The pod worker is the owner of when a container is running or not,
and the start and stop of the probes for a given pod should be
handled during the pod sync loop. This ensures that probes do not
continue running even after eviction.
Because the pod semantics allow lifecycle probes to shorten grace
period, the probe is removed after the containers in a pod are
terminated successfully. As an optimization, if the pod will have
a very short grace period (0 or 1 seconds) we stop the probes
immediately to reduce resource usage during eviction slightly.
After this change, the probe manager is only called by the pod
worker or by the reconcile loop.
This resolves a couple of issues for CSI volume reconstruction.
1. IsLikelyNotMountPoint is known not to work for bind mounts and was
causing problems for subpaths and hostpath volumes.
2. Inline volumes were failing reconstruction due to calling
GetVolumeName, which only works when there is a PV spec.
Theoretically, the apiserver could be told to advertise additional
ports on the kubernetes service, but there was no way to enable this
functionality without forking/vendoring the apiserver code. This was
apparently added in the distant past for OpenShift to use, but it has
not been used in OpenShift since Kubernetes 1.11.
EndpointSlice is always enabled now, so make it non-optional in the
EndpointsAdapter, make all of the test cases pass an EndpointSlice
client, and remove the "EndpointSlices disabled"-specific tests.
By changing makeEndpointsArray() to return both an Endpoints and an
EndpointsSlice, the "initialObjects" and "expectCreate"/"expectUpdate"
fields of (almost) all of the existing unit tests are automatically
switched to be EndpointSlice-aware; instead of having an initial state
with just Endpoints (or nothing), and testing that just the Endpoints
is created/updated correctly, they now have an initial state with both
Endpoints and EndpointSlice (or nothing), and test that both objects
are created/updated correctly.
The handful of existing test cases that used inconsistent Endpoints
and EndpointSlice state have been modified to create the objects
separately.
Consistently verify creates/updates based on the fake client's action
tracking, not based on the return values of the reconciler functions.
(This will also let us check that both Endpoints and EndpointSlices
were created/updated correctly.)
Pass initial state objects to fake.NewSimpleClientSet() rather than
calling Create() by hand.
(This will make it easier to have an initial state that is a mix of
Endpoints and EndpointSlices later on.)
Terminal pods, whose phase its Failed or Succeeded, are guaranteed
to never regress and to be stopped, so their IPs never should
be published on the Endpoints.
At present the CSINodeExpandSecret feature gate has been tagged with
1.24 in the source code comments incorrectly. This commit address
the same
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
When the endpoint reconcilers got split out of pkg/controlplane,
GetMasterServiceUpdateIfNeeded() got moved to
pkg/controlplane/reconcilers, even though it needs to be kept in sync
with CreateOrUpdateMasterServiceIfNeeded() which stayed in
pkg/controlplane. (And everything else in pkg/controlplane/reconcilers
is about the Endpoints not the Service anyway.) So move it back.
On the flip side, the implementation of masterCountEndpointReconciler
got moved to pkg/controlplane/reconcilers, but its unit tests didn't.
So belatedly fix that.
* restructure tests
restructure TestValidateStatefulSet and TestValidateStatefulSetUpdate to be an array and accept list of expected errors. in this commits, no tests were changed and expected errors are not filled yet
* add expected errors
adding expected errors and making the tests pass, without making any changes to the tests
* clean up TestValidateStatefulSet error cases
* clean up TestValidateStatefulSetUpdate cases
* validate new statefulset as part of update validation
* address PR comments
