mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-22 12:49:29 +00:00
424 lines
16 KiB
Go
424 lines
16 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package apimachinery
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
|
|
"k8s.io/api/admissionregistration/v1alpha1"
|
|
"k8s.io/api/core/v1"
|
|
"k8s.io/api/extensions/v1beta1"
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
"k8s.io/apimachinery/pkg/util/wait"
|
|
clientset "k8s.io/client-go/kubernetes"
|
|
clientretry "k8s.io/client-go/util/retry"
|
|
"k8s.io/kubernetes/test/e2e/framework"
|
|
imageutils "k8s.io/kubernetes/test/utils/image"
|
|
)
|
|
|
|
var _ = SIGDescribe("Initializers [Feature:Initializers]", func() {
|
|
f := framework.NewDefaultFramework("initializers")
|
|
|
|
// TODO: Add failure traps once we have JustAfterEach
|
|
// See https://github.com/onsi/ginkgo/issues/303
|
|
|
|
It("should be invisible to controllers by default", func() {
|
|
ns := f.Namespace.Name
|
|
c := f.ClientSet
|
|
|
|
podName := "uninitialized-pod"
|
|
framework.Logf("Creating pod %s", podName)
|
|
|
|
ch := make(chan struct{})
|
|
go func() {
|
|
pod := newUninitializedPod(podName)
|
|
_, err := c.CoreV1().Pods(ns).Create(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create pod %s in namespace: %s", podName, ns)
|
|
close(ch)
|
|
}()
|
|
|
|
// wait to ensure the scheduler does not act on an uninitialized pod
|
|
err := wait.PollImmediate(2*time.Second, 15*time.Second, func() (bool, error) {
|
|
p, err := c.CoreV1().Pods(ns).Get(podName, metav1.GetOptions{})
|
|
if err != nil {
|
|
if errors.IsNotFound(err) {
|
|
return false, nil
|
|
}
|
|
return false, err
|
|
}
|
|
return len(p.Spec.NodeName) > 0, nil
|
|
})
|
|
Expect(err).To(Equal(wait.ErrWaitTimeout))
|
|
|
|
// verify that we can update an initializing pod
|
|
pod, err := c.CoreV1().Pods(ns).Get(podName, metav1.GetOptions{})
|
|
Expect(err).NotTo(HaveOccurred(), "failed to get pod %s in namespace: %s", podName, ns)
|
|
pod.Annotations = map[string]string{"update-1": "test"}
|
|
pod, err = c.CoreV1().Pods(ns).Update(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to update pod %s in namespace %s to: %+v", pod.Name, ns, pod)
|
|
|
|
// verify the list call filters out uninitialized pods
|
|
listOptions := metav1.ListOptions{IncludeUninitialized: true}
|
|
pods, err := c.CoreV1().Pods(ns).List(listOptions)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to list pods in namespace: %s, given list options: %+v", ns, listOptions)
|
|
Expect(pods.Items).To(HaveLen(1))
|
|
pods, err = c.CoreV1().Pods(ns).List(metav1.ListOptions{})
|
|
Expect(err).NotTo(HaveOccurred(), "failed to list pods in namespace: %s", ns)
|
|
Expect(pods.Items).To(HaveLen(0))
|
|
|
|
// clear initializers
|
|
pod.Initializers = nil
|
|
pod, err = c.CoreV1().Pods(ns).Update(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to update pod %s in namespace %s to: %+v", pod.Name, ns, pod)
|
|
|
|
// pod should now start running
|
|
err = framework.WaitForPodRunningInNamespace(c, pod)
|
|
Expect(err).NotTo(HaveOccurred(), "error while waiting for pod %s to go to Running phase in namespace: %s", pod.Name, pod.Namespace)
|
|
|
|
// ensure create call returns
|
|
<-ch
|
|
|
|
// verify that we cannot start the pod initializing again
|
|
pod, err = c.CoreV1().Pods(ns).Get(podName, metav1.GetOptions{})
|
|
Expect(err).NotTo(HaveOccurred(), "failed to get pod %s in namespace: %s", podName, ns)
|
|
pod.Initializers = &metav1.Initializers{
|
|
Pending: []metav1.Initializer{{Name: "Other"}},
|
|
}
|
|
_, err = c.CoreV1().Pods(ns).Update(pod)
|
|
if !errors.IsInvalid(err) || !strings.Contains(err.Error(), "immutable") {
|
|
Fail(fmt.Sprintf("expected invalid error: %v", err))
|
|
}
|
|
})
|
|
|
|
It("should dynamically register and apply initializers to pods [Serial]", func() {
|
|
ns := f.Namespace.Name
|
|
c := f.ClientSet
|
|
|
|
podName := "uninitialized-pod"
|
|
framework.Logf("Creating pod %s", podName)
|
|
|
|
// create and register an initializer
|
|
initializerName := "pod.test.e2e.kubernetes.io"
|
|
initializerConfigName := "e2e-test-initializer"
|
|
initializerConfig := &v1alpha1.InitializerConfiguration{
|
|
ObjectMeta: metav1.ObjectMeta{Name: initializerConfigName},
|
|
Initializers: []v1alpha1.Initializer{
|
|
{
|
|
Name: initializerName,
|
|
Rules: []v1alpha1.Rule{
|
|
{APIGroups: []string{""}, APIVersions: []string{"*"}, Resources: []string{"pods"}},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
_, err := c.AdmissionregistrationV1alpha1().InitializerConfigurations().Create(initializerConfig)
|
|
if errors.IsNotFound(err) {
|
|
framework.Skipf("dynamic configuration of initializers requires the alpha admissionregistration.k8s.io group to be enabled")
|
|
}
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create and register initializer with config: %+v", initializerConfig)
|
|
|
|
// we must remove the initializer when the test is complete and ensure no pods are pending for that initializer
|
|
defer cleanupInitializer(c, initializerConfigName, initializerName)
|
|
|
|
// poller configuration is 1 second, wait at least that long
|
|
time.Sleep(3 * time.Second)
|
|
|
|
// run create that blocks
|
|
ch := make(chan struct{})
|
|
go func() {
|
|
defer close(ch)
|
|
pod := newInitPod(podName)
|
|
_, err := c.CoreV1().Pods(ns).Create(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create pod %s in namespace: %s", podName, ns)
|
|
}()
|
|
|
|
// wait until the pod shows up uninitialized
|
|
By("Waiting until the pod is visible to a client")
|
|
var pod *v1.Pod
|
|
err = wait.PollImmediate(2*time.Second, 15*time.Second, func() (bool, error) {
|
|
pod, err = c.CoreV1().Pods(ns).Get(podName, metav1.GetOptions{IncludeUninitialized: true})
|
|
if errors.IsNotFound(err) {
|
|
return false, nil
|
|
}
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return true, nil
|
|
})
|
|
Expect(err).NotTo(HaveOccurred(), "failed to get pod %s from namespace: %s", podName, ns)
|
|
Expect(pod.Initializers).NotTo(BeNil())
|
|
Expect(pod.Initializers.Pending).To(HaveLen(1))
|
|
Expect(pod.Initializers.Pending[0].Name).To(Equal(initializerName))
|
|
|
|
// pretend we are an initializer
|
|
By("Completing initialization")
|
|
pod.Initializers = nil
|
|
pod, err = c.CoreV1().Pods(ns).Update(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to update pod %s in namespace %s to: %+v", pod.Name, ns, pod)
|
|
|
|
// ensure create call returns
|
|
<-ch
|
|
|
|
// pod should now start running
|
|
err = framework.WaitForPodRunningInNamespace(c, pod)
|
|
Expect(err).NotTo(HaveOccurred(), "error while waiting for pod %s to go to Running phase in namespace: %s", pod.Name, pod.Namespace)
|
|
|
|
// bypass initialization by explicitly passing an empty pending list
|
|
By("Setting an empty initializer as an admin to bypass initialization")
|
|
podName = "preinitialized-pod"
|
|
pod = newUninitializedPod(podName)
|
|
pod.Initializers.Pending = nil
|
|
pod, err = c.CoreV1().Pods(ns).Create(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create pod %s in namespace: %s", podName, ns)
|
|
Expect(pod.Initializers).To(BeNil())
|
|
|
|
// bypass initialization for mirror pods
|
|
By("Creating a mirror pod that bypasses initialization")
|
|
podName = "mirror-pod"
|
|
pod = newInitPod(podName)
|
|
pod.Annotations = map[string]string{
|
|
v1.MirrorPodAnnotationKey: "true",
|
|
}
|
|
pod.Spec.NodeName = "node-does-not-yet-exist"
|
|
pod, err = c.CoreV1().Pods(ns).Create(pod)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create pod %s in namespace: %s", podName, ns)
|
|
Expect(pod.Initializers).To(BeNil())
|
|
Expect(pod.Annotations[v1.MirrorPodAnnotationKey]).To(Equal("true"))
|
|
})
|
|
|
|
It("don't cause replicaset controller creating extra pods if the initializer is not handled [Serial]", func() {
|
|
ns := f.Namespace.Name
|
|
c := f.ClientSet
|
|
|
|
podName := "uninitialized-pod"
|
|
framework.Logf("Creating pod %s", podName)
|
|
|
|
// create and register an initializer, without setting up a controller to handle it.
|
|
initializerName := "pod.test.e2e.kubernetes.io"
|
|
initializerConfigName := "e2e-test-initializer"
|
|
initializerConfig := &v1alpha1.InitializerConfiguration{
|
|
ObjectMeta: metav1.ObjectMeta{Name: initializerConfigName},
|
|
Initializers: []v1alpha1.Initializer{
|
|
{
|
|
Name: initializerName,
|
|
Rules: []v1alpha1.Rule{
|
|
{APIGroups: []string{""}, APIVersions: []string{"*"}, Resources: []string{"pods"}},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
_, err := c.AdmissionregistrationV1alpha1().InitializerConfigurations().Create(initializerConfig)
|
|
if errors.IsNotFound(err) {
|
|
framework.Skipf("dynamic configuration of initializers requires the alpha admissionregistration.k8s.io group to be enabled")
|
|
}
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create and register initializer with config: %+v", initializerConfig)
|
|
|
|
// we must remove the initializer when the test is complete and ensure no pods are pending for that initializer
|
|
defer cleanupInitializer(c, initializerConfigName, initializerName)
|
|
|
|
// poller configuration is 1 second, wait at least that long
|
|
time.Sleep(3 * time.Second)
|
|
|
|
// create a replicaset
|
|
rs := newReplicaset()
|
|
persistedRS, err := c.ExtensionsV1beta1().ReplicaSets(ns).Create(rs)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to create replicaset %s in namespace: %s", persistedRS.Name, ns)
|
|
// wait for replicaset controller to confirm that it has handled the creation
|
|
err = waitForRSObservedGeneration(c, persistedRS.Namespace, persistedRS.Name, persistedRS.Generation)
|
|
Expect(err).NotTo(HaveOccurred(), "replicaset %s failed to observe generation: %d", persistedRS.Name, persistedRS.Generation)
|
|
|
|
// update the replicaset spec to trigger a resync
|
|
patch := []byte(`{"spec":{"minReadySeconds":5}}`)
|
|
persistedRS, err = c.ExtensionsV1beta1().ReplicaSets(ns).Patch(persistedRS.Name, types.StrategicMergePatchType, patch)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to apply to replicaset %s in namespace %s a strategic merge patch: %s", persistedRS.Name, ns, patch)
|
|
|
|
// wait for replicaset controller to confirm that it has handle the spec update
|
|
err = waitForRSObservedGeneration(c, persistedRS.Namespace, persistedRS.Name, persistedRS.Generation)
|
|
Expect(err).NotTo(HaveOccurred(), "replicaset %s failed to observe generation: %d", persistedRS.Name, persistedRS.Generation)
|
|
|
|
// verify that the replicaset controller doesn't create extra pod
|
|
selector, err := metav1.LabelSelectorAsSelector(persistedRS.Spec.Selector)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to convert label selector %+v of LabelSelector api type into a struct that implements labels.Selector", persistedRS.Spec.Selector)
|
|
|
|
listOptions := metav1.ListOptions{
|
|
LabelSelector: selector.String(),
|
|
IncludeUninitialized: true,
|
|
}
|
|
pods, err := c.CoreV1().Pods(ns).List(listOptions)
|
|
Expect(err).NotTo(HaveOccurred(), "failed to list pods in namespace: %s, given list options: %+v", ns, listOptions)
|
|
Expect(len(pods.Items)).Should(Equal(1))
|
|
})
|
|
|
|
It("will be set to nil if a patch removes the last pending initializer", func() {
|
|
ns := f.Namespace.Name
|
|
c := f.ClientSet
|
|
|
|
podName := "to-be-patch-initialized-pod"
|
|
framework.Logf("Creating pod %s", podName)
|
|
|
|
// TODO: lower the timeout so that the server responds faster.
|
|
_, err := c.CoreV1().Pods(ns).Create(newUninitializedPod(podName))
|
|
if err != nil && !errors.IsTimeout(err) {
|
|
framework.Failf("expect err to be timeout error, got %v", err)
|
|
}
|
|
uninitializedPod, err := c.CoreV1().Pods(ns).Get(podName, metav1.GetOptions{})
|
|
Expect(err).NotTo(HaveOccurred(), "failed to get pod %s in namespace: %s", podName, ns)
|
|
Expect(uninitializedPod.Initializers).NotTo(BeNil())
|
|
Expect(len(uninitializedPod.Initializers.Pending)).Should(Equal(1))
|
|
|
|
patch := fmt.Sprintf(`{"metadata":{"initializers":{"pending":[{"$patch":"delete","name":"%s"}]}}}`, uninitializedPod.Initializers.Pending[0].Name)
|
|
patchedPod, err := c.CoreV1().Pods(ns).Patch(uninitializedPod.Name, types.StrategicMergePatchType, []byte(patch))
|
|
Expect(err).NotTo(HaveOccurred(), "failed to apply to pod %s in namespace %s a strategic merge patch: %s", uninitializedPod.Name, ns, patch)
|
|
Expect(patchedPod.Initializers).To(BeNil())
|
|
})
|
|
})
|
|
|
|
func newUninitializedPod(podName string) *v1.Pod {
|
|
pod := newInitPod(podName)
|
|
pod.Initializers = &metav1.Initializers{
|
|
Pending: []metav1.Initializer{{Name: "test.k8s.io"}},
|
|
}
|
|
return pod
|
|
}
|
|
|
|
func newReplicaset() *v1beta1.ReplicaSet {
|
|
name := "initializer-test-replicaset"
|
|
replicas := int32(1)
|
|
labels := map[string]string{"initializer-test": "single-replicaset"}
|
|
return &v1beta1.ReplicaSet{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
},
|
|
Spec: v1beta1.ReplicaSetSpec{
|
|
Replicas: &replicas,
|
|
Template: v1.PodTemplateSpec{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Labels: labels,
|
|
},
|
|
Spec: v1.PodSpec{
|
|
TerminationGracePeriodSeconds: &zero,
|
|
Containers: []v1.Container{
|
|
{
|
|
Name: name + "-container",
|
|
Image: imageutils.GetE2EImage(imageutils.Porter),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func newInitPod(podName string) *v1.Pod {
|
|
containerName := fmt.Sprintf("%s-container", podName)
|
|
port := 8080
|
|
pod := &v1.Pod{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: podName,
|
|
},
|
|
Spec: v1.PodSpec{
|
|
Containers: []v1.Container{
|
|
{
|
|
Name: containerName,
|
|
Image: imageutils.GetE2EImage(imageutils.Porter),
|
|
Env: []v1.EnvVar{{Name: fmt.Sprintf("SERVE_PORT_%d", port), Value: "foo"}},
|
|
Ports: []v1.ContainerPort{{ContainerPort: int32(port)}},
|
|
},
|
|
},
|
|
RestartPolicy: v1.RestartPolicyNever,
|
|
},
|
|
}
|
|
return pod
|
|
}
|
|
|
|
// removeInitializersFromAllPods walks all pods and ensures they don't have the provided initializer,
|
|
// to guarantee completing the test doesn't block the entire cluster.
|
|
func removeInitializersFromAllPods(c clientset.Interface, initializerName string) {
|
|
pods, err := c.CoreV1().Pods("").List(metav1.ListOptions{IncludeUninitialized: true})
|
|
if err != nil {
|
|
return
|
|
}
|
|
for _, p := range pods.Items {
|
|
if p.Initializers == nil {
|
|
continue
|
|
}
|
|
err := clientretry.RetryOnConflict(clientretry.DefaultRetry, func() error {
|
|
pod, err := c.CoreV1().Pods(p.Namespace).Get(p.Name, metav1.GetOptions{IncludeUninitialized: true})
|
|
if err != nil {
|
|
if errors.IsNotFound(err) {
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
if pod.Initializers == nil {
|
|
return nil
|
|
}
|
|
var updated []metav1.Initializer
|
|
for _, pending := range pod.Initializers.Pending {
|
|
if pending.Name != initializerName {
|
|
updated = append(updated, pending)
|
|
}
|
|
}
|
|
if len(updated) == len(pod.Initializers.Pending) {
|
|
return nil
|
|
}
|
|
pod.Initializers.Pending = updated
|
|
if len(updated) == 0 {
|
|
pod.Initializers = nil
|
|
}
|
|
framework.Logf("Found initializer on pod %s in ns %s", pod.Name, pod.Namespace)
|
|
_, err = c.CoreV1().Pods(p.Namespace).Update(pod)
|
|
return err
|
|
})
|
|
if err != nil {
|
|
framework.Logf("Unable to remove initializer from pod %s in ns %s: %v", p.Name, p.Namespace, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// remove the initializerConfig, and remove the initializer from all pods
|
|
func cleanupInitializer(c clientset.Interface, initializerConfigName, initializerName string) {
|
|
if err := c.AdmissionregistrationV1alpha1().InitializerConfigurations().Delete(initializerConfigName, nil); err != nil && !errors.IsNotFound(err) {
|
|
framework.Logf("got error on deleting %s", initializerConfigName)
|
|
}
|
|
// poller configuration is 1 second, wait at least that long
|
|
time.Sleep(3 * time.Second)
|
|
// clear our initializer from anyone who got it
|
|
removeInitializersFromAllPods(c, initializerName)
|
|
}
|
|
|
|
// waits till the RS status.observedGeneration matches metadata.generation.
|
|
func waitForRSObservedGeneration(c clientset.Interface, ns, name string, generation int64) error {
|
|
return wait.PollImmediate(1*time.Second, 1*time.Minute, func() (bool, error) {
|
|
rs, err := c.ExtensionsV1beta1().ReplicaSets(ns).Get(name, metav1.GetOptions{})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if generation > rs.Status.ObservedGeneration {
|
|
return false, nil
|
|
}
|
|
return true, nil
|
|
})
|
|
}
|