJMcKhmCYsOaigkdVExE2v4ofe7NmvUH4yfc5C+bhr44MxulFjGNBnZmtyKUPodfSeOHBSvGD4iHOf6DjEcjkX/BiVe0SNp5I7vLdolBtZ+6glEGNcyMpUec/p+1cXjPaWZ7EuKXLvG0Dj6lb0rElx41Y6GHPnekEnObLIhbDKnmRUJN9X0r2orys7Nzo/Wq0N1UAc8pzFzwL/w6ZF+WV0TlV9QQ+WMXOFNf/VYA0C55LyDfVOCfU/TXSX0fm5oEmmhvizJ20="
}
<FAILED CORDON/DRAIN>
2021/04/19 17:54:31 ??? Adding new event to the event store event={"AutoScalingGroupName":"<snip>","Description":"ASG Lifecycle Termination event received. Instance will be interrupted at 2021-04-19 17:53:03 +0000 UTC \n","Drained":false,"EndTime":"0001-01-01T00:00:00Z","EventID":"asg-lifecycle-term-30396361313231302d636230342d316236332d303835382d643166326533383562633937","InProgress":false,"InstanceID":"<snip>","Kind":"SQS_TERMINATE","NodeLabels":null,"NodeName":"<snip>","Pods":null,"StartTime":"2021-04-19T17:53:03Z","State":""}
2021/04/19 17:54:31 ??? Cordoning the node
2021/04/19 17:54:31 ??? Draining the node
2021/04/19 17:54:31 ??? WARNING: ignoring DaemonSet-managed Pods: <snip>
2021/04/19 17:54:31 ??? evicting pod <list of evicted pods>
2021/04/19 17:56:31 ??? There was a problem while trying to cordon and drain the node error="drain did not complete within 2m0s"

--- New pod ---
<skipped startup messages>

<I have snipped the nodes names but I verified this event is for the same node as the last NTH pod failed to cordon and drain>
2021/04/19 17:57:14 ??? Adding new event to the event store event={"AutoScalingGroupName":"<snip>","Description":"ASG Lifecycle Termination event received. Instance will be interrupted at 2021-04-19 17:53:03 +0000 UTC \n","Drained":false,"EndTime":"0001-01-01T00:00:00Z","EventID":"asg-lifecycle-term-30396361313231302d636230342d316236332d303835382d643166326533383562633937","InProgress":false,"InstanceID":"<snip>","Kind":"SQS_TERMINATE","NodeLabels":null,"NodeName":"<snip>","Pods":null,"StartTime":"2021-04-19T17:53:03Z","State":""}
2021/04/19 17:57:15 ??? Cordoning the node
2021/04/19 17:57:15 ??? Draining the node
2021/04/19 17:57:15 ??? WARNING: ignoring DaemonSet-managed Pods: <snip>
<Note there is no "evicting pod" list>
2021/04/19 17:57:15 ??? Node successfully cordoned and drained node_name=<snip>
2021/04/19 17:57:16 INF Completed ASG Lifecycle Hook (<snip>) for instance <snip>
2021/04/19 17:57:16 ??? SQS Deleted Message: {
Attributes: {
SentTimestamp: "1618854783552"
},
Body: "{\"version\":\"0\",\"id\":\"09ca1210-cb04-1b63-0858-d1f2e385bc97\",\"detail-type\":\"EC2 Instance-terminate Lifecycle Action\",\"source\":\"aws.autoscaling\",\"account\":\"<snip>\",\"time\":\"2021-04-19T17:53:03Z\",\"region\":\"<snip>\",\"resources\":[\"<snip>\"],\"detail\":{\"LifecycleActionToken\":\"<snip>\",\"AutoScalingGroupName\":\"s<snip>\",\"LifecycleHookName\":\"<snip>\",\"EC2InstanceId\":\"<snip>\",\"LifecycleTransition\":\"autoscaling:EC2_INSTANCE_TERMINATING\",\"Origin\":\"AutoScalingGroup\",\"Destination\":\"EC2\"}}",
MD5OfBody: "<snip>",
MessageId: "752df08c-f8eb-41d4-81af-776a88f6769b",
ReceiptHandle: "AQEBFEbKyR/JJFPQSqAANGRzZm4F7qGlfGkivNXBSxB8HqDXkrWPeN+8jVcwWUL+uvCUP2ipLwztHwOn9M4lxMIIOPt1u9O8j2+VxDso+4f7mabQPzehztKNmTJvSlDpZeXHRFX8C0jn/K9nc9sZis07F5E9qi/lNp/xtd/DysHOUbJfLSzHj9Exiqfc7teiAlEyCSosMUQSd9YRZ6Cq8hROT36k1vg6a6twvdWfWPEhov79tGrW6mbophYqzZc4lygbZzHWXXUAo9fkSklbl51/sLc7wIL1aSDriDcOt+UdtphzuuEL0lWpgBOBiA0S4tljgOdCEfOwSCoSMdItzkthzkmv2XSstAF+xNnVTejAmESXjVPvMPdebi7o9Bok2Xt8xz2fY1GC1h/qUCmIZe/zIPBKWIlVj+TyhCLAxjDy/II="
}

Everything eventually works, but this does cause some false alerts with the pod appearing to go into a crash loop backoff if this happens multiple times in a row. I did some digging trying to find what error could be checked, but I'm not very familiar with the k8s SDKs so I wasn't able to find an answer.

[haugenj]

I think the os.exit(1) was written for imds mode, and probably shouldn't be executed when we're running in queue-processor mode

[heschlie]

I'm happy to open a PR to conditionally skip the exit(1) if that's the right approach.