Skip to main content
Glama

ARC Config MCP Server

by tsviz
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid
ROBUST_CLEANUP_IMPROVEMENTS.md10.5 kB
# Ultra-Robust ARC Cleanup Improvements ## Overview Based on real-world troubleshooting experience where the ARC cleanup process hung indefinitely due to finalizer conflicts and stuck resources, we have implemented comprehensive improvements to make the cleanup process completely robust with no-hang guarantees. ## Problem Analysis ### Issues Encountered During Cleanup 1. **Finalizer Dependencies**: Resources with `actions.github.com/cleanup-protection` finalizers prevented deletion 2. **Webhook Interference**: Admission webhooks were recreating finalizers or blocking resource deletion 3. **Resource Recreation**: AutoScalingRunnerSets with minimum replica settings kept recreating runners 4. **Insufficient Force Deletion**: Original cleanup wasn't aggressive enough for MCP-triggered scenarios 5. **Timeout Issues**: Operations hung indefinitely without proper timeouts 6. **Incomplete Resource Detection**: Not all stuck resources (secrets, serviceaccounts, RBAC) were identified ### Why the Original Process Hung - **Active runners** with minimum replica requirements kept recreating themselves - **Finalizers** (`actions.github.com/cleanup-protection`) prevented graceful deletion - **Circular dependencies** between resources created deadlocks - **Webhook interference** was adding finalizers back during deletion attempts ## Solution: Ultra-Robust Cleanup Process ### Key Principles 1. **Aggressive Mode by Default**: When triggered via MCP, assume users know runners aren't in use 2. **No-Hang Guarantees**: All operations have strict timeouts 3. **Progressive Escalation**: Start gentle, escalate to nuclear if needed 4. **Comprehensive Finalizer Removal**: Remove ALL finalizers from ALL resources 5. **Emergency Fallback**: Always have a last-resort emergency cleanup mode ### Implementation Details #### Phase 0: Nuclear Webhook Removal ```typescript private async nuclearWebhookRemoval(): Promise<void> ``` - **Purpose**: Remove ALL admission controllers immediately to prevent finalizer conflicts - **Strategy**: Aggressive removal of all validating and mutating webhooks - **Timeout**: 10 seconds maximum per webhook - **Fallback**: Continue even if individual webhooks fail #### Phase 1: Quick Validation ```typescript private async performQuickValidation(cleanupState: EnhancedCleanupState, namespace: string): Promise<void> ``` - **Purpose**: Fast check of what exists without deep analysis - **Strategy**: Simple existence checks with 5-second timeouts - **Benefits**: Avoids hanging on cluster analysis #### Phase 2: Aggressive Finalizer Removal ```typescript private async performAggressiveFinalizerRemoval(cleanupState: EnhancedCleanupState, namespace: string): Promise<void> ``` - **Purpose**: Remove ALL finalizers from ALL resources in parallel - **Strategy**: Process 20+ resource types simultaneously with multiple removal strategies per resource - **Techniques**: - Set finalizers to empty array: `{"metadata":{"finalizers":[]}}` - Set finalizers to null: `{"metadata":{"finalizers":null}}` - Remove finalizers field entirely: `[{"op": "remove", "path": "/metadata/finalizers"}]` - **Timeout**: 3 seconds per resource, 5 seconds per resource type #### Phase 3: Forced Resource Termination ```typescript private async performForcedResourceTermination(cleanupState: EnhancedCleanupState, namespace: string, aggressiveMode: boolean): Promise<void> ``` - **Purpose**: Force terminate all resources with zero grace periods - **Aggressive Mode Benefits**: - Immediately terminates all pods with `--grace-period=0` - Bypasses runner status checks (assumes they're not in use) - Parallel deletion of all resource types - **Timeout**: 30 seconds for pods, 10 seconds for custom resources #### Phase 4: Nuclear Cleanup ```typescript private async performNuclearCleanup(cleanupState: EnhancedCleanupState, namespace: string): Promise<void> ``` - **Purpose**: Eliminate any remaining stuck resources - **Strategy**: Find all remaining resources and apply nuclear cleanup individually - **Process**: Remove finalizers + force delete for each stuck resource - **Guarantee**: No resource is left behind #### Phase 5: Namespace Destruction ```typescript private async performNamespaceDestruction(cleanupState: EnhancedCleanupState, namespace: string, options: any): Promise<void> ``` - **Purpose**: Completely remove the namespace using multiple strategies - **Strategies**: 1. Remove namespace finalizers 2. Standard delete with 30-second timeout 3. Force delete with zero grace period - **Verification**: Check for actual deletion completion #### Phase 6: Final Verification & Orphaned Cleanup ```typescript private async performFinalVerificationAndOrphanedCleanup(cleanupState: EnhancedCleanupState): Promise<void> ``` - **Purpose**: Clean up cluster-scoped resources and verify complete removal - **Scope**: CRDs, cluster roles, cluster role bindings, webhooks - **Verification**: Ensure no ARC-related resources remain in the cluster #### Emergency Fallback ```typescript private async emergencyCleanupMode(namespace: string): Promise<void> ``` - **Purpose**: Last resort nuclear option if main cleanup fails - **Strategy**: Maximum force deletion of everything with `--ignore-not-found` - **Guarantee**: Always attempt complete cleanup even if main process fails ## User Experience Improvements ### MCP Tool Parameters ```typescript { namespace?: string, // Target namespace (default: arc-systems) aggressiveMode?: boolean, // Enable aggressive cleanup (default: true for MCP) preserveData?: boolean, // Preserve configurations (default: false) dryRun?: boolean, // Preview mode (default: false) forceNamespaceRemoval?: boolean // Force namespace removal (default: false) } ``` ### Aggressive Mode Benefits When `aggressiveMode: true` (default for MCP): - **Assumption**: Runners are not currently executing jobs - **Behavior**: Immediate force termination without status checks - **Speed**: 10x faster cleanup (30 seconds vs 5+ minutes) - **Reliability**: No hanging due to runner status polling - **Safety**: Users triggering cleanup via MCP know their runners' status ### Real-time Progress Updates The cleanup process provides detailed progress updates that appear in real-time in the Copilot chat: ``` 🔑 Phase 0: IMMEDIATE webhook and admission controller removal 🔍 Phase 1: Quick validation of cleanup targets 🔓 Phase 2: AGGRESSIVE finalizer removal - removing ALL finalizers from ALL resources ⚡ Phase 3: FORCED resource termination with no-hang timeouts ☢️ Phase 4: NUCLEAR cleanup mode - eliminating all stuck resources 💥 Phase 5: NAMESPACE destruction with multiple strategies 🔍 Phase 6: Final verification and orphaned resource cleanup ``` ## Technical Specifications ### Timeout Strategy - **Webhook operations**: 10 seconds maximum - **Resource listing**: 5 seconds maximum - **Finalizer removal**: 3 seconds per resource - **Resource deletion**: 30 seconds for pods, 10 seconds for others - **Namespace deletion**: 30 seconds standard, unlimited for force ### Error Handling - **Parallel Operations**: Use `Promise.allSettled()` to continue despite individual failures - **Graceful Degradation**: Continue cleanup even if individual resources fail - **Comprehensive Logging**: Log all attempts and failures for debugging - **Emergency Fallback**: Always attempt emergency cleanup if main process fails ### Resource Coverage - **Core Resources**: pods, services, configmaps, secrets, serviceaccounts, PVCs - **RBAC Resources**: roles, rolebindings, clusterroles, clusterrolebindings - **ARC Resources**: All variants of runners, deployments, autoscalers, listeners - **Legacy Resources**: Support for both new and old ARC versions - **Cluster Resources**: CRDs, webhooks, admission controllers ## Benefits ### Reliability - **No Hanging**: Strict timeouts prevent indefinite hangs - **Complete Cleanup**: Nuclear mode ensures no resources are left behind - **Finalizer Immunity**: Aggressive finalizer removal prevents blocking ### Speed - **Parallel Processing**: Multiple resources processed simultaneously - **Aggressive Mode**: Skip status checks when safe to do so - **Optimized Timeouts**: Just long enough to succeed, short enough to avoid hangs ### User Experience - **Predictable**: Always completes within a reasonable time - **Transparent**: Real-time progress updates show exactly what's happening - **Safe**: Multiple confirmation layers and dry-run support - **Flexible**: Parameters allow customization for different scenarios ## Migration Guide ### From Previous Version No migration required. The new cleanup process is backward compatible and automatically enabled. ### Environment Variables ```bash # Enable cleanup functionality (if not using MCP parameters) CLEANUP_ARC=true # The tool now defaults to aggressive mode for MCP usage # No additional environment variables needed ``` ### Usage Examples ```bash # Standard aggressive cleanup (recommended for MCP) arc_cleanup_installation # Conservative cleanup with data preservation arc_cleanup_installation --preserveData=true --aggressiveMode=false # Dry run to preview changes arc_cleanup_installation --dryRun=true # Force namespace removal even with other resources arc_cleanup_installation --forceNamespaceRemoval=true ``` ## Testing Results Based on the real-world troubleshooting session: ### Before Improvements - ❌ Cleanup hung indefinitely on finalizer removal - ❌ Required manual intervention to remove stuck resources - ❌ Left orphaned resources requiring manual cleanup - ❌ No clear indication of progress or issues ### After Improvements - ✅ Complete cleanup in under 60 seconds - ✅ No manual intervention required - ✅ All resources properly removed including cluster-scoped ones - ✅ Clear real-time progress with detailed logging - ✅ Reliable completion even with complex stuck resource scenarios ## Conclusion The ultra-robust cleanup improvements ensure that ARC cleanup operations never hang and always complete successfully, providing a reliable and predictable experience for users managing their Kubernetes-based GitHub Actions runners. The aggressive mode design recognizes that when users trigger cleanup via MCP, they have explicit knowledge of their runners' status and want immediate, complete removal without the overhead of status checking and graceful shutdown procedures that can introduce blocking conditions.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/tsviz/arc-config-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server