Merge pull request #145 from oracle/probes-and-scripts

Create shared domain scripts config map and use for liveness and readiness probes

Author: rjeberhard

kubernetes/internal/domain-job-template.yaml

@@ -208,37 +208,6 @@ data:
 
       checkFileExists ${pyFile}
 
-      # Create a liveness probe script. It checks a WL server state file maintained by the node manager.
-      # The script and 'EOF' on the following lines must not be indented!
-
-      scriptFile=${nmdir}/livenessProbe.sh
-
-    cat << EOF > $scriptFile
-    #!/bin/bash
-
-    # Kubernetes periodically calls this liveness probe script to determine whether
-    # the pod should be restarted. The script checks a WebLogic Server state file which
-    # is updated by the node manager.
-
-    STATEFILE=${stateFile}
-
-    if [ \`jps -l | grep -c " weblogic.NodeManager"\` -eq 0 ]; then
-      echo "Error: WebLogic NodeManager process not found."
-      exit 1
-    fi
-
-    if [ -f \${STATEFILE} ] && [ \`grep -c "FAILED_NOT_RESTARTABLE" \${STATEFILE}\` -eq 1 ]; then
-      echo "Error: WebLogic Server FAILED_NOT_RESTARTABLE."
-      exit 1
-    fi
-
-    echo "Info: Probe check passed."
-    exit 0
-    EOF
-
-      checkFileExists ${scriptFile}
-      chmod +x ${scriptFile}
-
     }
 
     # Function to create script for stopping a server

kubernetes/internal/generate-security-policy.sh

@@ -181,8 +181,17 @@ rules:
 - apiGroups: [""]
   resources: ["secrets", "persistentvolumeclaims"]
   verbs: ["get", "list", "watch"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
-  resources: ["services", "pods", "networkpolicies"]
+  resources: ["services", "configmaps", "pods", "jobs", "events"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["settings.k8s.io"]
+  resources: ["podpresets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies", "networkpolicies"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
 ---
 EOF

src/main/java/oracle/kubernetes/operator/ConfigMapWatcher.java

@@ -0,0 +1,97 @@
+// Copyright 2018, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+
+package oracle.kubernetes.operator;
+
+import io.kubernetes.client.ApiException;
+import io.kubernetes.client.models.V1ConfigMap;
+import io.kubernetes.client.util.Watch;
+import oracle.kubernetes.operator.builders.WatchBuilder;
+import oracle.kubernetes.operator.builders.WatchI;
+import oracle.kubernetes.operator.helpers.ClientHelper;
+import oracle.kubernetes.operator.helpers.ClientHolder;
+import oracle.kubernetes.operator.watcher.Watcher;
+import oracle.kubernetes.operator.watcher.Watching;
+import oracle.kubernetes.operator.watcher.WatchingEventDestination;
+
+import java.util.concurrent.atomic.AtomicBoolean;
+
+/**
+ * This class handles ConfigMap watching. It receives config map change events and sends
+ * them into the operator for processing.
+ */
+public class ConfigMapWatcher implements Runnable {
+  private final String ns;
+  private final String initialResourceVersion;
+  private final WatchingEventDestination<V1ConfigMap> destination;
+  private final AtomicBoolean isStopping;
+  
+  public static ConfigMapWatcher create(String ns, String initialResourceVersion, WatchingEventDestination<V1ConfigMap> destination, AtomicBoolean isStopping) {
+    ConfigMapWatcher dlw = new ConfigMapWatcher(ns, initialResourceVersion, destination, isStopping);
+    Thread thread = new Thread(dlw);
+    thread.setName("Thread-ConfigMapWatcher-" + ns);
+    thread.setDaemon(true);
+    thread.start();
+    return dlw;
+  }
+
+  private ConfigMapWatcher(String ns, String initialResourceVersion, WatchingEventDestination<V1ConfigMap> destination, AtomicBoolean isStopping) {
+    this.ns = ns;
+    this.initialResourceVersion = initialResourceVersion;
+    this.destination = destination;
+    this.isStopping = isStopping;
+  }
+
+  /**
+   * Polling loop. Get the next ConfigMap object event and process it.
+   */
+  @Override
+  public void run() {
+    ClientHelper helper = ClientHelper.getInstance();
+    ClientHolder client = helper.take();
+    try {
+      Watching<V1ConfigMap> w = createWatching(client);
+      Watcher<V1ConfigMap> watcher = new Watcher<>(w, initialResourceVersion);
+      
+      // invoke watch on current Thread.  Won't return until watch stops
+      watcher.doWatch();
+      
+    } finally {
+      helper.recycle(client);
+    }
+  }
+  
+  protected Watching<V1ConfigMap> createWatching(ClientHolder client) {
+    return new Watching<V1ConfigMap>() {
+
+      /**
+       * Watcher callback to issue the list ConfigMap changes. It is driven by the
+       * Watcher wrapper to issue repeated watch requests.
+       * @param resourceVersion resource version to omit older events
+       * @return Watch object or null if the operation should end
+       * @throws ApiException if there is an API error.
+       */
+      @Override
+      public WatchI<V1ConfigMap> initiateWatch(String resourceVersion) throws ApiException {
+        return new WatchBuilder(client)
+                  .withResourceVersion(resourceVersion)
+                  .withLabelSelector(LabelConstants.CREATEDBYOPERATOR_LABEL)
+                .createConfigMapWatch(ns);
+      }
+
+      @Override
+      public void eventCallback(Watch.Response<V1ConfigMap> item) {
+        processEventCallback(item);
+      }
+
+      @Override
+      public boolean isStopping() {
+        return isStopping.get();
+      }
+    };
+  }
+  
+  public void processEventCallback(Watch.Response<V1ConfigMap> item) {
+    destination.eventCallback(item);
+  }
+}

src/main/java/oracle/kubernetes/operator/KubernetesConstants.java

@@ -21,5 +21,7 @@ public interface KubernetesConstants {
   public static final String DOMAIN_PLURAL = "domains";
   public static final String DOMAIN_SINGULAR = "domain";
   public static final String DOMAIN_SHORT = "dom";
+  
+  public static final String DOMAIN_CONFIG_MAP_NAME = "weblogic-domain-config-map";
 
 }

src/main/java/oracle/kubernetes/operator/Main.java

@@ -16,6 +16,7 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import io.kubernetes.client.ApiException;
+import io.kubernetes.client.models.V1ConfigMap;
 import io.kubernetes.client.models.V1DeleteOptions;
 import io.kubernetes.client.models.V1EnvVar;
 import io.kubernetes.client.models.V1ObjectMeta;
@@ -38,6 +39,7 @@
 import oracle.kubernetes.operator.helpers.CallBuilder;
 import oracle.kubernetes.operator.helpers.ClientHelper;
 import oracle.kubernetes.operator.helpers.ClientHolder;
+import oracle.kubernetes.operator.helpers.ConfigMapConsumer;
 import oracle.kubernetes.operator.helpers.ConfigMapHelper;
 import oracle.kubernetes.operator.helpers.DomainPresenceInfo;
 import oracle.kubernetes.operator.helpers.DomainPresenceInfo.ServerStartupInfo;
@@ -90,6 +92,7 @@ public class Main {
   private static String principal;
   private static RestServer restServer = null;
   private static Thread livenessThread = null;
+  private static Map<String, ConfigMapWatcher> configMapWatchers = new HashMap<>();
   private static Map<String, DomainWatcher> domainWatchers = new HashMap<>();
   private static Map<String, PodWatcher> podWatchers = new HashMap<>();
   private static Map<String, ServiceWatcher> serviceWatchers = new HashMap<>();
@@ -117,9 +120,8 @@ public static void main(String[] args) {
 
     Collection<String> targetNamespaces = getTargetNamespaces(namespace);
 
-    ConfigMapHelper cmh = new ConfigMapHelper("/operator/config");
-
-    String serviceAccountName = cmh.get("serviceaccount");
+    ConfigMapConsumer cmc = new ConfigMapConsumer("/operator/config");
+    String serviceAccountName = cmc.get("serviceaccount");
     if (serviceAccountName == null) {
       serviceAccountName = "default";
     }
@@ -206,7 +208,9 @@ public NextAction onSuccess(Packet packet, DomainList result, int statusCode,
           }
         });
 
-        Step initialize = CallBuilder.create().with($ -> {
+        Step initialize = ConfigMapHelper.createScriptConfigMapStep(ns,
+            new ConfigMapAfterStep(ns,
+            CallBuilder.create().with($ -> {
           $.labelSelector = LabelConstants.DOMAINUID_LABEL
                             + "," + LabelConstants.CREATEDBYOPERATOR_LABEL;
         }).listPodAsync(ns, new ResponseStep<V1PodList>(
@@ -318,7 +322,7 @@ public NextAction onSuccess(Packet packet, V1PodList result, int statusCode,
             podWatchers.put(ns, createPodWatcher(ns, result != null ? result.getMetadata().getResourceVersion() : ""));
             return doNext(packet);
           }
-        });
+        })));
 
         engine.createFiber().start(initialize, new Packet(), new CompletionCallback() {
           @Override
@@ -1420,8 +1424,8 @@ public NextAction onSuccess(Packet packet, V1Status result, int statusCode, Map<
   private static Collection<String> getTargetNamespaces(String namespace) {
     Collection<String> targetNamespaces = new ArrayList<String>();
 
-    ConfigMapHelper cmh = new ConfigMapHelper("/operator/config");
-    String tnValue = cmh.get("targetNamespaces");
+    ConfigMapConsumer cmc = new ConfigMapConsumer("/operator/config");
+    String tnValue = cmc.get("targetNamespaces");
     if (tnValue != null) {
       StringTokenizer st = new StringTokenizer(tnValue, ",");
       while (st.hasMoreTokens()) {
@@ -1667,6 +1671,53 @@ private static void dispatchIngressWatch(Watch.Response<V1beta1Ingress> item) {
     }
   }
 
+  private static class ConfigMapAfterStep extends Step {
+    private final String ns;
+    
+    public ConfigMapAfterStep(String ns, Step next) {
+      super(next);
+      this.ns = ns;
+    }
+
+    @Override
+    public NextAction apply(Packet packet) {
+      V1ConfigMap result = (V1ConfigMap) packet.get(ProcessingConstants.SCRIPT_CONFIG_MAP);
+      configMapWatchers.put(ns, createConfigMapWatcher(ns, result != null ? result.getMetadata().getResourceVersion() : ""));
+      return doNext(packet);
+    }
+  }
+  
+  private static ConfigMapWatcher createConfigMapWatcher(String namespace, String initialResourceVersion)  {
+    return ConfigMapWatcher.create(namespace, initialResourceVersion, Main::dispatchConfigMapWatch, stopping);
+  }
+
+  private static void dispatchConfigMapWatch(Watch.Response<V1ConfigMap> item) {
+    V1ConfigMap c = item.object;
+    if (c != null) {
+      switch (item.type) {
+        case "MODIFIED":
+        case "DELETED":
+          engine.createFiber().start(
+              ConfigMapHelper.createScriptConfigMapStep(c.getMetadata().getNamespace(), null), 
+              new Packet(), new CompletionCallback() {
+            @Override
+            public void onCompletion(Packet packet) {
+              // no-op
+            }
+
+            @Override
+            public void onThrowable(Packet packet, Throwable throwable) {
+              LOGGER.severe(MessageKeys.EXCEPTION, throwable);
+            }
+          });
+          break;
+
+        case "ERROR":
+        default:
+      }
+    }
+  }
+  
   /**
    * Dispatch the Domain event to the appropriate handler.
    *

src/main/java/oracle/kubernetes/operator/ProcessingConstants.java

@@ -28,4 +28,6 @@ public interface ProcessingConstants {
   public static final String EXPLICIT_RESTART_SERVERS = "explicitRestartServers";
   public static final String EXPLICIT_RESTART_CLUSTERS = "explicitRestartClusters";
 
+  public static final String SCRIPT_CONFIG_MAP = "scriptConfigMap";
+  
 }

src/main/java/oracle/kubernetes/operator/ServiceWatcher.java

@@ -19,7 +19,7 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
- * This class handles Service watching. It service change events and sends
+ * This class handles Service watching. It receives service change events and sends
  * them into the operator for processing.
  */
 public class ServiceWatcher implements Runnable {

src/main/java/oracle/kubernetes/operator/builders/WatchBuilder.java

@@ -7,6 +7,7 @@
 import io.kubernetes.client.ApiException;
 import io.kubernetes.client.ProgressRequestBody;
 import io.kubernetes.client.ProgressResponseBody;
+import io.kubernetes.client.models.V1ConfigMap;
 import io.kubernetes.client.models.V1Pod;
 import io.kubernetes.client.models.V1Service;
 import io.kubernetes.client.models.V1beta1Ingress;
@@ -179,6 +180,36 @@ public Call apply(ClientHolder clientHolder, CallParams callParams) {
         }
     }
 
+    /**
+     * Creates a web hook object to track config map calls
+     * @param namespace the namespace
+     * @return the active web hook
+     * @throws ApiException if there is an error on the call that sets up the web hook.
+     */
+    public WatchI<V1ConfigMap> createConfigMapWatch(String namespace) throws ApiException {
+        return FACTORY.createWatch(clientHolder, callParams, V1ConfigMap.class, new ListNamespacedConfigMapCall(namespace));
+    }
+
+    private class ListNamespacedConfigMapCall implements BiFunction<ClientHolder, CallParams, Call> {
+        private String namespace;
+
+        ListNamespacedConfigMapCall(String namespace) {
+            this.namespace = namespace;
+        }
+
+        @Override
+        public Call apply(ClientHolder clientHolder, CallParams callParams) {
+            try {
+                return clientHolder.getCoreApiClient().listNamespacedConfigMapCall(namespace,
+                              callParams.getPretty(), START_LIST,
+                              callParams.getFieldSelector(), callParams.getIncludeUninitialized(), callParams.getLabelSelector(),
+                              callParams.getLimit(), callParams.getResourceVersion(), callParams.getTimeoutSeconds(), WATCH, null, null);
+            } catch (ApiException e) {
+                throw new UncheckedApiException(e);
+            }
+        }
+    }
+
     /**
      * Sets a value for the fieldSelector parameter for the call that will set up this watch. Defaults to null.
      * @param fieldSelector the desired value

src/main/java/oracle/kubernetes/operator/helpers/AnnotationHelper.java

@@ -6,26 +6,22 @@
 import java.util.Objects;
 
 import io.kubernetes.client.models.V1ObjectMeta;
-import oracle.kubernetes.weblogic.domain.v1.Domain;
 
 /**
  * Annotates pods, services with details about the Domain instance and checks these annotations.
  * 
  */
 public class AnnotationHelper {
 
-  private static final String DOMAIN_RESOURCE_VERSION = "weblogic.oracle/domain-resourceVersion";
+  private static final String FORMAT_ANNOTATION = "weblogic.oracle/operator-formatVersion";
+  private static final String FORMAT_VERSION = "1";
 
   /**
-   * Marks metadata object with an annotation saying that it was created for this domain and resource version
+   * Marks metadata object with an annotation saying that it was created for this format version
    * @param meta Metadata object that will be included in a newly created resource, e.g. pod or service
-   * @param domain The domain
    */
-  public static void annotateWithDomain(V1ObjectMeta meta, Domain domain) {
-    String domainResourceVersion = domain.getMetadata().getResourceVersion();
-    if (domainResourceVersion != null) {
-      meta.putAnnotationsItem(DOMAIN_RESOURCE_VERSION, domainResourceVersion);
-    }
+  public static void annotateWithFormat(V1ObjectMeta meta) {
+    meta.putAnnotationsItem(FORMAT_ANNOTATION, FORMAT_VERSION);
   }
 
 
@@ -43,14 +39,12 @@ public static void annotateForPrometheus(V1ObjectMeta meta, int httpPort) {
   }
 
   /**
-   * Check the metadata object for the presence of an annotation matching the domain and resource version.l
+   * Check the metadata object for the presence of an annotation matching the expected format version.
    * @param meta The metadata object
-   * @param domain The domain
-   * @return true, if the metadata includes an annotation matching this domain
+   * @return true, if the metadata includes an annotation matching the expected format version
    */
-  public static boolean checkDomainAnnotation(V1ObjectMeta meta, Domain domain) {
-    String domainResourceVersion = domain.getMetadata().getResourceVersion();
-    String metaResourceVersion = meta.getAnnotations().get(DOMAIN_RESOURCE_VERSION);
-    return Objects.equals(domainResourceVersion, metaResourceVersion);
+  public static boolean checkFormatAnnotation(V1ObjectMeta meta) {
+    String metaResourceVersion = meta.getAnnotations().get(FORMAT_ANNOTATION);
+    return Objects.equals(FORMAT_VERSION, metaResourceVersion);
   }
 }