feat/static-pod-initialization (#125)

Integrate with npd using a custom problem daemon to ensure that
static pods are mirrored before scheduling on the node.

Author: Ghaith Gtari

examples/staticpods-readiness/README.md

@@ -0,0 +1,61 @@
+# Node Readiness Examples (Static Pods)
+
+This example demonstrates how NRC can be used alongside [NPD (Node Problem Detector)](https://github.com/kubernetes/node-problem-detector) to make sure that all static pods are mirrored in the API server to avoid over-committing issues. See [#115325](https://github.com/kubernetes/kubernetes/issues/115325), [#47264](https://github.com/kubernetes/website/issues/47264), and [#126870](https://github.com/kubernetes/kubernetes/pull/126870) for reference.
+
+## Deployment Steps
+
+1. Deploy a testing cluster if you haven't already. For this example we are using a Kubernetes 1.35 Kind cluster.
+   We need to also mount our problem daemon script and its respective config. On Kind this can be done using this config:
+
+   ```yaml
+   kind: Cluster
+   apiVersion: kind.x-k8s.io/v1alpha4
+   nodes:
+     # This is a 1 cluster node for testing purposes
+   - role: control-plane
+     extraMounts:
+      - hostPath: /path/to/check-staticpods-synced.sh
+        containerPath: /opt/check-staticpods-synced.sh
+      - hostPath: /path/to/staticpods-syncer.json
+        containerPath: /opt/staticpods-syncer.json
+      - hostPath: /path/to/staticPodsManifestsDir
+        containerPath: /etc/kubernetes/manifests
+   ```
+
+2. Install NRC and apply the node readiness rule:
+
+   ```bash
+   kubectl apply -f nrr.yaml
+   ```
+
+3. Deploy NPD, either as a DaemonSet using the official Helm chart, or in standalone mode. Keep in mind that if you are going to go the Helm way, you need to modify the NPD image to include the binaries that your script depends on (in our case, we need `curl` and `kubectl`), or download them in your script (this is not recommended since you'll have to set a high timeout in the custom plugin monitor config, at least for the initial script run).
+
+   ### Standalone Mode
+
+   In this example, and since I have a 1-node Kind cluster, I will go the standalone way. Note that this is the default shipping method in GKE and AKS.
+
+   ```bash
+   # Exec into your kind node
+   docker exec -it container_id bash
+
+   # Download NPD (change the arch if you are working on arm!)
+   curl -LO https://github.com/kubernetes/node-problem-detector/releases/download/v1.35.2/node-problem-detector-v1.35.2-linux_amd64.tar.gz
+   mkdir /opt/npd && tar -xf node-problem-detector-v1.35.2-linux_amd64.tar.gz -C /opt/npd && rm -f node-problem-detector-v1.35.2-linux_amd64.tar.gz
+
+   # Start NPD with the custom problem daemon
+   /opt/npd/bin/node-problem-detector \
+     --apiserver-override="https://127.0.0.1:6443?inClusterConfig=false&auth=/etc/kubernetes/admin.conf" \
+     --config.custom-plugin-monitor=/opt/staticpods-syncer.json
+   ```
+
+   ### Using Helm
+
+   Use the `values.yaml` file to override the default Helm values, and don't forget to add the required binaries to the NPD image (`curl`, `kubectl`).
+
+   ```bash
+   helm repo add deliveryhero https://charts.deliveryhero.io/
+   helm repo update
+   helm install --generate-name deliveryhero/node-problem-detector -f values.yaml
+   ```
+
+   > **Note:** For a more robust and reliable version of the shell script, you can check this [standalone binary](https://github.com/GGh41th/NPD-staticpods-syncer).

examples/staticpods-readiness/check-staticpods-synced.sh

@@ -0,0 +1,184 @@
+#!/bin/bash
+
+# Copyright The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This script will check that all static pods are mirrored in the
+# API server.
+
+# Exit code constants
+readonly OK=0
+readonly NONOK=1
+readonly UNKOWN=2
+
+function usage {
+    echo ""
+    echo "Usage: $0 --staticPodsDir"
+    echo ""
+    echo "Check if all static pods are mirrored in the Api server"
+    echo ""
+    echo "options:"
+    echo -e "\t--staticPodsDir\t Path of static pods manifests (Default: /etc/kubernetes/manifests)"
+    exit $UNKOWN
+}
+
+function die {
+    echo $1
+    exit $2
+}
+
+STATIC_PODS_DIR="/etc/kubernetes/manifests"
+NODE_NAME=$(hostname)
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --staticPodsDir) STATIC_PODS_DIR=$2; shift ;;
+        -h|--help) usage ;;
+        *) die "Unknown option: $1" $UNKNOWN ;;
+    esac
+done
+
+
+
+YQ_VERSION="v4.52.4"
+YQ_PATH="/opt/yq"
+
+JQ_VERSION="jq-1.8.1"
+JQ_PATH="/opt/jq"
+
+
+if [ ! -f "$YQ_PATH" ]; then 
+
+    echo "yq not found at $YQ_PATH, downloading..."
+    OS=$(uname -s | tr [:upper:] [:lower:])
+    ARCH=$(uname -m)
+
+    case $ARCH in 
+        x86_64)
+            ARCH="amd64"
+            ;;
+
+        arm|aarch64)
+            ARCH="arm64"
+            ;;
+
+        # This script is for demonstration purposes , YQ supports 
+        # the majority of archs , add case statements as desired.
+        *) 
+            echo "Unsupported Arch: $ARCH"
+            exit $UNKOWN
+    esac
+
+    YQ_BINARY="yq_${OS}_${ARCH}"
+
+    curl -sL  "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/$YQ_BINARY" -o "$YQ_PATH"
+    chmod +x "$YQ_PATH"
+
+fi
+
+
+
+if [ ! -f "$JQ_PATH" ]; then 
+
+    echo "jq not found at $JQ_PATH, downloading..."
+    OS=$(uname -s | tr [:upper:] [:lower:])
+    ARCH=$(uname -m)
+
+    case $ARCH in 
+        x86_64)
+            ARCH="amd64"
+            ;;
+
+        arm|aarch64)
+            ARCH="arm64"
+            ;;
+
+        # This script is for demonstration purposes , YQ supports 
+        # the majority of archs , add case statements as desired.
+        *) 
+            echo "Unsupported Arch: $ARCH"
+            exit $UNKOWN
+    esac
+
+    JQ_BINARY="jq-${OS}-${ARCH}"
+
+    curl -sL  "https://github.com/jqlang/jq/releases/download/$JQ_VERSION/$JQ_BINARY" -o "$JQ_PATH"
+    chmod +x "$JQ_PATH"
+
+fi
+
+parse_json_manifest() {
+
+    # The yaml file might be a multi-document yaml , but given that kubelet
+    # only reads the first document we will skip the rest.
+    NAME=$($JQ_PATH -r '.metadata.name' $1) 
+    NAMESPACE=$($JQ_PATH -r '.metadata.namespace // "default"' $1) 
+
+    # if NAME is empty , we'll suppose that the file is 
+    # syntaxically incorrect and exit.
+    if [ "$NAME" = "" ];then 
+       echo "manifest $1 is invalid"
+       exit $UNKNOWN
+    fi
+
+    FNAME="$NAME-$NODE_NAME"
+
+    RESULT=$(kubectl get pod "$FNAME" -n "$NAMESPACE" -o=jsonpath='{.metadata.name}' 2>/dev/null)
+    if [ "$RESULT" = "" ];then
+        echo "Static pod $FNAME is missing a mirror pod"
+        exit "$NONOK"
+    fi
+}
+
+
+parse_yaml_manifest() {
+
+    NAME=$($YQ_PATH -r '.metadata.name' $1 | head -1) 
+    NAMESPACE=$($YQ_PATH -r '.metadata.namespace // "default"' $1 | head -1)
+
+    # if NAME is empty , we'll suppose that the file is 
+    # syntaxically incorrect and exit.
+    if [ "$NAME" = "" ];then 
+        echo "manifest $1 is invalid"
+        exit $UNKNOWN
+    fi
+
+    FNAME="$NAME-$NODE_NAME"
+
+    RESULT=$(kubectl get pod "$FNAME" -n "$NAMESPACE" -o=jsonpath='{.metadata.name}' 2>/dev/null)
+    if [ "$RESULT" = "" ];then
+        echo "Static pod $FNAME is missing a mirror pod"
+        exit "$NONOK"
+    fi
+}
+
+for file in "$STATIC_PODS_DIR"/*
+do
+    # we read the first non blank line , if it starts with '{'
+    # after trimming then it's json , otherwise we will consider it
+    # as yaml. (It's not 100% accurate , but it's a good guess work).
+
+    # we read the first line and strip the leading whitespaces
+    fline=$(grep -m 1 . $file | awk '{$1=$1};1')
+
+    fchar="${fline:0:1}"
+    if [ $fchar = "{" ]; then
+        parse_json_manifest "$file"    
+    else
+        parse_yaml_manifest "$file"
+    fi
+
+done
+exit $OK

examples/staticpods-readiness/nrr.yaml

@@ -0,0 +1,16 @@
+apiVersion: readiness.node.x-k8s.io/v1alpha1
+kind: NodeReadinessRule
+metadata:
+  name: static-pods-readiness-rule
+spec:
+  nodeSelector:
+    matchLabels: {}
+  conditions:
+    - type: "StaticPodsMissing"
+      requiredStatus: "False"
+
+  taint:
+    key: "readiness.k8s.io/StaticPodsMissing"
+    effect: "NoSchedule"
+
+  enforcementMode: "bootstrap-only"

examples/staticpods-readiness/staticpods-syncer.json

@@ -0,0 +1,25 @@
+{
+  "plugin": "custom",
+  "pluginconfig": {
+    "invoke_interval": "1m",
+    "timeout": "1m",
+    "max_output_length": 80,
+    "concurrency": 1
+  },
+  "source": "staticpods-custom-plugin-monitor",
+  "conditions": [
+    {
+      "type": "StaticPodsMissing",
+      "reason": "mirrorpodsfound",
+      "message": "all mirros pods were created"
+    }
+  ],
+  "rules": [
+    {
+      "type": "permanent",
+      "condition": "StaticPodsMissing",
+      "reason": "mirrorpodmissing",
+      "path": "/opt/check-staticpods-synced.sh"
+    }
+  ]
+}

examples/staticpods-readiness/values.yaml

@@ -0,0 +1,47 @@
+# Use this file to override the values provided by the helm chart.
+
+# If you need specific binaries in your npd container , use the 
+# npd image as a base image , then add your desired binaries.
+# image: npd_custom_image
+
+extraVolumes:
+- name: static-pod-syncer
+  hostPath:
+    path: /opt/check-staticpods-synced.sh
+    type: File
+
+extraVolumeMounts:
+- name: static-pod-syncer
+  mountPath: /opt/check-staticpods-synced.sh
+
+settings:
+  custom_monitor_definitions:
+    staticpods-syncer.json: |
+      {
+        "plugin": "custom",
+        "pluginconfig": {
+          "invoke_interval": "1m",
+          "timeout": "1m",
+          "max_output_length": 80,
+          "concurrency": 1
+        },
+        "source": "staticpods-custom-plugin-monitor",
+        "conditions": [
+          {
+            "type": "StaticPodsMissing",
+            "reason": "mirrorpodsfound",
+            "message": "all mirros pods were created"
+          }
+        ],
+        "rules": [
+          {
+            "type": "permanent",
+            "condition": "StaticPodsMissing",
+            "reason": "mirrorpodmissing",
+            "path": "/opt/check-staticpods-synced.sh"
+          }
+        ]
+      }
+
+  custom_plugin_monitors:
+  - /custom-config/staticpods-syncer.json