client-go: data consistency checker for list requests

[p0lyn0mial]

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds data consistency checker to client-go for checking data retrieved via list requests from the cache and directly from etcd. The detector can be enabled by setting KUBE_LIST_FROM_CACHE_INCONSISTENCY_DETECTOR env var.

// CheckListFromCacheDataConsistencyIfRequested performs a data consistency check only when
// the KUBE_LIST_FROM_CACHE_INCONSISTENCY_DETECTOR environment variable was set during a binary startup
// for requests that have a high chance of being served from the watch-cache.
//
// The consistency check is meant to be enforced only in the CI, not in production.
// The check ensures that data retrieved by a list api call from the watch-cache
// is exactly the same as data received by the list api call from etcd.
//
// Note that this function will panic when data inconsistency is detected.
// This is intentional because we want to catch it in the CI.
//
// Note that this function doesn't examine the ListOptions to determine
// if the original request has hit the cache because it would be challenging
// to maintain consistency with the server-side implementation.
// For simplicity, we assume that the first request retrieved data from
// the cache (even though this might not be true for some requests)
// and issue the second call to get data from etcd for comparison.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[p0lyn0mial]

/assign @wojtek-t
/cc @serathius

[p0lyn0mial]

copied from the cacher.go - it looks like it does what we want expect the case mentioned in the comment and after clarifying rows 1 and 3 from the KEP.

[p0lyn0mial]

We need to find a better home for this function. Depending on where it is defined and whether it will be public, we could consider adding more validation for opts (e.g., checking if it was actually a list request).

[p0lyn0mial]

We need to find a better home for this function. This function is common for checkWatchListDataConsistencyIfRequested and CheckListAgainstCacheDataConsistencyIfRequested.

[wojtek-t]

Is it really what you want? We rather want to call it if error was non-nil, right?

[p0lyn0mial]

ups, yeah, it should have been if err == nil - thanks.

[wojtek-t]

Actually, seeing how you want to use it now and where are the problems, let's first merge this commit as a #124446

[wojtek-t]

We should rather evolve it to something like:

"if continuation wasn't set, the call LIST with RV= and ResourceVersionMatch=Exact and rest parameters the same"

Seems simpler, potentially makes this check unnecessarily, but it's not a big deal.

[p0lyn0mial]

/retest

[p0lyn0mial]

/test pull-kubernetes-node-e2e-containerd

[deads2k]

I approve of the approach, though I suspect further refactoring will be necessary for streaming list.

[p0lyn0mial]

I approve of the approach, though I suspect further refactoring will be necessary for streaming list.

thanks, yes, support for streaming list will require more changes to the code generation.

[p0lyn0mial]

OK, so this PR has a commit that always enables the detector for list requests. Here is the summary of test failures.

I think that we could initially enable the detector for an e2e job like pull-kubernetes-e2e-gce. If that's okay then I could create an issue to capture the following failures and fix them at a later point in time.

Unit Tests (3 failures)

1. TestEventIsSorted
   The test produces fake data via the getFakeEvents() method, which doesn’t return a stable output (the time changes between invocations). For example:

EventTime: v1.MicroTime{Time: s"2024-06-05 11:01:04.54382 +0000 UTC"}
EventTime: v1.MicroTime{Time: s"2024-06-05 11:01:04.538752 +0000 UTC}

2. Test_buildClientCertificateManager
   Sets up a fake/custom server which cannot handle the additional request made by the detector.

3. TestDrain
   Sets up a fake/custom rest-client which is then used by a real client. The additional call made by the detector is intercepted by the test and, since it is unexpected, the test fails.

Integration Tests (2 failures)

1. TestExecPluginViaClient
   This test is failing because it has a custom round tripper for collecting some data. The detector makes an additional call, causing the data to not match expectations.

2. TestLegacyServiceAccountTokenTracking
   This test is failing because it has a custom round tripper (actually a warning handler) for collecting warnings. The detector makes an additional call, resulting in more warnings than expected.

[fedebongio]

/triage accepted

[wojtek-t]

Yes - the most important thing is that we understand the failures in unit/integration tests and those are test issues, not real issues. So that's fine.
I'm +1 on enabling that for e2e tests only (at least for now).

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: dbdb31c5b4c899b9617fe73668262c8f5c915e79

[wojtek-t]

/kind feature
/retest

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: p0lyn0mial, wojtek-t

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• staging/src/k8s.io/apiextensions-apiserver/OWNERS [wojtek-t]
• staging/src/k8s.io/client-go/OWNERS [wojtek-t]
• staging/src/k8s.io/code-generator/OWNERS [wojtek-t]
• staging/src/k8s.io/kube-aggregator/OWNERS [wojtek-t]
• staging/src/k8s.io/metrics/OWNERS [wojtek-t]
• staging/src/k8s.io/sample-apiserver/OWNERS [wojtek-t]
• staging/src/k8s.io/sample-controller/OWNERS [wojtek-t]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment