Use sha256 hash to decide whether to replace pods

Author: russgold

model/src/main/java/oracle/kubernetes/weblogic/domain/v2/DomainV2Configurator.java

@@ -28,7 +28,7 @@ public DomainConfigurator createFor(Domain domain) {
 
   public DomainV2Configurator() {}
 
-  public DomainV2Configurator(@Nonnull Domain domain) {
+  DomainV2Configurator(@Nonnull Domain domain) {
     super(domain);
     setApiVersion(domain);
   }
@@ -93,26 +93,20 @@ public DomainConfigurator withConfigOverrides(String configMapName) {
   }
 
   @Override
-  /**
-   * Sets the WebLogic configuration overrides secret names for the domain
-   *
-   * @param secretNames a list of secret names
-   * @return this object
-   */
   public DomainConfigurator withConfigOverrideSecrets(String... secretNames) {
     getDomainSpec().setConfigOverrideSecrets(Arrays.asList(secretNames));
     return this;
   }
 
   @Override
   public DomainConfigurator withPodLabel(String name, String value) {
-    ((BaseConfiguration) getDomainSpec()).addPodLabel(name, value);
+    getDomainSpec().addPodLabel(name, value);
     return this;
   }
 
   @Override
   public DomainConfigurator withPodAnnotation(String name, String value) {
-    ((BaseConfiguration) getDomainSpec()).addPodAnnotation(name, value);
+    getDomainSpec().addPodAnnotation(name, value);
     return this;
   }
 

operator/src/main/java/oracle/kubernetes/operator/helpers/AnnotationHelper.java

@@ -1,13 +1,18 @@
-// Copyright 2017, 2018, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Copyright 2017, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
 // Licensed under the Universal Permissive License v 1.0 as shown at
 // http://oss.oracle.com/licenses/upl.
 
 package oracle.kubernetes.operator.helpers;
 
 import io.kubernetes.client.models.V1ObjectMeta;
+import io.kubernetes.client.models.V1Pod;
+import io.kubernetes.client.util.Yaml;
+import org.apache.commons.codec.digest.DigestUtils;
 
 /** Annotates pods, services with details about the Domain instance and checks these annotations. */
 public class AnnotationHelper {
+  static final String SHA256_ANNOTATION = "weblogic.sha256";
+
   /**
    * Marks metadata with annotations that let Prometheus know how to retrieve metrics from the
    * wls-exporter web-app. The specified httpPort should be the listen port of the WebLogic server
@@ -16,10 +21,23 @@ public class AnnotationHelper {
    * @param meta Metadata
    * @param httpPort HTTP listen port
    */
-  public static void annotateForPrometheus(V1ObjectMeta meta, int httpPort) {
+  static void annotateForPrometheus(V1ObjectMeta meta, int httpPort) {
     meta.putAnnotationsItem(
         "prometheus.io/port", "" + httpPort); // should be the ListenPort of the server in the pod
     meta.putAnnotationsItem("prometheus.io/path", "/wls-exporter/metrics");
     meta.putAnnotationsItem("prometheus.io/scrape", "true");
   }
+
+  static V1Pod withSha256Hash(V1Pod pod) {
+    pod.getMetadata().putAnnotationsItem(SHA256_ANNOTATION, computeHash(pod));
+    return pod;
+  }
+
+  static String computeHash(V1Pod pod) {
+    return DigestUtils.sha256Hex(Yaml.dump(pod));
+  }
+
+  static String getHash(V1Pod pod) {
+    return pod.getMetadata().getAnnotations().get(SHA256_ANNOTATION);
+  }
 }

operator/src/main/java/oracle/kubernetes/operator/helpers/PodCompatibility.java

@@ -16,8 +16,6 @@
 import io.kubernetes.client.models.V1PodSpec;
 import io.kubernetes.client.models.V1Probe;
 import io.kubernetes.client.models.V1ResourceRequirements;
-import io.kubernetes.client.models.V1Volume;
-import io.kubernetes.client.models.V1VolumeMount;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -28,14 +26,13 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
-import java.util.stream.Collectors;
 import oracle.kubernetes.operator.LabelConstants;
 
 /** A class which defines the compatability rules for existing vs. specified pods. */
 class PodCompatibility extends CollectiveCompatibility {
-  PodCompatibility(V1Pod expected, V1Pod actual, List<String> volumesToIgnore) {
+  PodCompatibility(V1Pod expected, V1Pod actual) {
     add(new PodMetadataCompatibility(expected.getMetadata(), actual.getMetadata()));
-    add(new PodSpecCompatibility(expected.getSpec(), actual.getSpec(), volumesToIgnore));
+    add(new PodSpecCompatibility(expected.getSpec(), actual.getSpec()));
   }
 
   static class PodMetadataCompatibility extends CollectiveCompatibility {
@@ -101,25 +98,15 @@ public String getIncompatibility() {
   }
 
   static class PodSpecCompatibility extends CollectiveCompatibility {
-    private List<String> volumesToIgnore;
 
-    PodSpecCompatibility(V1PodSpec expected, V1PodSpec actual, List<String> volumesToIgnore) {
-      this.volumesToIgnore = volumesToIgnore;
+    PodSpecCompatibility(V1PodSpec expected, V1PodSpec actual) {
       add("securityContext", expected.getSecurityContext(), actual.getSecurityContext());
       add(new EqualsMaps<>("nodeSelector", expected.getNodeSelector(), actual.getNodeSelector()));
-      addSets("volumes", expected.getVolumes(), relevantVolumes(actual.getVolumes()));
+      addSets("volumes", expected.getVolumes(), actual.getVolumes());
       addSets("imagePullSecrets", expected.getImagePullSecrets(), actual.getImagePullSecrets());
       addContainerChecks(expected.getContainers(), actual.getContainers());
     }
 
-    private List<V1Volume> relevantVolumes(List<V1Volume> volumes) {
-      if (volumes == null) return volumes;
-      return volumes
-          .stream()
-          .filter(m -> !volumesToIgnore.contains(m.getName()))
-          .collect(Collectors.toList());
-    }
-
     private void addContainerChecks(
         List<V1Container> expectedContainers, List<V1Container> actualContainers) {
       Map<String, V1Container> expected = createMap(expectedContainers);
@@ -142,7 +129,7 @@ private void addContainerChecks(
 
     private ContainerCompatibility createCompatibilityCheck(
         V1Container expected, V1Container actual) {
-      return new ContainerCompatibility(expected, actual, volumesToIgnore);
+      return new ContainerCompatibility(expected, actual);
     }
 
     private Map<String, V1Container> createMap(List<V1Container> containers) {
@@ -156,10 +143,8 @@ private Map<String, V1Container> createMap(List<V1Container> containers) {
 
   static class ContainerCompatibility extends CollectiveCompatibility {
     private final String name;
-    private List<String> volumesToIgnore;
 
-    ContainerCompatibility(V1Container expected, V1Container actual, List<String> volumesToIgnore) {
-      this.volumesToIgnore = volumesToIgnore;
+    ContainerCompatibility(V1Container expected, V1Container actual) {
       this.name = expected.getName();
 
       add("image", expected.getImage(), actual.getImage());
@@ -168,7 +153,7 @@ static class ContainerCompatibility extends CollectiveCompatibility {
       add(new Probes("liveness", expected.getLivenessProbe(), actual.getLivenessProbe()));
       add(new Probes("readiness", expected.getReadinessProbe(), actual.getReadinessProbe()));
       add(new EqualResources(expected.getResources(), actual.getResources()));
-      addSets("volumeMounts", expected.getVolumeMounts(), relevantMounts(actual.getVolumeMounts()));
+      addSets("volumeMounts", expected.getVolumeMounts(), actual.getVolumeMounts());
       addSets("ports", expected.getPorts(), actual.getPorts());
       addSets("env", expected.getEnv(), actual.getEnv());
       addSets("envFrom", expected.getEnvFrom(), actual.getEnvFrom());
@@ -183,14 +168,6 @@ String getHeader() {
     String getIndent() {
       return "  ";
     }
-
-    private List<V1VolumeMount> relevantMounts(List<V1VolumeMount> volumeMounts) {
-      if (volumeMounts == null) return volumeMounts;
-      return volumeMounts
-          .stream()
-          .filter(m -> !volumesToIgnore.contains(m.getName()))
-          .collect(Collectors.toList());
-    }
   }
 
   static class Mismatch implements CompatibilityCheck {

operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java

@@ -31,7 +31,6 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Optional;
 import javax.json.Json;
 import javax.json.JsonPatchBuilder;
@@ -92,7 +91,7 @@ private void createSubstitutionMap() {
     substitutionVariables.put("ADMIN_PORT", getAsPort().toString());
   }
 
-  private V1Pod getPodModel() {
+  V1Pod getPodModel() {
     return podModel;
   }
 
@@ -168,10 +167,6 @@ private String getLogHome() {
     return getDomain().getLogHome();
   }
 
-  protected boolean isDomainHomeInImage() {
-    return getDomain().isDomainHomeInImage();
-  }
-
   private String getEffectiveLogHome() {
     if (!getDomain().getLogHomeEnabled()) return null;
     String logHome = getLogHome();
@@ -280,7 +275,15 @@ private Step deletePod(Step next) {
    * @return a step to be scheduled.
    */
   Step createPod(Step next) {
-    return new CallBuilder().createPodAsync(getNamespace(), getPodModel(), createResponse(next));
+    return createPodAsync(createResponse(next));
+  }
+
+  private Step createPodAsync(ResponseStep<V1Pod> response) {
+    return new CallBuilder().createPodAsync(getNamespace(), getPodModelWithChecksum(), response);
+  }
+
+  private V1Pod getPodModelWithChecksum() {
+    return AnnotationHelper.withSha256Hash(getPodModel());
   }
 
   /**
@@ -298,7 +301,7 @@ Step createPod(Step next) {
    * @return a step to be scheduled.
    */
   private Step replacePod(Step next) {
-    return new CallBuilder().createPodAsync(getNamespace(), getPodModel(), replaceResponse(next));
+    return createPodAsync(replaceResponse(next));
   }
 
   private Step patchCurrentPod(V1Pod currentPod, Step next) {
@@ -364,47 +367,15 @@ private boolean mustPatchPod(V1Pod currentPod) {
   }
 
   private boolean canUseCurrentPod(V1Pod currentPod) {
-    List<String> ignoring = getVolumesToIgnore(currentPod);
-
-    PodCompatibility compatibility = new PodCompatibility(getPodModel(), currentPod, ignoring);
-    return compatibility.isCompatible();
+    return AnnotationHelper.getHash(getPodModel()).equals(AnnotationHelper.getHash(currentPod));
   }
 
   private String getReasonToRecycle(V1Pod currentPod) {
-    List<String> ignoring = getVolumesToIgnore(currentPod);
 
-    PodCompatibility compatibility = new PodCompatibility(getPodModel(), currentPod, ignoring);
+    PodCompatibility compatibility = new PodCompatibility(getPodModel(), currentPod);
     return compatibility.getIncompatibility();
   }
 
-  private static List<String> getVolumesToIgnore(V1Pod current) {
-    List<String> k8sVolumeNames = new ArrayList<>();
-    for (V1Container container : getContainers(current))
-      for (V1VolumeMount mount : getVolumeMounts(container))
-        if (PodDefaults.K8S_SERVICE_ACCOUNT_MOUNT_PATH.equals(mount.getMountPath()))
-          k8sVolumeNames.add(mount.getName());
-
-    return k8sVolumeNames;
-  }
-
-  private static List<V1Container> getContainers(V1Pod current) {
-    return Optional.ofNullable(current.getSpec().getContainers()).orElse(Collections.emptyList());
-  }
-
-  private static List<V1VolumeMount> getVolumeMounts(V1Container container) {
-    return Optional.ofNullable(container.getVolumeMounts()).orElse(Collections.emptyList());
-  }
-
-  private static boolean isRestartVersionValid(V1ObjectMeta build, V1ObjectMeta current) {
-    return isLabelSame(build, current, LabelConstants.DOMAINRESTARTVERSION_LABEL)
-        && isLabelSame(build, current, LabelConstants.CLUSTERRESTARTVERSION_LABEL)
-        && isLabelSame(build, current, LabelConstants.SERVERRESTARTVERSION_LABEL);
-  }
-
-  private static boolean isLabelSame(V1ObjectMeta build, V1ObjectMeta current, String labelName) {
-    return Objects.equals(build.getLabels().get(labelName), current.getLabels().get(labelName));
-  }
-
   private class VerifyPodStep extends Step {
 
     VerifyPodStep(Step next) {
@@ -602,16 +573,36 @@ public NextAction onSuccess(
   // ---------------------- model methods ------------------------------
 
   private V1Pod createPodModel() {
+    return withPatchableElements(AnnotationHelper.withSha256Hash(createPodRecipe()));
+  }
+
+  // Adds labels and annotations to a pod, skipping any whose names begin with "weblogic."
+  private V1Pod withPatchableElements(V1Pod pod) {
+    V1ObjectMeta metadata = pod.getMetadata();
+    getPodLabels()
+        .entrySet()
+        .stream()
+        .filter(PodStepContext::isCustomerItem)
+        .forEach(e -> metadata.putLabelsItem(e.getKey(), e.getValue()));
+    getPodAnnotations()
+        .entrySet()
+        .stream()
+        .filter(PodStepContext::isCustomerItem)
+        .forEach(e -> metadata.putAnnotationsItem(e.getKey(), e.getValue()));
+    return pod;
+  }
+
+  private static boolean isCustomerItem(Map.Entry<String, String> entry) {
+    return !entry.getKey().startsWith("weblogic.");
+  }
+
+  // Creates a pod model containing elements which are not patchable.
+  private V1Pod createPodRecipe() {
     return new V1Pod().metadata(createMetadata()).spec(createSpec(TuningParameters.getInstance()));
   }
 
   protected V1ObjectMeta createMetadata() {
     V1ObjectMeta metadata = new V1ObjectMeta().name(getPodName()).namespace(getNamespace());
-    // Add custom labels
-    getPodLabels().forEach(metadata::putLabelsItem);
-
-    // Add internal labels. This will overwrite any custom labels that conflict with internal
-    // labels.
     metadata
         .putLabelsItem(LabelConstants.RESOURCE_VERSION_LABEL, DEFAULT_DOMAIN_VERSION)
         .putLabelsItem(LabelConstants.DOMAINUID_LABEL, getDomainUID())
@@ -625,9 +616,6 @@ LabelConstants.CLUSTERRESTARTVERSION_LABEL, getServerSpec().getClusterRestartVer
         .putLabelsItem(
             LabelConstants.SERVERRESTARTVERSION_LABEL, getServerSpec().getServerRestartVersion());
 
-    // Add custom annotations
-    getPodAnnotations().forEach(metadata::putAnnotationsItem);
-
     // Add prometheus annotations. This will overwrite any custom annotations with same name.
     AnnotationHelper.annotateForPrometheus(metadata, getDefaultPort());
     return metadata;

operator/src/main/java/oracle/kubernetes/operator/wlsconfig/WlsServerConfig.java

@@ -1,4 +1,4 @@
-// Copyright 2017, 2018, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Copyright 2017, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
 // Licensed under the Universal Permissive License v 1.0 as shown at
 // http://oss.oracle.com/licenses/upl.
 
@@ -91,6 +91,11 @@ public List<NetworkAccessPoint> getNetworkAccessPoints() {
     return networkAccessPoints;
   }
 
+  public void addNetworkAccessPoint(NetworkAccessPoint networkAccessPoint) {
+    if (networkAccessPoints == null) networkAccessPoints = new ArrayList<>();
+    networkAccessPoints.add(networkAccessPoint);
+  }
+
   public String getClusterName() {
     return this.clusterName;
   }
@@ -107,6 +112,10 @@ public void setAdminPort(Integer adminPort) {
     this.adminPort = adminPort;
   }
 
+  public void setListenPort(Integer listenPort) {
+    this.listenPort = listenPort;
+  }
+
   public boolean isAdminPortEnabled() {
     return adminPort != null;
   }