Adjust kube-apiserver anchor readiness

To avoid cycling the pods in the anchor daemonset too quickly, only
consider a kubernetes-apiserver-anchor pod ready if:
- it created the static manifest kubernetes-apiserver.yaml
- the kubernetes-apiserver pod on the same host is ready

Change-Id: I53dd1c044332946eeb965f07ae828910f00b04c6
This commit is contained in:
Phil Sphicas 2021-08-09 06:30:45 +00:00
parent 3e28b0ee2d
commit 41b3ad3dbb
3 changed files with 8 additions and 0 deletions

View File

@ -26,6 +26,8 @@ snapshot_files() {
cp "/tmp/etc/{{ $val.file }}" "${SNAPSHOT_DIR}/etc/kubernetes/apiserver/{{ $val.file }}"
{{- end }}
{{- end }}
# annotate the static manifest with the name of the creating anchor pod
sed -i "/created-by: /s/ANCHOR_POD/${POD_NAME}/" "${SNAPSHOT_DIR}{{ .Values.anchor.kubelet.manifest_path }}/kubernetes-apiserver.yaml"
}
compare_copy_files() {

View File

@ -69,6 +69,10 @@ spec:
value: /host{{ .Values.anchor.kubelet.manifest_path }}/{{ .Values.service.name }}.yaml
- name: PKI_PATH
value: /host{{ .Values.apiserver.host_etc_path }}/pki
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command: ["/bin/sh","-c"]
args: ["/tmp/bin/anchor"]
lifecycle:
@ -83,6 +87,7 @@ spec:
- /bin/bash
- -c
- |-
grep -q "created-by: ${POD_NAME}" "${MANIFEST_PATH}" || exit 1
if [ ! -f /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem ]; then
cat /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-key.pem <(echo) /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver.pem > /host{{ .Values.apiserver.host_etc_path }}/pki/apiserver-both.pem
fi

View File

@ -66,6 +66,7 @@ metadata:
{{ tuple $envAll "kubernetes" "apiserver" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
{{ $envAll | include "kubernetes_apiserver.key_annotation" }}
created-by: ANCHOR_POD
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: