From d3e81c43d968995753fa0f16d2f9a9f8b651acf2 Mon Sep 17 00:00:00 2001 From: qJkee Date: Fri, 17 Dec 2021 12:11:06 -0500 Subject: [PATCH] bump library-go --- go.mod | 2 +- go.sum | 5 +- .../operator/resource/resourceapply/core.go | 29 +- .../controller/guard/bindata/bindata.go | 313 ++++++++++++++++++ .../controller/guard/guard_controller.go | 291 ++++++++++++++++ .../pkg/operator/staticpod/controllers.go | 33 ++ vendor/modules.txt | 4 +- 7 files changed, 661 insertions(+), 16 deletions(-) create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata/bindata.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/guard_controller.go diff --git a/go.mod b/go.mod index b4c7c267f..87f621f4d 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/openshift/api v0.0.0-20211209135129-c58d9f695577 github.com/openshift/build-machinery-go v0.0.0-20210806203541-4ea9b6da3a37 github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3 - github.com/openshift/library-go v0.0.0-20211214183058-58531ccbde67 + github.com/openshift/library-go v0.0.0-20211217155025-d48a1fb9b7c2 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.0 github.com/prometheus/common v0.28.0 diff --git a/go.sum b/go.sum index 47f7c7fc4..db8d1868e 100644 --- a/go.sum +++ b/go.sum @@ -69,6 +69,7 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/RangelReale/osincli v0.0.0-20160924135400-fababb0555f2/go.mod h1:XyjUkMA8GN+tOOPXvnbi3XuRxWFvTJntqvTFnjmhzbk= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -517,8 +518,8 @@ github.com/openshift/build-machinery-go v0.0.0-20210806203541-4ea9b6da3a37 h1:40 github.com/openshift/build-machinery-go v0.0.0-20210806203541-4ea9b6da3a37/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3 h1:SG1aqwleU6bGD0X4mhkTNupjVnByMYYuW4XbnCPavQU= github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3/go.mod h1:cwhyki5lqBmrT0m8Im+9I7PGFaraOzcYPtEz93RcsGY= -github.com/openshift/library-go v0.0.0-20211214183058-58531ccbde67 h1:wNd5jvgf9kXsyT+z11aBlh5spqKPNwsQKplrJRx4nsc= -github.com/openshift/library-go v0.0.0-20211214183058-58531ccbde67/go.mod h1:M/Gi/GUUrMdSS07nrYtTiK43J6/VUAyk/+IfN4ZqUY4= +github.com/openshift/library-go v0.0.0-20211217155025-d48a1fb9b7c2 h1:XIc3BF59OalAmDZ2YTYiUvRo1LMAGoZbdK01VBPduXU= +github.com/openshift/library-go v0.0.0-20211217155025-d48a1fb9b7c2/go.mod h1:hz4rpghzCaE+vejl9v04JdmrujaZA8BBpajosXfIGl8= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go index 2f952f5c5..1ffee4f80 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go @@ -337,16 +337,10 @@ func ApplyConfigMapImproved(ctx context.Context, client coreclientv1.ConfigMapsG // ApplySecret merges objectmeta, requires data func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, requiredInput *corev1.Secret, cache ResourceCache) (*corev1.Secret, bool, error) { + // copy the stringData to data. Error on a data content conflict inside required. This is usually a bug. + existing, err := client.Secrets(requiredInput.Namespace).Get(ctx, requiredInput.Name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - requiredCopy := requiredInput.DeepCopy() - actual, err := client.Secrets(requiredCopy.Namespace). - Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Secret), metav1.CreateOptions{}) - reportCreateEvent(recorder, requiredCopy, err) - cache.UpdateCachedResourceMetadata(requiredInput, actual) - return actual, true, err - } - if err != nil { + if err != nil && !apierrors.IsNotFound(err) { return nil, false, err } @@ -354,7 +348,6 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, return existing, false, nil } - // copy the stringData to data. Error on a data content conflict inside required. This is usually a bug. required := requiredInput.DeepCopy() if required.Data == nil { required.Data = map[string][]byte{} @@ -369,6 +362,18 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, } required.StringData = nil + if apierrors.IsNotFound(err) { + requiredCopy := required.DeepCopy() + actual, err := client.Secrets(requiredCopy.Namespace). + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Secret), metav1.CreateOptions{}) + reportCreateEvent(recorder, requiredCopy, err) + cache.UpdateCachedResourceMetadata(requiredInput, actual) + return actual, true, err + } + if err != nil { + return nil, false, err + } + existingCopy := existing.DeepCopy() resourcemerge.EnsureObjectMeta(resourcemerge.BoolPtr(false), &existingCopy.ObjectMeta, required.ObjectMeta) @@ -397,7 +402,7 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, } if equality.Semantic.DeepEqual(existingCopy, existing) { - cache.UpdateCachedResourceMetadata(required, existingCopy) + cache.UpdateCachedResourceMetadata(requiredInput, existingCopy) return existing, false, nil } @@ -431,7 +436,7 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, existingCopy.ResourceVersion = "" actual, err = client.Secrets(required.Namespace).Create(ctx, existingCopy, metav1.CreateOptions{}) reportCreateEvent(recorder, existingCopy, err) - cache.UpdateCachedResourceMetadata(required, actual) + cache.UpdateCachedResourceMetadata(requiredInput, actual) return actual, true, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata/bindata.go b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata/bindata.go new file mode 100644 index 000000000..b346d1ec9 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata/bindata.go @@ -0,0 +1,313 @@ +// Code generated for package bindata by go-bindata DO NOT EDIT. (@generated) +// sources: +// pkg/operator/staticpod/controller/guard/manifests/guard-pod.yaml +// pkg/operator/staticpod/controller/guard/manifests/pdb.yaml +package bindata + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strings" + "time" +) + +type asset struct { + bytes []byte + info os.FileInfo +} + +type bindataFileInfo struct { + name string + size int64 + mode os.FileMode + modTime time.Time +} + +// Name return file name +func (fi bindataFileInfo) Name() string { + return fi.name +} + +// Size return file size +func (fi bindataFileInfo) Size() int64 { + return fi.size +} + +// Mode return file mode +func (fi bindataFileInfo) Mode() os.FileMode { + return fi.mode +} + +// Mode return file modify time +func (fi bindataFileInfo) ModTime() time.Time { + return fi.modTime +} + +// IsDir return file whether a directory +func (fi bindataFileInfo) IsDir() bool { + return fi.mode&os.ModeDir != 0 +} + +// Sys return file is sys mode +func (fi bindataFileInfo) Sys() interface{} { + return nil +} + +var _pkgOperatorStaticpodControllerGuardManifestsGuardPodYaml = []byte(`apiVersion: v1 +kind: Pod +metadata: + namespace: # Value set by operator + name: # Value set by operator + labels: + app: guard + ownerReferences: # Value set by operator +spec: + affinity: # Value set by operator + priorityClassName: "system-cluster-critical" + terminationGracePeriodSeconds: 3 + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node.kubernetes.io/not-ready + effect: NoExecute + operator: Exists + - key: node.kubernetes.io/unreachable + effect: NoExecute + operator: Exists + - key: node-role.kubernetes.io/etcd + operator: Exists + effect: NoSchedule + containers: + - name: guard + image: # Value set by operator + imagePullPolicy: IfNotPresent + terminationMessagePolicy: FallbackToLogsOnError + command: + - /bin/bash + args: + - -c + - | + # properly handle TERM and exit as soon as it is signaled + set -euo pipefail + trap 'jobs -p | xargs -r kill; exit 0' TERM + sleep infinity & wait + readinessProbe: + failureThreshold: 3 + httpGet: + host: # Value set by operator + path: healthz + port: # Value set by operator + scheme: HTTPS + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: 10m + memory: 5Mi +`) + +func pkgOperatorStaticpodControllerGuardManifestsGuardPodYamlBytes() ([]byte, error) { + return _pkgOperatorStaticpodControllerGuardManifestsGuardPodYaml, nil +} + +func pkgOperatorStaticpodControllerGuardManifestsGuardPodYaml() (*asset, error) { + bytes, err := pkgOperatorStaticpodControllerGuardManifestsGuardPodYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "pkg/operator/staticpod/controller/guard/manifests/guard-pod.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _pkgOperatorStaticpodControllerGuardManifestsPdbYaml = []byte(`apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: # Value set by operator + namespace: # Value set by operator +spec: + minAvailable: 0 # Value set by operator + selector: + matchLabels: + app: guard +`) + +func pkgOperatorStaticpodControllerGuardManifestsPdbYamlBytes() ([]byte, error) { + return _pkgOperatorStaticpodControllerGuardManifestsPdbYaml, nil +} + +func pkgOperatorStaticpodControllerGuardManifestsPdbYaml() (*asset, error) { + bytes, err := pkgOperatorStaticpodControllerGuardManifestsPdbYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "pkg/operator/staticpod/controller/guard/manifests/pdb.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +// Asset loads and returns the asset for the given name. +// It returns an error if the asset could not be found or +// could not be loaded. +func Asset(name string) ([]byte, error) { + cannonicalName := strings.Replace(name, "\\", "/", -1) + if f, ok := _bindata[cannonicalName]; ok { + a, err := f() + if err != nil { + return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err) + } + return a.bytes, nil + } + return nil, fmt.Errorf("Asset %s not found", name) +} + +// MustAsset is like Asset but panics when Asset would return an error. +// It simplifies safe initialization of global variables. +func MustAsset(name string) []byte { + a, err := Asset(name) + if err != nil { + panic("asset: Asset(" + name + "): " + err.Error()) + } + + return a +} + +// AssetInfo loads and returns the asset info for the given name. +// It returns an error if the asset could not be found or +// could not be loaded. +func AssetInfo(name string) (os.FileInfo, error) { + cannonicalName := strings.Replace(name, "\\", "/", -1) + if f, ok := _bindata[cannonicalName]; ok { + a, err := f() + if err != nil { + return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err) + } + return a.info, nil + } + return nil, fmt.Errorf("AssetInfo %s not found", name) +} + +// AssetNames returns the names of the assets. +func AssetNames() []string { + names := make([]string, 0, len(_bindata)) + for name := range _bindata { + names = append(names, name) + } + return names +} + +// _bindata is a table, holding each asset generator, mapped to its name. +var _bindata = map[string]func() (*asset, error){ + "pkg/operator/staticpod/controller/guard/manifests/guard-pod.yaml": pkgOperatorStaticpodControllerGuardManifestsGuardPodYaml, + "pkg/operator/staticpod/controller/guard/manifests/pdb.yaml": pkgOperatorStaticpodControllerGuardManifestsPdbYaml, +} + +// AssetDir returns the file names below a certain +// directory embedded in the file by go-bindata. +// For example if you run go-bindata on data/... and data contains the +// following hierarchy: +// data/ +// foo.txt +// img/ +// a.png +// b.png +// then AssetDir("data") would return []string{"foo.txt", "img"} +// AssetDir("data/img") would return []string{"a.png", "b.png"} +// AssetDir("foo.txt") and AssetDir("notexist") would return an error +// AssetDir("") will return []string{"data"}. +func AssetDir(name string) ([]string, error) { + node := _bintree + if len(name) != 0 { + cannonicalName := strings.Replace(name, "\\", "/", -1) + pathList := strings.Split(cannonicalName, "/") + for _, p := range pathList { + node = node.Children[p] + if node == nil { + return nil, fmt.Errorf("Asset %s not found", name) + } + } + } + if node.Func != nil { + return nil, fmt.Errorf("Asset %s not found", name) + } + rv := make([]string, 0, len(node.Children)) + for childName := range node.Children { + rv = append(rv, childName) + } + return rv, nil +} + +type bintree struct { + Func func() (*asset, error) + Children map[string]*bintree +} + +var _bintree = &bintree{nil, map[string]*bintree{ + "pkg": {nil, map[string]*bintree{ + "operator": {nil, map[string]*bintree{ + "staticpod": {nil, map[string]*bintree{ + "controller": {nil, map[string]*bintree{ + "guard": {nil, map[string]*bintree{ + "manifests": {nil, map[string]*bintree{ + "guard-pod.yaml": {pkgOperatorStaticpodControllerGuardManifestsGuardPodYaml, map[string]*bintree{}}, + "pdb.yaml": {pkgOperatorStaticpodControllerGuardManifestsPdbYaml, map[string]*bintree{}}, + }}, + }}, + }}, + }}, + }}, + }}, +}} + +// RestoreAsset restores an asset under the given directory +func RestoreAsset(dir, name string) error { + data, err := Asset(name) + if err != nil { + return err + } + info, err := AssetInfo(name) + if err != nil { + return err + } + err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755)) + if err != nil { + return err + } + err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode()) + if err != nil { + return err + } + err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime()) + if err != nil { + return err + } + return nil +} + +// RestoreAssets restores an asset under the given directory recursively +func RestoreAssets(dir, name string) error { + children, err := AssetDir(name) + // File + if err != nil { + return RestoreAsset(dir, name) + } + // Dir + for _, child := range children { + err = RestoreAssets(dir, filepath.Join(name, child)) + if err != nil { + return err + } + } + return nil +} + +func _filePath(dir, name string) string { + cannonicalName := strings.Replace(name, "\\", "/", -1) + return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...) +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/guard_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/guard_controller.go new file mode 100644 index 000000000..ca47c78d8 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/guard_controller.go @@ -0,0 +1,291 @@ +package guard + +import ( + "context" + "fmt" + "os" + "path/filepath" + "strconv" + + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" + utilerrors "k8s.io/apimachinery/pkg/util/errors" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/client-go/informers" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + policyclientv1 "k8s.io/client-go/kubernetes/typed/policy/v1" + corelisterv1 "k8s.io/client-go/listers/core/v1" + policylisterv1 "k8s.io/client-go/listers/policy/v1" + "k8s.io/klog/v2" + + configv1 "github.com/openshift/api/config/v1" + configv1listers "github.com/openshift/client-go/config/listers/config/v1" + "github.com/openshift/library-go/pkg/controller/factory" + "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/resource/resourceapply" + "github.com/openshift/library-go/pkg/operator/resource/resourceread" + "github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata" + operatorv1helpers "github.com/openshift/library-go/pkg/operator/v1helpers" +) + +// GuardController is a controller that watches amount of static pods on master nodes and +// renders guard pods with a pdb to keep maxUnavailable to be at most 1 +type GuardController struct { + targetNamespace, podResourcePrefix string + operatorName string + readyzPort string + + nodeLister corelisterv1.NodeLister + podLister corelisterv1.PodLister + podGetter corev1client.PodsGetter + pdbGetter policyclientv1.PodDisruptionBudgetsGetter + pdbLister policylisterv1.PodDisruptionBudgetLister + + // installerPodImageFn returns the image name for the installer pod + installerPodImageFn func() string + createConditionalFunc func() (bool, error) +} + +func NewGuardController( + targetNamespace, podResourcePrefix string, + operatorName string, + readyzPort string, + kubeInformersForTargetNamespace informers.SharedInformerFactory, + kubeInformersClusterScoped informers.SharedInformerFactory, + operatorClient operatorv1helpers.StaticPodOperatorClient, + podGetter corev1client.PodsGetter, + pdbGetter policyclientv1.PodDisruptionBudgetsGetter, + eventRecorder events.Recorder, + createConditionalFunc func() (bool, error), +) factory.Controller { + c := &GuardController{ + targetNamespace: targetNamespace, + podResourcePrefix: podResourcePrefix, + operatorName: operatorName, + readyzPort: readyzPort, + nodeLister: kubeInformersClusterScoped.Core().V1().Nodes().Lister(), + podLister: kubeInformersForTargetNamespace.Core().V1().Pods().Lister(), + podGetter: podGetter, + pdbGetter: pdbGetter, + pdbLister: kubeInformersForTargetNamespace.Policy().V1().PodDisruptionBudgets().Lister(), + installerPodImageFn: getInstallerPodImageFromEnv, + createConditionalFunc: createConditionalFunc, + } + + return factory.New().WithInformers( + kubeInformersForTargetNamespace.Core().V1().Pods().Informer(), + kubeInformersClusterScoped.Core().V1().Nodes().Informer(), + ).WithSync(c.sync).WithSyncDegradedOnError(operatorClient).ToController("GuardController", eventRecorder) +} + +func getInstallerPodImageFromEnv() string { + return os.Getenv("OPERATOR_IMAGE") +} + +func getGuardPodName(prefix, nodeName string) string { + return fmt.Sprintf("%s-guard-%s", prefix, nodeName) +} + +func getGuardPDBName(prefix string) string { + return fmt.Sprintf("%s-guard-pdb", prefix) +} + +func nodeConditionFinder(status *corev1.NodeStatus, condType corev1.NodeConditionType) *corev1.NodeCondition { + for i := range status.Conditions { + if status.Conditions[i].Type == condType { + return &status.Conditions[i] + } + } + + return nil +} + +func (c *GuardController) sync(ctx context.Context, syncCtx factory.SyncContext) error { + klog.V(5).Info("Syncing guards") + + if c.createConditionalFunc == nil { + return fmt.Errorf("create conditional not set") + } + + shouldCreate, err := c.createConditionalFunc() + if err != nil { + return fmt.Errorf("create conditional returns an error: %v", err) + } + + errs := []error{} + if !shouldCreate { + pdb := resourceread.ReadPodDisruptionBudgetV1OrDie(bindata.MustAsset(filepath.Join("pkg/operator/staticpod/controller/guard", "manifests/pdb.yaml"))) + pdb.ObjectMeta.Name = getGuardPDBName(c.podResourcePrefix) + pdb.ObjectMeta.Namespace = c.targetNamespace + + // List the pdb from the cache in case it does not exist and there's nothing to delete + // so no Delete request is executed. + pdbs, err := c.pdbLister.PodDisruptionBudgets(c.targetNamespace).List(labels.Everything()) + if err != nil { + klog.Errorf("Unable to list PodDisruptionBudgets: %v", err) + return err + } + + for _, pdbItem := range pdbs { + if pdbItem.Name == pdb.Name { + _, _, err := resourceapply.DeletePodDisruptionBudget(ctx, c.pdbGetter, syncCtx.Recorder(), pdb) + if err != nil { + klog.Errorf("Unable to delete PodDisruptionBudget: %v", err) + errs = append(errs, err) + } + break + } + } + + pods, err := c.podLister.Pods(c.targetNamespace).List(labels.SelectorFromSet(labels.Set{"app": "guard"})) + if err != nil { + errs = append(errs, err) + } else { + for _, pod := range pods { + _, _, err = resourceapply.DeletePod(ctx, c.podGetter, syncCtx.Recorder(), pod) + if err != nil { + klog.Errorf("Unable to delete Pod: %v", err) + errs = append(errs, err) + } + } + } + } else { + selector, err := labels.NewRequirement("node-role.kubernetes.io/master", selection.Equals, []string{""}) + if err != nil { + panic(err) + } + nodes, err := c.nodeLister.List(labels.NewSelector().Add(*selector)) + if err != nil { + return err + } + + pods, err := c.podLister.Pods(c.targetNamespace).List(labels.SelectorFromSet(labels.Set{"app": c.podResourcePrefix})) + if err != nil { + return err + } + + klog.V(5).Infof("Rendering guard pdb") + + pdb := resourceread.ReadPodDisruptionBudgetV1OrDie(bindata.MustAsset(filepath.Join("pkg/operator/staticpod/controller/guard", "manifests/pdb.yaml"))) + pdb.ObjectMeta.Name = getGuardPDBName(c.podResourcePrefix) + pdb.ObjectMeta.Namespace = c.targetNamespace + if len(nodes) > 1 { + minAvailable := intstr.FromInt(len(nodes) - 1) + pdb.Spec.MinAvailable = &minAvailable + } + + // List the pdb from the cache in case it exists and there's nothing to update + // so no Get request is executed. + pdbs, err := c.pdbLister.PodDisruptionBudgets(c.targetNamespace).List(labels.Everything()) + if err != nil { + klog.Errorf("Unable to list PodDisruptionBudgets: %v", err) + return err + } + + for _, pdbItem := range pdbs { + if pdbItem.Name == pdb.Name { + if pdbItem.Spec.MinAvailable != pdb.Spec.MinAvailable { + _, _, err = resourceapply.ApplyPodDisruptionBudget(ctx, c.pdbGetter, syncCtx.Recorder(), pdb) + if err != nil { + klog.Errorf("Unable to apply PodDisruptionBudget changes: %v", err) + return err + } + } + break + } + } + + operands := map[string]*corev1.Pod{} + for _, pod := range pods { + operands[pod.Spec.NodeName] = pod + } + + for _, node := range nodes { + if _, exists := operands[node.Name]; !exists { + // If the operand does not exist and the node is not ready, wait until the node becomes ready + nodeReadyCondition := nodeConditionFinder(&node.Status, corev1.NodeReady) + // If a "Ready" condition is not found, that node should be deemed as not Ready by default. + if nodeReadyCondition == nil || nodeReadyCondition.Status != corev1.ConditionTrue { + klog.Infof("Node %v not ready, skipping reconciling the guard pod", node.Name) + continue + } + + klog.Errorf("Missing operand on node %v", node.Name) + errs = append(errs, fmt.Errorf("Missing operand on node %v", node.Name)) + continue + } + + if operands[node.Name].Status.PodIP == "" { + klog.Errorf("Missing PodIP in operand %v on node %v", operands[node.Name].Name, node.Name) + errs = append(errs, fmt.Errorf("Missing PodIP in operand %v on node %v", operands[node.Name].Name, node.Name)) + continue + } + + klog.V(5).Infof("Rendering guard pod for operand %v on node %v", operands[node.Name].Name, node.Name) + + pod := resourceread.ReadPodV1OrDie(bindata.MustAsset(filepath.Join("pkg/operator/staticpod/controller/guard", "manifests/guard-pod.yaml"))) + + pod.ObjectMeta.Name = getGuardPodName(c.podResourcePrefix, node.Name) + pod.ObjectMeta.Namespace = c.targetNamespace + pod.Spec.NodeName = node.Name + pod.Spec.Containers[0].Image = c.installerPodImageFn() + pod.Spec.Containers[0].ReadinessProbe.HTTPGet.Host = operands[node.Name].Status.PodIP + // The readyz port as string type is expected to be convertible into int!!! + readyzPort, err := strconv.Atoi(c.readyzPort) + if err != nil { + panic(err) + } + pod.Spec.Containers[0].ReadinessProbe.HTTPGet.Port = intstr.FromInt(readyzPort) + + actual, err := c.podGetter.Pods(pod.Namespace).Get(ctx, pod.Name, metav1.GetOptions{}) + if err == nil { + // Delete the pod so it can be re-created. ApplyPod only updates the metadata part of the manifests, ignores the rest + delete := false + if actual.Spec.Containers[0].Image != pod.Spec.Containers[0].Image { + klog.V(5).Infof("Guard Image changed, deleting %v so the guard can be re-created", pod.Name) + delete = true + } + if actual.Spec.Containers[0].ReadinessProbe.HTTPGet.Host != pod.Spec.Containers[0].ReadinessProbe.HTTPGet.Host { + klog.V(5).Infof("Operand PodIP changed, deleting %v so the guard can be re-created", pod.Name) + delete = true + } + if delete { + _, _, err = resourceapply.DeletePod(ctx, c.podGetter, syncCtx.Recorder(), pod) + if err != nil { + klog.Errorf("Unable to delete Pod for immidiate re-creation: %v", err) + errs = append(errs, fmt.Errorf("Unable to delete Pod for immidiate re-creation: %v", err)) + continue + } + } + } else if !apierrors.IsNotFound(err) { + errs = append(errs, err) + continue + } + + _, _, err = resourceapply.ApplyPod(ctx, c.podGetter, syncCtx.Recorder(), pod) + if err != nil { + klog.Errorf("Unable to apply pod %v changes: %v", pod.Name, err) + errs = append(errs, fmt.Errorf("Unable to apply pod %v changes: %v", pod.Name, err)) + } + } + } + + return utilerrors.NewAggregate(errs) +} + +func IsSNOCheckFnc(infraLister configv1listers.InfrastructureLister) func() (bool, error) { + return func() (bool, error) { + infraData, err := infraLister.Get("cluster") + if err != nil { + return false, fmt.Errorf("Unable to list infrastructures.config.openshift.io/cluster object, unable to determine topology mode") + } + if infraData.Status.ControlPlaneTopology == "" { + return false, fmt.Errorf("ControlPlaneTopology was not set, unable to determine topology mode") + } + + return infraData.Status.ControlPlaneTopology == configv1.SingleReplicaTopologyMode, nil + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controllers.go b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controllers.go index 112fd0d36..00025e375 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controllers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/controllers.go @@ -11,6 +11,7 @@ import ( "github.com/openshift/library-go/pkg/operator/resource/resourceapply" "github.com/openshift/library-go/pkg/operator/revisioncontroller" "github.com/openshift/library-go/pkg/operator/staticpod/controller/backingresource" + "github.com/openshift/library-go/pkg/operator/staticpod/controller/guard" "github.com/openshift/library-go/pkg/operator/staticpod/controller/installer" "github.com/openshift/library-go/pkg/operator/staticpod/controller/installerstate" "github.com/openshift/library-go/pkg/operator/staticpod/controller/node" @@ -62,6 +63,12 @@ type staticPodOperatorControllerBuilder struct { pruneCommand []string // TODO de-dupe this. I think it's actually a directory name staticPodPrefix string + + // guard infomation + operatorName string + operatorNamespace string + readyzPort string + guardCreateConditionalFunc func() (bool, error) } func NewBuilder( @@ -91,6 +98,7 @@ type Builder interface { // the installer pod is created for a revision. WithCustomInstaller(command []string, installerPodMutationFunc installer.InstallerPodMutationFunc) Builder WithPruning(command []string, staticPodPrefix string) Builder + WithPodDisruptionBudgetGuard(operatorNamespace, operatorName, readyzPort string, createConditionalFunc func() (bool, error)) Builder ToControllers() (manager.ControllerManager, error) } @@ -153,6 +161,14 @@ func (b *staticPodOperatorControllerBuilder) WithPruning(command []string, stati return b } +func (b *staticPodOperatorControllerBuilder) WithPodDisruptionBudgetGuard(operatorNamespace, operatorName, readyzPort string, createConditionalFunc func() (bool, error)) Builder { + b.operatorNamespace = operatorNamespace + b.operatorName = operatorName + b.readyzPort = readyzPort + b.guardCreateConditionalFunc = createConditionalFunc + return b +} + func (b *staticPodOperatorControllerBuilder) ToControllers() (manager.ControllerManager, error) { manager := manager.NewControllerManager() @@ -169,6 +185,7 @@ func (b *staticPodOperatorControllerBuilder) ToControllers() (manager.Controller secretClient := v1helpers.CachedSecretGetter(b.kubeClient.CoreV1(), b.kubeInformers) podClient := b.kubeClient.CoreV1() eventsClient := b.kubeClient.CoreV1() + pdbClient := b.kubeClient.PolicyV1() operandInformers := b.kubeInformers.InformersFor(b.operandNamespace) clusterInformers := b.kubeInformers.InformersFor("") @@ -299,5 +316,21 @@ func (b *staticPodOperatorControllerBuilder) ToControllers() (manager.Controller manager.WithController(unsupportedconfigoverridescontroller.NewUnsupportedConfigOverridesController(b.staticPodOperatorClient, eventRecorder), 1) manager.WithController(loglevel.NewClusterOperatorLoggingController(b.staticPodOperatorClient, eventRecorder), 1) + if len(b.operatorNamespace) > 0 && len(b.operatorName) > 0 && len(b.readyzPort) > 0 { + manager.WithController(guard.NewGuardController( + b.operandNamespace, + b.staticPodName, + b.operatorName, + b.readyzPort, + operandInformers, + clusterInformers, + b.staticPodOperatorClient, + podClient, + pdbClient, + eventRecorder, + b.guardCreateConditionalFunc, + ), 1) + } + return manager, errors.NewAggregate(errs) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 1d6ee57c5..44d5d5649 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -248,7 +248,7 @@ github.com/openshift/client-go/operator/informers/externalversions/operator/v1 github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1 github.com/openshift/client-go/operator/listers/operator/v1 github.com/openshift/client-go/operator/listers/operator/v1alpha1 -# github.com/openshift/library-go v0.0.0-20211214183058-58531ccbde67 +# github.com/openshift/library-go v0.0.0-20211217155025-d48a1fb9b7c2 ## explicit; go 1.17 github.com/openshift/library-go/pkg/assets github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer @@ -283,6 +283,8 @@ github.com/openshift/library-go/pkg/operator/staticpod github.com/openshift/library-go/pkg/operator/staticpod/certsyncpod github.com/openshift/library-go/pkg/operator/staticpod/controller/backingresource github.com/openshift/library-go/pkg/operator/staticpod/controller/backingresource/bindata +github.com/openshift/library-go/pkg/operator/staticpod/controller/guard +github.com/openshift/library-go/pkg/operator/staticpod/controller/guard/bindata github.com/openshift/library-go/pkg/operator/staticpod/controller/installer github.com/openshift/library-go/pkg/operator/staticpod/controller/installer/bindata github.com/openshift/library-go/pkg/operator/staticpod/controller/installerstate