feat/static-pod-initialization (#125)

[GGh41th]

Description

Integrate with npd using a custom problem daemon to ensure that static pods are mirrored before scheduling on the node.

Related Issue

Fixes #125

Type of Change

/kind feature

Testing

Checklist

• [*] make test passes
• [*] make lint passes

Does this PR introduce a user-facing change?

Doc #(issue)

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: GGh41th / name: Ghaith Gtari (02900fb)

[netlify]

✅ Deploy Preview for node-readiness-controller ready!

Name	Link
🔨 Latest commit	02900fb
🔍 Latest deploy log	https://app.netlify.com/projects/node-readiness-controller/deploys/69b5646ba39d98000863b62b
😎 Deploy Preview	https://deploy-preview-142--node-readiness-controller.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: GGh41th
Once this PR has been reviewed and has the lgtm label, please assign mrunalp for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @GGh41th. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[GGh41th]

Seems like my local git config is messed , I'll fix it.

[GGh41th]

@ajaysundark I didn't go with the StaticPodsSynced condition name because NPD sets the status to False when the script is successful (0 exit code) , so i felt that i should go with a negative polarity condition (StaticPodsMissing,StaticPodsNotSynced,MirrorPodsMissing etc........).
Sure enough i can return 0 if the script wasn't successful and this way i will set the StaticPodsSynced to False , but i will lose control over the message field of the condition since it will be hardcoded in the conditons field of the custom plugin configuration.

[ajaysundark]

Thanks for the PR, @GGh41th , I'll get to it this week.

[AvineshTripathi]

Suggested change

	readonly UNKOWN=2
	readonly UNKNOWN=2

[AvineshTripathi]

Suggested change

	In this example, and since I have a 1-node Kind cluster, I will go the standalone way. Note that this is the default shipping method in GKE and AKS.
	In this example, and since we have a 1-node Kind cluster, we will go the standalone way. Note that this is the default shipping method in GKE and AKS.

[AvineshTripathi]

Note that this is the default shipping method in GKE and AKS.

Little confused here, do we know why this is a default method for GKE and AKS and why not Helm? Just out of curiosity

[GGh41th]

It's not explicitly stated, but from my understanding they deploy it that way because you'll need to bake whatever dependencies your problem daemons might need into the npd image, which is inconvenient for a program you intend to ship as a default add on. So instead they deploy it as a systemd service and it's up to users to install whatever they need on the node.
If you feel that the comment is unecessary I can remove it.

[AvineshTripathi]

this part looks redundant; can we make a common function and pass arguments to get similar behavior

[AvineshTripathi]

Suggested change

	NAMESPACE=$($YQ_PATH -r '.metadata.namespace // "default"' $1 | head -1)
	NAMESPACE=$($YQ_PATH -r '.metadata.namespace // "kube-system"' $1 | head -1)

[GGh41th]

Here I'm just parsing the static pods manifests, if a namespace wasn't specified then the pod will be created in the default namespace, that's why m defaulting to that.

[AvineshTripathi]

Suggested change

	NAMESPACE=$($JQ_PATH -r '.metadata.namespace // "default"' $1)
	NAMESPACE=$($JQ_PATH -r '.metadata.namespace // "kube-system"' $1)

[GGh41th]

Same as above

[AvineshTripathi]

Suggested change

	"message": "all mirros pods were created"
	"message": "all mirror pods were created"

[AvineshTripathi]

Suggested change

	"message": "all mirros pods were created"
	"message": "all mirror pods were created"

[Priyankasaggu11929]

Thanks for the PR @GGh41th.

I have left a few in-line suggestions to make the example a bit more easy to test and consume (more like automating the many manual steps we have right now).

I was trying to test the PR locally, and was playing around with what I suggested in my comments. I've pushed them here (if you want to reference)- Priyankasaggu11929@6f0e788

[Priyankasaggu11929]

I suggest that we deploy NPD as a daemonset.

And store - (i) the NPD custom plugin (staticpods-syncer.json) content and (ii) the script with your actual logic for checking static/mirror pods, both inside a configmap maybe.

Right now, I see in the README documentation, you have suggested 2 ways of deploying NPD - IMO, we leave that to the NPD project documentation itself, and we can just include the above 2 "ready-to-use" yaml files in our example (will make it easier for the user)

[Priyankasaggu11929]

Similar to what I suggest here - https://github.com/kubernetes-sigs/node-readiness-controller/pull/142/changes#r2912619130, much of the logic of this script can go in the configmap yaml

And whatever extra tools (like from your example - kubectl, yq, jq) we need on top of the NPD container image, let's install them in an init container inside the daemonset.

[Priyankasaggu11929]

This looks like repetitive to your changes here - https://github.com/GGh41th/node-readiness-controller/blob/e0463ce0bce4dab8499e48e4f8e65eb9c55f5de2/examples/staticpods-readiness/staticpods-syncer.json

same suggestion - https://github.com/kubernetes-sigs/node-readiness-controller/pull/142/changes#r2912619130

this can go in the configmap yaml

[GGh41th]

Thanks for the suggestions, we surely can automate a lot of this stuff, I'll use your commit as a reference.

[Priyankasaggu11929]

/ok-to-test

[GGh41th]

Thanks for the comments everyone, I will try to make the changes as soon as I can.

[GGh41th]

cc @Priyankasaggu11929, I tried to automate the process a bit, I wanted to use NPD's helm chart for that, but since I couldn't override the initContainers via the Values.yaml I followed your suggestion.
In your reference you have pre-tainted the worker node which would prevent the NRC controller pod from getting scheduled, so instead I deployed NRC then i tainted the node, to avoid adding tolerations to the NRC deployment manifest.