This change is 

Marked as WIP for dicsussion and it needs a test (mounting in tests could be difficult though).

@saad-ali, @jingxu97, would you consider this patch useful as a safe-guard in kubelet? Will it break anything?

@kubernetes/rh-storage PTAL. Tests are welcome.

Unit test added

Tested manually with Kubernetes 1.3 with #27653 still reproducible - it does not remove anything in mounted secret (tmpfs) and an AWS volume and shows in the log:

Failed to remove orphaned pod "869411ac-b7ce-11e6-90d8-0e2ed4bd5858" dir; err: cannot delete directory /var/lib/origin/openshift.local.volumes/pods/869411ac-b7ce-11e6-90d8-0e2ed4bd5858/volumes/kubernetes.io~secret/default-token-9rqfl: it is a mount point

The secret and my AWS volume are still attached and mounted and they're never unmounted (which is fixed in #27653, this PR is just safety check).

@jsafrane The main concern of this PR is that adding the os.stat() function in removing directories. In current design, cleanupOrphanedPodDirs is called directly by the main kubelet sync loop, such calls might cause hang problem for cleanup NFS mounted directories. I am not sure if we should consider using separate thread to do the cleanup.

@jingxu97, os.RemoveAll calls os.Stat() too, this PR does not change it. It adds more stat calls, however if it gets stuck, os.RemoveAll would get stuck too.

@jsafrane I see. Another thing I want to check is that before calling RemoveAll() directory, there is a check to see whether there are any volume directories exist. It looks to me this is a strong check already. As long as there is a volume path exist, it will return without removing path. I have an old PR #33616 which tries to check whether there is any mounted directories inside volumes path. Only if the volume path is still mounted, it will skip removing path. Later I removed this logic in #37255 because users complain about NFS hung problem. But as you said, since RemoveAll also call os.Stat(), this check will not add anything worse.
So I think we only need to put this IsLikelyNotMounted check in volume directory instead of checking it in every sub directory of the pod, which may cause delay for cleanup pod routine.
I also think we might be able to use a separate goroutine to do this cleanup. This issue was discussed before #13418

I think there is not much in the pod directory - there are volumes/ and plugins/ (both with mounted stuff) and containers/ which just holds empty files. If everything is unmounted, there are just three empty directories to check. If something is mounted, we find it really quickly. Beauty of this RemoveAllOneFilesystem is that it does not depend on implementation details. If we restructure the pod directory in the future, this will keep working and it will prevent data being deleted.

@jsafrane I see. Do you think we should remove the check whether there are directories exist under /volumes? Because I think that check is too strict and might fail to clean up orphaned pods.

@jingxu97, there already is a check for existence of volumes/*, just a few lines above in getPodVolumePathListFromDisk. This RemoveAllOneFilesystem` is another safety mechanism to be 1000% sure that we don't remove any data on mounted filesystems if all the checks above fail or are buggy.

/lgtm

@k8s-bot test this
"Jenkins overloaded. Please try again later"

@k8s-bot kubemark e2e test this
@k8s-bot gce etcd3 e2e test this
@k8s-bot kops aws e2e test this

@thockin, please approve

It would be nice to have a benchmark on this vs plain old RemoveAll.

@k8s-bot verify test this

A batch test failed indicating that this needs a staging client-go update.

I moved the function to standalone package at pkg/util/removeall.

pkg/util/util.go is part of client-go and adding RemoveAllOneFilesystem there would pull mounter and exec into client-go as dependencies, which IMO does not belong there.

[APPROVALNOTIFIER] This PR is NOT APPROVED

The following people have approved this PR: jingxu97, jsafrane, k8s-merge-robot

Needs approval from an approver in each of these OWNERS Files:

• pkg/OWNERS

We suggest the following people:
cc @lavalamp
You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

Automatic merge from submit-queue (batch tested with PRs 41139, 41186, 38882, 37698, 42034)

Will the issue be merge into the v1.6.5 version of Kubernetes?

Well, nobody really asked for backport and I think we missed 1.6.5 deadline. This PR is just a safety mechanism that #27653 won't ever happen again, however the real bugfix is in #27970 and it has been already merged in every branch starting with 1.3.

@jsafrane We are using a cluster of Kubernetes v1.3.4 with 50+ nodes. We've found an issue that the Kubelet will automatically delete all NFS mounted files after the POD became to orphan. This Issue JUST likes what problem we met, so I really care about the BUG FIX about that.

I have no way to prove that the version of v1.6.4 Kubelet won't deletes the mounted files again.
So, do you have any suggestions?

@g0194776 the fix is in 1.3 branch starting only with 1.3.6 https://github.com/kubernetes/kubernetes/releases/tag/v1.3.6. The fix is definitely in 1.6.4

@wongma7 Obviously, It does not fix YET. I was checking the source code of v1.6.4 out on few days ago, I also checked the code implementation at here.

The newest change JUST replaces os.RemoveAll to another method which called: "removeall.RemoveAllOneFilesystem".

@wongma7 Okay, I got it.
Thanks a lot.