Detect master identity change/replication offset rewind and stop replication

[abustany]

dragonfly version: 1.33.1

When running a master/replica setup on k8s along with the dragonfly operator and the master fails, there's no guarantee that the operator can kick in before the master pod restarts. This itself is not a bug, it's just the nature of a distributed system. What this means in practice though is that (assuming the operator is stuck/sleeping) the replica will restart replicating from the freshly restarted master, which is potentially empty -> this leads to data loss.

It seems that upstream Redis exposes a run_id INFO field, that's basically a unique ID generated on each startup. I suppose that we could avoid the data loss described above by either:

1. Adding the same info field to Dragonfly (or maybe there's another field we can already use to uniquely identify a server execution?) + add a way to stop replication on a replica if the connection breaks, and the master ID changed when reconnecting
2. Preventing replication if it's rewinding the replication offset(s?)

The assumption here is that the operator will eventually figure out which replica has the highest offset, and configure that one as the master. The cluster will still be unavailable/inconsistent until the operator wakes up, but will eventually converge to a state where all data is there.

[moredure]

Hello @abustany!

You can use this flag --break_replication_on_master_restart=true in the dragonfly operator CRD spec args (e.g. https://github.com/dragonflydb/dragonfly-operator/blob/main/api/v1alpha1/dragonfly_types.go#L53) when defining your dragonfly resources.
I'll start a PR with this change soon to make it default behaviour.

[abustany]

I love it when what I was hoping for already exists :-D I'll give that a try, thanks a lot for the pointer.

[abustany]

Hmm so I edited my deployment and checked that both servers are now running with the option enabled (I checked using ps aux). I then kubectl exec'ed into the master and ran kill 1. The replica lost the connection to the master, but still reconnected afterwards and replicated the empty state.

Relevant logs:

# Here I kill the master
W20250926 15:52:06.419471    11 common.cc:350] ReportError: Software caused connection abort
W20250926 15:52:06.419898    11 replica.cc:733] Replication error in phase STABLE_SYNC with 10.0.0.48:9999, error: Software caused connection abort, socket state: State: CLOSE_WAIT, Local: 10.0.2.183:33176, Remote: 10.0.0.48:9999, Inode: 262057765
W20250926 15:52:06.420449    11 protocol_client.cc:243] Socket error: Software caused connection abort in 10.0.0.48:9999, socket info: State: CLOSE_WAIT, Local: 10.0.2.183:33176, Remote: 10.0.0.48:9999, Inode: 262057765
I20250926 15:52:06.421185    11 replica.cc:769] Exit stable sync
W20250926 15:52:06.421221    11 replica.cc:287] Error stable sync with 10.0.0.48:9999 (phase: TCP_CONNECTING): system:103 Software caused connection abort, socket state: State: LAST_ACK, Local: 10.0.2.183:33176, Remote: 10.0.0.48:9999, Inode: 262057765

# Sent by the operator
I20250926 15:52:06.902153    11 server_family.cc:3400] Replicating NO ONE
W20250926 15:52:06.902216    11 common.cc:350] ReportError: Operation canceled: ExecutionState cancelled
W20250926 15:52:06.902243    11 protocol_client.cc:243] Socket error: Operation canceled: ExecutionState cancelled in 10.0.0.48:9999, socket info: socket not found in /proc/net/tcp or /proc/net/tcp6
W20250926 15:52:06.922672    11 replica.cc:233] Error connecting to 10.0.0.48:9999 (phase: DISABLED): generic:125, reason: Operation canceled

# Why is it replicating here!?
I20250926 15:52:22.050170    11 server_family.cc:3400] Replicating 10.0.0.48:9999
I20250926 15:52:22.062242    11 replica.cc:623] Started full sync with 10.0.0.48:9999
I20250926 15:52:22.064607    11 replica.cc:643] full sync finished in 7 ms

# Now my keyspace is empty :'(
I20250926 15:52:22.064788    11 replica.cc:745] Transitioned into stable sync

# Operator trying again
I20250926 15:52:22.107611    11 server_family.cc:3400] Replicating NO ONE
W20250926 15:52:22.107833    11 common.cc:350] ReportError: Operation canceled: ExecutionState cancelled
W20250926 15:52:22.107951    11 protocol_client.cc:243] Socket error: Operation canceled: ExecutionState cancelled in 10.0.0.48:9999, socket info: State: ESTABLISHED, Local: 10.0.2.183:39568, Remote: 10.0.0.48:9999, Inode: 262083024
I20250926 15:52:22.108810    11 replica.cc:769] Exit stable sync
I20250926 15:52:22.149091    11 dflycmd.cc:698] Registered replica 10.0.0.48:6379
I20250926 15:52:22.155478    11 dflycmd.cc:392] Started sync with replica 10.0.0.48:6379
I20250926 15:52:22.158385    11 dflycmd.cc:432] Transitioned into stable sync with replica 10.0.0.48:6379

It seems like some state machine is hosed in the server... Should I report that against https://github.com/dragonflydb/dragonfly/ instead?

[moredure]

hm, I will recheck it, yeap, sounds like an issue with operator forcing the reconnection to empty master instead of promoting or indeed some issue with dragonfly, but it's less likely.

@abustany can you share your operator version, spec file and dragonfly version?

[Abhra303]

Hi @abustany, this issue is related to #365 which is merged now, but not released yet. Basically, it deletes "master" label, if the df container is unhealthy. So it will failover to the "replica'.

[Abhra303]

But it is still valid to try for an way to prevent replication from an empty master.

[Abhra303]

Also @abustany, it will be helpful if you share the operator logs here.

[abustany]

Sure, here you go:

2025-09-26T15:52:21Z    INFO    received        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": {"name":"dragonfly-0","namespace":"v2"}}
2025-09-26T15:52:21Z    INFO    failed to get master pod        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "error": "incorrect number of masters"}
2025-09-26T15:52:21Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3"}
2025-09-26T15:52:21Z    INFO    deleting pod role label {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0", "role": "master"}
2025-09-26T15:52:21Z    INFO    reconciling dragonfly instance  {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935"}
2025-09-26T15:52:21Z    INFO    reconciling dragonfly resource  {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935", "kind": "StatefulSet", "namespace": "v2", "Name": "dragonfly"}
2025-09-26T15:52:21Z    INFO    deleting pod role label {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-1", "role": "master"}
2025-09-26T15:52:21Z    INFO    reconciling dragonfly resource  {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935", "kind": "Service", "namespace": "v2", "Name": "dragonfly"}
2025-09-26T15:52:21Z    INFO    configuring replication {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3"}
2025-09-26T15:52:21Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3"}
2025-09-26T15:52:21Z    INFO    updating status {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "status": {"phase":"Configuring"}}
2025-09-26T15:52:22Z    INFO    configuring pod as master       {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0", "ip": "10.0.0.48"}
2025-09-26T15:52:22Z    INFO    running SLAVE OF NO ONE command {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0", "addr": "10.0.0.48:9999"}
2025-09-26T15:52:22Z    INFO    marking pod role as master      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0"}
2025-09-26T15:52:22Z    INFO    updating status {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "status": {"phase":"Ready"}}
2025-09-26T15:52:22Z    INFO    reconciling dragonfly resource  {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935", "kind": "PodDisruptionBudget", "namespace": "v2", "Name": "dragonfly"}
2025-09-26T15:52:22Z    INFO    configuring pod as replica      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-1", "ip": "10.0.2.183"}
2025-09-26T15:52:22Z    INFO    trying to invoke SLAVE OF command       {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-1", "master": "10.0.0.48", "addr": "10.0.2.183:9999"}
2025-09-26T15:52:22Z    INFO    marking pod role as replica     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-1"}
2025-09-26T15:52:22Z    INFO    checking if pod spec has changed        {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935"}
2025-09-26T15:52:22Z    INFO    getting statefulset     {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935"}
2025-09-26T15:52:22Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly","namespace":"v2"}, "namespace": "v2", "name": "dragonfly", "reconcileID": "fc365f27-4c18-44a6-88bc-4e28c291d935"}
2025-09-26T15:52:22Z    INFO    pod does not have a role label  {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0"}
2025-09-26T15:52:22Z    INFO    configuring pod as replica      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0", "ip": "10.0.0.48"}
2025-09-26T15:52:22Z    INFO    trying to invoke SLAVE OF command       {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "pod": "dragonfly-0", "master": "10.0.0.48", "addr": "10.0.0.48:9999"}
2025-09-26T15:52:22Z    ERROR   Reconciler error        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "6d29fa62-735a-4cc3-b160-47dc35d3e2d3", "error": "failed to configure pod as replica: error running SLAVE OF command: ERR replication cancelled"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:347
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:294
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:255
2025-09-26T15:52:22Z    INFO    received        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": {"name":"dragonfly-1","namespace":"v2"}}
2025-09-26T15:52:22Z    INFO    failed to get master pod        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "error": "no master found"}
2025-09-26T15:52:22Z    INFO    configuring replication {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6"}
2025-09-26T15:52:22Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6"}
2025-09-26T15:52:22Z    INFO    updating status {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "status": {"phase":"Configuring"}}
2025-09-26T15:52:22Z    INFO    configuring pod as master       {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-1", "ip": "10.0.2.183"}
2025-09-26T15:52:22Z    INFO    running SLAVE OF NO ONE command {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-1", "addr": "10.0.2.183:9999"}
2025-09-26T15:52:22Z    INFO    marking pod role as master      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-1"}
2025-09-26T15:52:22Z    INFO    updating status {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "status": {"phase":"Ready"}}
2025-09-26T15:52:22Z    INFO    configuring pod as replica      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-0", "ip": "10.0.0.48"}
2025-09-26T15:52:22Z    INFO    trying to invoke SLAVE OF command       {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-0", "master": "10.0.2.183", "addr": "10.0.0.48:9999"}
2025-09-26T15:52:22Z    INFO    marking pod role as replica     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-0"}
2025-09-26T15:52:22Z    INFO    non-deletion event for a pod with an existing role. checking if something is wrong      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-1", "role": "master"}
2025-09-26T15:52:22Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6"}
2025-09-26T15:52:22Z    INFO    checking if replica is configured correctly     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "249071fc-b989-4ba8-97b2-e2268faf3ad6", "pod": "dragonfly-0"}
2025-09-26T15:52:22Z    INFO    received        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "aefa6550-7421-499d-aeb5-6ae3c29ff3a3", "pod": {"name":"dragonfly-0","namespace":"v2"}}
2025-09-26T15:52:22Z    INFO    non-deletion event for a pod with an existing role. checking if something is wrong      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "aefa6550-7421-499d-aeb5-6ae3c29ff3a3", "pod": "dragonfly-0", "role": "replica"}
2025-09-26T15:52:22Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "aefa6550-7421-499d-aeb5-6ae3c29ff3a3"}
2025-09-26T15:52:22Z    INFO    checking if replica is configured correctly     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-0","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-0", "reconcileID": "aefa6550-7421-499d-aeb5-6ae3c29ff3a3", "pod": "dragonfly-0"}
2025-09-26T15:52:22Z    INFO    received        {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "bc853629-9ece-4a81-9434-2a33ad00d6f7", "pod": {"name":"dragonfly-1","namespace":"v2"}}
2025-09-26T15:52:22Z    INFO    non-deletion event for a pod with an existing role. checking if something is wrong      {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "bc853629-9ece-4a81-9434-2a33ad00d6f7", "pod": "dragonfly-1", "role": "master"}
2025-09-26T15:52:22Z    INFO    getting all pods relevant to the dragonfly instance     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "bc853629-9ece-4a81-9434-2a33ad00d6f7"}
2025-09-26T15:52:22Z    INFO    checking if replica is configured correctly     {"controller": "DragonflyPodLifecycle", "controllerGroup": "", "controllerKind": "Pod", "Pod": {"name":"dragonfly-1","namespace":"v2"}, "namespace": "v2", "name": "dragonfly-1", "reconcileID": "bc853629-9ece-4a81-9434-2a33ad00d6f7", "pod": "dragonfly-0"}

[moredure]

Hi @abustany, this issue is related to #365 which is merged now, but not released yet. Basically, it deletes "master" label, if the df container is unhealthy. So it will failover to the "replica'.

We should try it.

I believe there is more global problem than that, and it corresponds to the way dragonfly-operator operates the pods topology (statefulset) and directs traffic to the target node, by using the master label and targeting the traffic via service to the healthy pod of the statefulset with this role=mater label.
In case pod restarts in a quick succession (statefulset restartPolicy is Always and cannot be configured within StatefulSet) and becomes healthy fast enough so reconciler won't detect it due to different reasons (operator itself was unavailable or slow tick rate?) (we have initial delay for healthchecks, but still there is a chance it might be not enough). It's possible that traffic will still be received by this node after the pod restart.

As I understand there is a few options out there:

1. Add some default ACL which will be blocking the traffic to public port up until operator will allow the traffic with provided/or allow-all rules after the process starts (so after master process will be restarted, traffic will be blocked at the beginning up until dragonfly-operator will promote correct pod)
2. Introduce some changes in this area to dragonfly itself, but still requires operator changes.
3. Some ephemeralContainers with iptables block/allow ?
4. Manage pods directly, instead of relying on statefulset and service to route the traffic. Instead of selecting the traffic target by role via service, update service label to select by individual pod label, in case pod will be recreated in case of failures (restartPolicy) , so we will be sure, traffic won't be directed towards the pod without data in HA setup.
   The last option is most radical, I think making some adhoc healthcheck changes or introducing some mechanisms to block traffic to non-admin port by default at pod start is the best option. With 1 and 2.

[abustany]

I agree with moredure here. If a pod restarts, it will keep its labels, including the role=master one... So the operator doesn't have a good way to know what "generation" of the pod it's dealing with. Option 1 seems quite smart to me, since the operator anyway uses the admin port. Another idea would be to add an init container to the dragonfly pod that sets a dragonfly-server-id label with a random value at each start, and use that value in the service selector: after a pod restart, the init container would run before dragonfly is up again and update the label with a new value.

[moredure]

I agree with moredure here. If a pod restarts, it will keep its labels, including the role=master one... So the operator doesn't have a good way to know what "generation" of the pod it's dealing with. Option 1 seems quite smart to me, since the operator anyway uses the admin port. Another idea would be to add an init container to the dragonfly pod that sets a dragonfly-server-id label with a random value at each start, and use that value in the service selector: after a pod restart, the init container would run before dragonfly is up again and update the label with a new value.

initContainer are not triggered on container restarts, each time container fails it's restarted with new id by default, so it can be used.
Anyway, we will take a look into it next week. The PR @Abhra303 mentioned should solve most of the cases along with enabled flag.

[abustany]

initContainer are not triggered on container restarts

Hmm are you sure? I haven't tried it myself, but https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#detailed-behavior says that "If the Pod restarts, or is restarted, all init containers must execute again."

But else yeah, agree that we can use either metadata.resourceVersion (though that one maybe can change for other reasons?) or status.containerStatuses[0].containerId to uniquely identify server instances across restarts.

One more thought: you mentioned that "we have initial delay for healthchecks", which is correct. However, if I'm not mistaken a pod not being ready does not prevent direct IP traffic from reaching it? So basically the service wouldn't point to a master that just restarted and is still in the "initial delay" of the readiness probe, however a replica that already has its IP address can (incorrectly) replicate from it? Your proposed solution of initially blocking replication traffic would address this.

[moredure]

initContainer are not triggered on container restarts

Hmm are you sure? I haven't tried it myself, but https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#detailed-behavior says that "If the Pod restarts, or is restarted, all init containers must execute again."

But else yeah, agree that we can use either metadata.resourceVersion (though that one maybe can change for other reasons?) or status.containerStatuses[0].containerId to uniquely identify server instances across restarts.

One more thought: you mentioned that "we have initial delay for healthchecks", which is correct. However, if I'm not mistaken a pod not being ready does not prevent direct IP traffic from reaching it? So basically the service wouldn't point to a master that just restarted and is still in the "initial delay" of the readiness probe, however a replica that already has its IP address can (incorrectly) replicate from it? Your proposed solution of initially blocking replication traffic would address this.

pod restarts if smth is wrong with infra layer, not the container level https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#pod-restart-reasons

not exactly regarding traffic, service won't sent traffic to not yet ready pods

so the only concerning case with this pr #386 and pr @Abhra303 mentioned applied is having possible scenario of operator downtime during failover (label removal under the hood) leading to some of the connections being established to healthy but empty master as traffic won't be directed to old replica with existing data.