PVC safeguards for KRaft controllers (#109)

hvan · web-flow · commit 73a458e36aa3 · 2025-09-09T15:24:17.000-05:00
diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go
@@ -1164,58 +1164,27 @@ func (r *Reconciler) reconcileKafkaPvc(ctx context.Context, log logr.Logger, bro
 			return errorfactory.New(errorfactory.APIFailure{}, err, "getting resource failed", "kind", desiredType)
 		}
 
-		// Handle disk removal
-		if len(pvcList.Items) > len(desiredPvcs) {
-			for _, pvc := range pvcList.Items {
-				foundInDesired := false
-				existingMountPath := pvc.Annotations["mountPath"]
-
-				for _, desiredPvc := range desiredPvcs {
-					desiredMountPath := desiredPvc.Annotations["mountPath"]
-
-					if existingMountPath == desiredMountPath {
-						foundInDesired = true
-						break
-					}
-				}
-
-				if foundInDesired {
-					continue
-				}
+		isController, err := r.isController(util.ConvertStringToInt32(brokerId))
+		if err != nil {
+			return errors.WrapIfWithDetails(err, "could not determine if broker is controller", "brokerId", brokerId)
+		}
 
-				mountPathToRemove := existingMountPath
-				if brokerState, ok := r.KafkaCluster.Status.BrokersState[brokerId]; ok {
-					volumeStateStatus, found := brokerState.GracefulActionState.VolumeStates[mountPathToRemove]
-					if !found {
-						// If the state is not found, it means that the disk removal was done according to the disk removal succeeded branch
-						log.Info("Disk removal was completed, waiting for Rolling Upgrade to remove PVC", "brokerId", brokerId, "mountPath", mountPathToRemove)
-						continue
-					}
+		if isController {
+			if len(desiredPvcs) != 1 {
+				return errors.New("controller broker can have only one volume")
+			}
+			// changing the controller's mount path leads to a new disk being added and the controller in an unrecoverable state
+			// due to the new disk not being initialized for kafka.  we want to avoid this situation.
+			if len(pvcList.Items) == 1 && pvcList.Items[0].Annotations["mountPath"] != desiredPvcs[0].Annotations["mountPath"] {
+				return errors.New("controller broker volume mount path cannot be changed")
+			}
+		}
 
-					// Check the volume state
-					ccVolumeState := volumeStateStatus.CruiseControlVolumeState
-					switch {
-					case ccVolumeState.IsDiskRemovalSucceeded():
-						if err := r.Client.Delete(ctx, &pvc); err != nil {
-							return errorfactory.New(errorfactory.APIFailure{}, err, "deleting resource failed", "kind", desiredType)
-						}
-						log.Info("resource deleted")
-						err = k8sutil.DeleteVolumeStatus(r.Client, brokerId, mountPathToRemove, r.KafkaCluster, log)
-						if err != nil {
-							return errors.WrapIfWithDetails(err, "could not delete volume status for broker volume", "brokerId", brokerId, "mountPath", mountPathToRemove)
-						}
-					case ccVolumeState.IsDiskRemoval():
-						log.Info("Graceful disk removal is in progress", "brokerId", brokerId, "mountPath", mountPathToRemove)
-						waitForDiskRemovalToFinish = true
-					case ccVolumeState.IsDiskRebalance():
-						log.Info("Graceful disk rebalance is in progress, waiting to mark disk for removal", "brokerId", brokerId, "mountPath", mountPathToRemove)
-						waitForDiskRemovalToFinish = true
-					default:
-						brokerVolumesState[mountPathToRemove] = v1beta1.VolumeState{CruiseControlVolumeState: v1beta1.GracefulDiskRemovalRequired}
-						log.Info("Marked the volume for removal", "brokerId", brokerId, "mountPath", mountPathToRemove)
-						waitForDiskRemovalToFinish = true
-					}
-				}
+		// Handle disk removal
+		if len(pvcList.Items) > len(desiredPvcs) {
+			waitForDiskRemovalToFinish, err = handleDiskRemoval(ctx, pvcList, desiredPvcs, r, brokerId, log, desiredType, brokerVolumesState)
+			if err != nil {
+				return err
 			}
 		}
 
@@ -1314,6 +1283,63 @@ func (r *Reconciler) reconcileKafkaPvc(ctx context.Context, log logr.Logger, bro
 	return nil
 }
 
+func handleDiskRemoval(ctx context.Context, pvcList *corev1.PersistentVolumeClaimList, desiredPvcs []*corev1.PersistentVolumeClaim,
+	r *Reconciler, brokerId string, log logr.Logger, desiredType reflect.Type, brokerVolumesState map[string]v1beta1.VolumeState) (bool, error) {
+	waitForDiskRemovalToFinish := false
+	for _, pvc := range pvcList.Items {
+		foundInDesired := false
+		existingMountPath := pvc.Annotations["mountPath"]
+
+		for _, desiredPvc := range desiredPvcs {
+			desiredMountPath := desiredPvc.Annotations["mountPath"]
+
+			if existingMountPath == desiredMountPath {
+				foundInDesired = true
+				break
+			}
+		}
+
+		if foundInDesired {
+			continue
+		}
+
+		mountPathToRemove := existingMountPath
+		if brokerState, ok := r.KafkaCluster.Status.BrokersState[brokerId]; ok {
+			volumeStateStatus, found := brokerState.GracefulActionState.VolumeStates[mountPathToRemove]
+			if !found {
+				// If the state is not found, it means that the disk removal was done according to the disk removal succeeded branch
+				log.Info("Disk removal was completed, waiting for Rolling Upgrade to remove PVC", "brokerId", brokerId, "mountPath", mountPathToRemove)
+				continue
+			}
+
+			// Check the volume state
+			ccVolumeState := volumeStateStatus.CruiseControlVolumeState
+			switch {
+			case ccVolumeState.IsDiskRemovalSucceeded():
+				if err := r.Client.Delete(ctx, &pvc); err != nil {
+					return false, errorfactory.New(errorfactory.APIFailure{}, err, "deleting resource failed", "kind", desiredType)
+				}
+				log.Info("resource deleted")
+				err := k8sutil.DeleteVolumeStatus(r.Client, brokerId, mountPathToRemove, r.KafkaCluster, log)
+				if err != nil {
+					return false, errors.WrapIfWithDetails(err, "could not delete volume status for broker volume", "brokerId", brokerId, "mountPath", mountPathToRemove)
+				}
+			case ccVolumeState.IsDiskRemoval():
+				log.Info("Graceful disk removal is in progress", "brokerId", brokerId, "mountPath", mountPathToRemove)
+				waitForDiskRemovalToFinish = true
+			case ccVolumeState.IsDiskRebalance():
+				log.Info("Graceful disk rebalance is in progress, waiting to mark disk for removal", "brokerId", brokerId, "mountPath", mountPathToRemove)
+				waitForDiskRemovalToFinish = true
+			default:
+				brokerVolumesState[mountPathToRemove] = v1beta1.VolumeState{CruiseControlVolumeState: v1beta1.GracefulDiskRemovalRequired}
+				log.Info("Marked the volume for removal", "brokerId", brokerId, "mountPath", mountPathToRemove)
+				waitForDiskRemovalToFinish = true
+			}
+		}
+	}
+	return waitForDiskRemovalToFinish, nil
+}
+
 // GetBrokersWithPendingOrRunningCCTask returns list of brokers that are either waiting for CC
 // to start executing a broker task (add broker, remove broker, etc) or CC already running a task for it.
 func GetBrokersWithPendingOrRunningCCTask(kafkaCluster *v1beta1.KafkaCluster) []int32 {
@@ -1732,3 +1758,16 @@ func generateServicePortForAdditionalPorts(containerPorts []corev1.ContainerPort
 	}
 	return usedPorts
 }
+
+func (r *Reconciler) isController(brokerId int32) (bool, error) {
+	for _, broker := range r.KafkaCluster.Spec.Brokers {
+		if broker.Id == brokerId {
+			brokerConfig, err := broker.GetBrokerConfig(r.KafkaCluster.Spec)
+			if err != nil {
+				return false, errors.WrapIf(err, "failed to reconcile resource")
+			}
+			return brokerConfig.IsControllerNode(), nil
+		}
+	}
+	return false, errors.NewWithDetails("could not find broker in the spec", "brokerId", brokerId)
+}
diff --git a/pkg/resources/kafka/kafka_test.go b/pkg/resources/kafka/kafka_test.go
@@ -42,6 +42,19 @@ import (
 	"github.com/banzaicloud/koperator/pkg/scale"
 )
 
+type PvcTestCase struct {
+	testName            string
+	brokersDesiredPvcs  map[string][]*corev1.PersistentVolumeClaim
+	existingPvcs        []*corev1.PersistentVolumeClaim
+	kafkaClusterSpec    v1beta1.KafkaClusterSpec
+	kafkaClusterStatus  v1beta1.KafkaClusterStatus
+	expectedError       bool
+	expectedErrorMsg    string
+	expectedDeletePvc   bool
+	expectedCreatePvc   bool
+	expectedVolumeState map[string]v1beta1.CruiseControlVolumeState
+}
+
 func TestGetBrokersWithPendingOrRunningCCTask(t *testing.T) {
 	testCases := []struct {
 		testName     string
@@ -959,16 +972,7 @@ func TestGetServerPasswordKeysAndUsers(t *testing.T) { //nolint funlen
 
 func TestReconcileKafkaPvcDiskRemoval(t *testing.T) {
 	t.Parallel()
-	testCases := []struct {
-		testName            string
-		brokersDesiredPvcs  map[string][]*corev1.PersistentVolumeClaim
-		existingPvcs        []*corev1.PersistentVolumeClaim
-		kafkaClusterSpec    v1beta1.KafkaClusterSpec
-		kafkaClusterStatus  v1beta1.KafkaClusterStatus
-		expectedError       bool
-		expectedDeletePvc   bool
-		expectedVolumeState map[string]v1beta1.CruiseControlVolumeState
-	}{
+	testCases := []PvcTestCase{
 		{
 			testName: "If no disk removed, do nothing",
 			brokersDesiredPvcs: map[string][]*corev1.PersistentVolumeClaim{
@@ -1137,9 +1141,105 @@ func TestReconcileKafkaPvcDiskRemoval(t *testing.T) {
 		},
 	}
 
+	execPvcTest(t, testCases)
+}
+
+func TestReconcileKafkaPvcDisk(t *testing.T) {
+	t.Parallel()
+	testCases := []PvcTestCase{
+		{
+			testName: "broker with multiple disks is allowed",
+			brokersDesiredPvcs: map[string][]*corev1.PersistentVolumeClaim{
+				"0": {
+					createPvc("test-pvc-1", "0", "/path/to/mount1"),
+					createPvc("test-pvc-2", "0", "/path/to/mount2"),
+				},
+			},
+			existingPvcs: []*corev1.PersistentVolumeClaim{
+				createPvc("test-pvc-1", "0", "/path/to/mount1"),
+			},
+			kafkaClusterSpec: v1beta1.KafkaClusterSpec{
+				Brokers: []v1beta1.Broker{
+					{
+						Id: int32(0),
+						BrokerConfig: &v1beta1.BrokerConfig{
+							Roles: []string{"broker"},
+						},
+					},
+				},
+			},
+			expectedCreatePvc: true,
+			expectedError:     false,
+		},
+		{
+			testName: "when a controller has more than 1 disk, it should fail",
+			brokersDesiredPvcs: map[string][]*corev1.PersistentVolumeClaim{
+				"0": {
+					createPvc("test-pvc-1", "0", "/path/to/mount1"),
+					createPvc("test-pvc-2", "0", "/path/to/mount2"),
+				},
+			},
+			existingPvcs: []*corev1.PersistentVolumeClaim{
+				createPvc("test-pvc-1", "0", "/path/to/mount1"),
+			},
+			kafkaClusterSpec: v1beta1.KafkaClusterSpec{
+				Brokers: []v1beta1.Broker{
+					{
+						Id: int32(0),
+						BrokerConfig: &v1beta1.BrokerConfig{
+							Roles: []string{"controller"},
+						},
+					},
+				},
+			},
+			expectedError:    true,
+			expectedErrorMsg: "controller broker can have only one volume",
+		},
+		{
+			testName: "when a controller changes a mount path, it should fail",
+			brokersDesiredPvcs: map[string][]*corev1.PersistentVolumeClaim{
+				"0": {
+					createPvc("test-pvc-1", "0", "/path/to/mount1"),
+				},
+			},
+			existingPvcs: []*corev1.PersistentVolumeClaim{
+				createPvc("test-pvc-1", "0", "/path/to/mount2"),
+			},
+			kafkaClusterSpec: v1beta1.KafkaClusterSpec{
+				Brokers: []v1beta1.Broker{
+					{
+						Id: int32(0),
+						BrokerConfig: &v1beta1.BrokerConfig{
+							Roles: []string{"controller"},
+						},
+					},
+				},
+			},
+			expectedError:    true,
+			expectedErrorMsg: "controller broker volume mount path cannot be changed",
+		},
+	}
+	execPvcTest(t, testCases)
+}
+
+func execPvcTest(t *testing.T, testCases []PvcTestCase) {
+	kafkaClusterSpec := v1beta1.KafkaClusterSpec{
+		Brokers: []v1beta1.Broker{
+			{
+				Id: int32(0),
+				BrokerConfig: &v1beta1.BrokerConfig{
+					Roles: []string{"broker"},
+				},
+			},
+		},
+	}
 	mockCtrl := gomock.NewController(t)
 
 	for _, test := range testCases {
+		if test.kafkaClusterSpec.Brokers != nil {
+			kafkaClusterSpec = test.kafkaClusterSpec
+		}
+
 		mockClient := mocks.NewMockClient(mockCtrl)
 		mockSubResourceClient := mocks.NewMockSubResourceClient(mockCtrl)
 		t.Run(test.testName, func(t *testing.T) {
@@ -1151,6 +1251,7 @@ func TestReconcileKafkaPvcDiskRemoval(t *testing.T) {
 							Name:      "kafka",
 							Namespace: "kafka",
 						},
+						Spec: kafkaClusterSpec,
 					},
 				},
 			}
@@ -1176,6 +1277,10 @@ func TestReconcileKafkaPvcDiskRemoval(t *testing.T) {
 				mockClient.EXPECT().Delete(context.TODO(), gomock.AssignableToTypeOf(&corev1.PersistentVolumeClaim{})).Return(nil)
 			}
 
+			// Mock the client.Create call
+			if test.expectedCreatePvc {
+				mockClient.EXPECT().Create(context.TODO(), gomock.AssignableToTypeOf(&corev1.PersistentVolumeClaim{})).Return(nil)
+			}
 			// Mock the status update call
 			mockClient.EXPECT().Status().Return(mockSubResourceClient).AnyTimes()
 			mockSubResourceClient.EXPECT().Update(context.Background(), gomock.AssignableToTypeOf(&v1beta1.KafkaCluster{})).Do(func(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, opts ...client.SubResourceUpdateOption) {
@@ -1191,6 +1296,10 @@ func TestReconcileKafkaPvcDiskRemoval(t *testing.T) {
 			// Test that the expected error is returned
 			if test.expectedError {
 				assert.NotNil(t, err, "Expected an error but got nil")
+
+				if test.expectedErrorMsg != "" {
+					assert.Contains(t, err.Error(), test.expectedErrorMsg, "Error message does not contain expected text.\nActual:   %s\nExpected: %s", err.Error(), test.expectedErrorMsg)
+				}
 			} else {
 				assert.Nil(t, err, "Expected no error but got an error")
 			}
