-
Notifications
You must be signed in to change notification settings - Fork 75
/
Copy pathpod.go
406 lines (359 loc) · 13.2 KB
/
pod.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
/*
Copyright 2019 PlanetScale Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package etcd
import (
"fmt"
"strings"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/client"
planetscalev2 "planetscale.dev/vitess-operator/pkg/apis/planetscale/v2"
"planetscale.dev/vitess-operator/pkg/operator/desiredstatehash"
"planetscale.dev/vitess-operator/pkg/operator/k8s"
"planetscale.dev/vitess-operator/pkg/operator/update"
"planetscale.dev/vitess-operator/pkg/operator/vitess"
)
const (
// LockserverLabel is the label that should be added to Pods to identify
// which lockserver cluster they belong to.
LockserverLabel = "etcd.planetscale.com/lockserver"
// IndexLabel is the label used to identify the index of a member.
IndexLabel = "etcd.planetscale.com/index"
// NumReplicas is the number of members per etcd cluster.
//
// This is currently hard-coded because it doesn't really make sense to
// allow it to be customized. Anything less than 3 cannot maintain quorum
// if a single member becomes unavailable. Anything more than 3 adds latency
// without providing significant benefit to Vitess.
//
// WARNING: DO NOT change this value. That would break all existing EtcdLockservers.
// The only way to change this is to implement a new feature to support
// having different sizes for different EtcdLockserver objects.
NumReplicas = 3
etcdContainerName = "etcd"
etcdCommand = "/usr/local/bin/etcd"
dataVolumeName = "data"
dataVolumeMountPath = "/var/etcd"
dataVolumeSubPath = "etcd"
)
// PodName returns the name of the Pod for a given etcd member.
func PodName(lockserverName string, index int) string {
return fmt.Sprintf("%s-%d", lockserverName, index)
}
// Spec specifies all the internal parameters needed to deploy an etcd instance.
type Spec struct {
LockserverName string
Image string
ImagePullPolicy corev1.PullPolicy
ImagePullSecrets []corev1.LocalObjectReference
Resources corev1.ResourceRequirements
Labels map[string]string
Zone string
Index int
DataVolumePVCName string
DataVolumePVCSpec *corev1.PersistentVolumeClaimSpec
ExtraFlags map[string]string
ExtraEnv []corev1.EnvVar
ExtraVolumes []corev1.Volume
ExtraVolumeMounts []corev1.VolumeMount
InitContainers []corev1.Container
SidecarContainers []corev1.Container
Affinity *corev1.Affinity
Annotations map[string]string
ExtraLabels map[string]string
AdvertisePeerURLs []string
Tolerations []corev1.Toleration
}
// NewPod creates a new etcd Pod.
func NewPod(key client.ObjectKey, spec *Spec) *corev1.Pod {
obj := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Namespace: key.Namespace,
Name: key.Name,
},
}
UpdatePod(obj, spec)
return obj
}
// UpdatePodInPlace updates only the parts of an etcd Pod that can be changed
// immediately by an in-place update.
func UpdatePodInPlace(obj *corev1.Pod, spec *Spec) {
// Update labels and annotations, but ignore existing ones we don't set.
update.Labels(&obj.Labels, spec.Labels)
}
// UpdatePod updates all parts of an etcd Pod to match the desired state,
// including parts that are immutable.
// If anything actually changes, the Pod must be deleted and recreated as
// part of a rolling update in order to converge to the desired state.
func UpdatePod(obj *corev1.Pod, spec *Spec) {
// Update our own labels, but ignore existing ones we don't set.
update.Labels(&obj.Labels, spec.Labels)
// Update desired user labels.
update.Labels(&obj.Labels, spec.ExtraLabels)
// Update desired annotations.
update.Annotations(&obj.Annotations, spec.Annotations)
// Compute default environment variables first.
env := []corev1.EnvVar{
// Reference Values: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/maintenance.md#auto-compaction
{
Name: "ETCD_AUTO_COMPACTION_MODE",
Value: "revision",
},
{
Name: "ETCD_AUTO_COMPACTION_RETENTION",
Value: "1000",
},
{
Name: "ETCD_QUOTA_BACKEND_BYTES",
Value: "8589934592", // 8 * 1024 * 1024 * 1024 = 8GiB
},
{
Name: "ETCD_MAX_REQUEST_BYTES",
Value: "8388608", // 8 * 1024 * 1024 = 8MiB
},
{
Name: "ETCDCTL_API",
Value: "3",
},
}
// Apply user-provided environment variable overrides.
update.Env(&env, spec.ExtraEnv)
volumeMounts := []corev1.VolumeMount{
{
Name: dataVolumeName,
MountPath: dataVolumeMountPath,
SubPath: dataVolumeSubPath,
},
}
update.VolumeMounts(&volumeMounts, spec.ExtraVolumeMounts)
var securityContext *corev1.SecurityContext
if planetscalev2.DefaultEtcdRunAsUser >= 0 {
securityContext = &corev1.SecurityContext{
RunAsUser: ptr.To(planetscalev2.DefaultEtcdRunAsUser),
}
}
etcdContainer := &corev1.Container{
Name: etcdContainerName,
Image: spec.Image,
ImagePullPolicy: spec.ImagePullPolicy,
Command: []string{etcdCommand},
Args: spec.Args(),
SecurityContext: securityContext,
Ports: []corev1.ContainerPort{
{
Name: ClientPortName,
Protocol: corev1.ProtocolTCP,
ContainerPort: ClientPortNumber,
},
{
Name: PeerPortName,
Protocol: corev1.ProtocolTCP,
ContainerPort: PeerPortNumber,
},
},
ReadinessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
Exec: &corev1.ExecAction{
Command: []string{"etcdctl", "endpoint", "health"},
},
},
FailureThreshold: 3,
InitialDelaySeconds: 1,
PeriodSeconds: 5,
SuccessThreshold: 1,
TimeoutSeconds: 5,
},
LivenessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
Exec: &corev1.ExecAction{
Command: []string{"etcdctl", "endpoint", "status"},
},
},
FailureThreshold: 30,
InitialDelaySeconds: 300,
PeriodSeconds: 5,
SuccessThreshold: 1,
TimeoutSeconds: 5,
},
Env: env,
VolumeMounts: volumeMounts,
}
// Make a copy of Resources since it contains pointers.
update.ResourceRequirements(&etcdContainer.Resources, &spec.Resources)
update.Volumes(&obj.Spec.Volumes, []corev1.Volume{
{
Name: dataVolumeName,
VolumeSource: corev1.VolumeSource{
PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
ClaimName: spec.DataVolumePVCName,
},
},
},
})
update.Volumes(&obj.Spec.Volumes, spec.ExtraVolumes)
obj.Spec.Hostname = PodName(spec.LockserverName, spec.Index)
obj.Spec.Subdomain = PeerServiceName(spec.LockserverName)
obj.Spec.ImagePullSecrets = spec.ImagePullSecrets
if planetscalev2.DefaultEtcdFSGroup >= 0 {
if obj.Spec.SecurityContext == nil {
obj.Spec.SecurityContext = &corev1.PodSecurityContext{}
}
obj.Spec.SecurityContext.FSGroup = ptr.To(planetscalev2.DefaultEtcdFSGroup)
}
if planetscalev2.DefaultEtcdServiceAccount != "" {
obj.Spec.ServiceAccountName = planetscalev2.DefaultEtcdServiceAccount
}
// In both the case of the user injecting their own affinity and the default, we
// simply override the pod's existing affinity configuration.
if spec.Affinity != nil {
obj.Spec.Affinity = spec.Affinity
} else {
obj.Spec.Affinity = &corev1.Affinity{
// Try to spread the replicas across Nodes if possible.
PodAntiAffinity: &corev1.PodAntiAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{
{
Weight: 2,
PodAffinityTerm: corev1.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
LockserverLabel: spec.LockserverName,
},
},
TopologyKey: k8s.HostnameLabel,
},
},
},
},
}
if spec.Zone != "" {
// Limit to a specific zone.
obj.Spec.Affinity.NodeAffinity = &corev1.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{
NodeSelectorTerms: []corev1.NodeSelectorTerm{
{
MatchExpressions: []corev1.NodeSelectorRequirement{
{
Key: k8s.ZoneFailureDomainLabel,
Operator: corev1.NodeSelectorOpIn,
Values: []string{spec.Zone},
},
},
},
},
},
}
} else {
// If we're not limited to one zone, try to spread across zones.
paa := &obj.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution
*paa = append(*paa, corev1.WeightedPodAffinityTerm{
// Weight zone spreading as less important than node spreading.
Weight: 1,
PodAffinityTerm: corev1.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
LockserverLabel: spec.LockserverName,
},
},
TopologyKey: k8s.ZoneFailureDomainLabel,
},
})
}
}
update.Tolerations(&obj.Spec.Tolerations, spec.Tolerations)
// Use the PriorityClass we defined for etcd in deploy/priority.yaml,
// or a custom value if overridden in the operator command line.
if planetscalev2.DefaultVitessPriorityClass != "" {
obj.Spec.PriorityClassName = planetscalev2.DefaultVitessPriorityClass
}
// Make a final list of desired containers and init containers before merging.
initContainers := spec.InitContainers
containers := []corev1.Container{
*etcdContainer,
}
// Record hashes of desired label and annotation keys to force the Pod
// to be recreated if a key disappears from the desired list.
desiredStateHash := desiredstatehash.NewBuilder()
desiredStateHash.AddStringMapKeys("labels-keys", spec.ExtraLabels)
desiredStateHash.AddStringMapKeys("annotations-keys", spec.Annotations)
// Record a hash of desired containers to force the Pod to be recreated if
// something is removed from our desired state that we otherwise might
// mistake for an item added by the API server and leave behind.
desiredStateHash.AddContainersUpdates("init-containers", initContainers)
desiredStateHash.AddContainersUpdates("containers", containers)
// Record a hash of desired tolerations to force the Pod to be recreated if
// one disappears from the desired list.
desiredStateHash.AddTolerations("tolerations", spec.Tolerations)
// Add the final desired state hash annotation.
update.Annotations(&obj.Annotations, map[string]string{
desiredstatehash.Annotation: desiredStateHash.String(),
})
// Inject init containers from spec.
update.PodContainers(&obj.Spec.InitContainers, spec.InitContainers)
// Update sidecar containers we care about in the Pod template,
// ignoring other containers that may have been injected.
update.PodContainers(&obj.Spec.Containers, spec.SidecarContainers)
// Update the containers we care about in the Pod template,
// ignoring other containers that may have been injected.
update.PodContainers(&obj.Spec.Containers, containers)
}
// Args returns the etcd args.
func (spec *Spec) Args() []string {
hostname := PodName(spec.LockserverName, spec.Index)
subdomain := PeerServiceName(spec.LockserverName)
listenPeerURLs := fmt.Sprintf("http://0.0.0.0:%d", PeerPortNumber)
listenClientURLs := fmt.Sprintf("http://0.0.0.0:%d", ClientPortNumber)
advertiseClientURLs := fmt.Sprintf("http://%s.%s:%d", hostname, subdomain, ClientPortNumber)
// Use static bootstrapping.
initialClusterToken := spec.LockserverName
advertisePeerURLs := spec.AdvertisePeerURLs
// If peer URLs were not explicitly specified, generate them.
if len(advertisePeerURLs) != NumReplicas {
advertisePeerURLs = make([]string, 0, NumReplicas)
for i := 0; i < NumReplicas; i++ {
peerIndex := i + 1
peerName := PodName(spec.LockserverName, peerIndex)
advertisePeerURLs = append(advertisePeerURLs, fmt.Sprintf("http://%s.%s:%d", peerName, subdomain, PeerPortNumber))
}
}
// Set the address that this peer will advertise for itself.
initialAdvertisePeerURLs := advertisePeerURLs[spec.Index-1]
// Create list of peer addresses.
initialCluster := make([]string, 0, NumReplicas)
for i := 0; i < NumReplicas; i++ {
peerIndex := i + 1
peerName := PodName(spec.LockserverName, peerIndex)
initialCluster = append(initialCluster, fmt.Sprintf("%s=%s", peerName, advertisePeerURLs[i]))
}
flags := vitess.Flags{
"data-dir": dataVolumeMountPath,
"name": hostname,
"listen-peer-urls": listenPeerURLs,
"listen-client-urls": listenClientURLs,
"advertise-client-urls": advertiseClientURLs,
// All "initial-*" flags are ignored after bootstrapping.
"initial-cluster-state": "new",
"initial-cluster-token": initialClusterToken,
"initial-advertise-peer-urls": initialAdvertisePeerURLs,
"initial-cluster": strings.Join(initialCluster, ","),
}
// Apply user-supplied extra flags last so they take precedence.
for key, value := range spec.ExtraFlags {
// We told users in the CRD API field doc not to put any leading '-',
// but we are liberal in what we accept.
key = strings.TrimLeft(key, "-")
flags[key] = value
}
return flags.FormatArgs()
}