CPV should not remove nodes coming from a different provider

[randomvariable]

What happened?

1. Provision a vSphere cluster
2. Add a node using kubemark
3. CPI deletes the kubemark node:

E1203 12:03:21.042042       1 datacenter.go:124] Unable to find VM by UUID. VM UUID: kubemark://hollow-node-6bnrf

What did you expect to happen?

Node doesn't get deleted

How can we reproduce it (as minimally and precisely as possible)?

See above

Anything else we need to know (please consider providing level 4 or above logs of CPI)?

Related to kubernetes/cloud-provider#35

Kubernetes version

$ kubectl version
# paste output here

Cloud provider or hardware configuration

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Kernel (e.g. uname -a)

Install tools

Container runtime (CRI) and and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)

Others

[YanzhaoLi]

And from the kube-apiserver audit log we can confirm it's CCM deleted the node:

{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"RequestResponse","auditID":"2775b974-42da-4980-92c0-ff3e6504fdca","stage":"ResponseComplete","requestURI":"/api/v1/nodes/hollow-node-6bnrf","verb":"delete","user":{"username":"system:serviceaccount:kube-system:cloud-controller-manager","uid":"081de05f-2b4a-4bb2-9587-8f894cf8e3b5","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/pod-name":["vsphere-cloud-controller-manager-nlgmw"],"authentication.kubernetes.io/pod-uid":["8e6a3ce8-df02-4710-95a4-9fa1321b3ee8"]}},"sourceIPs":["20.20.64.68"],"userAgent":"vsphere-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format/node-controller","objectRef":{"resource":"nodes","name":"hollow-node-6bnrf","apiVersion":"v1"},"responseStatus":{"metadata":{},"status":"Success","code":200},"requestObject":{"kind":"DeleteOptions","apiVersion":"v1"},"responseObject":{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Success","details":{"name":"hollow-node-6bnrf","kind":"nodes","uid":"e3741999-30a8-4ae4-87fb-8e0070a578e3"}},"requestReceivedTimestamp":"2021-12-03T12:03:21.064858Z","stageTimestamp":"2021-12-03T12:03:21.077432Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:cloud-controller-manager\" of ClusterRole \"system:cloud-controller-manager\" to ServiceAccount \"cloud-controller-manager/kube-system\""}}

BTW Alibaba cloudprovider uses service.beta.kubernetes.io/exclude-node in node labels to exclude node from ccm: kubernetes/cloud-provider#35 (comment)

[lubronzhan]

Hi @YanzhaoLi This is by design, currently, CPI doesn't support running multil different CCM inside a single cluster.
We do see there is an ongoing effort around enabling this feature on CPI with generic mechanism kubernetes/kubernetes#88820

I'm checking @timoreimann on updates.

For now gonna close this