k3s/pkg/controller/daemon/util/daemonset_util.go

/*
Copyright 2017 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package util

import (
	"fmt"

	"k8s.io/api/core/v1"
	extensions "k8s.io/api/extensions/v1beta1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	utilfeature "k8s.io/apiserver/pkg/util/feature"
	podutil "k8s.io/kubernetes/pkg/api/v1/pod"
	v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
	"k8s.io/kubernetes/pkg/features"
	kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
	"k8s.io/kubernetes/pkg/scheduler/algorithm"
	labelsutil "k8s.io/kubernetes/pkg/util/labels"
)

// CreatePodTemplate returns copy of provided template with additional
// label which contains templateGeneration (for backward compatibility),
// hash of provided template and sets default daemon tolerations.
func CreatePodTemplate(template v1.PodTemplateSpec, generation int64, hash string) v1.PodTemplateSpec {
	newTemplate := *template.DeepCopy()
	// DaemonSet pods shouldn't be deleted by NodeController in case of node problems.
	// Add infinite toleration for taint notReady:NoExecute here
	// to survive taint-based eviction enforced by NodeController
	// when node turns not ready.
	v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{
		Key:      algorithm.TaintNodeNotReady,
		Operator: v1.TolerationOpExists,
		Effect:   v1.TaintEffectNoExecute,
	})

	// DaemonSet pods shouldn't be deleted by NodeController in case of node problems.
	// Add infinite toleration for taint unreachable:NoExecute here
	// to survive taint-based eviction enforced by NodeController
	// when node turns unreachable.
	v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{
		Key:      algorithm.TaintNodeUnreachable,
		Operator: v1.TolerationOpExists,
		Effect:   v1.TaintEffectNoExecute,
	})

	// According to TaintNodesByCondition feature, all DaemonSet pods should tolerate
	// MemoryPressure and DisPressure taints, and the critical pods should tolerate
	// OutOfDisk taint.
	v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{
		Key:      algorithm.TaintNodeDiskPressure,
		Operator: v1.TolerationOpExists,
		Effect:   v1.TaintEffectNoSchedule,
	})

	v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{
		Key:      algorithm.TaintNodeMemoryPressure,
		Operator: v1.TolerationOpExists,
		Effect:   v1.TaintEffectNoSchedule,
	})

	// TODO(#48843) OutOfDisk taints will be removed in 1.10
	if utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalCriticalPodAnnotation) &&
		kubelettypes.IsCritical(newTemplate.Namespace, newTemplate.Annotations) {
		v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{
			Key:      algorithm.TaintNodeOutOfDisk,
			Operator: v1.TolerationOpExists,
			Effect:   v1.TaintEffectNoExecute,
		})
	}

	templateGenerationStr := fmt.Sprint(generation)
	newTemplate.ObjectMeta.Labels = labelsutil.CloneAndAddLabel(
		template.ObjectMeta.Labels,
		extensions.DaemonSetTemplateGenerationKey,
		templateGenerationStr,
	)
	// TODO: do we need to validate if the DaemonSet is RollingUpdate or not?
	if len(hash) > 0 {
		newTemplate.ObjectMeta.Labels[extensions.DefaultDaemonSetUniqueLabelKey] = hash
	}
	return newTemplate
}

// IsPodUpdated checks if pod contains label value that either matches templateGeneration or hash
func IsPodUpdated(dsTemplateGeneration int64, pod *v1.Pod, hash string) bool {
	// Compare with hash to see if the pod is updated, need to maintain backward compatibility of templateGeneration
	templateMatches := pod.Labels[extensions.DaemonSetTemplateGenerationKey] == fmt.Sprint(dsTemplateGeneration)
	hashMatches := len(hash) > 0 && pod.Labels[extensions.DefaultDaemonSetUniqueLabelKey] == hash
	return hashMatches || templateMatches
}

// SplitByAvailablePods splits provided daemon set pods by availability
func SplitByAvailablePods(minReadySeconds int32, pods []*v1.Pod) ([]*v1.Pod, []*v1.Pod) {
	unavailablePods := []*v1.Pod{}
	availablePods := []*v1.Pod{}
	for _, pod := range pods {
		if podutil.IsPodAvailable(pod, minReadySeconds, metav1.Now()) {
			availablePods = append(availablePods, pod)
		} else {
			unavailablePods = append(unavailablePods, pod)
		}
	}
	return availablePods, unavailablePods
}
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`/*`
			`Copyright 2017 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package util`

			`import (`
			`"fmt"`

run hack/update-all 2017-06-22 18:24:23 +00:00			`"k8s.io/api/core/v1"`
			`extensions "k8s.io/api/extensions/v1beta1"`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
Added toleration for node condition taints. 2017-08-05 06:49:10 +00:00			`utilfeature "k8s.io/apiserver/pkg/util/feature"`
move pkg/api/v1/ref.go and pkg/api/v1/resource.go to subpackages. move some functions in resource.go to pkg/api/v1/node and pkg/api/v1/pod 2017-04-17 17:56:40 +00:00			`podutil "k8s.io/kubernetes/pkg/api/v1/pod"`
pkg/apis/core: mechanical import fixes in dependencies 2017-11-08 22:34:54 +00:00			`v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"`
Added toleration for node condition taints. 2017-08-05 06:49:10 +00:00			`"k8s.io/kubernetes/pkg/features"`
			`kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"`
Move scheduler code out of plugin directory. This moves plugin/pkg/scheduler to pkg/scheduler and plugin/cmd/kube-scheduler to cmd/kube-scheduler. Bulk of the work was done with gomvpkg, except for kube-scheduler main package. 2018-01-04 02:12:18 +00:00			`"k8s.io/kubernetes/pkg/scheduler/algorithm"`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`labelsutil "k8s.io/kubernetes/pkg/util/labels"`
			`)`

Implement DaemonSet history logic in controller 1. Create controllerrevisions (history) and label pods with template hash for both RollingUpdate and OnDelete update strategy 2. Clean up old, non-live history based on revisionHistoryLimit 3. Remove duplicate controllerrevisions (the ones with the same template) and relabel their pods 4. Update RBAC to allow DaemonSet controller to manage controllerrevisions 5. In DaemonSet controller unit tests, create new pods with hash labels 2017-05-17 23:53:46 +00:00			`// CreatePodTemplate returns copy of provided template with additional`
			`// label which contains templateGeneration (for backward compatibility),`
			`// hash of provided template and sets default daemon tolerations.`
			`func CreatePodTemplate(template v1.PodTemplateSpec, generation int64, hash string) v1.PodTemplateSpec {`
controllers: simplify deepcopy calls 2017-08-15 12:14:21 +00:00			`newTemplate := *template.DeepCopy()`
Make Daemons tolerate NoExecute taints correctly 2017-05-04 13:19:08 +00:00			`// DaemonSet pods shouldn't be deleted by NodeController in case of node problems.`
			`// Add infinite toleration for taint notReady:NoExecute here`
			`// to survive taint-based eviction enforced by NodeController`
			`// when node turns not ready.`
			`v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{`
move labels to components which own the APIs 2017-05-30 14:46:00 +00:00			`Key: algorithm.TaintNodeNotReady,`
Make Daemons tolerate NoExecute taints correctly 2017-05-04 13:19:08 +00:00			`Operator: v1.TolerationOpExists,`
			`Effect: v1.TaintEffectNoExecute,`
			`})`

			`// DaemonSet pods shouldn't be deleted by NodeController in case of node problems.`
			`// Add infinite toleration for taint unreachable:NoExecute here`
			`// to survive taint-based eviction enforced by NodeController`
			`// when node turns unreachable.`
			`v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{`
move labels to components which own the APIs 2017-05-30 14:46:00 +00:00			`Key: algorithm.TaintNodeUnreachable,`
Make Daemons tolerate NoExecute taints correctly 2017-05-04 13:19:08 +00:00			`Operator: v1.TolerationOpExists,`
			`Effect: v1.TaintEffectNoExecute,`
			`})`

Added toleration for node condition taints. 2017-08-05 06:49:10 +00:00			`// According to TaintNodesByCondition feature, all DaemonSet pods should tolerate`
			`// MemoryPressure and DisPressure taints, and the critical pods should tolerate`
			`// OutOfDisk taint.`
			`v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{`
			`Key: algorithm.TaintNodeDiskPressure,`
			`Operator: v1.TolerationOpExists,`
			`Effect: v1.TaintEffectNoSchedule,`
			`})`

			`v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{`
			`Key: algorithm.TaintNodeMemoryPressure,`
			`Operator: v1.TolerationOpExists,`
			`Effect: v1.TaintEffectNoSchedule,`
			`})`

remove OutOfDisk from controllers 2017-08-28 18:17:38 +00:00			`// TODO(#48843) OutOfDisk taints will be removed in 1.10`
Added toleration for node condition taints. 2017-08-05 06:49:10 +00:00			`if utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalCriticalPodAnnotation) &&`
			`kubelettypes.IsCritical(newTemplate.Namespace, newTemplate.Annotations) {`
			`v1helper.AddOrUpdateTolerationInPodSpec(&newTemplate.Spec, &v1.Toleration{`
			`Key: algorithm.TaintNodeOutOfDisk,`
			`Operator: v1.TolerationOpExists,`
			`Effect: v1.TaintEffectNoExecute,`
			`})`
			`}`

DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`templateGenerationStr := fmt.Sprint(generation)`
			`newTemplate.ObjectMeta.Labels = labelsutil.CloneAndAddLabel(`
			`template.ObjectMeta.Labels,`
			`extensions.DaemonSetTemplateGenerationKey,`
			`templateGenerationStr,`
			`)`
Implement DaemonSet history logic in controller 1. Create controllerrevisions (history) and label pods with template hash for both RollingUpdate and OnDelete update strategy 2. Clean up old, non-live history based on revisionHistoryLimit 3. Remove duplicate controllerrevisions (the ones with the same template) and relabel their pods 4. Update RBAC to allow DaemonSet controller to manage controllerrevisions 5. In DaemonSet controller unit tests, create new pods with hash labels 2017-05-17 23:53:46 +00:00			`// TODO: do we need to validate if the DaemonSet is RollingUpdate or not?`
			`if len(hash) > 0 {`
			`newTemplate.ObjectMeta.Labels[extensions.DefaultDaemonSetUniqueLabelKey] = hash`
			`}`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`return newTemplate`
			`}`

fix golint warnings in daemon controller The only on remaining asks to rename DaemonSetsController, which is a public interface and would need proper deprecation first. 2018-02-05 09:11:09 +00:00			`// IsPodUpdated checks if pod contains label value that either matches templateGeneration or hash`
Implement DaemonSet history logic in controller 1. Create controllerrevisions (history) and label pods with template hash for both RollingUpdate and OnDelete update strategy 2. Clean up old, non-live history based on revisionHistoryLimit 3. Remove duplicate controllerrevisions (the ones with the same template) and relabel their pods 4. Update RBAC to allow DaemonSet controller to manage controllerrevisions 5. In DaemonSet controller unit tests, create new pods with hash labels 2017-05-17 23:53:46 +00:00			`func IsPodUpdated(dsTemplateGeneration int64, pod *v1.Pod, hash string) bool {`
			`// Compare with hash to see if the pod is updated, need to maintain backward compatibility of templateGeneration`
			`templateMatches := pod.Labels[extensions.DaemonSetTemplateGenerationKey] == fmt.Sprint(dsTemplateGeneration)`
			`hashMatches := len(hash) > 0 && pod.Labels[extensions.DefaultDaemonSetUniqueLabelKey] == hash`
			`return hashMatches \|\| templateMatches`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`}`

fix all the typos across the project 2018-02-09 06:53:53 +00:00			`// SplitByAvailablePods splits provided daemon set pods by availability`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`func SplitByAvailablePods(minReadySeconds int32, pods []v1.Pod) ([]v1.Pod, []*v1.Pod) {`
			`unavailablePods := []*v1.Pod{}`
			`availablePods := []*v1.Pod{}`
			`for _, pod := range pods {`
move pkg/api/v1/ref.go and pkg/api/v1/resource.go to subpackages. move some functions in resource.go to pkg/api/v1/node and pkg/api/v1/pod 2017-04-17 17:56:40 +00:00			`if podutil.IsPodAvailable(pod, minReadySeconds, metav1.Now()) {`
DaemonSet updates It implements https://github.com/kubernetes/community/blob/master/contributors/design-proposals/daemonset-update.md Feature https://github.com/kubernetes/features/issues/124 2017-02-16 10:18:16 +00:00			`availablePods = append(availablePods, pod)`
			`} else {`
			`unavailablePods = append(unavailablePods, pod)`
			`}`
			`}`
			`return availablePods, unavailablePods`
			`}`