Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sidecar manager #37

Merged
merged 69 commits into from
Dec 16, 2022
Merged

Sidecar manager #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
bec0056
Init commmit with a pod getter
werdes72 Dec 2, 2022
63ef9c4
Add wip for filters
Dec 6, 2022
74ea460
Add more logic to restart pod
Dec 6, 2022
60352af
Add cni pods getter
werdes72 Dec 6, 2022
5a56ae0
Add fixture and fix test package
Dec 6, 2022
7097492
Add new tests
Dec 6, 2022
eeaf0f2
CNI and namespace logic
werdes72 Dec 6, 2022
5f56063
Add tests for different image
Dec 6, 2022
5a12c6e
Add builder to remove duplicate fixtures
Dec 6, 2022
5d3183d
Remove TODO
Dec 6, 2022
29eef7f
Working CNI reset, more tests
werdes72 Dec 7, 2022
36629c6
Add first code for restart logic
Dec 7, 2022
4496b2e
Add GetPodsWithoutSidecar with tests, small refactoring
werdes72 Dec 7, 2022
552784e
Add test
Dec 8, 2022
0a1b904
Fixes in pod getter logic, new tests
werdes72 Dec 8, 2022
91097a3
Remove obsolete comment
werdes72 Dec 8, 2022
6fc07f9
Add first tests for rollout
Dec 9, 2022
8e0142d
Return function
barchw Dec 9, 2022
9826cbe
Update
barchw Dec 9, 2022
573b988
Add warning
barchw Dec 9, 2022
52c73dc
pod get tests, fix bugs, refactor
werdes72 Dec 9, 2022
b39bcf6
Add all test cases when sidecar injection is enabled by default
werdes72 Dec 9, 2022
e53c31d
Add all sidecar test cases
werdes72 Dec 12, 2022
ccebe82
Rollout action
barchw Dec 12, 2022
27ad562
Merge branch 'sidecar-manager' of https://github.com/werdes72/istio i…
barchw Dec 12, 2022
b200328
Add initial retry handle
cnvergence Dec 12, 2022
d8b686e
Add component test framework
barchw Dec 13, 2022
12d324d
Add logic to main ProxyFunc
barchw Dec 13, 2022
6f885e3
Export warnings
barchw Dec 13, 2022
ff33c20
Configure istio version in feature file
barchw Dec 13, 2022
ea52bc5
Merge branch 'main' into sidecar-manager
barchw Dec 13, 2022
02378dd
CR, remove HasResetWarning func
werdes72 Dec 13, 2022
8034ea8
Add all cases
barchw Dec 13, 2022
e288141
Merge branch 'sidecar-manager' of https://github.com/werdes72/istio i…
barchw Dec 13, 2022
95a0e4c
Add makefile
barchw Dec 13, 2022
2231a27
Update tests for use on PROW
barchw Dec 13, 2022
ea13718
Add retry on conflict for API calls
cnvergence Dec 13, 2022
04859bb
Trigger rollout by StrategicMergePatch instead of Update
cnvergence Dec 13, 2022
7c3a613
Add unique processing of parent resources with multiple pods
Dec 14, 2022
c670226
Simplify test
Dec 14, 2022
408318c
Simplify handling of istio sidecar name as we know it should be alway…
Dec 14, 2022
d38e377
Use retryOnError method
cnvergence Dec 14, 2022
ac10c86
Refactor rollout action
cnvergence Dec 14, 2022
38d9473
Update operator/pkg/lib/sidecars/restart/rollout_action.go
barchw Dec 14, 2022
2dd0ccc
Refactor replica_set_action.go
cnvergence Dec 14, 2022
1f3cb09
Update operator/pkg/lib/sidecars/restart/rollout_action.go
barchw Dec 14, 2022
6438f83
Update-tests
barchw Dec 14, 2022
def272f
Update-tests
barchw Dec 14, 2022
d85ef0b
Update-tests
barchw Dec 14, 2022
dbc1582
Fix lint issue with . import
barchw Dec 14, 2022
34e4849
Rename annotation for restart
cnvergence Dec 14, 2022
a49731d
Add comment
Dec 14, 2022
9d33189
Check for pod name in get_test.go
werdes72 Dec 14, 2022
6742c0e
Simplify validation to verify image matches image in container
Dec 14, 2022
16f42b1
Revert patch
cnvergence Dec 14, 2022
7d28d98
Remove unused files
Dec 14, 2022
3dfd00e
Remove redundant code
Dec 14, 2022
7be98a2
Remove unused func
barchw Dec 14, 2022
030b5d1
Add check for resources that should be left unchanged
barchw Dec 14, 2022
d40fed0
Merge from main
barchw Dec 14, 2022
3b35663
Add logging
Dec 15, 2022
10d3302
Adapt tests
barchw Dec 15, 2022
a162d9a
Don't stop proxy reset when creating or executing an action for a pod…
werdes72 Dec 15, 2022
50d9428
Unsupport missing sidecar
barchw Dec 15, 2022
b186f16
Merge branch 'sidecar-manager' of https://github.com/werdes72/istio i…
barchw Dec 15, 2022
fe5fbbe
Lint
barchw Dec 15, 2022
698302f
Review of tests
Dec 16, 2022
4fed868
Add test for delete of pod managed by ReplicationController
Dec 16, 2022
95f015a
Re-add missing ns selectors in tests
Dec 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions operator/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,13 @@ module github.com/kyma-project/istio/operator
go 1.19

require (
github.com/cucumber/godog v0.12.5
github.com/go-logr/logr v1.2.3
github.com/kyma-project/module-manager/operator v0.0.0-20221020113457-620af4f4b365
github.com/onsi/ginkgo/v2 v2.6.0
github.com/onsi/gomega v1.24.1
github.com/stretchr/testify v1.8.1
gitlab.com/rodrigoodhin/gocure v0.0.0-20220718065339-f14dfe79276a
golang.org/x/time v0.3.0
google.golang.org/protobuf v1.28.1
istio.io/api v0.0.0-20221021183946-6b7b70196148
Expand Down Expand Up @@ -38,6 +40,8 @@ require (
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/cncf/xds/go v0.0.0-20220520190051-1e77728a1eaa // indirect
github.com/containerd/containerd v1.6.6 // indirect
github.com/cucumber/gherkin-go/v19 v19.0.3 // indirect
github.com/cucumber/messages-go/v16 v16.0.1 // indirect
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
Expand Down Expand Up @@ -65,6 +69,7 @@ require (
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-json v0.9.7 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
Expand All @@ -81,7 +86,10 @@ require (
github.com/gosuri/uitable v0.0.4 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
github.com/hashicorp/go-memdb v1.3.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/huandu/xstrings v1.3.2 // indirect
github.com/iancoleman/orderedmap v0.2.0 // indirect
github.com/imdario/mergo v0.3.13 // indirect
Expand Down Expand Up @@ -136,6 +144,8 @@ require (
github.com/spf13/cobra v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/tdewolff/minify/v2 v2.10.0 // indirect
github.com/tdewolff/parse/v2 v2.5.27 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
Expand Down
50 changes: 50 additions & 0 deletions operator/go.sum
View file
Open in desktop

Large diffs are not rendered by default.

77 changes: 77 additions & 0 deletions operator/pkg/lib/sidecars/pods/filter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
package pods

import (
v1 "k8s.io/api/core/v1"
)

const (
istioSidecarName = "istio-proxy"
)

func hasIstioSidecarStatusAnnotation(pod v1.Pod) bool {
_, exists := pod.Annotations["sidecar.istio.io/status"]
return exists
}

func isPodReady(pod v1.Pod) bool {
isMarkedForDeletion := pod.ObjectMeta.DeletionTimestamp != nil
return !isMarkedForDeletion && hasTrueStatusConditions(pod) && isPodRunning(pod)
}

func hasTrueStatusConditions(pod v1.Pod) bool {
for _, condition := range pod.Status.Conditions {
if condition.Status != v1.ConditionTrue {
return false
}
}
return true
}

func isPodRunning(pod v1.Pod) bool {
return pod.Status.Phase == v1.PodRunning
}

func hasSidecarContainerWithWithDifferentImage(pod v1.Pod, expectedImage SidecarImage) bool {

for _, container := range pod.Spec.Containers {
if isContainerIstioSidecar(container) && !expectedImage.matchesImageIn(container) {
return true
}
}
return false
}

func hasInitContainer(containers []v1.Container, initContainerName string) bool {
proxyImage := ""
for _, container := range containers {
if container.Name == initContainerName {
proxyImage = container.Image
}
}
return proxyImage != ""
}

func isContainerIstioSidecar(container v1.Container) bool {
return istioSidecarName == container.Name
}

func isPodInNamespaceList(pod v1.Pod, namespaceList []v1.Namespace) bool {
for _, namespace := range namespaceList {
if pod.ObjectMeta.Namespace == namespace.Name {
return true
}
}
return false
}

func isSystemNamespace(name string) bool {
switch name {
case "kube-system":
return true
case "kube-public":
return true
case "istio-system":
return true
}
return false
}
129 changes: 129 additions & 0 deletions operator/pkg/lib/sidecars/pods/get.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
package pods

import (
"context"
"fmt"
"github.com/go-logr/logr"
"github.com/kyma-project/istio/operator/pkg/lib/sidecars/retry"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/fields"
"sigs.k8s.io/controller-runtime/pkg/client"
)

const (
istioValidationContainerName = "istio-validation"
istioInitContainerName = "istio-init"
)

type SidecarImage struct {
Repository string
Tag string
}

func (r SidecarImage) String() string {
return fmt.Sprintf("%s:%s", r.Repository, r.Tag)
}

func (r SidecarImage) matchesImageIn(container v1.Container) bool {
return container.Image == r.String()
}

func getAllRunningPods(ctx context.Context, c client.Client) (*v1.PodList, error) {
podList := &v1.PodList{}

isRunning := fields.OneTermEqualSelector("status.phase", string(v1.PodRunning))

err := retry.RetryOnError(retry.DefaultRetry, func() error {
return c.List(ctx, podList, client.MatchingFieldsSelector{Selector: isRunning})
})
if err != nil {
return podList, err
}

return podList, nil
}

func getNamespacesWithIstioLabelsAndInjectionDisabled(ctx context.Context, c client.Client) (*v1.NamespaceList, *v1.NamespaceList, error) {
unfilteredLabeledList := &v1.NamespaceList{}
labeledList := &v1.NamespaceList{}
disabledList := &v1.NamespaceList{}

err := retry.RetryOnError(retry.DefaultRetry, func() error {
return c.List(ctx, unfilteredLabeledList, client.HasLabels{"istio-injection"})
})
if err != nil {
return labeledList, disabledList, err
}

unfilteredLabeledList.DeepCopyInto(labeledList)
labeledList.Items = []v1.Namespace{}
unfilteredLabeledList.DeepCopyInto(disabledList)
disabledList.Items = []v1.Namespace{}

for _, namespace := range unfilteredLabeledList.Items {
if isSystemNamespace(namespace.ObjectMeta.Name) {
continue
}
if namespace.Labels["istio-injection"] == "disabled" {
disabledList.Items = append(disabledList.Items, namespace)
}
labeledList.Items = append(labeledList.Items, namespace)
}

return labeledList, disabledList, err
}

func GetPodsWithDifferentSidecarImage(ctx context.Context, c client.Client, expectedImage SidecarImage, logger *logr.Logger) (outputPodsList v1.PodList, err error) {
podList, err := getAllRunningPods(ctx, c)
if err != nil {
return outputPodsList, err
}

podList.DeepCopyInto(&outputPodsList)
outputPodsList.Items = []v1.Pod{}

for _, pod := range podList.Items {
if hasIstioSidecarStatusAnnotation(pod) &&
isPodReady(pod) &&
hasSidecarContainerWithWithDifferentImage(pod, expectedImage) {
outputPodsList.Items = append(outputPodsList.Items, *pod.DeepCopy())
}
}

logger.Info("Pods with different istio proxy image", "number of pods", len(outputPodsList.Items), "expected image", expectedImage)
return outputPodsList, nil
}

func GetPodsForCNIChange(ctx context.Context, c client.Client, isCNIEnabled bool, logger *logr.Logger) (outputPodsList v1.PodList, err error) {
podList, err := getAllRunningPods(ctx, c)
if err != nil {
return outputPodsList, err
}

var containerName string
if isCNIEnabled {
containerName = istioInitContainerName
} else {
containerName = istioValidationContainerName
}

_, injectionDisabledNamespaceList, err := getNamespacesWithIstioLabelsAndInjectionDisabled(ctx, c)
if err != nil {
return outputPodsList, err
}

podList.DeepCopyInto(&outputPodsList)
outputPodsList.Items = []v1.Pod{}

for _, pod := range podList.Items {
if isPodReady(pod) && hasInitContainer(pod.Spec.InitContainers, containerName) &&
!isPodInNamespaceList(pod, injectionDisabledNamespaceList.Items) &&
!isSystemNamespace(pod.Namespace) {
outputPodsList.Items = append(outputPodsList.Items, *pod.DeepCopy())
}
}

logger.Info("Pods that need to adapt to CNI change", "number of pods", len(outputPodsList.Items))

return outputPodsList, nil
}
Loading